Test your basic knowledge |

Comptia Security + Exam

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
Decrease the power levels on the WAP
Separation of duties
To provide documentation as to who has handled the evidence
Buffer overflow

2. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
80 - 443
Availability
Decrease the power levels on the WAP
Gas

3. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to
Vulnerability scan
Organize data based on severity and asset value.
Use SSH to connect to the Linux shell
Only the message data is encrypted

4. Which of the following is true regarding the WTLS protocol?
It is used to provide data encryption for WAP connections.
Virtual servers have the same information security requirements as physical servers.
Integrity and Authentication
WPA2-PSK

5. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
Cross-site scripting
Mandatory vacations
Rootkit
Clean desk policy

6. What are typical elements of authentication as part of physical access controls?
ID badges
Information disclosure
Ensure a proper chain of custody
Memory - network processes - and system processesserver. If the computer is powered off

7. Which of the following port numbers is used for SCP by default?
AES and TKIP
22
Block port 23 on the network firewall.
CCTV

8. On-going annual awareness security training should be coupled with:..
Validate input to remove hypertext
signing of a user agreement.
ID badges
Before and after the imaging process and then hash the forensic image

9. NIDS can also be used to help identify...
Footprinting
Phishing techniques
smurf attacks
Virtual servers have the same information security requirements as physical servers.

10. Which of the following is a method to prevent ad-hoc configuration mistakes?
Footprinting
Implement a change management strategy
NIPS is blocking activities from those specific websites.
VLAN

11. What is the advantage of using application virtualization?
IDS
Lets you minimize the attack surface relating to the application
NIPS is blocking activities from those specific websites.
Implicit deny

12. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
S/MIME PGP
Gas
Network Access Control
Baseline reporting

13. Risk can be managed in the following ways...
mitigation - acceptance - transference
War driving
Chain of custody
Spam filters

14. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
Data Encryption Standard (DES)
TPM
Shielding
Business impact analysis

15. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives
Tailgating
Implement a change management strategy
The remote router has ICMP blocked.
Buffer overflow

16. Which of the following would be implemented to allow access to services while segmenting access to the internal network?
Initial vector
DMZ
Birthday - Full name
se file servers attached to an NAS system.

17. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp
Spam filters
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Cognitive passwords
IPv6

18. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?
Least privilege
Fault tolerance
Steganography
DMZ

19. Used in conjunction which of the following are PII?
NIDS
Only the message data is encrypted
Birthday - Full name
DES

20. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
Rogue access point
MAC
Chain of custody
Enact a policy banning users from bringing in personal music devices.

21. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
Clean desk policy
content inspection.
escalation of privileges.
Diffie-Hellman

22. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Vulnerability scan
Chain of custody
War driving

23. A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following by default - would be the BEST choice to accomplish this goal?
Block port 23 on the network firewall.
MAC filtering
Separation of duties
S/MIME PGP

24. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?
Account disablement
Social Engineering attack
TPM
Determine open ports

25. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
Tailgating
The web site's private key.
IDEA and TripleDes
Buffer overflow

26. Which of the following attacks would password masking help mitigate?
Shoulder surfing
80 - 443
SYN attacks
ICMP

27. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?
Privilege escalation
Off-site backup
escalation of privileges.
Organize data based on severity and asset value.

28. Which of the following encryption algorithms can be used in PGP for data encryption?
Whaling
ICMP
IDEA and TripleDes
Provider cloud

29. What asymmetric key is used to encrypt when using HTTPS?

30. Which of the following logical controls does a flood guard protect against?
NIPS is blocking activities from those specific websites.
SSH
SYN attacks
WPA Enterprise

31. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel
The PC has become part of a botnet.
Rootkit
The development team is transferring data to test systems using SFTP and SCP.
1433

32. Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?
MS-CHAP
EMI shielding
Man-in-the-middle
Fraud

33. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai
IPSec
Vishing
Privacy policy
Memory - network processes - and system processesserver. If the computer is powered off

34. Which of the following is a reason to perform user awareness and training?
Steganography
NOOP instructions
To minimize the organizational risk posed by users
Algorithm

35. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?
Baseline reporting
content inspection.
Algorithm
NIDS

36. Which of the following access control models allows classification and labeling of objects?
MAC
Buffer overflow
A worm is self-replicating
NIPS is blocking activities from those specific websites.

37. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?
22
ICMP
Data Encryption Standard (DES)
The development team is transferring data to test systems using SFTP and SCP.

38. Which of the following security threats does shredding mitigate?
WPA Enterprise
Check if relaying is denied for unauthorized domains
Dumpster diving
Diffie-Hellman

39. Which of the following is BEST used to prevent ARP poisoning attacks across a network?
Protocol analyzer
se file servers attached to an NAS system.
signing of a user agreement.
VLAN segregation

40. Which of the following manages peer authentication and key exchange for an IPSec connection?
Mantraps
Organize data based on severity and asset value.
IKE
MAC

41. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?
ICMP
Hardware RAID 5 - Software RAID 1
White box
Only the message data is encrypted

42. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Trojans
Fraud
Load balancer
Detective

43. Which of the following is another name for a malicious attacker?
Fraud
WPA2-PSK
Logic Bomb
Black hat

44. A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional pers
Loop protection
Software as a Service
Tailgating
TPM

45. Which type of virus is able to alter its own code to avoid being detected by anti-virus software?
PEAP-TLS
Determine open ports
Polymorphic
MAC

46. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
IDS
Enact a policy banning users from bringing in personal music devices.
PEAP-TLS
Mandatory vacation

47. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?
Spear phishing
Privilege escalation
The new access point was mis-configured and is interfering with another nearby access point.
NOOP instructions

48. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?
Determine the potential monetary costs related to a threat
To ensure that staff understands what data they are handling and processing
WPA2
Run the image through SHA256. Answer: D

49. In which of the following locations would a forensic analyst look to find a hooked process?
NIPS is blocking activities from those specific websites.
SNMP (also use to monitor the parameters of network devices)
IPSec
BIOS

50. Performing routine security audits is a form of which of the following controls?
Add input validation to forms.
Memory - network processes - and system processesserver. If the computer is powered off
Detective
CAC