CompTIA Security+ Practice Exam- 2
(179).jpg "CompTIA Security+ Practice Exam- 2 - Quiz")
Full length Comptia Security+ Practice Exam. This is the second free mock exam at Proprofs. We suggest you do this exam after completing the free Security+ practice question available on the site. Take this exam like the real exam to see if you are completly prepared for the real exam. This FREE online Security+ practice test will help you pass by familiarizing you with the material and the ensuring that you know the structure of the Security+ test. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to Read morereflect the final exam.
- 1.
You have created a folder on your server that will be holding confidential data. You wish to assign privilege access to the same. You will be choosing which of the following control systems?
- A.
Mandatory Access Control
- B.
Discretionary Access Control
- C.
Role Based Access Control
- D.
Any of the above
Correct Answer
B. Discretionary Access ControlExplanation
System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.Rate this question:
-
- 2.
While assigning access privilege using the RBAC model, which of the following will you be needing?
- A.
Responsibilities attached to the role played by the user
- B.
Access Control list
- C.
Resource list
- D.
User Database
Correct Answer
A. Responsibilities attached to the role played by the userExplanation
The mandatory information required while assigning privilege access in the RBAC model would be the responsibilities attached to the role in the organization that the user has assumed.Rate this question:
-
- 3.
Which of the following statements about password encryption is true? Choose all that apply.
- A.
PAP allows maximum security
- B.
CHAP allows maximum security
- C.
PAP is a two-way handshake
- D.
CHAP is a three-way handshake.
Correct Answer(s)
B. CHAP allows maximum security
C. PAP is a two-way handshake
D. CHAP is a three-way handshake.Explanation
Password encryption allows for security during authentication. PAP is a two-way handshake that is least secure. CHAP is a three-way handshake that is most secure.Rate this question:
-
- 4.
Certificates can be assigned to which of the following? Choose all that apply
- A.
User
- B.
Computer
- C.
Web site
- D.
Operating System
Correct Answer(s)
A. User
B. Computer
C. Web siteExplanation
User, Computer as well as Websites need to be certified as �secure� by a third party at times depending on the scenario. Hence assigning certificates to any of these objects can improve the credibility of that individual object.Rate this question:
-
- 5.
Which of the following about the Kerberos system is true? Choose all that apply.
- A.
Kerberos is ideal for WAN security
- B.
Kerberos uses a ticket to attach credentials to users.
- C.
Kerberos needs a certificate authority to be present in the network
- D.
Kerberos is ideally meant for LAN
Correct Answer(s)
B. Kerberos uses a ticket to attach credentials to users.
D. Kerberos is ideally meant for LANExplanation
Kerberos is ideally meant for LAN security. It uses tickets to assign credentials to users who need to be authenticated to the LAN and then need to use the network resources.Rate this question:
-
- 6.
Which of the following is true about the Certificates? Choose all that apply.
- A.
A Certificate can be issued by a third party only.
- B.
A Certificate enhances the credibility of the end object to which it has been assigned.
- C.
A Certificate when assigned to a user enhances user access permissions on the network resources for that user.
- D.
A Certificate requires a Certification authority to be generated.
- E.
A Certificate is used for secure authentication.
Correct Answer(s)
B. A Certificate enhances the credibility of the end object to which it has been assigned.
D. A Certificate requires a Certification authority to be generated.
E. A Certificate is used for secure authentication.Explanation
A Certificate is ideally used for secure authentication. Whenever a Certificate has been assigned to a User, Computer or a Web site, it enhances the credibility for that individual object of reference and makes it easy for the other communicating end to trust this user, computer or web site. A Certificate need not be assigned only by a third party. You may configure a Certificate Server in your network that is capable of generating Certificates. But a third party verification is always better trusted as it is unbiased.Rate this question:
-
- 7.
Which of the following can be enabled to issue certificates in a network that requires Certificates for security? Choose two.
- A.
Certificate Server
- B.
Administrator
- C.
Owner
- D.
Third party Certificate Server
Correct Answer(s)
A. Certificate Server
D. Third party Certificate ServerExplanation
The Certificate Server component that is hosting the Certificate service is responsible for generating certificates. This Certificate Server can be local to the network or can be a third party Certification authority.Rate this question:
-
- 8.
