SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is another name for a malicious attacker?
Black hat
Use SSH to connect to the Linux shell
SYN attacks
CCTV
2. On-going annual awareness security training should be coupled with:..
CCTV
Logic Bomb
signing of a user agreement.
Cross-site scripting
3. Which of the following would be implemented to allow access to services while segmenting access to the internal network?
Content filtering
DMZ
content inspection.
Mantrap
4. Which of the following security threats does shredding mitigate?
Dumpster diving
DoS
It is used to provide data encryption for WAP connections.
Risk transference
5. What key is used to encrypt an HTTPS session?
War driving
53
Symmetric
Mantrap
6. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des
Baseline reporting
Least privilege
Determine the potential monetary costs related to a threat
Ensure a proper chain of custody
7. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?
Buffer overflow
Man-in-the-middle
Confidentiality - Availability
Principle of least privilege
8. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
Cognitive passwords
ACLs
Implicit deny
SSH
9. A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?
Run the image through SHA256. Answer: D
DES
Fraud
Vulnerability scanner
10. Which of the following threats corresponds with an attacker targeting specific employees of a company?
Trojans
AC filtering - Disabled SSID broadcast
Spear phishing
DoS
11. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?
Provide an appropriate ambient temperature and Maintain appropriate humidity levels
Algorithm
Botnet
Whaling
12. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?
Firewall - VPN
Social Engineering attack
IDEA and TripleDes
Evil twin
13. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
Virtual servers have the same information security requirements as physical servers.
Social Engineering attack
Rogue access points
Gas
14. An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?
WPA2
Disable unused ports
Network Access Control
VPN concentrator
15. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
Mandatory vacations
Spear phishing
Whaling
Baseline reporting
16. Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?
content inspection.
ARP poisoning
Mandated security configurations have been made to the operating system.
Pharming - Logic bomb
17. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?
Spam filters
Data Encryption Standard (DES)
White box
25
18. Which of the following is used when performing a quantitative risk analysis?
Buffer overflow
Software as a Service
Asset value
Information disclosure
19. Which of the following concepts ensures that the data is only viewable to authorized users?
Confidentiality
Trojans
Validate input to remove hypertext
Vulnerability scanning
20. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?
ID badges
Rootkit
Location that meets power and connectivity requirementsdatacenter
Privilege escalation
21. Which of the following is specific to a buffer overflow attack?
SSL
Judgment
Initial vector
Enact a policy banning users from bringing in personal music devices.
22. Which of the following are the default ports for HTTP and HTTPS protocols?
Principle of least privilege
Smurf attack
80 - 443
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
23. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?
Footprinting
WPA Enterprise
Firewall - VPN
War driving
24. Which of the following should be performed on a computer to protect the operating system from malicious software?
Security guard - Proximity reader
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Disable unused ports
Disable unused services - Update HIPS signatures
25. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?
Rogue access point
Judgment
Add input validation to forms.
Memory - network processes - and system processesserver. If the computer is powered off
26. Which of the following is true regarding the WTLS protocol?
Principle of least privilege
NOOP instructions
It is used to provide data encryption for WAP connections.
signing of a user agreement.
27. Which of the following should be installed to prevent employees from receiving unsolicited emails?
53
Spam filters
Validate input to remove hypertext
Hierarchical list of critical systems
28. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?
Off-site backup
Network Access Control
VLAN
IDEA and TripleDes
29. MAC filtering is a form of which of the following?
Shoulder surfing
Confidentiality - Availability
A worm is self-replicating
Network Access Control
30. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?
IPSec
WPA2
Implicit deny
White box
31. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?
Confidentiality
TCP SYN flood attack
MAC filtering
Logic Bomb
32. Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?
Platform as a Service
Baseline reporting
Firewall rulesflow of network traffic at the edge of the network
User rights
33. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
TPM
Integrity
Hardware RAID 5 - Software RAID 1
Enact a policy banning users from bringing in personal music devices.
34. Which of the following functions is MOST likely performed by a web security gateway?
Before and after the imaging process and then hash the forensic image
Content filtering
WPA2-PSK
Add input validation to forms.
35. Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?
Botnet
VPN concentrator
Integrity
DAC
36. What allows for all activities on a network or system to be traced to the user who performed them?
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
Accountability
Forward to different RDP listening ports.
DAC
37. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?
Enact a policy banning users from bringing in personal music devices.
EMI shielding
Mandated security configurations have been made to the operating system.
Before and after the imaging process and then hash the forensic image
38. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel
Risk transference
The development team is transferring data to test systems using SFTP and SCP.
Information disclosure
Integrity
39. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?
Buffer overflow
IPv6
SNMP (also use to monitor the parameters of network devices)
Blind FTP
40. You are looking for ways to protect data on a network. Your solution should: Provide for easy backup of all user data.
Configure the IE popup blockers
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Clean desk policy
Principle of least privilege
41. Performing routine security audits is a form of which of the following controls?
Detective
A worm is self-replicating
MAC
Fiber optic
42. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?
SSL
53
Privilege escalation
WPA2
43. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of
Physical control of the data
SSL
Confidentiality
MD5
44. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?
BIOS
Ensure a proper chain of custody
Mantraps
Buffer overflow
45. Which of the following is a detective security control?
CCTV
SSL
Enact a policy banning users from bringing in personal music devices.
Physical control of the data
46. Which of the following can prevent an unauthorized employee from entering a data center?
Loop protection
Asymmetric and Hashing
Change Management System
Security guard - Proximity reader
47. An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?
Before and after the imaging process and then hash the forensic image
Vulnerability scan
Buffer overflow
Change Management System
48. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?
System A fails open. System B fails closed.
IDS
ARP poisoning
Mandatory vacation
49. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?
Disable unused ports
Separation of duties
Asset value
Firewall rulesflow of network traffic at the edge of the network
50. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
MAC
White box
Algorithm
Initial vector
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
