CompTIA Security+ Practice Exam- 2

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Vaibhav Agarwal
V
Vaibhav Agarwal
Community Contributor
Quizzes Created: 58 | Total Attempts: 624,404
| Attempts: 14,948 | Questions: 81
Please wait...
Question 1 / 81
0 %
0/100
Score 0/100
1. Which of the following is the best method of making a new employee aware of security policies of the organization?

Explanation

Security is the most critical issue when making resources available to the new employee, hence it is ideal to make the security policy awareness program a part of the induction program.

Submit
Please wait...
About This Quiz
CompTIA Security+ Practice Exam- 2 - Quiz

Full length Comptia Security+ Practice Exam. This is the second free mock exam at Proprofs. We suggest you do this exam after completing the free Security+ practice question available on the site. Take this exam like the real exam to see if you are completly prepared for the real exam.... see moreThis FREE online Security+ practice test will help you pass by familiarizing you with the material and the ensuring that you know the structure of the Security+ test. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
see less

Personalize your quiz and earn a certificate with your name on it!
2. Which of the following can be referred to as public level data?

Explanation

All information hosted on a web site is usually available for public users and hence can be categorized as public level data

Submit
3. Does NTFS provide file system security?

Explanation

NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

Submit
4. Larger the number of bits in a key, higher is the risk of unauthorized decryption. T/F?

Explanation

Larger the number of bits in a key, more complex it is to decrypt a message.

Submit
5. Which of the following would ensure that the level of vulnerabilities on the server be reduced?

Explanation

Applying correct version of patches and applying it as and when required will secure the server to a great extent and reduce on vulnerabilities.

Submit
6. Which of the following policies will define the rules for user account creation and password creation?

Explanation

User account and password must be so created and maintained that it must be very difficult for a hacker to guess and break in to the network. Hence these will be governed by the security policies.

Submit
7. To prevent News servers from being accessed you must block TCP port 21. T/F?

Explanation

The port number 119 must also be blocked.

Submit
8. Gas based fire suppressants are more safe then the water based fire suppressants on a network site. T/F?

Explanation

Gas based fire suppressants can not only put off various sources of fire, it will also not cause the damage that water based suppressant would possibly do on a network site.

Submit
9. Which of the following port numbers is used by POP3?

Explanation

POP3 uses port number 110.

Submit
10. Which of the following is the best way to secure sensitive data on the server?

Explanation

The best way to secure stored information on the server is to encrypt the sensitive information by using complex algorithms and securing the passwords and making it inaccessible to hackers.

Submit
11. If you require a 24/7 availability in case of disaster, which of the following would be an ideal solution for you?

Explanation

Hot site is an alternate or a mirror site available for backup and DRP testing.

Submit
12. Which of the following could give rise to DoS on the destination end of the command?

Explanation

Putting the ping command on a continuous loop to a given destination IP address can cause that destination end system to hang thus causing the DoS state.

Submit
13. Which of the following can ensure that eavesdropping does not occur on wireless LANs?

Explanation

If it is practical and achievable on the network, the best way to implement security on Wireless LAns would be to encrypt passwords as well as data.

Submit
14. If you have implemented a FTP server in your network and you would wish to secure this service so that no external user will be able perform FTP and obtain secure data, which of the following would you ensure?

Explanation

Blocking port numbers 20 and 21 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the FTP service.

Submit
15. If you were implementing a network that required users to be assigned certificates for authentication, which of the following services would be most important?

Explanation

Certificate service will be responsible for generating and maintaining certificates.

Submit
16. Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as Eavesdropping. T/F?

Explanation

Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as �IP Masquerading� or �Spoofing�.

Submit
17. Which of the following services is capable of hiding internal network IP addresses?

Explanation

Proxy, firewall and Router are all capable of Network Address Translation (NAT). NAT helps to hide internal network IP addresses from the external world.

Submit
18. Which of the following protocols will the Circuit-level filtering firewall relate to? Choose two

Explanation

Circuit level filtering firewall relates to transport/session layers and will hence relate to TCP and UDP. It can make up for the shortcomings of the ultra-simple UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

Submit
19. Which of the following is the correct authority to decide on the firewall design policy?

Explanation

Based on the network policy and the access policy the administrator will be required to design an accurate firewall policy. The Government will have no role to play here.

Submit
20. Which of the following is the function of IETF?

Explanation

IETF (Internet Engineering Task Force) is responsible for proposing and developing standards relating to computers, networks and the Internet.