If you wanted to provide a user limited access to network, which of the following authentication methods would you use? Choose the best answer.
- A.
Username/Password
- B.
Smart Card
- C.
Certificate
- D.
Token
Correct Answer
C. CertificateExplanation
Smart Card and token are not the correct choices here. Username/Password could have been considered if the option also carried the term �with limited permissions�, but since that is not he case the ideal choice here would be the Certificate. Certificates allow the user to roam the network but with limited access.Rate this question:
-
- 9.
MS-CHAP is abbreviation for Most Secure � Challenge Handshake Authentication Protocol. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
MS-CHAP is abbreviation for Microsoft Challenge Handshake Authentication Protocol.Rate this question:
-
- 10.
If you were implementing a network that required users to be assigned certificates for authentication, which of the following services would be most important?
- A.
Certificate Service
- B.
IIS
- C.
RAS
- D.
None of the above
Correct Answer
A. Certificate ServiceExplanation
Certificate service will be responsible for generating and maintaining certificates.Rate this question:
-
- 11.
Which of the following services is capable of hiding internal network IP addresses?
- A.
Proxy
- B.
RAS
- C.
DNS
- D.
DHCP
Correct Answer
A. ProxyExplanation
Proxy, firewall and Router are all capable of Network Address Translation (NAT). NAT helps to hide internal network IP addresses from the external world.Rate this question:
-
- 12.
Which of the following can ensure that eavesdropping does not occur on wireless LANs?
- A.
Encrypting passwords
- B.
Encrypting usernames
- C.
Encrypting data
- D.
Encrypting data as well as passwords.
Correct Answer
D. Encrypting data as well as passwords.Explanation
If it is practical and achievable on the network, the best way to implement security on Wireless LAns would be to encrypt passwords as well as data.Rate this question:
-
- 13.
Which of the following could give rise to DoS on the destination end of the command?
- A.
Ftp
- B.
Ping
- C.
IPCONFIG
- D.
Trace
Correct Answer
B. PingExplanation
Putting the ping command on a continuous loop to a given destination IP address can cause that destination end system to hang thus causing the DoS state.Rate this question:
-
- 14.
Which of the following would indicate that the Web Server in your organization has been subjected to the DoS attack? Choose the best answer.
- A.
The servers� behavior would be erratic.
- B.
The user would not be able to access the Web Server.
- C.
All resources attached to the Web Server would stop functioning
- D.
The entire network stops functioning.
Correct Answer
B. The user would not be able to access the Web Server.Explanation
As the name suggests, the services or the access to resources may be denied. This is not to say that the resources will themselves stop functioning. Any user who is currently logging in may be denied authentication, or users who are already logged in may not have resources available to them. The entire network connected to the Web Server cannot stop functioning as the network is usually hidden behind the firewall and will not be accessible to the outside world.Rate this question:
-
- 15.
Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as Eavesdropping. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as �IP Masquerading� or �Spoofing�.Rate this question:
-
- 16.
Which of the following protocol helps to address and IP multicast group?
- A.
ICMP
- B.
IGMP
- C.
IGRP
- D.
EIGRP
Correct Answer
B. IGMPExplanation
IGRP and EIGRP are routing protocols. ICMP is responsible for path determination. IGMP is responsible for maintaining IP multicast group information.Rate this question:
-
- 17.
To transfer mails between email servers and client of the same domain you would require POP3 service. T/F?
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
POP3 (Post office Protocol) is a mail retrieval protocol that helps the client to retrieve mails from the mail server.Rate this question:
-
- 18.
Which of the following protocols is used for connecting UNIX hosts or terminals?
- A.
PPP
- B.
RS232
- C.
SLIP
- D.
V35
Correct Answer
C. SLIPExplanation
PPP and SLIP are the only two protocols mentioned. The other two are related to standards and not protocols. SLIP is the protocol used in UNIX networks.Rate this question:
-
- 19.
If you required a dedicated service to authenticate remote users on your network, which of the following would you choose?
- A.
RAS
- B.
DHCP
- C.
HTTP
- D.
RADIUS
Correct Answer
D. RADIUSExplanation
RADIUS (Remote Access Dial In User Service) is meant for authenticating remote users on a network.Rate this question:
-
- 20.
Which of the following is true about the RADIUS server?
- A.
It needs an independent administrator
- B.
It can be managed by the central administrator
- C.
It needs to be configured on the central server
- D.
None of the above
Correct Answer
B. It can be managed by the central administratorExplanation
The RADIUS server can be managed by the central administrator or by the administrator who manages the other servers. It need not be configured on the Central server to be centrally manged.Rate this question:
-
- 21.
Which of the following port numbers is used by POP3?
- A.
25
- B.
20
- C.
110
- D.
119
Correct Answer
C. 110Explanation
POP3 uses port number 110.Rate this question:
-
- 22.
Which of the following statements about the email client is/are true? Choose only answer(s) that apply.
- A.
An email client can retrieve mails only from an email server
- B.
An email client needs a retrieval protocol as well as an email application
- C.
It is mandatory that emails are scanned if an email client has to be operational
- D.
None of the above
Correct Answer(s)
A. An email client can retrieve mails only from an email server
B. An email client needs a retrieval protocol as well as an email applicationExplanation
An email client application usually has the client component that is configured with a protocol (POP3) for retrieving mails from an email server.Rate this question:
-
- 23.
Which of the following is true about cellular communication? Choose three.
- A.
It uses radio frequency for main communication.
- B.
Advanced phones use Infrared for data transfer.
- C.
Its reception/transmission range will depend upon the service providers� signal strength
- D.
Its reception/transmission range will depend upon the cellular devices� signal strength
Correct Answer(s)
A. It uses radio frequency for main communication.
B. Advanced phones use Infrared for data transfer.
C. Its reception/transmission range will depend upon the service providers� signal strengthExplanation
Cellular phones mainly communicate on radio frequency. The range of reception and transmission will depend upon the number of towers as well as the signal strength provided by the cellular service provider. Advanced cellular devices have data transfer feature that can be used with PCs or printers that are Infrared enabled.Rate this question:
-
- 24.
Which of the following devices may require a modem for WAN communication? Choose two.
- A.
PC
- B.
Routers
- C.
Switches
- D.
None of the above.
Correct Answer(s)
A. PC
B. RoutersExplanation
Connecting a modem to the switch is the same as connecting it to the PC. Switch is a transparent device on the network and is not intelligent enough to independently drive a modem to perform any function. The PC and the router require a modem for dial up or leased line connectivity to the WAN.Rate this question:
-
- 25.
Which of the following layers is responsible for assigning the correct standard of signal strength to the communicating devices?
- A.
Physical layer
- B.
Datalink layer
- C.
Network Layer
- D.
None of the above
Correct Answer
A. Physical layerExplanation
The responsibility of the physical layer is to assign correct standards of physical connection as well as the signal strengths required for operation.Rate this question:
-
- 26.
Which of the following devices use Infrared? Choose three.
- A.
Small range LAN
- B.
Remote control devices
- C.
Advanced cellular devices
- D.
Refrigerators
Correct Answer(s)
A. Small range LAN
B. Remote control devices
C. Advanced cellular devicesExplanation
Small range LAN that can afford placement of devices within line of sight may go in for Infrared communication. Remote control devices such as television or home theater sets do also use Infrared. Advanced cellular devices use Infrared for data transfer between themselves and PCs or Printers.Rate this question:
-
- 27.
Routers perform filtering based on which of the following?
- A.
Information presented by the Access List.
- B.
Information presented by the routing table.
- C.
Information presented by the header information of the incoming packets.
- D.
Information presented by the header information of the outgoing packets.
Correct Answer
A. Information presented by the Access List.Explanation
Filtering can be performed only if certain rules for filtering is decided upon. These rules or conditions for filtering are available in the Access List in case of the routers. The routing table or the header information of packets on their own cannot present any information that is required for filtering.Rate this question:
-
- 28.
Which of the following is/are the firewall capable of? Choose two.
- A.
NAT
- B.
PAT
- C.
MAC
- D.
DAC
Correct Answer(s)
A. NAT
B. PATExplanation
The firewall is capable of Nat (Network Address Translation) as well as PAT (Port Address Translation).
MAC is an addressing scheme and DAC is Digital to Analog conversion, which the firewall is not capable of.Rate this question:
-
- 29.
Which of the following protocols will the Circuit-level filtering firewall relate to? Choose two
- A.
UDP
- B.
TCP
- C.
FTP
Correct Answer(s)
A. UDP
B. TCPExplanation
Circuit level filtering firewall relates to transport/session layers and will hence relate to TCP and UDP. It can make up for the shortcomings of the ultra-simple UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.Rate this question:
-
- 30.
Packet filtering firewall will operate Application layer of the OSI reference model. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Packet filtering firewall operates on the network layer of the OSI reference model.Rate this question:
-
- 31.
Which of the following is the correct authority to decide on the firewall design policy?
- A.
Administrator
- B.
Business owner
- C.
User
- D.
Government policies.
Correct Answer
A. AdministratorExplanation
Based on the network policy and the access policy the administrator will be required to design an accurate firewall policy. The Government will have no role to play here.Rate this question:
-
- 32.
Which of the following firewall policies is least restrictive?
- A.
Any any
- B.
Deny all
- C.
Permit any
- D.
None of the above
Correct Answer
C. Permit anyExplanation
The �Permit any� is the most restrictive statement that can be defined in the firewall. This statement should not be configured on the top of the list ideally as it will over rule any other restriction that may follow this statement.Rate this question:
-
- 33.
When faced with an incoming packet, which of the following header components would a firewall look at first?
- A.
Protocol information
- B.
Source address
- C.
Destination address
- D.
No of bytes in the header
Correct Answer
B. Source addressExplanation
The firewall will first look at the source address to verify which network has sent the packet and then see if any firewall restriction is applicable to this packet.Rate this question:
-
- 34.
If you have implemented a FTP server in your network and you would wish to secure this service so that no external user will be able perform FTP and obtain secure data, which of the following would you ensure?
- A.
Block port numbers 20 and 21 on the external interface for incoming connections
- B.
Block port numbers 20 and 21 on the internal interface.
- C.
Block port numbers 67 and 68 on the external interface for incoming connections
- D.
Block port numbers 67 and 68 on the internal interface
Correct Answer
A. Block port numbers 20 and 21 on the external interface for incoming connectionsExplanation
Blocking port numbers 20 and 21 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the FTP service.Rate this question:
-
- 35.
If you wish to block the external users from accessing your Mail server you must block port number 110. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
If you wish to block the external users from accessing your Mail server you must block port number 25.Rate this question:
-
- 36.
Which of the following can help with Web Server hardening? Choose all that apply.
- A.
Web servers should not have most restrictive permissions on resources that need not be accessible to the external user.
- B.
Web servers should have most restrictive permissions on resources that need not be accessible to the external user.
- C.
Verifying that only relevant resources can be accessible through URLs
- D.
Verify if all services have been updated with latest patches or service packs.
- E.
None of the above
Correct Answer(s)
B. Web servers should have most restrictive permissions on resources that need not be accessible to the external user.
C. Verifying that only relevant resources can be accessible through URLs
D. Verify if all services have been updated with latest patches or service packs.Explanation
To harden the Web server, it is essential that all services running on the server be updated with latest patches as and when required. Resources that should not be accessible to the external user must have the most restrictive permissions. Static files and other resources that are not relevant to external users must not be accessible through URLs.Rate this question:
-
- 37.
Which of the following is true about a three-tier model? Choose two.
- A.
In this model the Database server is the core component.
- B.
In this model, the database client is the core component.
- C.
This is the most secure model for a database server.
- D.
This is the least secure model for hosting a database server.
Correct Answer(s)
A. In this model the Database server is the core component.
C. This is the most secure model for a database server.Explanation
In a three-tier model, the client is the superficial component, the middle server provides the required security and the database server forms the core component. Since the middle level server receives client requests first and then passes it on to the database server, the database server is not directly exposed to the client and is hence the most secure way of hosting the web server.Rate this question:
-
- 38.
To prevent News servers from being accessed you must block TCP port 21. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
The port number 119 must also be blocked.Rate this question:
-
- 39.
Does NTFS provide file system security?
- A.
Yes
- B.
No
Correct Answer
A. YesExplanation
NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.Rate this question:
-
- 40.
