CompTIA Security+ Practice Exam (1)
Settings
Comptia Security+ Practice Exam- 1Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.
- 1.
- A.
Violating the security
- B.
Strengthening the security policy
- C.
Hardening the system
- D.
Protecting the DMZ
- 2.
![Enforcing minimum privileges for general system users
can be easily achieved through the use of:]( "Enforcing minimum privileges for general system users
can be easily achieved through the use of:")
- A.
IPSEC
- B.
TSTEC
- C.
PRVMIN
- D.
RBAC
- 3.
- A.
Bootp
- B.
Tftp
- C.
Sunrpc
- D.
All of the Above
- E.
No Answer is Correct
- 4.
- A.
Retention policies
- B.
Administrator preferences
- C.
MTTF
- D.
MTTR
- E.
All of the Above
- 5.
- A.
Server based access control
- B.
Rule based access control
- C.
Token based access control
- D.
Role based access control
- E.
All of the Above
- 6.
- A.
The use of tokens
- B.
The use of profiles
- C.
The use of information flow labels
- D.
The use of data flow diagrams
- 7.
- A.
Rule based access control
- B.
Lattice based access control
- C.
Directory based access control
- D.
ID based access control
- E.
All of the Above
- 8.In the Lattice Based Access Control model, controls are applied to:
- A.
Objects
- B.
Scripts
- C.
Factors
- D.
Models
- E.
Both A and B
- 9.
- A.
All that is expressly permitted is forbidden
- B.
All that is not expressly permitted is not forbidden
- C.
All that is not expressly permitted is forbidden
- D.
Both A and B
- E.
No Answer is Correct
- 10.
- A.
Privilege
- B.
Subject
- C.
Sensitivity
- D.
Object
- 11.
- A.
Mandatory controls
- B.
Discretionary controls
- C.
Secret controls
- D.
Corrective controls
- E.
Non of the Above
- 12.DAC are characterized by many organizations as:
- A.
Preventive controls
- B.
Need-to-know controls
- C.
Mandatory adjustable controls
- D.
All of the Above
- E.
None of the Above
- 13.
- A.
Something you have
- B.
Something you know
- C.
Something you are
- D.
All of the Above
- E.
None of the Above
- 14.
- A.
Something you are
- B.
Something you know
- C.
Something you have
- D.
All of the Above
- E.
None of the Above
- 15.
- A.
Passwords must be changed at least once every 60 days, depending on your environment.
- B.
Passwords must not be the same as user id or login id.
- C.
Password aging must be enforced on all systems.
- D.
Password must be easy to memorize.
- E.
All of the Above
- 16.
- A.
Password history is used.
- B.
Password reuse is not allowed.
- C.
Any password used must not be word found in a dictionary.
- D.
All of the Above
- E.
None of the Above
- 17.
- A.
Social Engineering attacks
- B.
Logical attacks
- C.
Physical attacks
- D.
Trojan Horse attacks
- E.
None of the Above
- 18.
- A.
Logical attacks
- B.
Physical attacks
- C.
Trojan Horse attacks
- D.
Social Engineering attacks
- E.
None of the Above
- 19.
- A.
RADIUS
- B.
PPTP
- C.
L2TP
- D.
IPSec
- E.
None of the Above
- 20.
- A.
A Network Access Server
- B.
The end user
- C.
The authentication server
- D.
All of the Above
- E.
None of the Above
- 21.
- A.
Host-based
- B.
Identity-based
- C.
Signature-based
- D.
Network-based
- 22.Which of the following is a drawback of Network-based IDSs?
- A.
It is very costly to set up.
- B.
It is not effective.
- C.
It cannot analyze encrypted information.
- D.
It is very costly to manage.
- E.
All of the Above
- 23.
- A.
Telnet
- B.
POP
- C.
FTP
- D.
SSH
- E.
All of the Above
- 24.Microsoft supports the _______________ and ______standards for use in extranet.
- A.
CORBA
- B.
IPSec
- C.
PPTP
- D.
DCOM
- E.
Both A & D
- 25.
- A.
PPTP
- B.
IPSEC
- C.
OSPF
- D.
L2TP
- E.
None of the Above
- 26.
- A.
PPTP
- B.
L2TP
- C.
OSPF
- D.
IPSEC
- E.
All of the Above
- 27.
- A.
TLS
- B.
SSH
- C.
SHTTP
- D.
SET
- E.
All of the Above
- 28.
- A.
JVM
- B.
Bytecode
- C.
Interpreter
- D.
Just-in-time compiler
- E.
All of the Above
- 29.
- A.
Java Applet
- B.
CGI
- C.
Sandbox
- D.
Authenticode
- E.
All of the Above
- 30.A centralized database of remote users for a multi-site network typically uses
- A.
RADIUS
- B.
PAP
- C.
MS-CHAP
- D.
CHAP
- 31.
- A.
Rootkit
- B.
Adware
- C.
Trojan
- D.
Adware
- 32.Creating a basic standard for application settings, security settings, and active services on every company laptop would be considered
- A.
Group policy
- B.
Baseline configuration
- C.
Patch management
- D.
A security template
- 33.All of the following are correct about LDAP EXCEPT:
- A.
Most of the implementations use the x.500 directory model
- B.
Some of the implementations use default TCP ports 389 and 636
- C.
Some implementations use x.509 certificates for securing communications
- D.
All attributes will be encrypted
- 34.An administrator wishes to enable network auditing policies. Which of the following should the security administrator log?