Submit
21. Which of the following devices use Infrared? Choose three.

Explanation

Small range LAN that can afford placement of devices within line of sight may go in for Infrared communication. Remote control devices such as television or home theater sets do also use Infrared. Advanced cellular devices use Infrared for data transfer between themselves and PCs or Printers.

Submit
22. Define a threat.

Explanation

A threat is a probability of an action that will damage the assets of the organization when and if it occurs. It is not a surety of that action in itself.

Submit
23. ECC and diffe-Hellman are both asymmetric using public/private keys. T/F?

Explanation

ECC, RSA, Diffie-Hellman, and El Gamal are all asymmetric systems using public/private keys

Submit
24. MS-CHAP is abbreviation for Most Secure Challenge Handshake Authentication Protocol. T/F?

Explanation

MS-CHAP is abbreviation for Microsoft Challenge Handshake Authentication Protocol.

Submit
25. Which of the following is true about a three-tier model? Choose two.

Explanation

In a three-tier model, the client is the superficial component, the middle server provides the required security and the database server forms the core component. Since the middle level server receives client requests first and then passes it on to the database server, the database server is not directly exposed to the client and is hence the most secure way of hosting the web server.

Submit
26. The key size in RC5 can range from 0 to 255. Y/N?

Explanation

The number of rounds can range from 0-255 whereas the key size will range from 0-2040 bits.

Submit
27. If you required a dedicated service to authenticate remote users on your network, which of the following would you choose?

Explanation

RADIUS (Remote Access Dial In User Service) is meant for authenticating remote users on a network.

Submit
28. Which of the following firewall policies is least restrictive?

Explanation

The �Permit any� is the most restrictive statement that can be defined in the firewall. This statement should not be configured on the top of the list ideally as it will over rule any other restriction that may follow this statement.

Submit
29. Digital signatures, apart from establishing identity, provide which of the following?

Explanation

Digital signatures help to establish that data was not modified during the transmission, hence helping in establishing data integrity.

Submit
30. Which of the following backup is slowest to restore ?

Explanation

Incremental is the fastest of the backup methods (since only files that have been modified since last full back up are backed up) , but the slowest of the restore methods.

Submit
31. Packet filtering firewall will operate Application layer of the OSI reference model. T/F?

Explanation

Packet filtering firewall operates on the network layer of the OSI reference model.

Submit
32. In Public-key cryptography, one key is used for encryption as well as decryption. T/F?

Explanation

In Public-key cryptography, Public key is used for encryption and Private key is used for decryption.

Submit
33. Which of the following are symmetric algorithms? Choose two.

Explanation

There is no such algorithm as Caesar�s Cipher. Symmetric algorithm can be categorized into two: Stream and block.

Submit
34. Which of the following can be enabled to issue certificates in a network that requires Certificates for security? Choose two.

Explanation

The Certificate Server component that is hosting the Certificate service is responsible for generating certificates. This Certificate Server can be local to the network or can be a third party Certification authority.

Submit
35. Which of the following can help with Web Server hardening? Choose all that apply.

Explanation

To harden the Web server, it is essential that all services running on the server be updated with latest patches as and when required. Resources that should not be accessible to the external user must have the most restrictive permissions. Static files and other resources that are not relevant to external users must not be accessible through URLs.

Submit
36. 3DES is much faster than DES. T/F?

Explanation

3DES is a variation of DES and is much slower.

Submit
37. Which of the following can be a problem for database server security? Choose two

Explanation

A skillful but non-trust worthy administrator is a potential source for data leakage. An amateur administrator may not assign the access permission as and how required, which is also goes against he security of the database server.

Submit
38. If you wish to carry bulk data from one site to another but your data line does not support the required kind of transfer, which of the following is your solution?

Explanation

When bulk data needs to be transferred between sites, it is ideal to write it into a CD ROM drive and carry the same.

Submit
39. Which of the following is required for a brute force attack?

Explanation

To exercise brute force attack you will need just a usual configuration computer that is being used everyday by regular users.

Submit
40. While assigning access privilege using the RBAC model, which of the following will you be needing?

Explanation

The mandatory information required while assigning privilege access in the RBAC model would be the responsibilities attached to the role in the organization that the user has assumed.

Submit
41. Which of the following would indicate that the Web Server in your organization has been subjected to the DoS attack? Choose the best answer.

