CompTIA Security+ Exam MCQ!

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By DeLo
D
DeLo
Community Contributor
Quizzes Created: 1 | Total Attempts: 826
| Attempts: 837
SettingsSettings
Please wait...
  • 1/100 Questions

    168# DRAG DROP - A security administrator is given the security and availability profiles for servers that are being deployed. 1. Match each RAID type with the correct configuration and MINIMUM number of drives. 2. Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions: ✑ All drive definitions can be dragged as many times as necessary ✑ Not all placeholders may be filled in the RAID configuration boxes checkboxes ✑ If parity is required, please select the appropriate number of parity ✑ Server profiles may be dragged only once If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. Select and Place:

    • Reveal
    • Option 2
Please wait...
CompTIA Security+ Exam MCQ! - Quiz
About This Quiz

This CompTIA Security+ Exam MCQ quiz assesses knowledge in maintaining security protocols, detecting various malware types, and managing network security tools. It is designed for learners aiming to validate their cybersecurity expertise and prepare for professional certification.

Quiz Preview

  • 2. 

    185# Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met?

    • A. Logic bomb

    • B. Trojan

    • C. Scareware

    • D. Ransomware

    Correct Answer
    A. A. Logic bomb
    Explanation
    A logic bomb is a type of malware that is designed to lie dormant within a system until certain conditions are met. Once those conditions are met, the logic bomb will execute its malicious payload, which could be anything from deleting files to causing system crashes. Unlike other types of malware, such as trojans or ransomware, logic bombs do not immediately cause harm but instead wait for a specific trigger to activate their malicious actions. Therefore, the correct answer is A. Logic bomb.

    Rate this question:

  • 3. 

    163# A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?

    • A. Facial recognition

    • B. Fingerprint scanner

    • C. Motion detector

    • D. Smart cards

    Correct Answer
    A. A. Facial recognition
    Explanation
    Facial recognition technology can provide the capability to unlock a computer automatically when an authorized user sits in front of it. This technology uses algorithms to analyze and identify unique facial features, allowing the computer to recognize the user without any manual action required. Once the user leaves, the computer can then lock itself automatically. This technology offers convenience and enhanced security by eliminating the need for passwords or physical keys.

    Rate this question:

  • 4. 
    167# A security analyst is investigating a suspected security breach and discovers the following in the logs of the potentially compromised server: Which of the following would be the BEST method for preventing this type of suspected attack in the future? - ProProfs

    167# A security analyst is investigating a suspected security breach and discovers the following in the logs of the potentially compromised server: Which of the following would be the BEST method for preventing this type of suspected attack in the future?

    • A. Implement password expirations

    • B. Implement restrictions on shared credentials

    • C. Implement account lockout settings

    • D. Implement time-of-day restrictions on this server

    Correct Answer
    A. C. Implement account lockout settings
    Explanation
    Implementing account lockout settings would be the best method for preventing this type of suspected attack in the future. Account lockout settings can help protect against brute force attacks, where an attacker repeatedly tries different passwords until they gain access. By implementing account lockout settings, such as locking an account after a certain number of failed login attempts, the server can automatically prevent further login attempts from that account, making it more difficult for an attacker to gain unauthorized access. This can help enhance the security of the server and prevent similar attacks in the future.

    Rate this question:

  • 5. 

    171# A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?

    • A. Architecture review

    • B. Risk assessment

    • C. Protocol analysis

    • D. Code review

    Correct Answer
    A. D. Code review
    Explanation
    A code review should have been performed to discover vulnerabilities earlier in the lifecycle. Code review involves examining the code for errors, bugs, and security vulnerabilities. By conducting a code review, developers can identify and fix issues before the application reaches the end of the project cycle. It is an essential security activity that helps ensure the quality and security of the codebase.

    Rate this question:

  • 6. 

    109 # Which of the following would meet the requirements for multifactor authentication?

