CompTIA Security+ Practice Exam- 2

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Vaibhav Agarwal
V
Vaibhav Agarwal
Community Contributor
Quizzes Created: 58 | Total Attempts: 623,913
| Attempts: 14,948
SettingsSettings
Please wait...
  • 1/81 Questions

    Which of the following is the best method of making a new employee aware of security policies of the organization?

    • Make security policies awareness a part of the induction program for new employees
    • Make security policies an appendix to the appointment letter
    • Interview the employee for his/her level of awareness of security policies before you appoint him/her.
    • None of the above.
Please wait...
About This Quiz

Full length Comptia Security+ Practice Exam. This is the second free mock exam at Proprofs. We suggest you do this exam after completing the free Security+ practice question available on the site. Take this exam like the real exam to see if you are completly prepared for the real exam. This FREE online Security+ practice test will help you pass by familiarizing you with the material and the ensuring that you know the structure of the Security+ test. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.

CompTIA Security+ Practice Exam- 2 - Quiz

Quiz Preview

  • 2. 

    Which of the following can be referred to as public level data?

    • Web site

    • Intranet site

    • Confidential

    • None of the above

    Correct Answer
    A. Web site
    Explanation
    All information hosted on a web site is usually available for public users and hence can be categorized as public level data

    Rate this question:

  • 3. 

    Does NTFS provide file system security?

    • Yes

    • No

    Correct Answer
    A. Yes
    Explanation
    NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

    Rate this question:

  • 4. 

    Larger the number of bits in a key, higher is the risk of unauthorized decryption. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Larger the number of bits in a key, more complex it is to decrypt a message.

    Rate this question:

  • 5. 

    Which of the following would ensure that the level of vulnerabilities on the server be reduced?

    • Apply relevant patches as and when required

    • Do away with antivirus if proper updating is not possible

    • Ensure the server is using proper network drivers

    • None of the above

    Correct Answer
    A. Apply relevant patches as and when required
    Explanation
    Applying correct version of patches and applying it as and when required will secure the server to a great extent and reduce on vulnerabilities.

    Rate this question:

  • 6. 

    Which of the following policies will define the rules for user account creation and password creation?

    • Business policies

    • Security policies

    • Organizational policies

    • None of the above

    Correct Answer
    A. Security policies
    Explanation
    User account and password must be so created and maintained that it must be very difficult for a hacker to guess and break in to the network. Hence these will be governed by the security policies.

    Rate this question:

  • 7. 

    To prevent News servers from being accessed you must block TCP port 21. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    The port number 119 must also be blocked.

    Rate this question:

  • 8. 

    Gas based fire suppressants are more safe then the water based fire suppressants on a network site. T/F?

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Gas based fire suppressants can not only put off various sources of fire, it will also not cause the damage that water based suppressant would possibly do on a network site.

    Rate this question:

  • 9. 

    Which of the following port numbers is used by POP3?

    • 25

    • 20

    • 110

    • 119

    Correct Answer
    A. 110
    Explanation
    POP3 uses port number 110.

    Rate this question:

  • 10. 

    Which of the following could give rise to DoS on the destination end of the command?

    • Ftp

    • Ping

    • IPCONFIG

    • Trace

    Correct Answer
    A. Ping
    Explanation
    Putting the ping command on a continuous loop to a given destination IP address can cause that destination end system to hang thus causing the DoS state.

    Rate this question:

  • 11. 

    Which of the following is the best way to secure sensitive data on the server?

    • Block all access to servers that store sensitive data

    • Ensure these servers are not visible on the network

    • Encrypt sensitive information on the server

    • None of the above

    Correct Answer
    A. Encrypt sensitive information on the server
    Explanation
    The best way to secure stored information on the server is to encrypt the sensitive information by using complex algorithms and securing the passwords and making it inaccessible to hackers.

    Rate this question:

  • 12. 

    If you require a 24/7 availability in case of disaster, which of the following would be an ideal solution for you?

    • Server clustering

    • Hot site

    • File server mirroring

    • None of the above

    Correct Answer
    A. Hot site
    Explanation
    Hot site is an alternate or a mirror site available for backup and DRP testing.

    Rate this question:

  • 13. 

    Which of the following can ensure that eavesdropping does not occur on wireless LANs?

    • Encrypting passwords

    • Encrypting usernames

    • Encrypting data

    • Encrypting data as well as passwords.

    Correct Answer
    A. Encrypting data as well as passwords.
    Explanation
    If it is practical and achievable on the network, the best way to implement security on Wireless LAns would be to encrypt passwords as well as data.

    Rate this question:

  • 14. 

    Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as Eavesdropping. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as �IP Masquerading� or �Spoofing�.

    Rate this question:

  • 15. 

