SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What are typical elements of authentication as part of physical access controls?
Vulnerability scanning
ID badges
TCP SYN flood attack
The new access point was mis-configured and is interfering with another nearby access point.
2. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?
Configure the IE popup blockers
White box
Humidity
NIDS
3. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?
Enact a policy banning users from bringing in personal music devices.
Account disablement
Hot and cold aisles
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
4. Which of the following is a best practice to identify fraud from an employee in a sensitive position?
Evil twin
TLS
Information disclosure
Mandatory vacations
5. What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
IDS
War driving
25
Steganography
6. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?
Memory - network processes - and system processesserver. If the computer is powered off
Shielding
Use SSH to connect to the Linux shell
Decrease the power levels on the WAP
7. You need to advise a new wiring system for a company with several locations partly open to the public. A primary requirement is to make tapping into the network as difficult as possible. Which of the following cable types should you advice?
MAC
The web site's private key.
Content filtering
Fiber optic
8. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
content inspection.
Add input validation to forms.
Gas
Principle of least privilege
9. A system administrator could have a user level account and an administrator account to prevent:...
escalation of privileges.
The development team is transferring data to test systems using SFTP and SCP.
TCP SYN flood attack
Spear phishing
10. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?
Gas
Hierarchical list of critical systems
The PC has become part of a botnet.
Virtual servers have the same information security requirements as physical servers.
11. Which of the following is used when performing a qualitative risk analysis?
Hierarchical list of critical systems
System A fails open. System B fails closed.
WPA2-PSK
Judgment
12. Which of the following are accomplished when a message is digitally signed?
Integrity and Authentication
SSH
Use SSH to connect to the Linux shell
Before and after the imaging process and then hash the forensic image
13. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?
Algorithm
DoS
Provider cloud
Dumpster diving - Shoulder surfing
14. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is
Having the offsite location of tapes also be the hot siteservers
Spear phishing
Segmentation of each wireless user from other wireless users
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
15. Which of the following would need to be configured correctly to allow remote access to the network?
Before and after the imaging process and then hash the forensic image
Least privilege
Logic Bomb
ACLs
16. Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?
Botnet
Software as a Service (SaaS)
Implicit deny
To provide documentation as to who has handled the evidence
17. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?
Validate input to remove hypertext
DAC
smurf attacks
Determine open ports
18. Which of the following devices is often used to cache and filter content?
Proxies
Disable unused ports
Confidentiality - Availability
Mantraps
19. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
Whaling
Organize data based on severity and asset value.
Add input validation to forms.
Tailgating
20. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?
Rootkit
WPA Enterprise
Security guard - Proximity reader
Privacy policy
21. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
TCP SYN flood attack
Memory - network processes - and system processesserver. If the computer is powered off
Spam filters
TPM
22. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
1433
Network Access Control
HSM
Asset value
23. Which of the following should NOT be used with username/password authentication?
Cognitive passwords
The remote router has ICMP blocked.
MD5
Implicit deny
24. Which of the following describes a passive attempt to identify weaknesses?
content inspection.
IPSec
Vulnerability scanning
Ensure a proper chain of custody
25. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
Implicit deny
Decrease the power levels on the WAP
WPA Enterprise
Separation of duties
26. Which of the following cloud computing concepts is BEST described as providing an easy-to configure OS and on-demand computing for customers?
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Before and after the imaging process and then hash the forensic image
signing of a user agreement.
Platform as a Service
27. While browsing the Internet an administrator notices their browser behaves erratically - appears to download something - and then crashes. Upon restarting the PC - the administrator notices performance is extremely slow and there are hundreds of outb
Enact a policy banning users from bringing in personal music devices.
The PC has become part of a botnet.
War driving
Risk transference
28. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?
The development team is transferring data to test systems using SFTP and SCP.
War driving
25
DAC
29. A company that purchases insurance to reduce risk is an example of which of the following?
Mandatory vacations
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Implicit deny
Risk transference
30. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
To provide documentation as to who has handled the evidence
MAC
Fault tolerance
Mandated security configurations have been made to the operating system.
31. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?
Polymorphic
MAC address
Data Encryption Standard (DES)
A system that stops an attack in progress.
32. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?
Trojans
Determine the potential monetary costs related to a threat
TCP SYN flood attack
EMI shielding
33. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?
Mandatory vacation
Logic Bomb
ARP poisoning
DNS spoofing
34. Separating of duties is valuable in deterring?
Fraud
Multi-factor authentication.
Tailgating
extremely slow and numerous antivirus alerts
35. Which environmental control is part of TEMPEST compliance?
Shielding
Mandatory vacations
Protocol analyzer
Segmentation of each wireless user from other wireless users
36. A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional pers
DAC
Having the offsite location of tapes also be the hot siteservers
Software as a Service
Smurf attack
37. For which of the following is centralized key management most complicated?
Disable unused services - Update HIPS signatures
Symmetric Key
MAC
IPSec
38. Which of the following is BEST used to prevent ARP poisoning attacks across a network?
Smurf attack
VLAN segregation
S/MIME PGP
Hardware RAID 5 - Software RAID 1
39. In which of the following locations would a forensic analyst look to find a hooked process?
SSH
BIOS
Before and after the imaging process and then hash the forensic image
Spam filters
40. Which of the following risks may result from improper use of social networking and P2P software?
Visibility - Accessibility - Neighborhood crime rate
The PC has become part of a botnet.
Information disclosure
Vulnerability scan
41. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?
User rights and permissions reviews
Algorithm
White box
Vulnerability scan
42. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
Provide an appropriate ambient temperature and Maintain appropriate humidity levels
Spam filters
Decrease the power levels on the WAP
Fraud
43. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des
Least privilege
To provide documentation as to who has handled the evidence
Mandated security configurations have been made to the operating system.
MAC
44. Upper management decides which risk to mitigate based on cost. This is an example of:
The PC has become part of a botnet.
White box
quantitative risk assessment
Disable unused ports
45. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
Security guard - Proximity reader
Fraud
Gas
AES and TKIP
46. Data can potentially be stolen from a disk screen-lock protected - smartphone by which of the following?
smurf attacks
Bluesnarfing
Phishing techniques
Mandated security configurations have been made to the operating system.
47. Actively monitoring data streams in search of malicious code or behavior is an example of..
Command injection
content inspection.
Risk transference
Integrity and Authentication
48. A programmer allocates 16 bytes for a string but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?
Dumpster diving - Shoulder surfing
MAC
Buffer overflow
se file servers attached to an NAS system.
49. Which of the following are important physical security considerations when choosing a location for a new remote branch office?
Visibility - Accessibility - Neighborhood crime rate
VLAN segregation
S/MIME PGP
Video surveillance
50. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?
Trojans
Provide an appropriate ambient temperature and Maintain appropriate humidity levels
Segmentation of each wireless user from other wireless users
Physical control of the data
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