    • A. Username, PIN, and employee ID number

    • B. Fingerprint and password

    • C. Smart card and hardware token

    • D. Voice recognition and retina scan

    Correct Answer
    A. B. Fingerprint and password
    Explanation
    The combination of a fingerprint and password meets the requirements for multifactor authentication because it combines something the user is (biometric fingerprint) with something the user knows (password). This ensures that the user's identity is verified using both a physical characteristic and a secret piece of information, making it more secure than using a single factor for authentication.

    Rate this question:

  • 7. 

    120# Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?

    • A. Isolating the systems using VLANs

    • B. Installing a software-based IPS on all devices

    • C. Enabling full disk encryption

    • D. Implementing unique user PIN access functions

    Correct Answer
    A. A. Isolating the systems using VLANs
    Explanation
    Isolating the systems using VLANs helps to minimize the risk from network attacks directed at multifunction printers by creating separate virtual networks for different devices or groups of devices. This prevents unauthorized access to the printers and limits the potential impact of an attack on the functionality of the printers. VLANs provide a level of network segmentation and control, allowing organizations to better protect their devices and data.

    Rate this question:

  • 8. 

    108 # A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?

    • A. ISA

    • B. NDA

    • C. MOU

    • D. SLA

    Correct Answer
    A. B. NDA
    Explanation
    The agreement described in the question is a Non-Disclosure Agreement (NDA). An NDA is a legal contract between two or more parties that outlines confidential information that the parties agree not to disclose to third parties. In this case, the agreement drafted by the CIO is specifically addressing the release of information without consent and/or approvals, which aligns with the purpose of an NDA. ISA (Information Sharing Agreement), MOU (Memorandum of Understanding), and SLA (Service Level Agreement) are not appropriate descriptions for this type of agreement.

    Rate this question:

  • 9. 

    147# An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

    • A. Dynamic analysis

    • B. Change management

    • C. Baselining

    • D. Waterfalling

    Correct Answer
    A. B. Change management
    Explanation
    The CISO is engaging in change management, which involves evaluating the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. Change management is the process of managing and controlling changes to a system or environment to minimize disruption and ensure that changes are implemented smoothly and effectively. In this case, the CISO is concerned about the impact of migrating to the new platform on the organization's existing software and wants to assess the compatibility before proceeding with the migration.

    Rate this question:

  • 10. 

    177# Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?

    • A. Revision control system

    • B. Client side exception handling

    • C. Server side validation

    • D. Server hardening

    Correct Answer
    A. C. Server side validation
    Explanation
    The application programmer has failed to implement server side validation. Server side validation is an important security measure that ensures that data submitted by users through a web form is properly validated and sanitized before it is processed and stored in the database. In this case, the fact that a malicious user was able to carry out a SQL injection attack suggests that the server side validation was not properly implemented, allowing the user to send special characters that were not properly handled, leading to the attack.

    Rate this question:

  • 11. 

    #141 Which of the following types of attacks precedes the installation of a rootkit on a server?

    • A. Pharming

    • B. DDoS

    • C. Privilege escalation

    • D. DoS

    Correct Answer
    A. C. Privilege escalation
    Explanation
    Privilege escalation is the type of attack that occurs before the installation of a rootkit on a server. Privilege escalation involves gaining unauthorized access to higher levels of privileges or permissions than originally granted. By exploiting vulnerabilities or weaknesses in the system, an attacker can elevate their privileges and gain administrative control over the server. Once they have gained higher privileges, they can proceed with the installation of a rootkit, which is a malicious software that provides unauthorized access and control over the server.

    Rate this question:

  • 12. 

    149# A user is presented with the following items during the new-hire on boarding process: -Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock Which of the following is one component of multifactor authentication?

    • A. Secure USB drive

    • B. Cable lock

    • C. Hardware OTP token

    • D. HASP key

    Correct Answer
    A. C. Hardware OTP token
    Explanation
    One component of multifactor authentication is a Hardware OTP token. Multifactor authentication requires the use of multiple factors to verify the identity of a user. In this case, the Hardware OTP token serves as a second factor, in addition to a password or another form of authentication. It generates a unique one-time password that is used for authentication purposes, adding an extra layer of security to the login process. The other options listed, such as the Secure USB drive, Cable lock, and HASP key, are not typically used as factors in multifactor authentication.

