Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is






2. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?






3. Which of the following is the BEST way to secure data for the purpose of retention?






4. An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?






5. Which of the following would need to be configured correctly to allow remote access to the network?






6. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






7. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






8. You are performing risk assessment for an organization. What should you do during impact assessment?






9. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






10. Which of the following is a best practice to identify fraud from an employee in a sensitive position?






11. With which of the following is RAID MOST concerned?






12. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






13. Which of the following logical controls does a flood guard protect against?






14. The 802.11i standard specifies support for which encryption algorithms?






15. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






16. Which of the following is true regarding the WTLS protocol?






17. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






18. Which of the following is NOT an application layer security protocol?






19. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?






20. Which of the following devices would allow a technician to view IP headers on a data packet?






21. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?






22. Which of the following is a technique designed to obtain information from a specific person?






23. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?






24. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis






25. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






26. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?






27. Which of the following BEST explains the security benefit of a standardized server image?






28. What port does the Domain Name Service (DNS) use by default?






29. What is the advantage of using application virtualization?






30. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






31. Which of the following security threats does shredding mitigate?






32. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi






33. Which of the following port numbers is used for SCP by default?






34. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






35. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






36. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






37. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?






38. Which of the following is a best practice when securing a switch from physical access?






39. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






40. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to






41. Which of the following concepts ensures that the data is only viewable to authorized users?






42. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






43. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?






44. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






45. Which of the following are the default ports for HTTP and HTTPS protocols?






46. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?






47. Which of the following allows a security administrator to set device traps?






48. Which of the following is the BEST choice for encryption on a wireless network?






49. Network users whose computers are running Windows7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. You need to minimize how often these windows appear. What should you do?






50. On-going annual awareness security training should be coupled with:..