Explanation

As the name suggests, the services or the access to resources may be denied. This is not to say that the resources will themselves stop functioning. Any user who is currently logging in may be denied authentication, or users who are already logged in may not have resources available to them. The entire network connected to the Web Server cannot stop functioning as the network is usually hidden behind the firewall and will not be accessible to the outside world.

Submit
42. Which of the following statements relating to Digital signatures are true? Choose two.

Explanation

It is ideally meant to establish Identity of the sender and receiver of the information and not to encrypt the information. The most practical implementation of digital signatures would be in emails. It is not any encryption standard.

Submit
43. Which of the following statements about the MDA (Message Digest algorithm) are true? Choose two.

Explanation

MDA is also a hash algorithm that can be used during encryption. It provides 128-bit hash. Its latest version is MD#5.

Submit
44. Which of the following is/are the firewall capable of? Choose two.

Explanation

The firewall is capable of Nat (Network Address Translation) as well as PAT (Port Address Translation).
MAC is an addressing scheme and DAC is Digital to Analog conversion, which the firewall is not capable of.

Submit
45. Cryptography without keys is simpler to use than cryptography with keys. T/F?

Explanation

Since Cryptography without keys will require just one enciphering program and one deciphering program it may not be as resource intensive as cryptography with keys and may be simpler to implement than cryptography with keys.

Submit
46. Every user must be aware of security solutions employed on the network. T/F?

Explanation

Every user must be transparent to the security solutions employed on the network

Submit
47. Which of the following is true about Ciphertext? Choose three.

Explanation

Ciphertext is a result of strong cryptography. It is meant to be so complex that it is impossible to decode without appropriate decoding tools in spite of using extensive computing capabilities.

Submit
48. Which of the following devices may require a modem for WAN communication? Choose two.

Explanation

Connecting a modem to the switch is the same as connecting it to the PC. Switch is a transparent device on the network and is not intelligent enough to independently drive a modem to perform any function. The PC and the router require a modem for dial up or leased line connectivity to the WAN.

Submit
49. Which of the following is true about the RADIUS server?

Explanation

The RADIUS server can be managed by the central administrator or by the administrator who manages the other servers. It need not be configured on the Central server to be centrally manged.

Submit
50. Which of the following statements about the email client is/are true? Choose only answer(s) that apply.

Explanation

An email client application usually has the client component that is configured with a protocol (POP3) for retrieving mails from an email server.

Submit
51. Which of the following is a disadvantage when using conventional encryption?

Explanation

When using conventional encryption for transmitting data, key distribution between the sending and the receiving end can be a problem.

Submit
52. Which of the following is a must to ensure data security? Choose two

Explanation

Since data being saved is also being backed up it is essential to ensure the backup copy of the data along with the live data is being encrypted for the purpose of data security.

Submit
53. Which of the following can also be done by cryptography?

Explanation

Cryptography can NOT explicitly authenticate sender or rectify the message that has been altered. If this is done the very purpose of cryptography is defeated. Cryptography can provide secrecy to any message and implicitly authenticate the sender.

Submit
54. Cipher is a mathematical function used for secure authentication. T/F?

Explanation

Cipher is a cryptography algorithm. It is a mathematical function used for the purpose of encryption and decryption.

Submit
55. To transfer mails between email servers and client of the same domain you would require POP3 service. T/F?

Explanation

POP3 (Post office Protocol) is a mail retrieval protocol that helps the client to retrieve mails from the mail server.

Submit
56. Which of the following layers is responsible for assigning the correct standard of signal strength to the communicating devices?

Explanation

The responsibility of the physical layer is to assign correct standards of physical connection as well as the signal strengths required for operation.

Submit
57. You have created a folder on your server that will be holding confidential data. You wish to assign privilege access to the same. You will be choosing which of the following control systems?

Explanation

System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

Submit
58. Which of the following protocol helps to address and IP multicast group?

Explanation

IGRP and EIGRP are routing protocols. ICMP is responsible for path determination. IGMP is responsible for maintaining IP multicast group information.

Submit
59. When faced with an incoming packet, which of the following header components would a firewall look at first?

Explanation

The firewall will first look at the source address to verify which network has sent the packet and then see if any firewall restriction is applicable to this packet.

Submit
60. Which of the following will make an administrator aware of the security vulnerabilities on the network server? (Choose two)

Explanation

The administrator must make it a point to frequently visit sites that provide information on vulnerability management issues. This will help the administrator to run a comparison on what are the existing vulnerabilities and which are the ones that the network servers are currently suffering. Periodic audits should be done to detect vulnerabilities.