    Rate this question:

  • 13. 
    154# A security analyst reviews the following output: The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After inspecting a large number of files, the security analyst reports the following: Which of the following is the MOST likely cause of the hash being found in other areas? - ProProfs

    154# A security analyst reviews the following output: The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After inspecting a large number of files, the security analyst reports the following: Which of the following is the MOST likely cause of the hash being found in other areas?

    • A. Jan Smith is an insider threat

    • B. There are MD5 hash collisions

    • C. The file is encrypted

    • D. Shadow copies are present

    Correct Answer
    A. B. There are MD5 hash collisions
    Explanation
    The most likely cause of the hash being found in other areas is that there are MD5 hash collisions. This means that multiple files have the same hash value, which can occur due to the limitations of the MD5 hashing algorithm. It is not necessarily indicative of any malicious activity or insider threat, nor does it suggest that the file is encrypted or that shadow copies are present.

    Rate this question:

  • 14. 

    164# A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability?

    • A. Application fuzzing

    • B. Error handling

    • C. Input validation

    • D. Pointer dereference

    Correct Answer
    A. C. Input validation
    Explanation
    The security analyst should use input validation to prevent this vulnerability. Input validation is the process of checking and validating user input to ensure that it meets the expected format and criteria. By implementing input validation, the analyst can ensure that only valid and expected data is accepted by the web forms. This can help prevent the injection of malicious SQL commands or unauthorized access to the database. It is an important security measure to protect against attacks such as SQL injection.

    Rate this question:

  • 15. 

    112 # Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?

    • A. Cross-site scripting

    • B. DNS poisoning

    • C. Typo squatting

    • D. URL hijacking

    Correct Answer
    A. C. Typo squatting
    Explanation
    The correct answer is C. Typo squatting. Typo squatting is a technique used by attackers to register domain names that are similar to legitimate domain names but with slight misspellings or transposed letters. In this case, the infected devices attempted to access a URL that was similar to the company name but with two letters transposed, indicating that the attack vector used was typo squatting.

    Rate this question:

  • 16. 

    116# As part of the SDLC, a third party is hired to perform a penetration test. The third-party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?

    • A. Black box

    • B. Regression

    • C. White box

    • D. Fuzzing

    Correct Answer
    A. C. White box
    Explanation
    The assessment being performed in this scenario is a white box assessment. This is because the third party has access to the source code, integration tests, and network diagrams, which means they have full knowledge of the internal workings of the system. In a white box assessment, the tester has complete knowledge and understanding of the system being tested, allowing them to identify vulnerabilities and potential security issues more effectively.

    Rate this question:

  • 17. 
    155# A company's AUP requires: ✑ Passwords must meet complexity requirements. ✑ Passwords are changed at least once every six months. Passwords must be at least eight characters long. An auditor is reviewing the following report: Which of the following controls should the auditor recommend to enforce the AUP? - ProProfs

    155# A company's AUP requires: ✑ Passwords must meet complexity requirements. ✑ Passwords are changed at least once every six months. Passwords must be at least eight characters long. An auditor is reviewing the following report: Which of the following controls should the auditor recommend to enforce the AUP?

    • A. Account lockout thresholds

    • B. Account recovery

    • C. Password expiration

    • D. Prohibit password reuse

    Correct Answer
    A. C. Password expiration
    Explanation
    The auditor should recommend implementing password expiration as a control to enforce the AUP. This control ensures that passwords are changed at least once every six months, as required by the AUP. By setting a specific expiration period, the system will prompt users to change their passwords regularly, promoting security and reducing the risk of unauthorized access.

    Rate this question:

  • 18. 

    182# Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases?

    • A. Reuse

    • B. Length

    • C. History

    • D. Complexity

    Correct Answer
    A. D. Complexity
    Explanation
    In order to promote the use of passphrases, the technical control of complexity must be in place. Passphrases are typically longer and more secure than passwords, so complexity requirements ensure that users create strong and unique passphrases. Complexity controls can include requirements for using a combination of uppercase and lowercase letters, numbers, and special characters. By enforcing complexity, the company policy can ensure that passphrases are robust and less susceptible to being easily guessed or cracked.

    Rate this question:

  • 19. 

    175# A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario?

    • A. Deactivation of SSID broadcast

    • B. Reduction of WAP signal output power

    • C. Activation of 802.1X with RADIUS

    • D. Implementation of MAC filtering

    • E. Beacon interval was decreased

    Correct Answer
    A. A. Deactivation of SSID broadcast
    Explanation
    The technician most likely deactivated the SSID broadcast, which is the act of hiding the wireless network's name from being broadcasted. This would explain why new devices cannot find the network by name, as they would need to manually enter the network's name in order to connect. Existing devices, however, would still be able to use the network since they were already connected and have the network's name saved.

    Rate this question:

  • 20. 

    #101 Which of the following must be intact for evidence to be admissible in court?

    • A. Chain of custody

    • B. Order of volatility

    • C. Legal hold

    • D. Preservation

    Correct Answer
    A. A. Chain of custody
    Explanation
    In order for evidence to be admissible in court, the chain of custody must be intact. This refers to the chronological documentation of the custody, control, transfer, analysis, and disposition of physical or electronic evidence. It ensures that the evidence has not been tampered with or altered in any way, and establishes its authenticity and reliability. The chain of custody is crucial in maintaining the integrity of the evidence and ensuring that it can be trusted as accurate and reliable in court proceedings.

    Rate this question:

  • 21. 

    198# A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data?

    • A. CPU cache, paging/swap files, RAM, remote logging data

    • B. RAM, CPU cache. Remote logging data, paging/swap files

    • C. Paging/swap files, CPU cache, RAM, remote logging data

    • D. CPU cache, RAM, paging/swap files, remote logging data

    Correct Answer
    A. D. CPU cache, RAM, paging/swap files, remote logging data
    Explanation
    Joe should collect the data in the following order: CPU cache, RAM, paging/swap files, remote logging data. This is because CPU cache is the most volatile data and is likely to be lost first when the system is powered off. RAM contains important data that may not be saved to disk, so it should be collected next. Paging/swap files are stored on disk and may contain additional data. Remote logging data is the least volatile and can be collected last.

    Rate this question:

  • 22. 

    103 # Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

    • A. AES

    • B. 3DES

    • C. RSA

    • D. MD5

    Correct Answer
    A. D. MD5
    Explanation
    MD5 is a cryptographic algorithm that produces a fixed-length, irreversible output. It is commonly used for verifying the integrity of files and detecting duplicate data. MD5 generates a 128-bit hash value, which is a fixed-length output that cannot be reversed to obtain the original input. This makes it suitable for tasks such as password hashing, where it is important to store passwords securely without being able to retrieve the original plaintext password. However, it is worth noting that MD5 is considered to be weak for cryptographic purposes due to its vulnerability to collision attacks.

    Rate this question:

  • 23. 

    104 # A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll Based solely on the above information, which of the following types of malware is MOST likely installed on the system?

    • A. Rootkit

    • B. Ransomware

    • C. Trojan

    • D. Backdoor

    Correct Answer
    A. A. Rootkit
    Explanation
    The log entry indicates a hash mismatch for system files, specifically user32.dll and kernel32.dll. This suggests that these files have been modified, which is a common behavior of rootkits. Rootkits are a type of malware that are designed to hide their presence on a system by modifying or replacing important system files. Therefore, based on the given information, the most likely type of malware installed on the system is a rootkit.

    Rate this question:

  • 24. 

    110 # A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?

    • A. Separation of duties

    • B. Mandatory vacations

    • C. Background checks

    • D. Security awareness training

    Correct Answer
    A. A. Separation of duties
    Explanation
    Implementing separation of duties would help validate the concern because it involves dividing critical tasks and responsibilities among different individuals. This ensures that no single employee has complete control over a process, reducing the risk of fraud or malicious activity. By separating the duties of accessing and modifying financial transactions, the manager can mitigate the risk of the IT employee being able to manipulate transactions for the benefit of a competitor.

    Rate this question:

  • 25. 

    123# During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach this incident?

    • A. The finding is a false positive and can be disregarded

    • B. The Struts module needs to be hardened on the server

    • C. The Apache software on the server needs to be patched and updated

    • D. The server has been compromised by malware and needs to be quarantined.

    Correct Answer
    A. A. The finding is a false positive and can be disregarded
    Explanation
    Based on the information provided, the developer responsible for the server states that Apache Struts is not installed on the server. This indicates that the vulnerability scan may have produced a false positive result, meaning that it incorrectly flagged the server as vulnerable to an Apache Struts exploit. Therefore, the security team should disregard the finding as it is not a legitimate vulnerability.

    Rate this question:

  • 26. 

    135# A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes the reason why the vulnerability exists?

    • A. Default configuration

    • B. End-of-life system

    • C. Weak cipher suite

    • D. Zero-day threats

    Correct Answer
    A. B. End-of-life system
    Explanation
    The vulnerability exists because the company is using an FTP server version that is eight years old and there is no upgrade available from the vendor. This indicates that the system is at the end of its life cycle and is no longer supported by the vendor, leaving it vulnerable to known exploits.

    Rate this question:

  • 27. 

    194# An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft?

    • A. Enable screensaver locks when the phones are not in use to prevent unauthorized access

    • B. Configure the smart phones so that the stored data can be destroyed from a centralized location

    • C. Configure the smart phones so that all data is saved to removable media and kept separate from the device

    • D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered

    Correct Answer
    A. B. Configure the smart phones so that the stored data can be destroyed from a centralized location
    Explanation
    Configuring the smart phones so that the stored data can be destroyed from a centralized location would be the best way to prevent unauthorized access to sensitive data in case of loss or theft. This measure ensures that even if the phones are lost or stolen, the data can be remotely wiped, preventing it from falling into the wrong hands. This adds an extra layer of security and mitigates the risk of data breaches.

    Rate this question:

  • 28. 

    174# The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

    • A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted

    • B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance

    • C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files

    • D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share

    Correct Answer
    A. C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
    Explanation
    Implementing a Data Loss Prevention (DLP) solution on the email gateway is the best technical control to mitigate the risk of disclosing sensitive data. A DLP solution can scan incoming and outgoing emails, identify sensitive data such as credit card numbers, and remove or block the transmission of such data. This helps prevent unauthorized disclosure of sensitive information and ensures compliance with data protection regulations. Configuring the mail server for TLS connections only encrypts the transport data but does not address the issue of sensitive data leakage. User training and audits, as well as data classification, are important measures but may not be as effective in preventing accidental data disclosure as a DLP solution.

    Rate this question:

  • 29. 

    102 # A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:

    • A. Credentialed scan.

    • B. Non-intrusive scan.

    • C. Privilege escalation test.

    • D. Passive scan.

    Correct Answer
    A. A. Credentialed scan.
    Explanation
    A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a credentialed scan. This type of scan requires the scanner to have valid credentials (such as username and password) to authenticate with the target systems. By doing so, the scanner can access more detailed information about the system's configuration and installed software, allowing for a more accurate assessment of vulnerabilities. This type of scan is often preferred for internal network assessments where the scanner has legitimate access to the systems being scanned.

    Rate this question:

  • 30. 

    111 # A penetration tester finds that a company's login credentials for the email client were being sent in cleartext. Which of the following should be done to provide encrypted logins to the email server?

    • A. Enable IPSec and configure SMTP.

    • B. Enable SSH and LDAP credentials.

    • C. Enable MIME services and POP3.

    • D. Enable an SSL certificate for IMAP services.

    Correct Answer
    A. D. Enable an SSL certificate for IMAP services.
    Explanation
    Enabling an SSL certificate for IMAP services would provide encrypted logins to the email server. SSL (Secure Sockets Layer) is a protocol that encrypts data transmitted between a client and a server, ensuring that the information cannot be intercepted or read by unauthorized individuals. By enabling an SSL certificate for IMAP services, the company can secure the login credentials for the email client, preventing them from being sent in cleartext and enhancing the overall security of the system.

