CompTIA Security+ Part 1

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Semarley

Semarley

Community Contributor

Quizzes Created: 4 | Total Attempts: 1,738

Questions: 100 | Attempts: 677 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

COMPTIA Security+ Exam

Questions and Answers

1.

All of the following provide confidentiality as part of the underlying protocol EXCEPT:
- A.
  
  SSL
- B.
  
  SSH
- C.
  
  L2TP
- D.
  
  IPSec
Correct Answer
C. L2TP

Explanation
L2TP (Layer 2 Tunneling Protocol) does not provide confidentiality as part of the underlying protocol. L2TP is primarily used for creating virtual private networks (VPNs) and does not include encryption or confidentiality features. In contrast, SSL (Secure Sockets Layer), SSH (Secure Shell), and IPSec (Internet Protocol Security) are all protocols that offer encryption and confidentiality to secure data transmission over networks.

Rate this question:
2.

Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?
- A.
  
  Steganography
- B.
  
  Worm
- C.
  
  Trojan Horse
- D.
  
  Virus
Correct Answer
A. Steganography

Explanation
Steganography is the correct answer because it is the practice of concealing secret information within an innocuous carrier, such as an image or audio file, by manipulating the least significant bits. This technique allows an attacker to embed data without raising suspicion, as the changes made to the carrier file are minimal and difficult to detect. Steganography is often used for covert communication or to hide malicious code within seemingly harmless files.

Rate this question:
3.

Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?
- A.
  
  Teardrop
- B.
  
  TCP/IP hijacking
- C.
  
  Phishing
- D.
  
  Replay
Correct Answer
B. TCP/IP hijacking

Explanation
TCP/IP hijacking is a type of attack where an attacker intercepts and manipulates TCP/IP packets to gain unauthorized access to a network. In this scenario, the attacker can capture HTTP requests and send back a spoofed page, tricking the user into thinking they are interacting with a legitimate website or service. This type of attack exploits vulnerabilities in the TCP/IP protocol stack, allowing the attacker to manipulate data packets and deceive the user.

Rate this question:
4.

How should a company test the integrity of its backup data?
- A.
  
  By conducting another backup
- B.
  
  By using software to recover deleted files
- C.
  
  By restoring part of the backup
- D.
  
  By reviewing the written procedures
Correct Answer
C. By restoring part of the backup

Explanation
To test the integrity of its backup data, a company should restore part of the backup. This involves actually retrieving and restoring a portion of the backup data to ensure that it is accessible and usable. By doing so, the company can verify that the backup process is working correctly and that the data can be successfully recovered if needed. Conducting another backup, using software to recover deleted files, and reviewing written procedures are not direct methods of testing the integrity of the backup data.

Rate this question:
5.

Which of the following can BEST be used to determine the topology of a network and discover unknown devices?
- A.
  
  Vulnerability scanner
- B.
  
  NIPS
- C.
  
  Protocol analyzer
- D.
  
  Network mapper
Correct Answer
D. Network mapper

Explanation
A network mapper is the best tool to determine the topology of a network and discover unknown devices. It allows for the visualization of the network infrastructure, including routers, switches, and devices, and identifies any connected devices that may not be known or authorized. This tool scans the network and creates a map or diagram, showing the relationships and connections between devices, helping to identify any potential vulnerabilities or unauthorized access points. It provides a comprehensive overview of the network, making it an ideal choice for determining the network's topology and discovering unknown devices.

Rate this question:
6.

When should a technician perform penetration testing?
- A.
  
  When the technician suspects that weak passwords exist on the network
- B.
  
  When the technician is trying to guess passwords on a network
- C.
  
  When the technician has permission from the owner of the network
- D.
  
  When the technician is war driving and trying to gain access
Correct Answer
C. When the technician has permission from the owner of the network

Explanation
A technician should perform penetration testing when they have permission from the owner of the network. Penetration testing involves simulating real-world attacks on a network to identify vulnerabilities and weaknesses. It is important to have permission from the network owner to ensure that the testing is conducted legally and ethically. Unauthorized penetration testing can cause harm to the network and its users, and may even be illegal. Therefore, obtaining permission is crucial to ensure that the testing is conducted in a controlled and responsible manner.

Rate this question:
7.

An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server?
- A.
  
  SMTP open relaying is enabled
- B.
  
  It does not have a spam filter
- C.
  
