Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?






2. Which of the following BEST describes an intrusion prevention system?






3. A company needs to be able to prevent entry at all times - to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security - which of the following should be implemented?






4. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?






5. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






6. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






7. What is the name of the process during which an attacker gathers information about a target company's intranet - remote access - extranet - and Internet connections?






8. A system administrator could have a user level account and an administrator account to prevent:...






9. Which of the following is used when performing a quantitative risk analysis?






10. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






11. Which of the following concepts ensures that the data is only viewable to authorized users?






12. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?






13. What asymmetric key is used to encrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


14. Which of the following threats corresponds with an attacker targeting specific employees of a company?






15. How does a NAT server help protect your network?






16. A programmer allocates 16 bytes for a string but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?






17. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






18. You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with at least 16 characters. What hash algorithm is used for password authentication?






19. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






20. A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the data center. Which of the following are being addressed?






21. Which of the following is a best practice when securing a switch from physical access?






22. Which of the following is BEST used to prevent ARP poisoning attacks across a network?






23. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?






24. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


25. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






26. What is the advantage of using application virtualization?






27. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






28. Which of the following would need to be configured correctly to allow remote access to the network?






29. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






30. When configuring multiple computers for RDP on the same wireless router it may be necessary to do which of the following?






31. Which solution should you use?






32. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






33. A company that purchases insurance to reduce risk is an example of which of the following?






34. Which environmental control is part of TEMPEST compliance?






35. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur






36. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal






37. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






38. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?






39. Which of the following is true regarding the WTLS protocol?






40. With which of the following is RAID MOST concerned?






41. Which of the following identifies some of the running services on a system?






42. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?






43. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?






44. What allows for all activities on a network or system to be traced to the user who performed them?






45. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






46. What key is used to encrypt an HTTPS session?






47. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai






48. Which of the following would be implemented to allow access to services while segmenting access to the internal network?






49. Which of the following is the BEST way to secure data for the purpose of retention?






50. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives