CompTIA Security+ (Sy0-301) Practice Exam

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Averywright
A
Averywright
Community Contributor
Quizzes Created: 1 | Total Attempts: 5,555
| Attempts: 5,555
SettingsSettings
Please wait...
  • 1/94 Questions

    What is the term used for when someone slips through an open door behind you after you have unlocked the door?

    • Horseback riding
    • Worming
    • Tailgating
    • Gliding
Please wait...
About This Quiz

When you have a computer on which you use sensitive information like bank details and passwords, you’re probably content in the knowledge that it’s being protected so long as you have decent internet security installed. Have you ever stopped to think about what processes go into ensuring computers are kept safe from malware and hacking? Take this quiz to learn all about it! Good luck!

CompTIA Security+ (Sy0-301) Practice Exam - Quiz

Quiz Preview

  • 2. 

    You are planning your training and awareness seminars. What should you tell employees to do with sensitive documents that are no longer needed?

    • Store all sensitive documents in a pile on the right side of the desk.

    • Place them in the laptop bag when no longer needed.

    • Shred all documents.

    • Place them in the recycle bin for recycling.

    Correct Answer
    A. Shred all documents.
    Explanation
    All sensitive documents need to be sent through a shredder before the paper is disposed of. All the other answers are incorrect because they do not protect the sensitive information from falling into other people’s hands.

    Rate this question:

  • 3. 

    Your sales manager has recently misplaced her mobile device that may contain sensitive information. What should she do first?

    • Request a new one.

    • Remotely wipe the device.

    • Call the phone and ask for it back.

    • Disable Bluetooth on the device.

    Correct Answer
    A. Remotely wipe the device.
    Explanation
    When dealing with mobile device security it is important to educate employees on how to remotely wipe a device or to report the lost device at once so that the network administrator can remotely wipe the device.

    Rate this question:

  • 4. 

    Your company has a strict policy when it comes to USB thumb drive usage in the office. An employee asks you why they are not allowed to use a thumb drive to carry files from the home computer to their office computer. Which of the following is the best answer?

    • Thumb drives do not have the capacity to store the data needed.

    • The data on a thumb drive cannot be encrypted.

    • Thumb drives are too big to carry from location to location.

    • The drive could carry a virus from home to the office.

    Correct Answer
    A. The drive could carry a virus from home to the office.
    Explanation
    One of the major concerns with thumb drive usage is the fact that a worm virus can replicate to the thumb drive, and then the drive could be connected to a corporate system. Thumb drives do have large capacities—enough to store the typical user’s data—and are not too large to carry around. Data on a thumb drive can—and should—be encrypted.

    Rate this question:

  • 5. 

    While performing a security assessment you notice that one of the systems has a small device connected between the keyboard and the computer. What is this device?

    • Trojan virus

    • Rootkit

    • Keylogger

    • Logic bomb

    Correct Answer
    A. Keylogger
    Explanation
    A keylogger in this case is a hardware device connected between the keyboard and the computer which is designed to capture the keystrokes of a user. Keyloggers can also be software based. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A rootkit is a back door planted on the system, which gives the hacker administrative access to the system. A logic bomb is malicious software that is triggered by an event such as a specific date.

    Rate this question:

  • 6. 

    You are planning a security assessment strategy for all systems and mobile devices used within the organization. When assessing mobile devices such as phones what should you look for?

    • Ensure the phone is password protected.

    • Ensure no texting software is installed.

    • Ensure the phone is not running a mobile OS.

    • Ensure the phone is not configured for e-mail.

    Correct Answer
    A. Ensure the phone is password protected.
    Explanation
    When working with mobile devices, ensure that employees password protect the device so that if it is lost or stolen, the data on the device is not easily accessible. You will need to run a mobile OS on the phone, and features like texting and e-mail are popular features that will most likely be used by the employee, so they cannot be disabled.

    Rate this question:

  • 7. 

    Which of the following are considered biometrics? (Select all that apply)

    • Username and password

    • Smartcard

    • PIN number

    • Fingerprint

    • Retina scan

    Correct Answer(s)
    A. Fingerprint
    A. Retina scan
    Explanation
    Biometrics is using a characteristic of yourself to authenticate to a system. Popular examples of biometrics are fingerprint reading, retina scanning, and voice recognition.

    Rate this question:

  • 8. 