  The amount of sessions needs to be limited
- D.
  
  The public IP address is incorrect
Correct Answer
A. SMTP open relaying is enabled

Explanation
The correct answer is SMTP open relaying is enabled. This means that the server is allowing anyone to use it as a relay to send emails, which can be exploited by spammers to send large amounts of spam. This is why the server's public IP address is reported in a spam real-time block list. To resolve this issue, the administrator should disable open relaying on the SMTP server.

Rate this question:
8.

Which of the following is MOST efficient for encrypting large amounts of data?
- A.
  
  Hashing algorithms
- B.
  
  Symmetric key algorithms
- C.
  
  Asymmetric key algorithms
- D.
  
  ECC algorithms
Correct Answer
B. Symmetric key algorithms

Explanation
Symmetric key algorithms are the most efficient for encrypting large amounts of data. Unlike asymmetric key algorithms, which use separate keys for encryption and decryption, symmetric key algorithms use a single key for both operations. This makes them faster and more efficient for encrypting and decrypting large volumes of data. Hashing algorithms, on the other hand, are used for generating fixed-size output (hash) from input data, but they do not provide encryption. ECC algorithms, or elliptic curve cryptography, are a type of asymmetric key algorithm and are generally more efficient than traditional asymmetric key algorithms, but they are not specifically designed for encrypting large amounts of data.

Rate this question:
9.

Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?
- A.
  
  Rogue access points
- B.
  
  War driving
- C.
  
  Weak encryption
- D.
  
  Session hijacking
Correct Answer
B. War driving

Explanation
Disabling the SSID broadcast of wireless access points can help prevent war driving. War driving is the act of searching for and mapping out wireless networks, often with malicious intent. By disabling the SSID broadcast, the network becomes less visible to potential attackers, making it harder for them to identify and target the network. This adds an extra layer of security to the company's wireless network infrastructure.

Rate this question:
10.

Which of the following BEST describes ARP?
- A.
  
  Discovering the IP address of a device from the MAC address
- B.
  
  Discovering the IP address of a device from the DNS name
- C.
  
  Discovering the MAC address of a device from the IP address
- D.
  
  Discovering the DNS name of a device from the IP address
Correct Answer
C. Discovering the MAC address of a device from the IP address

Explanation
ARP (Address Resolution Protocol) is a network protocol used to discover the MAC address of a device from its IP address. When a device wants to communicate with another device on the same network, it needs to know the MAC address of the destination device. ARP helps in mapping the IP address to the corresponding MAC address by sending an ARP request to the network. The device with the matching IP address responds with its MAC address, allowing the sender to establish a direct communication link. Therefore, the given answer correctly describes the purpose of ARP.

Rate this question:
11.

Which of the following would be BEST to use to apply corporate security settings to a device?
- A.
  
  A security patch
- B.
  
  A security hotfix
- C.
  
  An OS service pack
- D.
  
  A security template
Correct Answer
D. A security template

Explanation
A security template would be the best option to apply corporate security settings to a device. A security template is a predefined configuration that includes security settings for various aspects of a device, such as user accounts, password policies, and network settings. It allows for consistent and efficient application of security settings across multiple devices within an organization. Unlike a security patch or hotfix, which are typically used to address specific vulnerabilities or bugs, a security template provides a comprehensive set of security configurations that can be easily applied to ensure the device meets the organization's security requirements. An OS service pack, on the other hand, is a collection of updates and fixes for an operating system, but it may not specifically focus on security settings.

Rate this question:
12.

A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings?
- A.
  
  $900
- B.
  
  $2,290
- C.
  
  $2,700
- D.
  
  $5,000
Correct Answer
B. $2,290

Explanation
The expected net savings of $2,290 can be calculated by considering the potential cost of not purchasing the anti-malware software. Without the software, there is a 90% chance each year that workstations will be compromised, resulting in a three-hour downtime for the 30 staff members. Since the staff members are paid $90 per hour, the cost of this downtime would be 90 x 3 x 30 = $8,100. Therefore, by purchasing the software for $5,000 per year, the business can save $8,100 - $5,000 = $3,100. However, the question asks for the expected net savings, which takes into account the 90% chance of compromise. Therefore, the expected net savings would be 90% of $3,100, which is 0.9 x $3,100 = $2,790.

Rate this question:
13.