Which of the following statements about the MDA (Message Digest algorithm) are true? Choose two.
- A.
It offers 128-bit hash
- B.
It offers 256-bit hash
- C.
Its latest version is MD#5
- D.
Its latest version is MD#1
Correct Answer(s)
A. It offers 128-bit hash
C. Its latest version is MD#5Explanation
MDA is also a hash algorithm that can be used during encryption. It provides 128-bit hash. Its latest version is MD#5.Rate this question:
-
- 41.
Which of the following can RSA be used for? Choose two.
- A.
Encryption
- B.
Digital signatures
- C.
Certificates
- D.
Tokens
Correct Answer(s)
A. Encryption
B. Digital signaturesExplanation
RSA can be used for Encryption and Digital signatures. It is not relevant to certificates and tokens.Rate this question:
-
- 42.
Which of the following statements relating to Digital signatures are true? Choose two.
- A.
It is ideal security for emails
- B.
It can be used for Identification establishment.
- C.
It is an encryption method
- D.
It is an encryption standard
Correct Answer(s)
A. It is ideal security for emails
B. It can be used for Identification establishment.Explanation
It is ideally meant to establish Identity of the sender and receiver of the information and not to encrypt the information. The most practical implementation of digital signatures would be in emails. It is not any encryption standard.Rate this question:
-
- 43.
ECC and diffe-Hellman are both asymmetric using public/private keys. T/F?
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
ECC, RSA, Diffie-Hellman, and El Gamal are all asymmetric systems using public/private keysRate this question:
-
- 44.
Which of the following relate to information or message integrity? Choose two.
- A.
Prevent information modification during transmission.
- B.
Verification through check sum algorithms.
- C.
Verification through authentication
- D.
Verification through digital signatures.
Correct Answer(s)
A. Prevent information modification during transmission.
B. Verification through check sum algorithms.Explanation
Message integrity ensures that he message being transmitted is not being modified enroute. To ensure this, a checksum algorithm may be employed at the sending and the receiving end to ensure the message being sent is received in tact.Rate this question:
-
- 45.
Which of the following is the function of IETF?
- A.
Setup networking standards
- B.
Propose and develop standards relating to computers, networks and Internet
- C.
Review security policies for banks
- D.
None of the above.
Correct Answer
B. Propose and develop standards relating to computers, networks and InternetExplanation
IETF (Internet Engineering Task Force) is responsible for proposing and developing standards relating to computers, networks and the Internet.Rate this question:
-
- 46.
Which of the following is true about Ciphertext? Choose three.
- A.
It is a result of strong cryptography
- B.
It is a result of weak cryptography
- C.
It makes it impossible to retrieve clear text without the help of correct decoding tools.
- D.
It makes it impossible to retrieve clear text.
- E.
Requires extensive computing capability to decode.
Correct Answer(s)
A. It is a result of strong cryptography
C. It makes it impossible to retrieve clear text without the help of correct decoding tools.
E. Requires extensive computing capability to decode.Explanation
Ciphertext is a result of strong cryptography. It is meant to be so complex that it is impossible to decode without appropriate decoding tools in spite of using extensive computing capabilities.Rate this question:
-
- 47.
Cipher is a mathematical function used for secure authentication. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
Cipher is a cryptography algorithm. It is a mathematical function used for the purpose of encryption and decryption.Rate this question:
-
- 48.
If �Hi Kid� is being represented as �Kl Nlg�, then which of the following is the correct offset value or key value being used here?
- A.
3
- B.
5
- C.
4
- D.
0
Correct Answer
C. 4Explanation
H when offset by 4 will be represented as K, I as L, K as N, D as G. Hence key value or offset value being used here is 4.Rate this question:
-
- 49.
Which of the following is a disadvantage when using conventional encryption?
- A.
It is not reliable
- B.
Key distribution
- C.
Key generation
- D.
None of the above
Correct Answer
B. Key distributionExplanation
When using conventional encryption for transmitting data, key distribution between the sending and the receiving end can be a problem.Rate this question:
-
- 50.
In Public-key cryptography, one key is used for encryption as well as decryption. T/F?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
In Public-key cryptography, Public key is used for encryption and Private key is used for decryption.Rate this question:
-
Back to top