    Rate this question:

  • 31. 
    113# A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack? - ProProfs

    113# A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

    • A. Apache

    • B. LSASS

    • C. MySQL

    • D. TFTP

    Correct Answer
    A. A. Apache
    Explanation
    The correct answer is A. Apache. The information provided states that the server is running Apache version 2.4.7, which is a web server software. Web servers like Apache are commonly targeted by remote buffer overflow attacks, where an attacker sends more data than a buffer can handle, causing it to overflow and potentially allowing the attacker to execute malicious code on the server. Therefore, it is most likely that Apache was exploited in this scenario.

    Rate this question:

  • 32. 

    115# The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?

    • A. Authentication

    • B. HVAC

    • C. Full-disk encryption

    • D. File integrity checking

    Correct Answer
    A. B. HVAC
    Explanation
    The availability of a system refers to its ability to be operational and accessible when needed. HVAC (Heating, Ventilation, and Air Conditioning) is important for maintaining the proper temperature and humidity levels in a system's environment. This is crucial for preventing overheating or damage to the system's components, which can lead to downtime and affect its availability. Therefore, focusing on HVAC ensures that the system remains operational and available for use.

    Rate this question:

  • 33. 

    130# Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?

    • A. Passwords are written on the bottom of a keyboard

    • B. Unpatched exploitable Internet-facing services

    • C. Unencrypted backup tapes

    • D. Misplaced hardware token

    Correct Answer
    A. B. Unpatched exploitable Internet-facing services
    Explanation
    A script kiddie is typically an inexperienced hacker who relies on pre-existing tools and scripts to carry out attacks. They do not possess advanced hacking skills or knowledge. Among the given vulnerability types, unpatched exploitable Internet-facing services would be the most vulnerable to attacks from script kiddies. These hackers can easily find and use automated tools to exploit known vulnerabilities in such services without requiring much technical expertise.

    Rate this question:

  • 34. 

    131# An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:

    • A. Passive reconnaissance

    • B. Persistence

    • C. Escalation of privileges

    • D. Exploiting the switch

    Correct Answer
    A. A. Passive reconnaissance
    Explanation
    An in-house penetration tester using a packet capture device to listen in on network communications is an example of passive reconnaissance. Passive reconnaissance involves gathering information about a target system or network without actively engaging with it. In this case, the penetration tester is simply observing and collecting data from the network communications without actively interacting or attempting to exploit any vulnerabilities.

    Rate this question:

  • 35. 

    132# A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

    • A. The vulnerability scanner is performing an authenticated scan.

    • B. The vulnerability scanner is performing local file integrity checks.

    • C. The vulnerability scanner is performing in network sniffer mode.

    • D. The vulnerability scanner is performing banner grabbing.

    Correct Answer
    A. C. The vulnerability scanner is performing in network sniffer mode.
  • 36. 

    133# A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?

    • A. Waterfall

    • B. Agile

    • C. Rapid

    • D. Extreme

    Correct Answer
    A. B. Agile
    Explanation
    The correct answer is B. Agile. Agile is a software development methodology that emphasizes iterative and incremental development, allowing for multiple iterations of deployments within an application's full life cycle. This approach encourages feedback and collaboration from stakeholders throughout the development process, resulting in a more flexible and adaptable approach to project management.

    Rate this question:

  • 37. 

    140# A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?

    • A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.

    • B. The segment should be placed in the existing internal VLAN to allow internal traffic only.

    • C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.

    • D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

    Correct Answer
    A. D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.
    Explanation
    Placing the new network segment on an extranet and configuring the firewall rules to allow both internal and external traffic is the most secure way to configure the segment. An extranet is a controlled extension of an organization's internal network that allows external users limited access. By placing the segment on an extranet, the organization can provide access to external users while still maintaining a level of security. Configuring the firewall rules to allow both internal and external traffic ensures that the necessary communication can occur while still protecting the network from unauthorized access.

    Rate this question:

  • 38. 