    Management has come to you to let you know that John, a longtime employee of the company, has been stealing money from the company.  Management and HR are headed into a meeting with John to let him know he is no longer needed. What should you do while they are in the meeting?

    • Review logs

    • See if anyone wants his office space

    • Disable the employee’s user accounts and access cards

    • Format the drive on his workstation

    Correct Answer
    A. Disable the employee’s user accounts and access cards
    Explanation
    You will want to verify with management before they head into the meeting what your responsibilities are, and they will typically inform you of what corporate policy is surrounding the termination of employment, but typically you want to disable the account while notice is given to the employee so that when the employee comes out of the meeting, they cannot access company assets and do any damage.

    Rate this question:

  • 9. 

    Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away on business. Which of the following is the best response?

    • Educate Sue on the fact that those programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems.

    • Tell her no.

    • Tell her yes as long as she does not watch the movies during work hours.

    • Tell her yes as long as she places the downloaded movies on the server so that you can virus scan them.

    Correct Answer
    A. Educate Sue on the fact that those programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems.
    Explanation
    The key point here is to educate the user on company policy regarding the use of P2P software with company assets. Explain to the user the risks associated with downloading content from untrusted sources, and explain that P2P software is where a lot of viruses come from.

    Rate this question:

  • 10. 

    What type of attack results in the victim’s system not being able to perform its job function?

    • Man-in-the-middle

    • Spoofing

    • Denial of service

    • Port scanning

    Correct Answer
    A. Denial of service
    Explanation
    A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

    Rate this question:

  • 11. 

    The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history.  Where can the administrator find out what the values of those settings should be set to?

    • VPN policy

    • Password policy

    • AUP

    • Secure disposal of computers

    Correct Answer
    A. Password policy
    Explanation
    The password policy contains the password requirements that need to be enforced on the network servers. The VPN policy contains details on the approved VPN solution and what the requirements are for employees to be able to VPN into the network from a remote location. The acceptable use policy (AUP) contains the rules for proper computer, Internet e-mail, and device usage within the company. The secure disposal of computers policy contains the rules governing how to get rid of old computers and equipment and requires that all confidential data is securely removed from the device or computer.

    Rate this question:

  • 12. 

    Your manager is worried about employee laptops being stolen in the middle of the day when an employee leaves their desk to get coffee or go to the washroom. What can you do to reduce the likelihood that a passerby will take a laptop left on a desk?

    • Use a lockdown cable.

    • Encrypt the drive.

    • Disable booting from CD/DVD.

    • Log off the workstation.

    Correct Answer
    A. Use a lockdown cable.
    Explanation
    To protect small computer equipment such as LCD displays, projectors, and laptops from being easily stolen, use a lockdown cable to secure the equipment to a desk. In this example you are looking for a physical security control such as a lockdown cable. Although drive encryption and disabling booting from a CD/DVD are great steps to improve security, they will not stop someone from stealing the device. Such choices may protect the data on the device, but won’t prevent the device from being stolen. Logging off a station will not protect the system at all without physical security.

    Rate this question:

  • 13. 

    Within most organizations the person who writes the check is not the person who signs the check. This is an example of which of the following?

    • Rotation of duties

    • Separation of duties

    • Least privilege

    • Due care

    Correct Answer
    A. Separation of duties
    Explanation
    Having the person that writes the check being different than the person who signs the
    check is an example of separation of duties.

    Rate this question:

  • 14. 

    Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks.  What would you recommend to your manager?

    • Use a firewall.

    • User awareness and training.

    • Install antivirus software.

    • Implement physical security.

    Correct Answer
    A. User awareness and training.
    Explanation
    User awareness and training is the only way to protect against social engineering attacks. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.

    Rate this question:

  • 15. 

    You have installed antivirus software on all systems across the network. What else should you do with regard to maintaining the antivirus software?

    • Install personal firewall.

    • Disable automatic updates.

    • Disable real-time protection.

    • Update virus definitions.

    Correct Answer
    A. Update virus definitions.
    Explanation
    It is critical after installing antivirus software that you ensure the virus definitions are up-to-date. Most virus protection software can schedule the updating of virus definitions. Personal firewalls have nothing to do with maintaining the antivirus software, and you should not disable the automatic updates of virus definitions; you should enable them. You also should not disable real-time protection because it scans files as they are accessed.

    Rate this question:

  • 16. 