Submit
61. If you wish to block the external users from accessing your Mail server you must block port number 110. T/F?

Explanation

If you wish to block the external users from accessing your Mail server you must block port number 25.

Submit
62. Which of the following is an online security for data storage?

Explanation

RAID is a data storage scheme that make storage device available in spite of tolerable failure. Data backup is offline fault tolerance and File server mirroring is an availability service

Submit
63. Which of the following is the use of encryption where mail messages are concerned?

Explanation

Encryption is usually enforced based on message content rather than who the sender is.

Submit
64. Certificates can be assigned to which of the following? Choose all that apply

Explanation

User, Computer as well as Websites need to be certified as �secure� by a third party at times depending on the scenario. Hence assigning certificates to any of these objects can improve the credibility of that individual object.

Submit
65. Which of the following relate to information or message integrity? Choose two.

Explanation

Message integrity ensures that he message being transmitted is not being modified enroute. To ensure this, a checksum algorithm may be employed at the sending and the receiving end to ensure the message being sent is received in tact.

Submit
66. Routers perform filtering based on which of the following?

Explanation

Filtering can be performed only if certain rules for filtering is decided upon. These rules or conditions for filtering are available in the Access List in case of the routers. The routing table or the header information of packets on their own cannot present any information that is required for filtering.

Submit
67. Which of the following is the RC2 supposed to replace?

Explanation

Originally RC2 is meant to replace the DES algorithm.

Submit
68. Which of the following protocols is used for connecting UNIX hosts or terminals?

Explanation

PPP and SLIP are the only two protocols mentioned. The other two are related to standards and not protocols. SLIP is the protocol used in UNIX networks.

Submit
69. Which of the following is true about cellular communication? Choose three.

Explanation

Cellular phones mainly communicate on radio frequency. The range of reception and transmission will depend upon the number of towers as well as the signal strength provided by the cellular service provider. Advanced cellular devices have data transfer feature that can be used with PCs or printers that are Infrared enabled.

Submit
70. Which of the following can RSA be used for? Choose two.

Explanation

RSA can be used for Encryption and Digital signatures. It is not relevant to certificates and tokens.

Submit
71. If Hi Kid is being represented as Kl Nlg, then which of the following is the correct offset value or key value being used here?

Explanation

H when offset by 4 will be represented as K, I as L, K as N, D as G. Hence key value or offset value being used here is 4.

Submit
72. Which of the following can make use of IDEA? Choose two.

Explanation

IDEA is used worldwide in banking and industry applications.

Submit
73. Which of the following about the Kerberos system is true? Choose all that apply.

Explanation

Kerberos is ideally meant for LAN security. It uses tickets to assign credentials to users who need to be authenticated to the LAN and then need to use the network resources.

Submit
74. Which of the following statements about PGP are true? Choose two.

Explanation

It is hybrid crypto system that allows for data compression and thus discouraging pattern analysis or cryptanalysis.

Submit
75. Which of the following is true about risk management?

Explanation

Risk management is a way of analyzing the situation of potential risk, if the confidential data were to be leaked to the public.

Submit
76. Which of the following is true about the Certificates? Choose all that apply.

Explanation

A Certificate is ideally used for secure authentication. Whenever a Certificate has been assigned to a User, Computer or a Web site, it enhances the credibility for that individual object of reference and makes it easy for the other communicating end to trust this user, computer or web site. A Certificate need not be assigned only by a third party. You may configure a Certificate Server in your network that is capable of generating Certificates. But a third party verification is always better trusted as it is unbiased.

Submit
77. If you wanted to provide a user limited access to network, which of the following authentication methods would you use? Choose the best answer.

Explanation

Smart Card and token are not the correct choices here. Username/Password could have been considered if the option also carried the term �with limited permissions�, but since that is not he case the ideal choice here would be the Certificate. Certificates allow the user to roam the network but with limited access.

Submit
78. Which of the following can be termed as a key distribution problem?

Explanation

When a message is encrypted using a certain encryption algorithm that uses a certain bit of keys, the related information must be known at the receiving end also if the original message has to be interpreted successfully. The issue of sending the right key to the recipient for the right message is a key distribution issue.

Submit
79. Which of the following statements about password encryption is true? Choose all that apply.

Explanation

Password encryption allows for security during authentication. PAP is a two-way handshake that is least secure. CHAP is a three-way handshake that is most secure.