    142# Which of the following cryptographic algorithms is irreversible?

    • A. RC4

    • B. SHA-256

    • C. DES

    • D. AES

    Correct Answer
    A. B. SHA-256
    Explanation
    SHA-256 is an irreversible cryptographic algorithm. It is a widely used hash function that generates a fixed-size output (256 bits) from any input data. The output, also known as the hash value, is unique to the input data, meaning that even a small change in the input will result in a completely different hash value. This makes it computationally infeasible to reverse-engineer the original input from the hash value. Therefore, SHA-256 is considered irreversible, making it suitable for various security applications such as password storage and digital signatures.

    Rate this question:

  • 39. 

    151# A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?

    • A. Pre-shared key

    • B. Enterprise

    • C. Wi-Fi Protected setup

    • D. Captive portal

    Correct Answer
    A. D. Captive portal
    Explanation
    A captive portal is a type of wireless security method that requires users to authenticate or agree to certain terms and conditions before accessing the network. This provides basic accountability as it allows the network administrator to track and monitor who is accessing the public network. It also helps in preventing unauthorized access and ensures that users are aware of the network policies and guidelines before using it.

    Rate this question:

  • 40. 

    157# A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?

    • A. Document and lock the workstations in a secure area to establish chain of custody

    • B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse

    • C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working

    • D. Document findings and processes in the after-action and lessons learned report

    Correct Answer
    A. D. Document findings and processes in the after-action and lessons learned report
    Explanation
    After identifying and containing the anomalous activity, the security analyst should document their findings and processes in an after-action and lessons learned report. This report serves as a record of the incident, including the steps taken to address it, and can be used for future reference and to improve security measures. It helps the organization understand the incident, learn from it, and make any necessary adjustments to prevent similar incidents in the future.

    Rate this question:

  • 41. 

    183# During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again?

    • A. Credential management

    • B. Group policy management

    • C. Acceptable use policy

    • D. Account expiration policy

    Correct Answer
    A. D. Account expiration policy
    Explanation
    An account expiration policy would be the best solution to prevent this situation from occurring again. By implementing an account expiration policy, administrator accounts that are not regularly used would automatically expire after a certain period of time. This would help to prevent unauthorized access and misuse of these accounts.

    Rate this question:

  • 42. 

    126# Which of the following AES modes of operation provide authentication? (Select two.)

    • A. CCM

    • B. CBC

    • C. GCM

    • D. DSA

    • E. CFB

    Correct Answer(s)
    A. A. CCM
    A. C. GCM
    Explanation
    CCM and GCM are both AES modes of operation that provide authentication. CCM (Counter with CBC-MAC) is a mode that combines counter mode encryption with CBC-MAC authentication. It provides both confidentiality and authentication. GCM (Galois/Counter Mode) is another mode that combines counter mode encryption with Galois field multiplication-based authentication. It also provides both confidentiality and authentication. DSA (Digital Signature Algorithm) is a digital signature algorithm and not an AES mode of operation. CBC (Cipher Block Chaining) and CFB (Cipher Feedback) are AES modes of operation that provide confidentiality but not authentication.

    Rate this question:

  • 43. 

    178# An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine. Which of the following is being described?

    • A. Zero-day exploit

    • B. Remote code execution

    • C. Session hijacking

    • D. Command injection

    Correct Answer
    A. A. Zero-day exploit
    Explanation
    The correct answer is A. Zero-day exploit. A zero-day exploit refers to a vulnerability that is discovered by an attacker before the software vendor or developer becomes aware of it. In this scenario, the attacker discovers a new vulnerability in the enterprise application and takes advantage of it by developing new malware. Since the vulnerability is unknown to the software vendor, it is considered a zero-day exploit. By installing the malware, the attacker gains access to the infected machine.

    Rate this question:

  • 44. 

    172# A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?

    • A. 192.168.0.16 255.25.255.248

    • B. 192.168.0.16/28

    • C. 192.168.1.50 255.255.25.240

    • D. 192.168.2.32/27

    Correct Answer
    A. B. 192.168.0.16/28
    Explanation
    The subnet 192.168.0.16/28 would best meet the requirements because it allows for a maximum of 14 physical hosts. The /28 subnet mask provides 16 IP addresses, but 2 of them are reserved for network and broadcast addresses, leaving 14 usable IP addresses for hosts.