Which of the following improves security in a wireless system?
- A.
  
  IP spoofing
- B.
  
  MAC filtering
- C.
  
  SSID spoofing
- D.
  
  Closed network
Correct Answer
B. MAC filtering

Explanation
MAC filtering improves security in a wireless system by allowing the network administrator to control which devices can connect to the network based on their MAC addresses. By only allowing authorized devices to connect, MAC filtering helps to prevent unauthorized access to the network. This adds an extra layer of security to the wireless system, as even if someone knows the network's SSID, they won't be able to connect unless their device's MAC address is allowed.

Rate this question:
14.

A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default?
- A.
  
  53
- B.
  
  389
- C.
  
  443
- D.
  
  636
Correct Answer
D. 636

Explanation
Secure LDAP (LDAPS) uses port number 636 by default. LDAP is a protocol used for accessing and managing directory services, while LDAPS is a secure version of LDAP that incorporates SSL/TLS encryption for secure communication. Port 636 is designated for LDAPS to ensure that the communication between the LDAP client and server is encrypted and protected from unauthorized access or tampering. Therefore, when implementing secure LDAP on the network, port number 636 should be used.

Rate this question:
15.

How many keys are utilized with asymmetric cryptography?
- A.
  
  One
- B.
  
  Two
- C.
  
  Five
- D.
  
  Seven
Correct Answer
B. Two

Explanation
Asymmetric cryptography, also known as public-key cryptography, uses a pair of keys - a public key and a private key. The public key is used for encryption, while the private key is used for decryption. This allows for secure communication and authentication between two parties. Therefore, the correct answer is Two.

Rate this question:
16.

During a risk assessment it is discovered that only one system administrator is assigned several critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks?
- A.
  
  DDoS
- B.
  
  Privilege escalation
- C.
  
  Disclosure of PII
- D.
  
  Single point of failure
Correct Answer
D. Single point of failure

Explanation
The recommendation to cross train other system administrators to perform critical tasks mitigates the risk of a single point of failure. This means that if the only system administrator is unavailable or unable to perform their duties, there are other trained individuals who can step in and ensure the continuity of operations. By having multiple administrators capable of handling these tasks, the organization reduces its dependency on a single individual and minimizes the risk of disruptions or failures in the system.

Rate this question:
17.

Which of the following network filtering devices will rely on signature updates to be effective?
- A.
  
  Proxy server
- B.
  
  Firewall
- C.
  
  NIDS
- D.
  
  Honeynet
Correct Answer
C. NIDS

Explanation
A Network Intrusion Detection System (NIDS) relies on signature updates to be effective. NIDS monitors network traffic for suspicious or malicious activity by comparing it to a database of known attack signatures. These signatures are updated regularly to include new threats and vulnerabilities. By relying on signature updates, NIDS can stay up to date with the latest attack techniques and provide effective protection against them. Proxy servers, firewalls, and honeynets do not necessarily rely on signature updates for their effectiveness.

Rate this question:
18.

Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers?
- A.
  
  Honeynet
- B.
  
  DMZ
- C.
  
  Honeypot
- D.
  
  VLAN
Correct Answer
C. Honeypot

Explanation
A honeypot is a single server that is intentionally set up in the DMZ or outer perimeter of a network to attract and distract attackers. It is designed to appear as a valuable target to attackers, luring them away from the actual sensitive systems and data. By monitoring the activities and techniques used by attackers on the honeypot, organizations can gain valuable insights into their tactics and improve their overall security measures.

Rate this question:
19.

Which of the following encryption algorithms is decrypted in the LEAST amount of time?
- A.
  
  RSA
- B.
  
  AES
- C.
  
  3DES
- D.
  
  L2TP
Correct Answer
B. AES

Explanation
AES (Advanced Encryption Standard) is decrypted in the least amount of time compared to the other encryption algorithms mentioned. This is because AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption processes. It is known for its efficiency and speed, making it faster than RSA and 3DES. L2TP, on the other hand, is not an encryption algorithm but a tunneling protocol used for secure communication, so it is not applicable to compare its decryption time with the other encryption algorithms.

Rate this question:
20.

An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?
- A.
  
  Antivirus
- B.
  
  Content filter
- C.
  
  Firewall
- D.
  
