Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






2. Which of the following logical controls does a flood guard protect against?






3. What asymmetric key is used to decrypt when using HTTPS?


4. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?






5. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?






6. Which of the following should be considered when trying to prevent somebody from capturing network traffic?






7. A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following by default - would be the BEST choice to accomplish this goal?






8. A company that purchases insurance to reduce risk is an example of which of the following?






9. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






10. Which of the following authentication protocols utilizes the MD4 hashing algorithm?






11. Which of the following is a detective security control?






12. Which of the following is specific to a buffer overflow attack?






13. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






14. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?






15. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?






16. Which of the following allows a security administrator to set device traps?






17. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?






18. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






19. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






20. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






21. Which of the following describes a passive attempt to identify weaknesses?






22. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?






23. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis






24. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






25. Which of the following is a security control that is lost when using cloud computing?






26. Which of the following is MOST likely to be the last rule contained on any firewall?






27. Which of the following manages peer authentication and key exchange for an IPSec connection?






28. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






29. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai






30. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






31. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






32. Which of the following is an unauthorized wireless router that allows access to a secure network?






33. Which of the following should NOT be used with username/password authentication?






34. Which of the following MUST a programmer implement to prevent cross-site scripting?






35. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?






36. A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional pers






37. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?






38. Which of the following encryption algorithms can be used in PGP for data encryption?






39. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






40. Which of the following cloud computing concepts is BEST described as providing an easy-to configure OS and on-demand computing for customers?






41. Which of the following is not an asymmetric system?






42. Which of the following is the MAIN reason to require data labeling?






43. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






44. Actively monitoring data streams in search of malicious code or behavior is an example of..






45. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






46. Which of the following attacks would password masking help mitigate?






47. Which of the following is a best practice when securing a switch from physical access?






48. Which of the following can prevent an unauthorized employee from entering a data center?






49. Network users whose computers are running Windows7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. You need to minimize how often these windows appear. What should you do?






50. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?