Submit
80. Which of the following is used by the PGP to create a signature? Choose two

Explanation

The PGP uses the combination of private key and the message digest to generate the signature.

Submit
81. Which of the following is true about threat modeling? Choose two

Explanation

Threat modeling is a very effective way in which you can analyze the places where data is likely to leak or the people who are likely to leak the data.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 22, 2022 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2022
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 07, 2006
    Quiz Created by
    Vaibhav Agarwal
Cancel
  • All
    All (81)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Which of the following is the best method of making a new employee...
Which of the following can be referred to as public level data?
Does NTFS provide file system security?
Larger the number of bits in a key, higher is the risk of unauthorized...
Which of the following would ensure that the level of vulnerabilities...
Which of the following policies will define the rules for user account...
To prevent News servers from being accessed you must block TCP port...
Gas based fire suppressants are more safe then the water based fire...
Which of the following port numbers is used by POP3?
Which of the following is the best way to secure sensitive data on the...
If you require a 24/7 availability in case of disaster, which of the...
Which of the following could give rise to DoS on the destination end...
Which of the following can ensure that eavesdropping does not occur on...
If you have implemented a FTP server in your network and you would...
If you were implementing a network that required users to be assigned...
Super imposing the internal IP address of a network on to your own for...
Which of the following services is capable of hiding internal network...
Which of the following protocols will the Circuit-level filtering...
Which of the following is the correct authority to decide on the...
Which of the following is the function of IETF?
Which of the following devices use Infrared? Choose three.
Define a threat.
ECC and diffe-Hellman are both asymmetric using public/private keys....
MS-CHAP is abbreviation for Most Secure Challenge Handshake...
Which of the following is true about a three-tier model? Choose two.
The key size in RC5 can range from 0 to 255. Y/N?
If you required a dedicated service to authenticate remote users on...
Which of the following firewall policies is least restrictive?
Digital signatures, apart from establishing identity, provide which of...
Which of the following backup is slowest to restore ?
Packet filtering firewall will operate Application layer of the OSI...
In Public-key cryptography, one key is used for encryption as well as...
Which of the following are symmetric algorithms? Choose two.
Which of the following can be enabled to issue certificates in a...
Which of the following can help with Web Server hardening? Choose all...
3DES is much faster than DES. T/F?
Which of the following can be a problem for database server security?...
If you wish to carry bulk data from one site to another but your data...
Which of the following is required for a brute force attack?
While assigning access privilege using the RBAC model, which of the...
Which of the following would indicate that the Web Server in your...
Which of the following statements relating to Digital signatures are...
Which of the following statements about the MDA (Message Digest...
Which of the following is/are the firewall capable of? Choose two.
Cryptography without keys is simpler to use than cryptography with...
Every user must be aware of security solutions employed on the...
Which of the following is true about Ciphertext? Choose three.
Which of the following devices may require a modem for WAN...
Which of the following is true about the RADIUS server?
Which of the following statements about the email client is/are true?...
Which of the following is a disadvantage when using conventional...
Which of the following is a must to ensure data security? Choose two
Which of the following can also be done by cryptography?
Cipher is a mathematical function used for secure authentication. T/F?
To transfer mails between email servers and client of the same domain...
Which of the following layers is responsible for assigning the correct...
You have created a folder on your server that will be holding...
Which of the following protocol helps to address and IP multicast...
When faced with an incoming packet, which of the following header...
Which of the following will make an administrator aware of the...
If you wish to block the external users from accessing your Mail...
Which of the following is an online security for data storage?
Which of the following is the use of encryption where mail messages...
Certificates can be assigned to which of the following? Choose all...
Which of the following relate to information or message integrity?...
Routers perform filtering based on which of the following?
Which of the following is the RC2 supposed to replace?
Which of the following protocols is used for connecting UNIX hosts or...
Which of the following is true about cellular communication? Choose...
Which of the following can RSA be used for? Choose two.
If Hi Kid is being represented as Kl Nlg, then which of the following...
Which of the following can make use of IDEA? Choose two.
Which of the following about the Kerberos system is true? Choose all...
Which of the following statements about PGP are true? Choose two.
Which of the following is true about risk management?
Which of the following is true about the Certificates? Choose all that...
If you wanted to provide a user limited access to network, which of...
Which of the following can be termed as a key distribution problem?
Which of the following statements about password encryption is true?...
Which of the following is used by the PGP to create a signature?...
Which of the following is true about threat modeling? Choose two
Alert!

Advertisement