CompTIA Security+ Exam MCQ!

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By DeLo

DeLo

Community Contributor

Quizzes Created: 1 | Total Attempts: 732

Questions: 100 | Attempts: 733 | Updated: Sep 15, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

#101 Which of the following must be intact for evidence to be admissible in court?
- A.
  
  A. Chain of custody
- B.
  
  B. Order of volatility
- C.
  
  C. Legal hold
- D.
  
  D. Preservation
Correct Answer
A. A. Chain of custody

Explanation
In order for evidence to be admissible in court, the chain of custody must be intact. This refers to the chronological documentation of the custody, control, transfer, analysis, and disposition of physical or electronic evidence. It ensures that the evidence has not been tampered with or altered in any way, and establishes its authenticity and reliability. The chain of custody is crucial in maintaining the integrity of the evidence and ensuring that it can be trusted as accurate and reliable in court proceedings.

Rate this question:
2.

102 # A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:
- A.
  
  A. Credentialed scan.
- B.
  
  B. Non-intrusive scan.
- C.
  
  C. Privilege escalation test.
- D.
  
  D. Passive scan.
Correct Answer
A. A. Credentialed scan.

Explanation
A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a credentialed scan. This type of scan requires the scanner to have valid credentials (such as username and password) to authenticate with the target systems. By doing so, the scanner can access more detailed information about the system's configuration and installed software, allowing for a more accurate assessment of vulnerabilities. This type of scan is often preferred for internal network assessments where the scanner has legitimate access to the systems being scanned.

Rate this question:
3.

103 # Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
- A.
  
  A. AES
- B.
  
  B. 3DES
- C.
  
  C. RSA
- D.
  
  D. MD5
Correct Answer
D. D. MD5

Explanation
MD5 is a cryptographic algorithm that produces a fixed-length, irreversible output. It is commonly used for verifying the integrity of files and detecting duplicate data. MD5 generates a 128-bit hash value, which is a fixed-length output that cannot be reversed to obtain the original input. This makes it suitable for tasks such as password hashing, where it is important to store passwords securely without being able to retrieve the original plaintext password. However, it is worth noting that MD5 is considered to be weak for cryptographic purposes due to its vulnerability to collision attacks.

Rate this question:
4.

104 # A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll Based solely on the above information, which of the following types of malware is MOST likely installed on the system?
- A.
  
  A. Rootkit
- B.
  
  B. Ransomware
- C.
  
  C. Trojan
- D.
  
  D. Backdoor
Correct Answer
A. A. Rootkit

Explanation
The log entry indicates a hash mismatch for system files, specifically user32.dll and kernel32.dll. This suggests that these files have been modified, which is a common behavior of rootkits. Rootkits are a type of malware that are designed to hide their presence on a system by modifying or replacing important system files. Therefore, based on the given information, the most likely type of malware installed on the system is a rootkit.

Rate this question:
5.

105# A new firewall has been placed into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?
- A.
  
  A. The firewall should be configured to prevent user traffic from matching the implicit deny rule.
- B.
  
  B. The firewall should be configured with access lists to allow inbound and outbound traffic.
- C.
  
  C. The firewall should be configured with port security to allow traffic.
- D.
  
  D. The firewall should be configured to include an explicit deny rule.
Correct Answer
A. A. The firewall should be configured to prevent user traffic from matching the implicit deny rule.

Explanation
The correct answer is A. The firewall should be configured to prevent user traffic from matching the implicit deny rule. When a new firewall is placed into service without any configuration, it typically has an implicit deny rule in place, which means that all traffic is denied by default. In order for employees on the network segment covered by the firewall to access the network, the firewall needs to be configured to allow their traffic to pass through. By configuring the firewall to prevent user traffic from matching the implicit deny rule, the employees will be able to access the network.

Rate this question:
6.

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)
- A.
  
  A.
- B.
  
  B.
- C.
  
  C. dig ""axfr comptia.org @example.org
- D.
  
  D. ipconfig /flushDNS -
- E.
  
  E.
- F.
  
  F. dig @example.org comptia.org -
Correct Answer(s)
A. A.
C. C. dig ""axfr comptia.org @example.org

Explanation
The security analyst should use the "dig" command with the "axfr" option to test for unauthorized DNS zone transfers. This command allows the analyst to request a full zone transfer from the DNS server at example.org for the domain comptia.org. This will help the analyst determine if any unauthorized transfers are occurring within the LAN.

Rate this question:
7.

107# Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)
- A.
  
  A. To prevent server availability issues
- B.
  
  B. To verify the appropriate patch is being installed
- C.
  
  C. To generate a new baseline hash after patching
- D.
  
  D. To allow users to test functionality
- E.
  
  E. To ensure users are trained on new functionality
Correct Answer(s)
A. A. To prevent server availability issues
D. D. To allow users to test functionality

Explanation
The main reason why a systems administrator would install security patches in a staging environment before applying them to the production server is to prevent server availability issues. By testing the patches in a controlled environment first, any potential issues or conflicts can be identified and resolved before they impact the live production server. Additionally, installing patches in a staging environment allows users to test the functionality of the system after the patches are applied, ensuring that there are no unexpected issues or disruptions in the production environment.

Rate this question:
8.

108 # A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?
- A.
  
  A. ISA
- B.
  
  B. NDA
- C.
  
  C. MOU
- D.
  
  D. SLA
Correct Answer
B. B. NDA

Explanation
The agreement described in the question is a Non-Disclosure Agreement (NDA). An NDA is a legal contract between two or more parties that outlines confidential information that the parties agree not to disclose to third parties. In this case, the agreement drafted by the CIO is specifically addressing the release of information without consent and/or approvals, which aligns with the purpose of an NDA. ISA (Information Sharing Agreement), MOU (Memorandum of Understanding), and SLA (Service Level Agreement) are not appropriate descriptions for this type of agreement.

Rate this question:
9.

109 # Which of the following would meet the requirements for multifactor authentication?
- A.
  
  A. Username, PIN, and employee ID number
- B.
  
  B. Fingerprint and password
- C.
  
  C. Smart card and hardware token
- D.
  
  D. Voice recognition and retina scan
Correct Answer
B. B. Fingerprint and password

Explanation
The combination of a fingerprint and password meets the requirements for multifactor authentication because it combines something the user is (biometric fingerprint) with something the user knows (password). This ensures that the user's identity is verified using both a physical characteristic and a secret piece of information, making it more secure than using a single factor for authentication.

Rate this question:
10.

110 # A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?
- A.
  
  A. Separation of duties
- B.
  
  B. Mandatory vacations
- C.
  
  C. Background checks
- D.
  
  D. Security awareness training
Correct Answer
A. A. Separation of duties

Explanation
Implementing separation of duties would help validate the concern because it involves dividing critical tasks and responsibilities among different individuals. This ensures that no single employee has complete control over a process, reducing the risk of fraud or malicious activity. By separating the duties of accessing and modifying financial transactions, the manager can mitigate the risk of the IT employee being able to manipulate transactions for the benefit of a competitor.

Rate this question:
11.

111 # A penetration tester finds that a company's login credentials for the email client were being sent in cleartext. Which of the following should be done to provide encrypted logins to the email server?
- A.
  
  A. Enable IPSec and configure SMTP.
- B.
  
  B. Enable SSH and LDAP credentials.
- C.
  
  C. Enable MIME services and POP3.
- D.
  
  D. Enable an SSL certificate for IMAP services.
Correct Answer
D. D. Enable an SSL certificate for IMAP services.

Explanation
Enabling an SSL certificate for IMAP services would provide encrypted logins to the email server. SSL (Secure Sockets Layer) is a protocol that encrypts data transmitted between a client and a server, ensuring that the information cannot be intercepted or read by unauthorized individuals. By enabling an SSL certificate for IMAP services, the company can secure the login credentials for the email client, preventing them from being sent in cleartext and enhancing the overall security of the system.

Rate this question:
12.

112 # Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?
- A.
  
  A. Cross-site scripting
- B.
  
  B. DNS poisoning
- C.
  
  C. Typo squatting
- D.
  
  D. URL hijacking
Correct Answer
C. C. Typo squatting

Explanation
The correct answer is C. Typo squatting. Typo squatting is a technique used by attackers to register domain names that are similar to legitimate domain names but with slight misspellings or transposed letters. In this case, the infected devices attempted to access a URL that was similar to the company name but with two letters transposed, indicating that the attack vector used was typo squatting.

Rate this question:
13.

113# A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?
- A.
  
  A. Apache
- B.
  
  B. LSASS
- C.
  
  C. MySQL
- D.
  
  D. TFTP
Correct Answer
A. A. Apache

Explanation
The correct answer is A. Apache. The information provided states that the server is running Apache version 2.4.7, which is a web server software. Web servers like Apache are commonly targeted by remote buffer overflow attacks, where an attacker sends more data than a buffer can handle, causing it to overflow and potentially allowing the attacker to execute malicious code on the server. Therefore, it is most likely that Apache was exploited in this scenario.

Rate this question:
14.

114# Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while traveling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use?
- A.
  
  A. RADIUS
- B.
  
  B. TACACS+
- C.
  
  C. Diameter
- D.
  
  D. Kerberos
Correct Answer
B. B. TACACS+

Explanation
TACACS+ is the best access technology for Joe to use because it provides separate access control functionalities for internal, external, and VOIP services. TACACS+ allows for granular control over user access and authentication, making it ideal for maintaining security while allowing remote access for traveling staff. RADIUS, Diameter, and Kerberos do not offer the same level of control and functionality as TACACS+.

Rate this question:
15.

115# The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?
- A.
  
  A. Authentication
- B.
  
  B. HVAC
- C.
  
  C. Full-disk encryption
- D.
  
  D. File integrity checking
Correct Answer
B. B. HVAC

Explanation
The availability of a system refers to its ability to be operational and accessible when needed. HVAC (Heating, Ventilation, and Air Conditioning) is important for maintaining the proper temperature and humidity levels in a system's environment. This is crucial for preventing overheating or damage to the system's components, which can lead to downtime and affect its availability. Therefore, focusing on HVAC ensures that the system remains operational and available for use.

Rate this question:
16.

116# As part of the SDLC, a third party is hired to perform a penetration test. The third-party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?
- A.
  
  A. Black box
- B.
  
  B. Regression
- C.
  
  C. White box
- D.
  
  D. Fuzzing
Correct Answer
C. C. White box

Explanation
The assessment being performed in this scenario is a white box assessment. This is because the third party has access to the source code, integration tests, and network diagrams, which means they have full knowledge of the internal workings of the system. In a white box assessment, the tester has complete knowledge and understanding of the system being tested, allowing them to identify vulnerabilities and potential security issues more effectively.

Rate this question:
17.

117# A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?
- A.
  
  A. Removing the hard drive from its enclosure
- B.
  
  B. Using software to repeatedly rewrite over the disk space
- C.
  
  C. Using Blowfish encryption on the hard drives
- D.
  
  D. Using magnetic fields to erase the data
Correct Answer
D. D. Using magnetic fields to erase the data

Explanation
Using magnetic fields to erase the data would have most likely prevented the data from being exposed. This method involves using strong magnetic fields to completely erase the data on the hard drives, making it impossible for anyone to recover the confidential information. By erasing the data in this way, the dumpster diver would not have been able to retrieve the confidential data and post it online.

Rate this question:
18.

118# Which of the following are methods to implement HA in a web application server environment? (Select two.)
- A.
  
  A. Load balancers
- B.
  
  B. Application layer firewalls
- C.
  
  C. Reverse proxies
- D.
  
  D. VPN concentrators
- E.
  
  E. Routers
Correct Answer(s)
A. A. Load balancers
B. B. Application layer firewalls

Explanation
Load balancers and application layer firewalls are both methods to implement high availability (HA) in a web application server environment. Load balancers distribute incoming network traffic across multiple servers to ensure efficient utilization and prevent overload. This helps to improve availability by ensuring that if one server fails, others can handle the traffic. Application layer firewalls, on the other hand, provide an additional layer of security by monitoring and filtering network traffic at the application layer. This helps to protect the web application server from various attacks and vulnerabilities, thereby enhancing its availability and reliability.

Rate this question:
19.

119# An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use?
- A.
  
  A. FTPS
- B.
  
  B. SFTP
- C.
  
  C. SSL
- D.
  
  D. LDAPS
- E.
  
  E. SSH
Correct Answer
C. C. SSL

Explanation
The developer is most likely to use SSL (Secure Sockets Layer) as the secure protocol for the application. SSL is commonly used for secure communication over the internet and can provide encryption and authentication for data transmission. Port 80 is typically used for HTTP communication, and SSL can be implemented on top of HTTP to secure the data being transmitted. FTPS and SFTP are secure protocols for file transfer, LDAPS is used for secure LDAP communication, and SSH is used for secure remote access, but SSL is the most suitable choice for secure transport over port 80 in this scenario.

Rate this question:
20.

120# Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
- A.
  
  A. Isolating the systems using VLANs
- B.
  
  B. Installing a software-based IPS on all devices
- C.
  
  C. Enabling full disk encryption
- D.
  
  D. Implementing unique user PIN access functions
Correct Answer
A. A. Isolating the systems using VLANs

Explanation
Isolating the systems using VLANs helps to minimize the risk from network attacks directed at multifunction printers by creating separate virtual networks for different devices or groups of devices. This prevents unauthorized access to the printers and limits the potential impact of an attack on the functionality of the printers. VLANs provide a level of network segmentation and control, allowing organizations to better protect their devices and data.

Rate this question:
21.

121# After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?
- A.
  
  A. Recovery
- B.
  
  B. Identification
- C.
  
  C. Preparation
- D.
  
  D. Documentation
- E.
  
  E. Escalation
Correct Answer
B. B. Identification

Explanation
After an identified security breach, the analyst should take the next step of identification. This involves gathering information and evidence to determine the scope and nature of the breach. By identifying the specific details of the breach, the analyst can then proceed with the appropriate actions in the incident response process, such as containment, eradication, and recovery.

Rate this question:
22.

122# A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
- A.
  
  A. HTTPS
- B.
  
  B. LDAPS
- C.
  
  C. SCP
- D.
  
  D. SNMPv3
Correct Answer
C. C. SCP

Explanation
The company should use SCP (Secure Copy Protocol) to transfer files. The audit revealed that the files were being transferred in the clear, which means they were not encrypted and could be intercepted by unauthorized individuals. SCP is a secure file transfer protocol that uses SSH (Secure Shell) for encryption and authentication, ensuring that files are transferred securely and cannot be easily intercepted or tampered with. HTTPS (Hypertext Transfer Protocol Secure) is used for secure web communication, LDAPS (LDAP over SSL) is used for secure LDAP communication, and SNMPv3 (Simple Network Management Protocol version 3) is used for secure network management, but none of these protocols are specifically designed for secure file transfer like SCP.

Rate this question:
23.

123# During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach this incident?
- A.
  
  A. The finding is a false positive and can be disregarded
- B.
  
  B. The Struts module needs to be hardened on the server
- C.
  
  C. The Apache software on the server needs to be patched and updated
- D.
  
  D. The server has been compromised by malware and needs to be quarantined.
Correct Answer
A. A. The finding is a false positive and can be disregarded

Explanation
Based on the information provided, the developer responsible for the server states that Apache Struts is not installed on the server. This indicates that the vulnerability scan may have produced a false positive result, meaning that it incorrectly flagged the server as vulnerable to an Apache Struts exploit. Therefore, the security team should disregard the finding as it is not a legitimate vulnerability.

Rate this question:
24.

124# A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement?
- A.
  
  A. Geofencing
- B.
  
  B. Remote wipe
- C.
  
  C. Near-field communication
- D.
  
  D. Push notification services
- E.
  
  E. Containerization
Correct Answer(s)
A. A. Geofencing
E. E. Containerization

Explanation
The administrator should implement geofencing and containerization to protect the data stored on the mobile devices. Geofencing allows the administrator to set up virtual boundaries around the warehouse, and if the devices leave this area, the secure container on the devices will be automatically destroyed. Containerization, on the other hand, provides a secure and isolated environment for the storage and processing of data on the devices, ensuring that the data is protected even if the devices are lost or stolen.

Rate this question:
25.

125# A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)
- A.
  
  A. ALE
- B.
  
  B. AV
- C.
  
  C. ARO
- D.
  
  D. EF
- E.
  
  E. ROI
Correct Answer(s)
B. B. AV
D. D. EF

Explanation
The analyst needs to determine the potential monetary loss each time a threat or event occurs. The concept of AV (Annualized Loss Expectancy) would assist in calculating the expected monetary loss per year, while the concept of EF (Exposure Factor) would assist in determining the percentage of asset loss that would occur if a threat or event happens.

Rate this question:
26.

126# Which of the following AES modes of operation provide authentication? (Select two.)
- A.
  
  A. CCM
- B.
  
  B. CBC
- C.
  
  C. GCM
- D.
  
  D. DSA
- E.
  
  E. CFB
Correct Answer(s)
A. A. CCM
C. C. GCM

Explanation
CCM and GCM are both AES modes of operation that provide authentication. CCM (Counter with CBC-MAC) is a mode that combines counter mode encryption with CBC-MAC authentication. It provides both confidentiality and authentication. GCM (Galois/Counter Mode) is another mode that combines counter mode encryption with Galois field multiplication-based authentication. It also provides both confidentiality and authentication. DSA (Digital Signature Algorithm) is a digital signature algorithm and not an AES mode of operation. CBC (Cipher Block Chaining) and CFB (Cipher Feedback) are AES modes of operation that provide confidentiality but not authentication.

Rate this question:
27.

127# An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data: Which of the following would be the BEST method to prevent similar audit findings in the future?
- A.
  
  A. Implement separation of duties for the payroll department.
- B.
  
  B. Implement a DLP solution on the payroll and human resources servers.
- C.
  
  C. Implement rule-based access controls on the human resources server.
- D.
  
  D. Implement regular permission auditing and reviews.
Correct Answer
A. A. Implement separation of duties for the payroll department.

Explanation
Implementing separation of duties for the payroll department would be the best method to prevent similar audit findings in the future. This means assigning different tasks and responsibilities to different individuals within the department, ensuring that no single employee has complete control over the payroll process. By implementing separation of duties, it reduces the risk of fraud or unauthorized access to confidential data, as multiple employees would need to collaborate to carry out any malicious activities. This control measure enhances accountability, transparency, and reduces the likelihood of errors or intentional misconduct.

Rate this question:
28.

128# A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select?
- A.
  
  A. EAP-FAST
- B.
  
  B. EAP-TLS
- C.
  
  C. PEAP
- D.
  
  D. EAP
Correct Answer
C. C. PEAP

Explanation
PEAP (Protected Extensible Authentication Protocol) is the correct answer because it is an authentication protocol that supports mutual authentication between the wireless client and the authentication server. It also allows for authentication with usernames and passwords. EAP-FAST and EAP-TLS are also authentication protocols, but they do not specifically mention support for mutual authentication or authentication with usernames and passwords. EAP, on the other hand, is a general term for Extensible Authentication Protocol and does not specify a particular authentication method.

Rate this question:
29.

129# A system administrator has finished configuring firewall ACL to allow access to a new webserver. The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server: The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?
- A.
  
  A. Misconfigured firewall
- B.
  
  B. Clear text credentials
- C.
  
  C. Implicit deny
- D.
  
  D. Default configuration
Correct Answer
B. B. Clear text credentials

Explanation
The auditor is most concerned with clear text credentials because this means that sensitive information such as usernames and passwords are being transmitted over the network in plain text, making it easy for attackers to intercept and steal this information. This is a serious security risk as it can lead to unauthorized access to the web server and potentially compromise the company's data and systems.

Rate this question:
30.

130# Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?
- A.
  
  A. Passwords are written on the bottom of a keyboard
- B.
  
  B. Unpatched exploitable Internet-facing services
- C.
  
  C. Unencrypted backup tapes
- D.
  
  D. Misplaced hardware token
Correct Answer
B. B. Unpatched exploitable Internet-facing services

Explanation
A script kiddie is typically an inexperienced hacker who relies on pre-existing tools and scripts to carry out attacks. They do not possess advanced hacking skills or knowledge. Among the given vulnerability types, unpatched exploitable Internet-facing services would be the most vulnerable to attacks from script kiddies. These hackers can easily find and use automated tools to exploit known vulnerabilities in such services without requiring much technical expertise.

Rate this question:

1
0
31.

131# An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:
- A.
  
  A. Passive reconnaissance
- B.
  
  B. Persistence
- C.
  
  C. Escalation of privileges
- D.
  
  D. Exploiting the switch
Correct Answer
A. A. Passive reconnaissance

Explanation
An in-house penetration tester using a packet capture device to listen in on network communications is an example of passive reconnaissance. Passive reconnaissance involves gathering information about a target system or network without actively engaging with it. In this case, the penetration tester is simply observing and collecting data from the network communications without actively interacting or attempting to exploit any vulnerabilities.

Rate this question:
32.

132# A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?
- A.
  
  A. The vulnerability scanner is performing an authenticated scan.
- B.
  
  B. The vulnerability scanner is performing local file integrity checks.
- C.
  
  C. The vulnerability scanner is performing in network sniffer mode.
- D.
  
  D. The vulnerability scanner is performing banner grabbing.
Correct Answer
C. C. The vulnerability scanner is performing in network sniffer mode.
33.

133# A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?
- A.
  
  A. Waterfall
- B.
  
  B. Agile
- C.
  
  C. Rapid
- D.
  
  D. Extreme
Correct Answer
B. B. Agile

Explanation
The correct answer is B. Agile. Agile is a software development methodology that emphasizes iterative and incremental development, allowing for multiple iterations of deployments within an application's full life cycle. This approach encourages feedback and collaboration from stakeholders throughout the development process, resulting in a more flexible and adaptable approach to project management.

Rate this question:
34.

134# A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?
- A.
  
  A. Implement time-of-day restrictions.
- B.
  
  B. Audit file access times.
- C.
  
  C. Secretly install a hidden surveillance camera.
- D.
  
  D. Require swipe-card access to enter the lab.
Correct Answer
D. D. Require swipe-card access to enter the lab.

Explanation
Requiring swipe-card access to enter the lab can help prevent the specific threat of stealing confidential information after working hours. By implementing swipe-card access, the CEO can track and monitor who enters the lab during non-working hours, making it easier to identify any unauthorized individuals. This measure adds an extra layer of security and accountability, deterring potential thieves and ensuring that only authorized personnel have access to the lab and its confidential information.

Rate this question:
35.

135# A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes the reason why the vulnerability exists?
- A.
  
  A. Default configuration
- B.
  
  B. End-of-life system
- C.
  
  C. Weak cipher suite
- D.
  
  D. Zero-day threats
Correct Answer
B. B. End-of-life system

Explanation
The vulnerability exists because the company is using an FTP server version that is eight years old and there is no upgrade available from the vendor. This indicates that the system is at the end of its life cycle and is no longer supported by the vendor, leaving it vulnerable to known exploits.

Rate this question:
36.

136# An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?
- A.
  
  A. Approve the former employee's request, as a password reset would give the former employee access to only the human resources server.
- B.
  
  B. Deny the former employee's request since the password reset request came from an external email address.
- C.
  
  C. Deny the former employee's request, as a password reset would give the employee access to all network resources.
- D.
  
  D. Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network resources.
Correct Answer
C. C. Deny the former employee's request, as a password reset would give the employee access to all network resources.

Explanation
The best course of action is to deny the former employee's request for a password reset. This is because, according to the organization's security policy, the employee's access to all network resources is terminated immediately upon resignation. Granting a password reset would allow the former employee to regain access to all network resources, which is against the organization's security policy. Therefore, denying the request is the most appropriate action to ensure the security of the network resources.

Rate this question:
37.

137# Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?
- A.
  
  A. Encrypt it with Joe's private key
- B.
  
  B. Encrypt it with Joe's public key
- C.
  
  C. Encrypt it with Ann's private key
- D.
  
  D. Encrypt it with Ann's public key
Correct Answer
D. D. Encrypt it with Ann's public key

Explanation
Joe should encrypt the document with Ann's public key to ensure that it is protected from eavesdropping. By encrypting it with Ann's public key, only Ann will be able to decrypt and access the document using her private key. This ensures that only the intended recipient can read the confidential information and prevents unauthorized access or eavesdropping by others.

Rate this question:
38.

138# A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this?
- A.
  
  A. CSIRT
- B.
  
  B. Containment phase
- C.
  
  C. Escalation notifications
- D.
  
  D. Tabletop exercise
Correct Answer
D. D. Tabletop exercise

Explanation
A tabletop exercise is a simulated scenario where key stakeholders gather together to discuss and practice their response to a potential incident. By conducting tabletop exercises, the director can identify any gaps or weaknesses in the response process and make necessary improvements. This practice helps to familiarize the team with their roles and responsibilities, improves communication and coordination, and allows for the development of more efficient response strategies. Ultimately, by regularly conducting tabletop exercises, the director can enhance the team's preparedness and shorten the response time in real incidents.

Rate this question:
39.

139# To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?
- A.
  
  A. Create a daily encrypted backup of the relevant emails.
- B.
  
  B. Configure the email server to delete the relevant emails.
- C.
  
  C. Migrate the relevant emails into an "Archived" folder.
- D.
  
  D. Implement automatic disk compression on email servers.
Correct Answer
A. A. Create a daily encrypted backup of the relevant emails.

Explanation
Creating a daily encrypted backup of the relevant emails is the best way to ensure the goal of reducing disk consumption and meeting the data retention period for sent emails. By creating encrypted backups, the organization can securely store the relevant emails while minimizing disk space usage. This allows the organization to meet legal requirements and retain the necessary data without cluttering the email server or compromising security.

Rate this question:
40.

140# A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?
- A.
  
  A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.
- B.
  
  B. The segment should be placed in the existing internal VLAN to allow internal traffic only.
- C.
  
  C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.
- D.
  
  D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.
Correct Answer
D. D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

Explanation
Placing the new network segment on an extranet and configuring the firewall rules to allow both internal and external traffic is the most secure way to configure the segment. An extranet is a controlled extension of an organization's internal network that allows external users limited access. By placing the segment on an extranet, the organization can provide access to external users while still maintaining a level of security. Configuring the firewall rules to allow both internal and external traffic ensures that the necessary communication can occur while still protecting the network from unauthorized access.

Rate this question:
41.

#141 Which of the following types of attacks precedes the installation of a rootkit on a server?
- A.
  
  A. Pharming
- B.
  
  B. DDoS
- C.
  
  C. Privilege escalation
- D.
  
  D. DoS
Correct Answer
C. C. Privilege escalation

Explanation
Privilege escalation is the type of attack that occurs before the installation of a rootkit on a server. Privilege escalation involves gaining unauthorized access to higher levels of privileges or permissions than originally granted. By exploiting vulnerabilities or weaknesses in the system, an attacker can elevate their privileges and gain administrative control over the server. Once they have gained higher privileges, they can proceed with the installation of a rootkit, which is a malicious software that provides unauthorized access and control over the server.

Rate this question:
42.

142# Which of the following cryptographic algorithms is irreversible?
- A.
  
  A. RC4
- B.
  
  B. SHA-256
- C.
  
  C. DES
- D.
  
  D. AES
Correct Answer
B. B. SHA-256

Explanation
SHA-256 is an irreversible cryptographic algorithm. It is a widely used hash function that generates a fixed-size output (256 bits) from any input data. The output, also known as the hash value, is unique to the input data, meaning that even a small change in the input will result in a completely different hash value. This makes it computationally infeasible to reverse-engineer the original input from the hash value. Therefore, SHA-256 is considered irreversible, making it suitable for various security applications such as password storage and digital signatures.

Rate this question:
43.

143# A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>" Which of the following types of attacks is this?
- A.
  
  A. Cross-site request forgery
- B.
  
  B. Buffer overflow
- C.
  
  C. SQL injection
- D.
  
  D. JavaScript data insertion
- E.
  
  E. Firewall evasion script
Correct Answer
D. D. JavaScript data insertion

Explanation
The given payload includes JavaScript code that tries to insert data from the file "/etc/passwd" into the webpage. This type of attack is known as JavaScript data insertion, where an attacker tries to inject malicious code or data into a webpage using JavaScript. This can be used to steal sensitive information or perform unauthorized actions on the website.

Rate this question:
44.

144# A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?
- A.
  
  A. The hacker used a race condition.
- B.
  
  B. The hacker used a pass-the-hash attack.
- C.
  
  C. The hacker-exploited improper key management.
- D.
  
  D. The hacker exploited weak switch configuration.
Correct Answer
D. D. The hacker exploited weak switch configuration.
45.

145# Audit logs from a small company's vulnerability scanning software show the following findings: Destinations scanned: -Server001- Internal human resources payroll server -Server101-Internet-facing web server -Server201- SQL server for Server101 -Server301-Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found: -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server201-OS updates not fully current -Server301- Accessible from internal network without the use of jumpbox -Server301-Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?
- A.
  
  A. Server001
- B.
  
  B. Server101
- C.
  
  C. Server201
- D.
  
  D. Server301
Correct Answer
B. B. Server101

Explanation
Server101 should be addressed first because it is the only server that is both internet-facing and vulnerable to a buffer overflow exploit. This means that external attackers have the potential to exploit this vulnerability and gain unauthorized access to the server. Addressing this vulnerability will help mitigate the risk of unauthorized information being accessed by external attackers.

Rate this question:
46.

146# A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?
- A.
  
  A. Implement SRTP between the phones and the PBX.
- B.
  
  B. Place the phones and PBX in their own VLAN.
- C.
  
  C. Restrict the phone connections to the PBX.
- D.
  
  D. Require SIPS on connections to the PBX.
Correct Answer
D. D. Require SIPS on connections to the PBX.

Explanation
Requiring SIPS (Secure Internet Protocol Session) on connections to the PBX would best prevent interception and compromise of credentials during authentication. SIPS is a secure version of the Session Initiation Protocol (SIP) used for VoIP communications. By using SIPS, the communication between the IP phones and the PBX is encrypted, ensuring that any intercepted data is unreadable and secure. This helps to protect the authentication process and prevents unauthorized access to the PBX system. Implementing SRTP (Secure Real-time Transport Protocol) between the phones and the PBX would also provide encryption, but it does not specifically address the authentication process. Placing the phones and PBX in their own VLAN and restricting phone connections to the PBX can provide some level of network segregation and control, but they do not directly address the security of the authentication process.

Rate this question:
47.

147# An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?
- A.
  
  A. Dynamic analysis
- B.
  
  B. Change management
- C.
  
  C. Baselining
- D.
  
  D. Waterfalling
Correct Answer
B. B. Change management

Explanation
The CISO is engaging in change management, which involves evaluating the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. Change management is the process of managing and controlling changes to a system or environment to minimize disruption and ensure that changes are implemented smoothly and effectively. In this case, the CISO is concerned about the impact of migrating to the new platform on the organization's existing software and wants to assess the compatibility before proceeding with the migration.

Rate this question:
48.

148# A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)
- A.
  
  A. Ping
- B.
  
  B. Ipconfig
- C.
  
  C. Tracert
- D.
  
  D. Netstat
- E.
  
  E. Dig
- F.
  
  F. Nslookup
Correct Answer(s)
B. B. Ipconfig
C. C. Tracert

Explanation
The security administrator should use the "Ipconfig" tool to check the IP configuration of the system and verify if the default gateway has been tampered with. They should also use the "Tracert" tool to trace the route to the default gateway and identify any unexpected hops or deviations. Both of these tools can help the administrator detect and confirm a MITM attack targeting the default gateway.

Rate this question:
49.

149# A user is presented with the following items during the new-hire on boarding process: -Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock Which of the following is one component of multifactor authentication?
- A.
  
  A. Secure USB drive
- B.
  
  B. Cable lock
- C.
  
  C. Hardware OTP token
- D.
  
  D. HASP key
Correct Answer
C. C. Hardware OTP token

Explanation
One component of multifactor authentication is a Hardware OTP token. Multifactor authentication requires the use of multiple factors to verify the identity of a user. In this case, the Hardware OTP token serves as a second factor, in addition to a password or another form of authentication. It generates a unique one-time password that is used for authentication purposes, adding an extra layer of security to the login process. The other options listed, such as the Secure USB drive, Cable lock, and HASP key, are not typically used as factors in multifactor authentication.

Rate this question:
50.

150# An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?
- A.
  
  A. Use a camera for facial recognition
- B.
  
  B. Have users sign their name naturally
- C.
  
  C. Require a palm geometry scan
- D.
  
  D. Implement iris recognition
Correct Answer
B. B. Have users sign their name naturally

Explanation
Having users sign their name naturally can be a form of biometric authentication. Each person's signature is unique, and by verifying the signature, the application can confirm the user's identity. This adds an additional layer of security to the authentication process, making it a suitable choice for implementing multifactor authentication. Facial recognition, palm geometry scan, and iris recognition are also forms of biometric authentication, but they are not mentioned in the question and therefore not the correct answer.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Sep 15, 2023

Quiz Edited by
ProProfs Editorial Team
Feb 27, 2020

Quiz Created by
DeLo

CompTIA Security+ Exam MCQ!

#101 Which of the following must be intact for evidence to be admissible in court?

102 # A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:

103 # Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)

107# Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

108 # A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?

109 # Which of the following would meet the requirements for multifactor authentication?

110 # A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?

111 # A penetration tester finds that a company's login credentials for the email client were being sent in cleartext. Which of the following should be done to provide encrypted logins to the email server?

112 # Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?

113# A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

115# The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?

116# As part of the SDLC, a third party is hired to perform a penetration test. The third-party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?

117# A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?

118# Which of the following are methods to implement HA in a web application server environment? (Select two.)

119# An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use?

120# Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?

121# After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?

122# A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?

124# A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement?

125# A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

126# Which of the following AES modes of operation provide authentication? (Select two.)

127# An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data: Which of the following would be the BEST method to prevent similar audit findings in the future?

130# Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?

131# An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:

132# A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

133# A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?

134# A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?

137# Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?

139# To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?

140# A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?

#141 Which of the following types of attacks precedes the installation of a rootkit on a server?

142# Which of the following cryptographic algorithms is irreversible?

143# A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>" Which of the following types of attacks is this?

144# A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

146# A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

148# A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)

150# An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?