    As requested by your manager you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload.  Which of the following goals of security has been met?

    • Confidentiality

    • Accountability

    • Integrity

    • Availability

    Correct Answer
    A. Availability
    Explanation
    Availability is ensuring that the company asset, such as a server and its data, is available at all times. You can help offer availability by using RAID, server clusters, or performing regular backups.

    Rate this question:

  • 17. 

    Which of the following represents the reasoning for implementing rotation of duties in your environment?

    • To limit fraudulent activities within the organization

    • To keep data private to the appropriate individuals

    • To make information available

    • To ensure the secrecy of the information

    Correct Answer
    A. To limit fraudulent activities within the organization
    Explanation
    Rotation of duties is designed to hold people responsible for their actions by having
    someone else take over the position at a later time. Someone holding this position will not be
    likely to perform fraudulent activities knowing that someone else will detect that activity once
    placed in the position.

    Rate this question:

  • 18. 

    You are talking with management about ways to limit security threats such as tailgating within the company. Management has said there is no money to spend on controls such as mantraps—what can you do to reduce the risk of tailgating?

    • Purchase an additional lock.

    • Training and awareness.

    • Purchase a revolving door.

    • Purchase a mantrap.

    Correct Answer
    A. Training and awareness.
    Explanation
    One of the ways to control tailgating in highly secure environments is to use a mantrap—an area between two locked doors where one door does not open until the first door is closed. Solutions such as mantraps or revolving doors are great solutions but they cost money. A cheap solution in low secure environments is to educate the employees on tailgating and to not open the door if someone is hanging around the entrance.

    Rate this question:

  • 19. 

    John has been studying hacking techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it came from someone else. What type of attack is this?

    • Phishing

    • Pharming

    • Spim

    • Spoofing

    Correct Answer
    A. Spoofing
    Explanation
    Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

    Rate this question:

  • 20. 

    What is the term for a collection of systems that a hacker compromises and then uses to perform additional attacks?

    • CompNet

    • HackNet

    • Botnet

    • SurfNet

    Correct Answer
    A. Botnet
    Explanation
    A botnet is a number of systems that the hacker has control of and uses in attacks such as spamming or denial of service attacks.

    Rate this question:

  • 21. 

    Your manager is worried about the security of the applications created by the in-house developers.  From a security point of view, what recommendation would you make to the manager as the No. 1 rule for developers to follow?

    • Create user-friendly applications.

    • Validate all data inputted.

    • Ensure the focus is on usability.

    • Create nice input screens.

    Correct Answer
    A. Validate all data inputted.
    Explanation
    Developers must validate all data inputted into the application. The rest of the answers are incorrect because they all deal with ensuring the application is easy to use but have nothing to do with creating a secure application.

    Rate this question:

  • 22. 

    Doug is the network administrator for a law firm and has just purchased 20 new systems for the employees.  Doug has collected all of the old computers from the employees and has searched through the hard drives and deleted any DOC and XLS files before handing the computers over to the local school. What policy may Doug be in violation of?

    • AUP

    • Password policy

    • Virus protection policy

    • Secure disposal of computers

    Correct Answer
    A. Secure disposal of computers
    Explanation
    The secure disposal of computers policy contains the rules surrounding what to do with equipment that is no longer needed in the company. The policy should state that all hard drives have to be physically destroyed before passing the computers on, so that you can ensure that no confidential data can be retrieved from the system.

    Rate this question:

  • 23. 

    Which of the following best describes a Trojan virus?

    • Malicious software that is triggered by an event such as a specific date

    • A virus that disguises itself as a legitimate program but actually opens a port on the system

    • Malicious software that monitors your Internet activity

    • A virus that self-replicates

    Correct Answer
    A. A virus that disguises itself as a legitimate program but actually opens a port on the system
    Explanation
    A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A logic bomb is malicious software that is triggered by an event such as a specific date. Spyware is malicious software that monitors your Internet activity, and a worm virus self-replicates.

    Rate this question:

  • 24. 

    Data classification labels are applied to ______, while clearance levels are applied to ______.

    • Employees, information

    • Management, employees

    • Information, employees

    • Employees, management

    Correct Answer
    A. Information, employees
    Explanation
    Information within the company is assigned a data classification label, while the employees are then given a clearance level. For example, a document may be assigned the top secret classification label so that for an employee to gain access to the information, they must have the top secret clearance level.