    Rate this question:

  • 45. 

    137# Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?

    • A. Encrypt it with Joe's private key

    • B. Encrypt it with Joe's public key

    • C. Encrypt it with Ann's private key

    • D. Encrypt it with Ann's public key

    Correct Answer
    A. D. Encrypt it with Ann's public key
    Explanation
    Joe should encrypt the document with Ann's public key to ensure that it is protected from eavesdropping. By encrypting it with Ann's public key, only Ann will be able to decrypt and access the document using her private key. This ensures that only the intended recipient can read the confidential information and prevents unauthorized access or eavesdropping by others.

    Rate this question:

  • 46. 

    117# A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?

    • A. Removing the hard drive from its enclosure

    • B. Using software to repeatedly rewrite over the disk space

    • C. Using Blowfish encryption on the hard drives

    • D. Using magnetic fields to erase the data

    Correct Answer
    A. D. Using magnetic fields to erase the data
    Explanation
    Using magnetic fields to erase the data would have most likely prevented the data from being exposed. This method involves using strong magnetic fields to completely erase the data on the hard drives, making it impossible for anyone to recover the confidential information. By erasing the data in this way, the dumpster diver would not have been able to retrieve the confidential data and post it online.

    Rate this question:

  • 47. 

    119# An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use?

    • A. FTPS

    • B. SFTP

    • C. SSL

    • D. LDAPS

    • E. SSH

    Correct Answer
    A. C. SSL
    Explanation
    The developer is most likely to use SSL (Secure Sockets Layer) as the secure protocol for the application. SSL is commonly used for secure communication over the internet and can provide encryption and authentication for data transmission. Port 80 is typically used for HTTP communication, and SSL can be implemented on top of HTTP to secure the data being transmitted. FTPS and SFTP are secure protocols for file transfer, LDAPS is used for secure LDAP communication, and SSH is used for secure remote access, but SSL is the most suitable choice for secure transport over port 80 in this scenario.

    Rate this question:

  • 48. 

    121# After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?

    • A. Recovery

    • B. Identification

    • C. Preparation

    • D. Documentation

    • E. Escalation

    Correct Answer
    A. B. Identification
    Explanation
    After an identified security breach, the analyst should take the next step of identification. This involves gathering information and evidence to determine the scope and nature of the breach. By identifying the specific details of the breach, the analyst can then proceed with the appropriate actions in the incident response process, such as containment, eradication, and recovery.

    Rate this question:

  • 49. 

    139# To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?

    • A. Create a daily encrypted backup of the relevant emails.

    • B. Configure the email server to delete the relevant emails.

    • C. Migrate the relevant emails into an "Archived" folder.

    • D. Implement automatic disk compression on email servers.

    Correct Answer
    A. A. Create a daily encrypted backup of the relevant emails.
    Explanation
    Creating a daily encrypted backup of the relevant emails is the best way to ensure the goal of reducing disk consumption and meeting the data retention period for sent emails. By creating encrypted backups, the organization can securely store the relevant emails while minimizing disk space usage. This allows the organization to meet legal requirements and retain the necessary data without cluttering the email server or compromising security.

    Rate this question:

Quiz Review Timeline (Updated): Jan 13, 2025 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jan 13, 2025
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 27, 2020
    Quiz Created by
    DeLo

Recent Quizzes

Sec+ study guide C Sec+ study guide C
Security + Practice Test Questions Security + Practice Test Questions
Practice test for CompTIA Security + Practice test for CompTIA Security +
CompTIA Security+ SY0-501 Practice Test 02 CompTIA Security+ SY0-501 Practice Test 02
CompTIA Security+ SY0-501 Practice Test 01 CompTIA Security+ SY0-501 Practice Test 01
Comptia Security+ Practice Exam Comptia Security+ Practice Exam
Back to Top Back to top
Advertisement