    If you were implementing a network that required users to be assigned certificates for authentication, which of the following services would be most important?

    • Certificate Service

    • IIS

    • RAS

    • None of the above

    Correct Answer
    A. Certificate Service
    Explanation
    Certificate service will be responsible for generating and maintaining certificates.

    Rate this question:

  • 16. 

    If you have implemented a FTP server in your network and you would wish to secure this service so that no external user will be able perform FTP and obtain secure data, which of the following would you ensure?

    • Block port numbers 20 and 21 on the external interface for incoming connections

    • Block port numbers 20 and 21 on the internal interface.

    • Block port numbers 67 and 68 on the external interface for incoming connections

    • Block port numbers 67 and 68 on the internal interface

    Correct Answer
    A. Block port numbers 20 and 21 on the external interface for incoming connections
    Explanation
    Blocking port numbers 20 and 21 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the FTP service.

    Rate this question:

  • 17. 

    Which of the following services is capable of hiding internal network IP addresses?

    • Proxy

    • RAS

    • DNS

    • DHCP

    Correct Answer
    A. Proxy
    Explanation
    Proxy, firewall and Router are all capable of Network Address Translation (NAT). NAT helps to hide internal network IP addresses from the external world.

    Rate this question:

  • 18. 

    Which of the following protocols will the Circuit-level filtering firewall relate to? Choose two

    • UDP

    • TCP

    • FTP

    Correct Answer(s)
    A. UDP
    A. TCP
    Explanation
    Circuit level filtering firewall relates to transport/session layers and will hence relate to TCP and UDP. It can make up for the shortcomings of the ultra-simple UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

    Rate this question:

  • 19. 

    Which of the following is the correct authority to decide on the firewall design policy?

    • Administrator

    • Business owner

    • User

    • Government policies.

    Correct Answer
    A. Administrator
    Explanation
    Based on the network policy and the access policy the administrator will be required to design an accurate firewall policy. The Government will have no role to play here.

    Rate this question:

  • 20. 

    Which of the following is the function of IETF?

    • Setup networking standards

    • Propose and develop standards relating to computers, networks and Internet

    • Review security policies for banks

    • None of the above.

    Correct Answer
    A. Propose and develop standards relating to computers, networks and Internet
    Explanation
    IETF (Internet Engineering Task Force) is responsible for proposing and developing standards relating to computers, networks and the Internet.

    Rate this question:

  • 21. 

    Which of the following devices use Infrared? Choose three.

    • Small range LAN

    • Remote control devices

    • Advanced cellular devices

    • Refrigerators

    Correct Answer(s)
    A. Small range LAN
    A. Remote control devices
    A. Advanced cellular devices
    Explanation
    Small range LAN that can afford placement of devices within line of sight may go in for Infrared communication. Remote control devices such as television or home theater sets do also use Infrared. Advanced cellular devices use Infrared for data transfer between themselves and PCs or Printers.

    Rate this question:

  • 22. 

    Define a threat.

    • It is the probable action when taken can harm the organization assets.

    • It is the probable analysis when fails can damage company assets

    • It is the action that will take place to damage the company assets.

    • None of the above

    Correct Answer
    A. It is the probable action when taken can harm the organization assets.
    Explanation
    A threat is a probability of an action that will damage the assets of the organization when and if it occurs. It is not a surety of that action in itself.

    Rate this question:

  • 23. 

    MS-CHAP is abbreviation for Most Secure � Challenge Handshake Authentication Protocol. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    MS-CHAP is abbreviation for Microsoft Challenge Handshake Authentication Protocol.

    Rate this question:

  • 24. 

    ECC and diffe-Hellman are both asymmetric using public/private keys. T/F?

    • True

    • False

    Correct Answer
    A. True
    Explanation
    ECC, RSA, Diffie-Hellman, and El Gamal are all asymmetric systems using public/private keys

    Rate this question:

  • 25. 

    If you required a dedicated service to authenticate remote users on your network, which of the following would you choose?

    • RAS

    • DHCP

    • HTTP

    • RADIUS

    Correct Answer
    A. RADIUS
    Explanation
    RADIUS (Remote Access Dial In User Service) is meant for authenticating remote users on a network.

    Rate this question:

  • 26. 

    Which of the following is true about a three-tier model? Choose two.

    • In this model the Database server is the core component.

    • In this model, the database client is the core component.

    • This is the most secure model for a database server.

    • This is the least secure model for hosting a database server.

    Correct Answer(s)
    A. In this model the Database server is the core component.
    A. This is the most secure model for a database server.
    Explanation
    In a three-tier model, the client is the superficial component, the middle server provides the required security and the database server forms the core component. Since the middle level server receives client requests first and then passes it on to the database server, the database server is not directly exposed to the client and is hence the most secure way of hosting the web server.