    Rate this question:

  • 25. 

    Which of the following controls will help protect against tailgating?

    • Locked doors

    • Electronic keypads

    • Swipe cards

    • Mantrap

    Correct Answer
    A. Mantrap
    Explanation
    A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them.

    Rate this question:

  • 26. 

    A user logs on with a regular user account and then exploits a vulnerability in the operating system to gain administrative access to the system. What type of attack is this?

    • Dictionary

    • Brute-force

    • Buffer overflow

    • Privilege escalation

    Correct Answer
    A. Privilege escalation
    Explanation
    Privilege escalation is when someone raises their permissions or rights from user level to administrative level. This is normally done by exploiting the operating system or software running on the operating system. Dictionary and brute-force are types of password attacks and do not involve raising someone’s level of access to a system. A buffer overflow is a type of attack against software that aids in privilege escalation.

    Rate this question:

  • 27. 

    What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company?

    • Whaling

    • Phishing

    • Pharming

    • Spim

    Correct Answer
    A. Whaling
    Explanation
    Whaling is the term for targeting the phishing attack to “the big fish” in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.

    Rate this question:

  • 28. 

    What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions?

    • Buffer overflow

    • SQL injection

    • Folder traversal

    • Cross-site scripting

    Correct Answer
    A. Buffer overflow
    Explanation
    A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. If the hacker can access the area beyond the buffer, they can run whatever code they want, which typically results in them gaining administrative access to the system.

    Rate this question:

  • 29. 

    Your manager approaches you and says that she has been reading about the concept of live CDs and how hackers are using them to bypass system security. What would you do to help protect your systems from this type of threat?

    • Disable booting from CD/DVD.

    • Remove the CD-ROM/DVD-ROM.

    • Set a strong administrative password.

    • Implement an account lockout policy.

    Correct Answer
    A. Disable booting from CD/DVD.
    Explanation
    To maintain a high level of security on your systems, disable booting from CD/DVD or even change the boot order so that the hard drive always boots before the CD/DVD. Removing the CD/DVD is not a great answer as it means that the user will not have a CD-ROM/DVD-ROM device. Implementing a strong password on the administrative account and having an account lockout policy are not good choices either because they will be bypassed when a live CD is used.

    Rate this question:

  • 30. 

    Which of the following actions are performed during system hardening?

    • MAC filtering

    • Disabling unnecessary services

    • Port security

    • 802.1x authentication

    Correct Answer
    A. Disabling unnecessary services
    Explanation
    System hardening involves disabling unnecessary services and uninstalling unnecessary software from the system. System hardening also involves disabling unused accounts and patching the system. The rest of the answers are incorrect because they are all network hardening techniques and not system hardening techniques. MAC filtering controls which systems can send data to other
    systems, port security controls which systems can connect to a port by MAC address, and 802.1x controls who has access to a wired or wireless network by using a central authentication server.

    Rate this question:

  • 31. 

    Which of the following should be done to help secure mobile devices used by users on the network? (Select all that apply.)

    • Disable the password.

    • Lock the screen based on short inactivity periods.

    • Enable Bluetooth.

    • Encrypt the data.

    • Disable emergency calling.

    Correct Answer(s)
    A. Lock the screen based on short inactivity periods.
    A. Encrypt the data.
    Explanation
    You should ensure that you are locking the screen and encrypting data on the mobile device to protect it from unauthorized access. You should have a password enabled instead of disabled, and never disable emergency calling, so that if the phone is locked, you can still call 911. Bluetooth should be disabled if not used, but most people use Bluetooth for wireless headsets.

    Rate this question:

  • 32. 

    All accountants need to be able to modify the accounting data except for Bob. Due to Bob’s job requirements, you have ensured that Bob receives only the read permission to the accounting data. This is an example of which of the following?

    • Rotation of duties

    • Separation of duties

    • Least privilege

    • Due care

    Correct Answer
    A. Least privilege
    Explanation
    A very important principle of security is the concept of least privilege. Least privilege is
    the principle that you should always give only the minimum level of permissions or rights to an
    individual.

    Rate this question:

  • 33. 

    Which of the following devices could be used to limit which web sites users on the network can visit?

    • Router

    • Load balancer

    • Proxy server

    • CAT 5e

    Correct Answer
    A. Proxy server
    Explanation
    Proxy servers are used to control outbound Internet access by filtering web sites users can surf and applications they can use.