  Proxy server
Correct Answer
C. Firewall

Explanation
A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between the internal network (DMZ) and the external network (Internet), preventing unauthorized access and protecting the DMZ from attacks launched from the Internet. Firewalls analyze network data packets and determine whether to allow or block them based on the configured rules. By enforcing security policies and controlling network traffic, firewalls play a crucial role in securing networks from external threats.

Rate this question:
21.

Which of the following is a way to manage operating system updates?
- A.
  
  Service pack management
- B.
  
  Pathc application
- C.
  
  Hotfix management
- D.
  
  Change management
Correct Answer
D. Change management

Explanation
Change management is a way to manage operating system updates. It involves planning, implementing, and controlling changes to the operating system in a systematic and organized manner. This includes evaluating the need for updates, assessing their impact, scheduling and coordinating the updates, and ensuring that they are properly tested and deployed. Change management helps to minimize disruptions and risks associated with operating system updates, and ensures that they are carried out efficiently and effectively.

Rate this question:
22.

Which of the following is a list of discrete entries that are known to be benign?
- A.
  
  Whitelist
- B.
  
  Signature
- C.
  
  Blacklist
- D.
  
  ACL
Correct Answer
A. Whitelist

Explanation
A whitelist is a list of discrete entries that are known to be benign. It is a security measure that allows only pre-approved entities or actions to be permitted, while blocking all others. By using a whitelist, any entry not on the list will be considered potentially harmful or unauthorized. Therefore, a whitelist is a list of entries that are trusted and considered safe.

Rate this question:
23.

Which of the following increases the collision resistance of a hash?
- A.
  
  Salt
- B.
  
  Increase the input length
- C.
  
  Rainbow table
- D.
  
  Larger key space
Correct Answer
A. Salt

Explanation
Adding salt to a hash increases its collision resistance because it adds a random and unique value to the input before hashing. This makes it harder for attackers to precompute hash values or use rainbow tables, as the salted hash will be different even if the input is the same. Therefore, salt helps protect against dictionary attacks and increases the security of the hash function.

Rate this question:
24.

A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?
- A.
  
  Change management
- B.
  
  Secure disposal
- C.
  
  Password complexity
- D.
  
  Chain of custody
Correct Answer
A. Change management

Explanation
Change management should be followed before implementing the new routine on the production application server. Change management is a process that ensures any changes made to a system or software are properly planned, tested, and documented. It helps in minimizing the risks associated with changes and ensures that the changes are implemented smoothly without causing any disruptions or issues in the system. Therefore, before altering the server variable in the coding of the authentication function, it is important to follow the change management process to ensure the change is properly managed and implemented.

Rate this question:
25.

When deploying 50 new workstations on the network, which of the following should be completed FIRST?
- A.
  
  Install a word processor
- B.
  
  Run the latest spyware
- C.
  
  Apply the baseline configuration
- D.
  
  Run OS updates
Correct Answer
C. Apply the baseline configuration

Explanation
The baseline configuration should be completed first when deploying 50 new workstations on the network. Applying the baseline configuration involves setting up the initial standard configuration for the workstations, which includes installing necessary software, configuring network settings, and ensuring security measures are in place. This step establishes a consistent starting point for all workstations, making it easier to manage and maintain them in the long run. Once the baseline configuration is applied, other tasks like installing a word processor, running the latest spyware, and running OS updates can be performed.

Rate this question:
26.

Which of the following should be implemented to have all workstations and severs isolated in their own broadcast domains?
- A.
  
  VLANs
- B.
  
  NAT
- C.
  
  Access lists
- D.
  
  Intranet
Correct Answer
A. VLANs

Explanation
VLANs (Virtual Local Area Networks) should be implemented to have all workstations and servers isolated in their own broadcast domains. VLANs allow network administrators to logically divide a single physical network into multiple virtual networks, each with its own broadcast domain. This isolation ensures that broadcast traffic is contained within each VLAN, preventing it from being transmitted to other VLANs. By implementing VLANs, workstations and servers can be grouped together based on their functional requirements while maintaining separate broadcast domains, enhancing network security and efficiency.

Rate this question:
27.

End users are complaining about receiving a lot of email from online vendors and pharmacies. Which of the following is this an example of?
- A.
  
  Trojan
- B.
  
  Spam
- C.
  
  Phishing
- D.
  
