Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following attacks would password masking help mitigate?






2. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






3. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






4. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






5. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






6. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






7. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?






8. Which of the following concepts ensures that the data is only viewable to authorized users?






9. Which of the following should NOT be used with username/password authentication?






10. Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?






11. A company needs to be able to prevent entry at all times - to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security - which of the following should be implemented?






12. With which of the following is RAID MOST concerned?






13. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






14. Risk can be managed in the following ways...






15. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?






16. Which of the following reduces the likelihood of a single point of failure when a server fails?






17. Which of the following can prevent an unauthorized employee from entering a data center?






18. Which of the following is the MAIN reason to require data labeling?






19. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






20. Which of the following is specific to a buffer overflow attack?






21. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






22. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






23. Which of the following allows a security administrator to set device traps?






24. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives






25. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?






26. Which of the following is a reason to perform user awareness and training?






27. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






28. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?






29. Which of the following describes when forensic hashing should occur on a drive?






30. DRPs should contain which of the following?






31. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is






32. Which of the following is used when performing a qualitative risk analysis?






33. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






34. Which of the following is a best practice to identify fraud from an employee in a sensitive position?






35. Which of the following is a best practice when securing a switch from physical access?






36. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






37. Which of the following devices is often used to cache and filter content?






38. Which of the following is the primary difference between a virus and a worm?






39. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






40. Which of the following is the BEST way to secure data for the purpose of retention?






41. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






42. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?






43. Which of the following is true concerning email message encryption by using S/MIME?






44. Which of the following access control models allows classification and labeling of objects?






45. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?






46. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des






47. Webmail is classified under which of the following cloud-based technologies?






48. What is the advantage of using application virtualization?






49. Which of the following functions is MOST likely performed by a web security gateway?






50. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?