    Rate this question:

  • 34. 

    What type of hacker learns hacking techniques so that they can better defend against a malicious hacker?

    • Black-hat

    • Gray-hat

    • White-hat

    • Yellow-hat

    Correct Answer
    A. White-hat
    Explanation
    A white-hat hacker learns hacking techniques to learn how to defend against a
    malicious hacker.
    The other options are incorrect for the following reasons:
    A black-hat hacker is someone who hacks for financial gain
    or malicious reasons. A gray-hat hacker is someone who learns of a vulnerability and then
    publishes it to the world. There is no such thing as a yellow-hat hacker.

    Rate this question:

  • 35. 

    Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the Administrators group (who can change the time on the computer), you grant Bob the Change System Time right. This is an example of following which security principle?

    • Least privilege

    • Job rotation

    • Separation of duties

    • AUP

    Correct Answer
    A. Least privilege
    Explanation
    The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. Job rotation is a security principle that requires employees to rotate through job positions on a regular basis in order to detect any improper activities. Separation of duties is a security principle that involves dividing a job into multiple tasks with each task being performed by a different employee. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company.

    Rate this question:

  • 36. 

    Bob installed an application on ten computers in the office over six months ago, and the application worked as expected. On February 12 of this year the application deleted a number of critical files off the system. What type of virus is this?

    • Trojan virus

    • Worm virus

    • Rootkit

    • Logic bomb

    Correct Answer
    A. Logic bomb
    Explanation
    A logic bomb is malicious software that is triggered by an event such as a specific date. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A worm virus is a self-replicating virus, and a rootkit is a back door planted on the system, which gives the hacker administrative access to the system.

    Rate this question:

  • 37. 

    What type of application attack involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor?

    • ActiveX

    • Java applets

    • Macros virus

    • Cross-site scripting

    Correct Answer
    A. Cross-site scripting
    Explanation
    Cross-site scripting involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor. ActiveX and Java applets are programming components that are used by applications such as a web site, and a macros virus is a virus written with a macros language that comes with software.

    Rate this question:

  • 38. 

    Your manager has read about the need to uninstall unnecessary software and disable unnecessary services from a system. What is the purpose of performing these hardening techniques?

    • Close ports on the system

    • Assess vulnerability

    • Fuzzing

    • Reduce the attack surface

    Correct Answer
    A. Reduce the attack surface
    Explanation
    When you harden the system by uninstalling unneeded software and disable unnecessary services, you are reducing the attack surface of the system.

    Rate this question:

  • 39. 

    Which of the following identifies one of the security benefits of using virtualization technology?

    • You need to patch only the host operating system.

    • You need virus protection only on the host system.

    • You have less hardware to secure.

    • No drive encryption is needed.

    Correct Answer
    A. You have less hardware to secure.
    Explanation
    One of the benefits of virtualization is that you need to implement physical security controls on fewer systems because less hardware is used as a result of virtualization. You will need to patch and virus protect the host operating system and each of the virtual machines. Encryption may still be needed based on any drives you would like to maintain confidentiality on.

    Rate this question:

  • 40. 

    Which of the following is considered a valid security issue with Network Attached Storage (NAS) devices?

    • The NAS device runs the SMB protocol. (NAS) devices?

    • If the NAS is not configured properly, a security compromise could compromise all the data on the device.

    • The NAS device runs the NFS protocol.

    • The NAS device has a web interface for configuration.

    Correct Answer
    A. If the NAS is not configured properly, a security compromise could compromise all the data on the device.
    Explanation
    If the NAS device is hit with a virus or is hacked into, then the security incident may apply to all files in the company if all data is stored on the NAS device. Great care should be taken with the configuration of the NAS device. Most NAS devices run SMB and NFS protocols in order for clients to connect to the data and are not considered security concerns. The NAS device also has a web interface device to use to make the configuration changes to the device.

    Rate this question:

  • 41. 

    Management is concerned that an employee may be able to hide fraudulent activity for long durations while working for the company. What would you recommend to help detect an improper activity performed by employees?

    • Least privilege

    • AUP

    • Disabling the employee’s user accounts and access cards

    • Job rotation

    Correct Answer
    A. Job rotation
    Explanation
    Implementing the security principle known as job rotation is a great way to detect fraudulent activities performed by employees. The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. Disabling the user account and access cards will not help you detect fraudulent activity—you need someone to take over the job role for a while in hopes they will discover improper activity by the previous employee.