  DNS poisoning
Correct Answer
B. Spam

Explanation
This is an example of spam. Spam refers to unsolicited and unwanted emails that are sent in bulk to a large number of recipients. In this case, the end users are receiving a lot of emails from online vendors and pharmacies, which they did not request or give consent to receive.

Rate this question:
28.

Which of the following BEST describes a private key in regards to asymmetric encryption?
- A.
  
  The key owner has exclusive access to the private key
- B.
  
  Everyone has access to the private key on the CA
- C.
  
  Only the CA has access to the private key
- D.
  
  The key owner and a recipient of an encrypted email have access to the private key
Correct Answer
A. The key owner has exclusive access to the private key

Explanation
A private key in regards to asymmetric encryption refers to a key that is only accessible to the key owner. This means that the key owner has exclusive access to the private key and no one else can access it. This is an important aspect of asymmetric encryption as it ensures that only the intended recipient can decrypt the encrypted messages or data.

Rate this question:
29.

Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network?
- A.
  
  Security logs
- B.
  
  DHCP logs
- C.
  
  DNS logs
- D.
  
  Antivirus logs
Correct Answer
B. DHCP logs

Explanation
DHCP logs can reveal the IP address and MAC address of a rogue device within the local network. DHCP (Dynamic Host Configuration Protocol) is responsible for assigning IP addresses to devices on a network. The DHCP logs keep a record of all IP addresses that have been assigned, including the corresponding MAC addresses. By analyzing these logs, network administrators can identify any unauthorized or rogue devices that have been assigned an IP address, allowing them to take appropriate action to secure the network.

Rate this question:
30.

Which of the following is commonly used in a distributed denial of service (DDoS) attack?
- A.
  
  Phishing
- B.
  
  Adware
- C.
  
  Botnet
- D.
  
  Trojan
Correct Answer
C. Botnet

Explanation
A botnet is a network of infected computers, known as bots, that are controlled by a central server or a group of attackers. In a distributed denial of service (DDoS) attack, the attackers use the botnet to flood a target website or network with a massive amount of traffic, overwhelming its resources and causing it to become unavailable to legitimate users. This is done by sending a high volume of requests from the compromised computers simultaneously, making it difficult for the target to handle the load. Therefore, a botnet is commonly used in a DDoS attack.

Rate this question:
31.

Which of the following practices is MOST relevant to protecting against operating system security flaws?
- A.
  
  Network intrusion detection
- B.
  
  Patch management
- C.
  
  Firewall configuration
- D.
  
  Antivirus selection
Correct Answer
B. Patch management

Explanation
Patch management is the most relevant practice to protect against operating system security flaws. Patch management involves regularly updating and applying patches provided by the operating system vendor. These patches are designed to fix vulnerabilities and security flaws that have been discovered. By keeping the operating system up to date with the latest patches, organizations can ensure that any known security weaknesses are addressed, reducing the risk of exploitation by malicious actors. Network intrusion detection, firewall configuration, and antivirus selection are also important security practices, but they do not directly address operating system security flaws like patch management does.

Rate this question:
32.

Which of the following is a best practice for coding applications in a secure manner?
- A.
  
  Input validation
- B.
  
  Object oriented coding
- C.
  
  Rapid Application Development (RAD)
- D.
  
  Cross-site scripting
Correct Answer
A. Input validation

Explanation
Input validation is a best practice for coding applications in a secure manner because it ensures that all user input is properly validated and sanitized before being processed. This helps to prevent various security vulnerabilities such as SQL injection, cross-site scripting, and command injection attacks. By validating and sanitizing user input, developers can ensure that only safe and expected data is accepted by the application, reducing the risk of malicious code execution or unauthorized access to sensitive information.

Rate this question:
33.

Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?
- A.
  
  Intrusion detection
- B.
  
  Virtualization
- C.
  
  Kiting
- D.
  
  Cloning
Correct Answer
B. Virtualization

Explanation
Virtualization is a technology that can be used to isolate a host OS from some types of security threats. It allows for the creation of virtual machines that run on a single physical machine, each with its own operating system and resources. By running applications and processes within these virtual machines, any potential security threats are contained within the virtual environment and cannot affect the host OS. This helps to protect the host OS from malware, viruses, and other security risks. Intrusion detection, kiting, and cloning are not directly related to isolating a host OS from security threats.

Rate this question:
34.

Which of the following network tools would provide the information on what an attacker is doing to compromise a system?
- A.
  
