Can You Pass This Difficult CompTIA Security+ Exam?
-
You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems?
-
Mandatory Access Control
-
Discretionary Access Control
-
Role Based Access Control
-
Any of the above
-
This quiz has been made to see whether you are completely prepared for the real exam. This practice test will help you pass by familiarizing you with the material and the ensuring that you know the structure of the CompTIA Security+ test. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice See moretest is designed to reflect the final exam. So, let's try out this challenging quiz. All the best!
Quiz Preview
- 2.
While assigning access privilege using the DAC, which of the following will you be needing?
-
User database
-
Access Control list
-
Resource list
-
None of the above
Correct Answer
A. Access Control listExplanation
The information of mapping users to their permissions for resource access would be available in the ACL.Rate this question:
-
- 3.
Which of the following statements relating to the MAC model is true? Choose two.
-
MAC uses static mapping or predefined access privileges
-
MAC cannot allow dynamic sharing of resources
-
MAC uses ACL to assign privileges
-
MAC allows dynamic sharing of resources
Correct Answer(s)
A. MAC uses static mapping or predefined access privileges
A. MAC cannot allow dynamic sharing of resourcesExplanation
MAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.Rate this question:
-
- 4.
Certificates are best used in which of the following scenarios? Choose all that apply.
-
LAN authentication
-
Accessing Web sites
-
Dial-Up connections
-
Intranet login
Correct Answer(s)
A. Accessing Web sites
A. Intranet loginExplanation
LAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself, or when you are logging in to the Intranet, from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.Rate this question:
-
- 5.
Which of the following is true about a token system? Choose all that apply.
-
A token is generated when a user has been successfully authenticated
-
This token is attached to the users session and will be destroyed once the session is terminated
-
This token is attached to the users session and will be destroyed after the user has logged out
Correct Answer(s)
A. A token is generated when a user has been successfully authenticated
A. This token is attached to the users session and will be destroyed once the session is terminated
A. This token is attached to the users session and will be destroyed after the user has logged outExplanation
A token is generated when a user has been successfully authenticated. This token is attached to the users� session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.Rate this question:
-
- 6.
To allow access to a campus you would use Kerberos. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
To allow access to a campus you would use smart cards.Rate this question:
-
- 7.
Which of the following are an advantage and a disadvantage with clear text authentication?
-
Advantage is that it is easy to remember passwords
-
Advantage is that it is easy to implement
-
Disadvantage is that it is difficult to implement
-
Disadvantage is that it is not secure
Correct Answer(s)
A. Advantage is that it is easy to implement
A. Disadvantage is that it is not secureExplanation
Clear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.Rate this question:
-
- 8.
RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
RADIUS is abbreviation for Remote Access Dial In User Service.Rate this question:
-
- 9.
Which of the following is a Wireless LAN susceptible to?
-
Loss of signal strength
-
Eavesdropping
-
Blackout
-
EMI
Correct Answer
A. EavesdroppingExplanation
Wireless LANs are most susceptible to eavesdropping as the media here is dependent on frequency for transmission and reception. This makes the media very susceptible to overhearing or eavesdropping as well.Rate this question:
-
- 10.
Which of the following can be termed as the Denial of Service Attack?
-
A computer on your network has crashed
-
Your router is unable to find a destination outside of your network
-
Your Web server has gone into a loop trying to service a client request.
-
You keyboard is no longer responding.
Correct Answer
A. Your Web server has gone into a loop trying to service a client request.Explanation
DoS is a way of engaging a Web Server continuously in one specific task by outing it on a loop and ensuring it is unable to respond to any further requests.Rate this question:
-
- 11.
You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer.
-
Ping to the server
-
Simulate a DDoS attack on that server
-
Simulate a DoS attack on the server
-
Check if all the patches and required antivirus software has been loaded o the server.
Correct Answer
A. Simulate a DDoS attack on that serverExplanation
Ping the server will only ensure if the connectivity is proper. Simulating a DoS attack could only test for a very few vulnerabilities on the server. DDoS (Distributed DoS) would test for more vulnerabilities on the server than the DoS would. Checking for patches and antivirus is just a precaution. It is not a process of testing for vulnerabilities.Rate this question:
-
- 12.
When debugging an Operating system, a programmer would make use of a front door. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
A programmer makes use of back doors in the program for the purpose of debugging or observing the performance of the program.Rate this question:
-
- 13.
Which of the following protocols help to gain MAC address of a PC on the network?
-
ARP
-
FTP
-
TFTP
-
DHCP
Correct Answer
A. ARPExplanation
Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.Rate this question:
-
- 14.
Which of the following is the most popular protocol that is used in dial-up connections?
-
SLIP
-
PPTP
-
POP3
-
PPP
Correct Answer
A. PPPExplanation
SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.Rate this question:
-
- 15.
Which of the following protocols could a VPN make use of? Choose two.
-
PPTP
-
L2TP
-
HTTP
-
NNTP
Correct Answer(s)
A. PPTP
A. L2TPExplanation
A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.Rate this question:
-
- 16.
You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer.