    Rate this question:

  • 42. 

    Your company has a web application that seems to be running slowly.  Your manager is wondering what can be done to improve the performance.  How do you respond?

    • Install a proxy server

    • Install a load balancer

    • Configure the web site in a VLAN

    • Configure port security

    Correct Answer
    A. Install a load balancer
    Explanation
    A load balancer can be used to split the workload between multiple systems, in this case multiple web servers. Load balancing is a common solution for optimizing performance on web sites or even mail servers.

    Rate this question:

  • 43. 

    Before an individual is authorized to access resources on the network, they are first ________ with the network.

    • Authenticated

    • Identified

    • Authorized

    • Encrypted

    Correct Answer
    A. Authenticated
    Explanation
    Before authorization can occur each individual must first be authenticated to the system or network. Authentication is the proving of your identity by typically using a password (authentication) to go with the username (identification).

    Rate this question:

  • 44. 

    Which of the following are considered PII-related information that must be secured at all times?  (Choose all that apply)

    • Postal code

    • Driver’s license

    • City name

    • Social Security number

    • Street name

    Correct Answer(s)
    A. Driver’s license
    A. Social Security number
    Explanation
    Personal Identifiable Information (PII) is unique information about a person that
    should be protected at all times and kept confidential.

    Rate this question:

  • 45. 

    The technical team is putting together the firewall solution and needs to know what type of traffic is to pass through the firewall. What policy can the technical team use to find out what traffic is to pass through the firewall?

    • AUP

    • Hiring policy

    • VPN policy

    • Firewall policy

    Correct Answer
    A. Firewall policy
    Explanation
    The firewall policy contains the detailed information needed to know what the company’s approved firewall configuration is. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. The hiring policy contains rules surrounding the process for HR to follow when hiring a new employee. The VPN policy
    contains details on the approved VPN solution and what the requirements are for employees to
    be able to VPN into the network from a remote location.

    Rate this question:

  • 46. 

    What type of rootkit replaces an operating system driver file in hopes of hiding itself?

    • Library-level

    • Kernel-level

    • Application-level

    • Virtualized

    Correct Answer
    A. Kernel-level
    Explanation
    A kernel-level rootkit replaces core operating system files such as a driver file in hopes of hiding itself. A library-level rootkit is a DLL that is replaced on the system, while an application-level rootkit comes in the form of an EXE file and is planted on the system. A virtualized rootkit loads as soon as a computer boots up and then loads the real operating system.

    Rate this question:

  • 47. 

    Which of the following is a good reason to ensure all employees take vacation time each year?

    • To keep the employee refreshed and energized

    • To hold employees accountable for any suspicious activity

    • To keep the employee happy

    • To raise company morale

    Correct Answer
    A. To hold employees accountable for any suspicious activity
    Explanation
    The security reason to implement mandatory vacation is so that while they are on vacation, you can hopefully detect improper activity performed by an employee. If the employee is always around, they will continue to avoid detection of their activity.

    Rate this question:

  • 48. 

    A software vendor has found out about a critical vulnerability within their software product that causes a severe security risk to the system. The software vendor will ship which type of patch that should be applied to systems immediately?

    • Patch

    • Service pack

    • Hot-fix

    • Update

    Correct Answer
    A. Hot-fix
    Explanation
    Hot-fix is the term used for an update to a piece of software that should be applied immediately. A patch is a fix to a software error that does not necessarily need to be applied immediately. A service pack contains all the patches and hot-fixes since the previous service pack or release of the software. An update is a general term for applying patches to a system.

    Rate this question:

  • 49. 

    Jim is part of the sales team within your organization and spends a lot of time in hotels while on the road. What would you recommend to the administrator with regard to the security of Jim’s laptop?

    • Virtualization

    • Cloud computing

    • TCP wrappers

    • Personal firewall

    Correct Answer
    A. Personal firewall
    Explanation
    A personal firewall should be used anytime a system is going to be connected to an untrusted network. The other answers are incorrect because they do not represent recommendations to implement regarding the security of Jim’s laptop.

    Rate this question:

Quiz Review Timeline (Updated): Jun 10, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 10, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 10, 2012
    Quiz Created by
    Averywright
Back to Top Back to top
Advertisement