    Rate this question:

  • 27. 

    The key size in RC5 can range from 0 to 255. Y/N?

    • Yes

    • No

    Correct Answer
    A. No
    Explanation
    The number of rounds can range from 0-255 whereas the key size will range from 0-2040 bits.

    Rate this question:

  • 28. 

    Which of the following firewall policies is least restrictive?

    • Any any

    • Deny all

    • Permit any

    • None of the above

    Correct Answer
    A. Permit any
    Explanation
    The �Permit any� is the most restrictive statement that can be defined in the firewall. This statement should not be configured on the top of the list ideally as it will over rule any other restriction that may follow this statement.

    Rate this question:

  • 29. 

    Digital signatures, apart from establishing identity, provide which of the following?

    • Data integrity

    • Data security

    • Data encryption

    • None of the above

    Correct Answer
    A. Data integrity
    Explanation
    Digital signatures help to establish that data was not modified during the transmission, hence helping in establishing data integrity.

    Rate this question:

  • 30. 

    Which of the following backup is slowest to restore ?

    • Differential backup

    • Incremental backup

    • Full backup

    • None of the above

    Correct Answer
    A. Incremental backup
    Explanation
    Incremental is the fastest of the backup methods (since only files that have been modified since last full back up are backed up) , but the slowest of the restore methods.

    Rate this question:

  • 31. 

    Packet filtering firewall will operate Application layer of the OSI reference model. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Packet filtering firewall operates on the network layer of the OSI reference model.

    Rate this question:

  • 32. 

    In Public-key cryptography, one key is used for encryption as well as decryption. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    In Public-key cryptography, Public key is used for encryption and Private key is used for decryption.

    Rate this question:

  • 33. 

    Which of the following can be enabled to issue certificates in a network that requires Certificates for security? Choose two.

    • Certificate Server

    • Administrator

    • Owner

    • Third party Certificate Server

    Correct Answer(s)
    A. Certificate Server
    A. Third party Certificate Server
    Explanation
    The Certificate Server component that is hosting the Certificate service is responsible for generating certificates. This Certificate Server can be local to the network or can be a third party Certification authority.

    Rate this question:

  • 34. 

    Which of the following are symmetric algorithms? Choose two.

    • Stream Cipher

    • Block Cipher

    • Caesar�s Cipher

    • None of the above

    Correct Answer(s)
    A. Stream Cipher
    A. Block Cipher
    Explanation
    There is no such algorithm as Caesar�s Cipher. Symmetric algorithm can be categorized into two: Stream and block.

    Rate this question:

  • 35. 

    Which of the following can help with Web Server hardening? Choose all that apply.

    • Web servers should not have most restrictive permissions on resources that need not be accessible to the external user.

    • Web servers should have most restrictive permissions on resources that need not be accessible to the external user.

    • Verifying that only relevant resources can be accessible through URLs

    • Verify if all services have been updated with latest patches or service packs.

    • None of the above

    Correct Answer(s)
    A. Web servers should have most restrictive permissions on resources that need not be accessible to the external user.
    A. Verifying that only relevant resources can be accessible through URLs
    A. Verify if all services have been updated with latest patches or service packs.
    Explanation
    To harden the Web server, it is essential that all services running on the server be updated with latest patches as and when required. Resources that should not be accessible to the external user must have the most restrictive permissions. Static files and other resources that are not relevant to external users must not be accessible through URLs.

    Rate this question:

  • 36. 

    3DES is much faster than DES. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    3DES is a variation of DES and is much slower.

    Rate this question:

  • 37. 

    Which of the following can be a problem for database server security? Choose two

    • A skillful but non-trust worthy administrator

    • An amateur administrator

    • Server that is not fully equipped to handle network load

    • Network that cannot support required data transfer speed

    Correct Answer(s)
    A. A skillful but non-trust worthy administrator
    A. An amateur administrator
    Explanation
    A skillful but non-trust worthy administrator is a potential source for data leakage. An amateur administrator may not assign the access permission as and how required, which is also goes against he security of the database server.

    Rate this question:

  • 38. 

    If you wish to carry bulk data from one site to another but your data line does not support the required kind of transfer, which of the following is your solution?

    • Write into a CD ROM

    • Perform FTP

    • Copy it into several floppies

    • None of the above

    Correct Answer
    A. Write into a CD ROM
    Explanation
    When bulk data needs to be transferred between sites, it is ideal to write it into a CD ROM drive and carry the same.

    Rate this question:

  • 39. 

    While assigning access privilege using the RBAC model, which of the following will you be needing?

    • Responsibilities attached to the role played by the user

    • Access Control list

    • Resource list

    • User Database

    Correct Answer
    A. Responsibilities attached to the role played by the user
    Explanation
    The mandatory information required while assigning privilege access in the RBAC model would be the responsibilities attached to the role in the organization that the user has assumed.