  Proxy server
- B.
  
  Honeypot
- C.
  
  Internet content filter
- D.
  
  Firewall
Correct Answer
B. Honeypot

Explanation
A honeypot is a network tool that is designed to attract and deceive attackers, making them believe that they have successfully compromised a system. By monitoring the activities of the attacker within the honeypot, administrators can gain valuable insights into the attacker's methods, techniques, and intentions. This information can then be used to better understand the attacker's tactics and strengthen the security of the actual system being protected. Therefore, a honeypot is the most appropriate network tool for providing information on what an attacker is doing to compromise a system.

Rate this question:
35.

Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?
- A.
  
  Hijacking
- B.
  
  Polisy subversion
- C.
  
  Trojan
- D.
  
  DoS
Correct Answer
C. Trojan

Explanation
Assigning proper security permissions to files and folders is the primary method of mitigating Trojan attacks. By assigning appropriate permissions, access to sensitive files and folders can be restricted, preventing unauthorized modifications or execution of malicious code that may be associated with a Trojan. This helps to prevent the Trojan from infiltrating the system and carrying out its intended malicious activities.

Rate this question:
36.

Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker?
- A.
  
  ACL
- B.
  
  Account expiration
- C.
  
  Time of day restrictions
- D.
  
  Logical tokens
Correct Answer
B. Account expiration

Explanation
Account expiration would be the most appropriate logical access control to use when creating an account for a temporary worker. This control ensures that the account is only valid for a specific period of time, typically aligned with the duration of the worker's contract or assignment. Once the account expires, the temporary worker will no longer have access to the system, reducing the risk of unauthorized access or misuse of resources. This control is particularly useful for managing access to sensitive information or systems, as it automatically revokes access after the designated time period.

Rate this question:
37.

Which of the following may be an indication of a possible system compromise?
- A.
  
  A port monitor utility shows that there are many connections to port 80 on the Internet facing web server
- B.
  
  A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline
- C.
  
  A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet
- D.
  
  The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly
Correct Answer
B. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline

Explanation
A performance monitor indicating a recent and ongoing drop in speed, disk space, or memory utilization from the baseline may be an indication of a possible system compromise. This could suggest that the system has been compromised and is being used for unauthorized activities, such as running malicious processes or using up system resources for nefarious purposes.

Rate this question:
38.

An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which of the following logs would be the BEST place to look for information?
- A.
  
  Intrusion detection logs
- B.
  
  Firewall logs
- C.
  
  Antivirus logs
- D.
  
  DNS logs
Correct Answer
B. Firewall logs

Explanation
Firewall logs would be the best place to look for information in this scenario. Firewall logs record all incoming and outgoing network traffic, including any attempts to access remote locations. By analyzing the firewall logs, the administrator can identify any suspicious or unauthorized connections to remote locations during off hours, which could indicate files being copied to a remote location. The other options, such as intrusion detection logs, antivirus logs, and DNS logs, may provide some information, but they are less likely to specifically track file copying to a remote location.

Rate this question:
39.

Which of the following access control methods grants permissions based on the users position in the company?
- A.
  
  Mandatory Access Control (MAC)
- B.
  
  Rule-Based Access Control (RBAC)
- C.
  
  Discretionary Access Control (DAC)
- D.
  
  Role-Based Access Control (RBAC)
Correct Answer
D. Role-Based Access Control (RBAC)

Explanation
Role-Based Access Control (RBAC) is an access control method that grants permissions based on the users' position in the company. In RBAC, access rights are assigned to roles, and users are then assigned to those roles based on their position or job function within the organization. This allows for a more structured and efficient way of managing permissions, as access can be easily granted or revoked by assigning or removing users from specific roles. RBAC provides a centralized and scalable approach to access control, making it suitable for organizations with a hierarchical structure.

Rate this question:
40.

Which of the following access control methods includes switching work assignments at preset intervals?
- A.
  
  Job rotation
- B.
  
  Mandatory vacations
- C.
  
  Least privilege
- D.
  
  Separation of duties
Correct Answer
A. Job rotation

Explanation
Job rotation is an access control method that involves switching work assignments at preset intervals. This practice helps to prevent any single individual from gaining excessive access or knowledge about a particular system or process. By regularly rotating job responsibilities, organizations can reduce the risk of fraud, collusion, or unauthorized access. This approach also promotes cross-training and skill development among employees, leading to a more flexible and resilient workforce.