-
PPTP
-
IPSec
-
Kerberos
-
Certificate
Correct Answer
A. IPSecExplanation
Since the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.Rate this question:
-
- 17.
L2TP can work over which of the following networks? Choose all appropriate answers.
-
IP
-
IPX
-
SNA
-
None of the above
Correct Answer(s)
A. IP
A. IPX
A. SNAExplanation
L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP, IPX and SNA networks.Rate this question:
-
- 18.
Which of the following virus types can be transmitted via email? Choose two most common types that apply.
-
Worms
-
Trojan horse
-
Boot Record virus
-
EXE file virus
Correct Answer(s)
A. Worms
A. Trojan horseExplanation
Usually email attachments are documents, pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.Rate this question:
-
- 19.
When configuring antivirus for email, which of the following configurations must be applied? Choose two.
-
Scan before downloading
-
Scan before sending
-
Scan before opening
-
Scan after receiving
Correct Answer(s)
A. Scan before downloading
A. Scan before sendingExplanation
Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.Rate this question:
-
- 20.
Which of the following port numbers is used by SMTP?
-
25
-
26
-
27
Correct Answer
A. 25Explanation
SMTP service uses port number 25.Rate this question:
-
- 21.
Which of the following statements about an email server is/are true? Choose only answer(s) that apply
-
Verifies if destination domain is self or not before transmitting a mail
-
Verifies if recipient is from local domain or not before receiving an email
-
Verifies if email is infected or not
-
None of the above
Correct Answer(s)
A. Verifies if destination domain is self or not before transmitting a mail
A. Verifies if email is infected or notExplanation
Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.Rate this question:
-
- 22.
Which of the following statements regarding Infrared communication is true? Choose three.
-
It requires line of sight
-
It requires the same radio frequency at the transmitting and receiving end.
-
It is least secure.
-
Interception is possible if the tapping devices is also in the line of sight
-
Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices.
Correct Answer(s)
A. It requires line of sight
A. It is least secure.
A. Interception is possible if the tapping devices is also in the line of sightExplanation
Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.Rate this question:
-
- 23.
Which of the following statements about a Modem are true? Choose two.
-
It steps us AC voltage
-
It steps down DC voltage
-
It modulates and demodulates signals for the Computer and the telephone line.
-
It converts Analog signals to digital and vice versa.
Correct Answer(s)
A. It modulates and demodulates signals for the Computer and the telephone line.
A. It converts Analog signals to digital and vice versa.Explanation
As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC, it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.Rate this question:
-
- 24.
To which layer do the following communicating devices belong? Switch, Ethernet Card.
-
Physical layer
-
Datalink layer
-
Network Layer
-
None of the above
Correct Answer
A. Datalink layerExplanation
The mentioned devices� purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.Rate this question:
-
- 25.
Which of the following about the Stateful inspection firewall is true? Choose two.
-
It maintains a state table
-
It maintains a routing table
-
It functions on the network layer
-
It functions on the application layer.
Correct Answer(s)
A. It maintains a state table
A. It functions on the network layerExplanation
The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.Rate this question:
-
- 26.
Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.Rate this question:
-
- 27.
Which of the following firewall policies is most restrictive?
-
Any any
-
Deny all
-
Permit all
-
None of the above
Correct Answer
A. Deny allExplanation
The �deny all� is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the �deny all� statement.Rate this question:
-
- 28.
When faced with an outgoing packet, which of the following header components would a firewall look at first?
-
Protocol information
-
Source address
-
Destination address
-
No of bytes in the header
Correct Answer
A. Destination addressExplanation
The firewall will first look at the destination address.Rate this question:
-
- 29.
If you wish to allow the external users access your Web server you must block port number 110. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
If you wish to allow the external users access your Web server you must unblock port number 80.Rate this question:
-
- 30.
Which of the following can secure your internal server best, against external attacks? Choose all that apply.
-
Perform OS hardening by blocking all access to this server
-
Perform OS hardening by verify and terminating all un used service
-
Regularly check for unused usernames and disable or delete them.
-
Ensure you are running a vulnerability check on this server at regular intervals.
Correct Answer(s)
A. Perform OS hardening by verify and terminating all un used service
A. Regularly check for unused usernames and disable or delete them.
A. Ensure you are running a vulnerability check on this server at regular intervals.Explanation
The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.Rate this question:
-
- 31.
Which of the following is true about providing security to database servers? Choose two.
-
Do not host a database server on the same server as your web server.
-
Do not host a database server on a server based system
-
Employ a three-tier model
-
Employ a centralized administration model.
Correct Answer(s)
A. Do not host a database server on the same server as your web server.
A. Employ a three-tier modelExplanation
It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.Rate this question:
-
- 32.
To prevent internal Web servers from being accessed you must block TCP port 20. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
The port number 443 must also be blocked.Rate this question:
-
- 33.
Does NTFS provide file system security?
-
Yes
-
No
Correct Answer
A. YesExplanation
NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.Rate this question:
-
- 34.
Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two.