    Rate this question:

  • 40. 

    Which of the following would indicate that the Web Server in your organization has been subjected to the DoS attack? Choose the best answer.

    • The servers� behavior would be erratic.

    • The user would not be able to access the Web Server.

    • All resources attached to the Web Server would stop functioning

    • The entire network stops functioning.

    Correct Answer
    A. The user would not be able to access the Web Server.
    Explanation
    As the name suggests, the services or the access to resources may be denied. This is not to say that the resources will themselves stop functioning. Any user who is currently logging in may be denied authentication, or users who are already logged in may not have resources available to them. The entire network connected to the Web Server cannot stop functioning as the network is usually hidden behind the firewall and will not be accessible to the outside world.

    Rate this question:

  • 41. 

    Which of the following is required for a brute force attack?

    • A specific configuration system meant for these attacks

    • A server configuration system at least

    • A general purpose daily use computer with usual configuration

    • None of the above

    Correct Answer
    A. A general purpose daily use computer with usual configuration
    Explanation
    To exercise brute force attack you will need just a usual configuration computer that is being used everyday by regular users.

    Rate this question:

  • 42. 

    Which of the following statements relating to Digital signatures are true? Choose two.

    • It is ideal security for emails

    • It can be used for Identification establishment.

    • It is an encryption method

    • It is an encryption standard

    Correct Answer(s)
    A. It is ideal security for emails
    A. It can be used for Identification establishment.
    Explanation
    It is ideally meant to establish Identity of the sender and receiver of the information and not to encrypt the information. The most practical implementation of digital signatures would be in emails. It is not any encryption standard.

    Rate this question:

  • 43. 

    Which of the following statements about the MDA (Message Digest algorithm) are true? Choose two.

    • It offers 128-bit hash

    • It offers 256-bit hash

    • Its latest version is MD#5

    • Its latest version is MD#1

    Correct Answer(s)
    A. It offers 128-bit hash
    A. Its latest version is MD#5
    Explanation
    MDA is also a hash algorithm that can be used during encryption. It provides 128-bit hash. Its latest version is MD#5.

    Rate this question:

  • 44. 

    Which of the following is/are the firewall capable of? Choose two.

    • NAT

    • PAT

    • MAC

    • DAC

    Correct Answer(s)
    A. NAT
    A. PAT
    Explanation
    The firewall is capable of Nat (Network Address Translation) as well as PAT (Port Address Translation).
    MAC is an addressing scheme and DAC is Digital to Analog conversion, which the firewall is not capable of.

    Rate this question:

  • 45. 

    Cryptography without keys is simpler to use than cryptography with keys. T/F?

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Since Cryptography without keys will require just one enciphering program and one deciphering program it may not be as resource intensive as cryptography with keys and may be simpler to implement than cryptography with keys.

    Rate this question:

  • 46. 

    Every user must be aware of security solutions employed on the network. T/F?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Every user must be transparent to the security solutions employed on the network

    Rate this question:

  • 47. 

    Which of the following is true about Ciphertext? Choose three.

    • It is a result of strong cryptography

    • It is a result of weak cryptography

    • It makes it impossible to retrieve clear text without the help of correct decoding tools.

    • It makes it impossible to retrieve clear text.

    • Requires extensive computing capability to decode.

    Correct Answer(s)
    A. It is a result of strong cryptography
    A. It makes it impossible to retrieve clear text without the help of correct decoding tools.
    A. Requires extensive computing capability to decode.
    Explanation
    Ciphertext is a result of strong cryptography. It is meant to be so complex that it is impossible to decode without appropriate decoding tools in spite of using extensive computing capabilities.

    Rate this question:

  • 48. 

    Which of the following devices may require a modem for WAN communication? Choose two.

    • PC

    • Routers

    • Switches

    • None of the above.

    Correct Answer(s)
    A. PC
    A. Routers
    Explanation
    Connecting a modem to the switch is the same as connecting it to the PC. Switch is a transparent device on the network and is not intelligent enough to independently drive a modem to perform any function. The PC and the router require a modem for dial up or leased line connectivity to the WAN.

    Rate this question:

  • 49. 

    Which of the following is true about the RADIUS server?

    • It needs an independent administrator

    • It can be managed by the central administrator

    • It needs to be configured on the central server

    • None of the above

    Correct Answer
    A. It can be managed by the central administrator
    Explanation
    The RADIUS server can be managed by the central administrator or by the administrator who manages the other servers. It need not be configured on the Central server to be centrally manged.

    Rate this question:

Quiz Review Timeline (Updated): Mar 22, 2022 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2022
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 07, 2006
    Quiz Created by
    Vaibhav Agarwal
Back to Top Back to top
Advertisement