Rate this question:
41.

Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack?
- A.
  
  TACACS
- B.
  
  RAS
- C.
  
  RADIUS
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos is a network authentication protocol that provides strong authentication and prevents replay attacks. It achieves this by using timestamps and session keys to encrypt and authenticate messages exchanged between clients and servers. This prevents an attacker from intercepting and replaying previously captured authentication messages, as the timestamps and session keys are unique for each authentication session. Therefore, Kerberos is the most likely authentication method to prevent a replay attack.

Rate this question:
42.

Which of the following would an attacker use to footprint a system?
- A.
  
  RADIUS
- B.
  
  Password cracker
- C.
  
  Port scanner
- D.
  
  Man-in-the-middle attack
Correct Answer
C. Port scanner

Explanation
An attacker would use a port scanner to footprint a system. A port scanner is a tool that scans a target system for open ports, which can provide information about the services and vulnerabilities present on the system. By identifying open ports, an attacker can gather information about the network architecture and potentially exploit any vulnerabilities associated with those open ports. This information can be used to plan further attacks or gain unauthorized access to the system.

Rate this question:
43.

Which of the following ensures a user cannot deny having sent a message?
- A.
  
  Availability
- B.
  
  Integrity
- C.
  
  Non-repudiation
- D.
  
  Confidentiality
Correct Answer
C. Non-repudiation

Explanation
Non-repudiation ensures that a user cannot deny having sent a message. It provides evidence that the message was indeed sent by the user and cannot be disputed. This is achieved through the use of digital signatures or other authentication mechanisms that can uniquely identify the sender. Non-repudiation is important in legal and business contexts where proof of communication and accountability is required.

Rate this question:
44.

Which of the following allows an attacker to embed a rootkit into a picture?
- A.
  
  Trojan
- B.
  
  Worm
- C.
  
  Steganography
- D.
  
  Virus
Correct Answer
C. Steganography

Explanation
Steganography is the technique of hiding information within other files, such as images, without altering their appearance. In the context of the question, an attacker can use steganography to embed a rootkit into a picture, making it difficult to detect. The rootkit can then be executed when the picture is opened or accessed, giving the attacker unauthorized access and control over the targeted system. Unlike trojans, worms, or viruses, which rely on specific malicious code, steganography allows for covert communication and exploitation by concealing the presence of the rootkit within the image file.

Rate this question:
45.

Which of the following is a publication of inactivated user certificates?
- A.
  
  Certificate Revocation List
- B.
  
  Certificate Suspension
- C.
  
  Recovery agent
- D.
  
  Certificate Authority
Correct Answer
A. Certificate Revocation List

Explanation
A Certificate Revocation List (CRL) is a publication of inactivated user certificates. It is a list maintained by a Certificate Authority (CA) that contains the serial numbers of certificates that have been revoked or invalidated before their expiration date. This list is distributed to users and relying parties to check the validity of certificates before trusting them. By consulting the CRL, users can ensure that the certificates they are using have not been compromised or revoked, thereby enhancing the security of their communications.

Rate this question:
46.

Which of the following is a method of encrypting email?
- A.
  
  S/MIME
- B.
  
  SMTP
- C.
  
  L2TP
- D.
  
  VPN
Correct Answer
A. S/MIME

Explanation
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a method of encrypting email. It provides end-to-end encryption and digital signing of messages, ensuring privacy and authenticity. S/MIME uses public-key cryptography to encrypt the email content and attachments, making it secure from unauthorized access or tampering. It also verifies the sender's identity through digital signatures, preventing impersonation and ensuring message integrity. S/MIME is widely used in email communication to protect sensitive information and maintain the confidentiality of email exchanges.

Rate this question:
47.

Which of the following risks would be reduced by implementing screen filters?
- A.
  
  Replay attacks
- B.
  
  Phishing
- C.
  
  Man-in-the-middle attacks
- D.
  
  Shoulder surfing
Correct Answer
D. Shoulder surfing

Explanation
Implementing screen filters would reduce the risk of shoulder surfing. Shoulder surfing is a type of attack where an unauthorized person can view or capture sensitive information by looking over someone's shoulder while they are using their device. By using screen filters, the visibility of the screen is limited to the user, making it difficult for shoulder surfers to see the information being displayed. This helps protect the user's privacy and reduces the risk of unauthorized access to sensitive data.