-
SHA is a security hash algorithm that is used with encryption protocols
-
Its latest version is SHA-1
-
None
Correct Answer(s)
A. SHA is a security hash algorithm that is used with encryption protocols
A. Its latest version is SHA-1Explanation
SHA is a security hash algorithm that is used with encryption protocols. Its latest version is SHA-1Rate this question:
-
- 35.
Which of the following is true about Public/Private key pairs? Choose two.
-
They form an essential part of Website security
-
They are used by Certificate security system
-
They are a pair of clear text passwords
-
They are obsolete.
Correct Answer(s)
A. They form an essential part of Website security
A. They are used by Certificate security systemExplanation
They forma an essential part of Web site security system, as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.Rate this question:
-
- 36.
RSA is the encryption system used in cellular devices. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
ECC is the encryption system used in cellular devices.Rate this question:
-
- 37.
What is the requirement for cryptography? Choose two.
-
To avoid unauthorized access of information being stored
-
To avoid unauthorized access of network resources
-
To avoid unauthorized access of information being transmitted.
-
To avoid unauthorized access of network servers
Correct Answer(s)
A. To avoid unauthorized access of information being stored
A. To avoid unauthorized access of information being transmitted.Explanation
Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.Rate this question:
-
- 38.
Which of the following will be required to perform Cryptanalysis? Choose three.
-
Mathematical tools
-
Analytical reasoning
-
Pattern finding
-
Mathematical reasoning
-
Advanced calculators
Correct Answer(s)
A. Mathematical tools
A. Analytical reasoning
A. Pattern findingExplanation
Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding, mathematical tools and analytical reasoning.Rate this question:
-
- 39.
In symmetric-key encryption, one key will be used for encryption and another will be used for decryption to provide maximum security. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
In symmetric-key encryption, one key will be used for encryption as well as decryption.Rate this question:
-
- 40.
Which of the following is an advantage of using conventional encryption?
-
It is the most secure
-
It is very fast
-
It is economical
-
None of the above
Correct Answer
A. It is very fastExplanation
When conventional encryption is used for stored data rather than the data being transmitted, encryption and decryption process can be very fast.Rate this question:
-
- 41.
The concept of public key cryptography was introduced by Diffie-Hellman. T/F?
-
True
-
False
Correct Answer
A. TrueExplanation
The issues with key distribution faced by conventional encryption, was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.Rate this question:
-
- 42.
Which of the following statements about Public Key Cryptography are true? Choose two.
-
You need to have a security setup configured on both the sending as well as the receiving ends to implement Public Key Cryptography.
-
You do not need an existing security setup
-
Public key can only encrypt and private key can only decrypt.
-
Public key can encrypt as well as decrypt, private key can only decrypt
-
None of the above
Correct Answer(s)
A. You do not need an existing security setup
A. Public key can only encrypt and private key can only decrypt.Explanation
The implementation of Public key cryptography does not need any existing security measure to be implemented. Public key can only encrypt and Private key can only decrypt.Rate this question:
-
- 43.
The keys are measured by bytes. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
Keys are measured by bits.Rate this question:
-
- 44.
Which of the following are the two key-based algorithms?
-
Symmetric algorithm
-
Asymmetric algorithm
-
128-bit key algorithm
-
1024-bit key algorithm
Correct Answer(s)
A. Symmetric algorithm
A. Asymmetric algorithmExplanation
There are two types of key-based algorithms. Depending on the key pair types they use, they can be categorized as symmetric or asymmetric algorithms.Rate this question:
-
- 45.
Which of the following types of cryptography is possible? Choose two.
-
Cryptography with keys
-
Cryptography without keys
-
Cryptography before encryption
-
Cryptography without encryption
Correct Answer(s)
A. Cryptography with keys
A. Cryptography without keysExplanation
Cryptography without encryption and before encryption is not cryptography at all. Cryptography is possible with keys and without keys. When used without keys, it will be using simple or complex substitution.Rate this question:
-
- 46.
Cryptography without keys is more secure than cryptography with keys. T/F?
-
True
-
False
Correct Answer
A. FalseExplanation
Cryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest, the data can be stolen along with the deciphering program.Rate this question:
-
- 47.
Which of the following is required by the cipher when it is important to maintain a message as a secret?
-
Generate one cipher text for that message
-
Generate at least 5 cipher text for that message
-
Generate several cipher text.
-
None of the above.
Correct Answer
A. Generate several cipher text.Explanation
To keep a message a secret it is required that the cipher must be able to generate several cipher text.Rate this question:
-
- 48.
Which of the following is the most common attack faced by the DES algorithm?
-
DoS
-
Brute force attack
-
Code attack
-
None of the above
Correct Answer
A. Brute force attackExplanation
Brute force attack is the most common attack faced by the DES algorithmRate this question:
-
- 49.
Differential cryptanalysis is nothing but pattern studying. T/F?
-
True
-
False
Correct Answer
A. TrueExplanation
Differential Cryptanalysis is nothing but pattern studying. It chooses a pair of plain text with specific differences.Rate this question:
-
Quiz Review Timeline (Updated): Jan 21, 2025 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Jan 21, 2025Quiz Edited by
ProProfs Editorial Team -
Dec 05, 2006Quiz Created by
Vaibhav Agarwal
Back to top