Rate this question:
48.

Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?
- A.
  
  Logic bomb
- B.
  
  Worm
- C.
  
  Trojan
- D.
  
  Rootkit
Correct Answer
D. Rootkit

Explanation
A rootkit is a type of malicious software that allows an attacker to hide the presence of their code by altering the system's processes and registry entries. It is designed to gain unauthorized access to a computer system and maintain control over it while remaining undetected. By modifying the system's processes and registry entries, the rootkit can hide its files, processes, and network connections, making it difficult for antivirus software and other security measures to detect and remove it. This allows the attacker to maintain control over the compromised system and carry out malicious activities without being detected.

Rate this question:
49.

Which of the following will propagate itself without any user interaction?
- A.
  
  Worm
- B.
  
  Rootkit
- C.
  
  Trojan
- D.
  
  Virus
Correct Answer
A. Worm

Explanation
A worm is a type of malware that can self-replicate and spread across computer networks without any user interaction. Unlike viruses, which require a host file or program to spread, worms are standalone programs that can exploit vulnerabilities in a system's security to automatically propagate themselves. This ability to replicate and spread autonomously sets worms apart from other types of malware such as rootkits, trojans, and viruses, which generally rely on user actions or the execution of infected files to spread.

Rate this question:
50.

An administrator wants to setup their network with only one public IP address. Which of the following would allow for this?
- A.
  
  DMZ
- B.
  
  VLAN
- C.
  
  NIDS
- D.
  
  NAT
Correct Answer
D. NAT

Explanation
NAT (Network Address Translation) allows for the translation of private IP addresses to a single public IP address. This enables multiple devices on a network to share the same public IP address, conserving the limited supply of public IP addresses. By using NAT, the administrator can set up their network with only one public IP address, ensuring connectivity for all devices on the network while maintaining security.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
May 22, 2010

Quiz Created by
Semarley

CompTIA Security+ Part 1

All of the following provide confidentiality as part of the underlying protocol EXCEPT:

Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?

Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?

How should a company test the integrity of its backup data?

Which of the following can BEST be used to determine the topology of a network and discover unknown devices?

When should a technician perform penetration testing?

Which of the following is MOST efficient for encrypting large amounts of data?

Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?

Which of the following BEST describes ARP?

Which of the following would be BEST to use to apply corporate security settings to a device?

Which of the following improves security in a wireless system?

A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default?

How many keys are utilized with asymmetric cryptography?

During a risk assessment it is discovered that only one system administrator is assigned several critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the following risks?

Which of the following network filtering devices will rely on signature updates to be effective?

Which of the following is a single server that is setup in the DMZ or outer perimeter in order to distract attackers?

Which of the following encryption algorithms is decrypted in the LEAST amount of time?

An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?

Which of the following is a way to manage operating system updates?

Which of the following is a list of discrete entries that are known to be benign?

Which of the following increases the collision resistance of a hash?

A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?

When deploying 50 new workstations on the network, which of the following should be completed FIRST?

Which of the following should be implemented to have all workstations and severs isolated in their own broadcast domains?

End users are complaining about receiving a lot of email from online vendors and pharmacies. Which of the following is this an example of?

Which of the following BEST describes a private key in regards to asymmetric encryption?

Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network?

Which of the following is commonly used in a distributed denial of service (DDoS) attack?

Which of the following practices is MOST relevant to protecting against operating system security flaws?

Which of the following is a best practice for coding applications in a secure manner?

Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?

Which of the following network tools would provide the information on what an attacker is doing to compromise a system?

Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?

Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker?

Which of the following may be an indication of a possible system compromise?

An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which of the following logs would be the BEST place to look for information?

Which of the following access control methods grants permissions based on the users position in the company?

Which of the following access control methods includes switching work assignments at preset intervals?

Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack?

Which of the following would an attacker use to footprint a system?

Which of the following ensures a user cannot deny having sent a message?

Which of the following allows an attacker to embed a rootkit into a picture?

Which of the following is a publication of inactivated user certificates?

Which of the following is a method of encrypting email?

Which of the following risks would be reduced by implementing screen filters?

Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?

Which of the following will propagate itself without any user interaction?

An administrator wants to setup their network with only one public IP address. Which of the following would allow for this?