- A.
Both logon successes and logon failures
- B.
Only logon failures for non-existent users
- C.
Only logon success
- D.
Only logon failures
- 35.
- A.
Detecting performance anomalies that may be due to security breaches
- B.
Assuring that systems are working to their optimal capacity
- C.
Knowing when security scans are going to finish
- D.
Predicting the end of useful life for the firewall
- E.
All of the Above
- 36.A company creates its own application that accesses the company databases and requires a unique login, based on the user’s domain account. The developer has an undocumented login for testing that does not need to be authenticated against the domain. Which of the following is a security issue regarding this scenario?
- A.
The login should be the same as the domain account for authentication purposes
- B.
The application should not be deployed if it is not fully tested
- C.
It is not considered best practice to have a user remember multiple logins
- D.
It can be used as a backdoor into the company’s databases
- 37.
- A.
Have a protocol analyzer intercept traffic between two hosts
- B.
Know the IP addresses of both hosts and sequence numbers of the TCP/IP packets
- C.
Perform a man-in-the-middle attack and communicate directly with two hosts
- D.
Obtain the MAC address of the both hosts
- 38.Which if the following technologies would you use if you need to implement a system that simulates a network of vulnerable devices, so that this network can be targeted by attackers ?
- A.
A circuit-level firewall
- B.
A honeypot
- C.
A IDS
- D.
A system integrity verifier
- 39.Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ?
- A.
Log file monitor (LFM)
- B.
System integrity verifier (SIV)
- C.
Host-based IDS
- D.
Network IDS
- 40.Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?
- A.
RBAC (Role Based Access Control)
- B.
DAC (Discretionary Access Control)
- C.
MAC (Mandatory Access Control)
- D.
All of the Above
- E.
None of the above.
- 41.
- A.
DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.
- B.
DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.
- C.
DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.
- D.
DAC (Discretionary Access Control) has no known security flaws.
- 42.Which of the following access control methods provides the most granular access to protected objects?
- A.
Capabilities
- B.
Access control lists
- C.
Permission bits
- D.
Profiles
- 43.You work as the security administrator at Certkiller .com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows: Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write, - User "A" is the owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the file?
- A.
User B has read, write and execute permissions on the file
- B.
User B has read and write permissions on the file.
- C.
User B has no permissions on the file.
- D.
User B has read permissions on the file.
- E.
None of the Above
- 44.You work as the security administrator at Certkiller .com. Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including files, printers, and mailboxes and four distinct departments with distinct functions including Sales, Marketing, Management, and Production in the system. Each department needs access to different resources. Each user has a workstation. Which roles should you create to support the RBAC (Role Based Access Control) model?
- A.
File, printer, and mailbox roles
- B.
Sales, marketing, management, and production roles
- C.
User and workstation roles
- D.
Allow access and deny access roles
- 45.
- A.
Files that don't have an owner CANNOT be modified.
- B.
The administrator of the system is an owner of each object.
- C.
The operating system is an owner of each object.
- D.
Each object has an owner, which has full control over the object.
- E.
None of the Above
- 46.Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment?
- A.
Sensitivity labels
- B.
Group membership
- C.
Ownership
- D.
Access control lists
- 47.Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?
- A.
MACs (Mandatory Access Control)
- B.
RBACs (Role Based Access Control)
- C.
LBACs (List Based Access Control)
- D.
DACs (Discretionary Access Control)
- 48.
- A.
RBAC (Role Based Access Control).
- B.
NDAC (Non-Discretionary Access Control).
- C.
MAC (Mandatory Access Control).
- D.
DAC (Discretionary Access Control).
- 49.
- A.
Use levels of security to classify users and data
- B.
Allow owners of documents to determine who has access to specific documents
- C.
Use access control lists which specify a list of authorized users
- D.
Use access control lists which specify a list of unauthorized users
- 50.Which of the following terms represents a MAC (Mandatory Access Control) model?
- A.
Lattice
- B.
Bell La-Padula
- C.
BIBA
- D.
Clark and Wilson
- 51.Identify the access control model that makes use of security labels connected to the objects?
- A.
. You should make use of the Role Based Access Control (RBAC) model.
- B.
You should make use of the Mandatory Access Control (MAC) model.
- C.
You should make use of the Rule Based Access Control (RBAC) model.
- D.
You should make use of the Discretionary Access Control (DAC) model.
- 52.
- A.
It is an example of Rule Based Access Control (RBAC).
- B.
It is an example of Mandatory Access Control (MAC).
- C.
It is an example of Role Based Access Control (RBAC).
- D.
It is an example of Discretionary Access Control (DAC).
- 53.Identify from the list below the access control models that makes use of subject and object labels?
- A.
You should identify Rule Based Access Control (RBAC)
- B.
You should identify Mandatory Access Control (MAC)
- C.
You should identify Discretionary Access Control (DAC)
- D.
You should identify Role Based Access Control (RBAC)
- 54.
- A.
Assigning access rights to a client is a Discretionary Access Control (DAC) characteristic.
- B.
Assigning access rights to a client is a Rule Based Access Control (RBAC) characteristic.
- C.
Assigning access rights to a client is a Mandatory Access Control (MAC) characteristic.
- D.
Assigning access rights to a client is a Role Based Access Control (RBAC) characteristic.
- 55.
- A.
Sensitivity labels are based on a Mandatory Access Control (MAC) environment.
- B.
Access control lists are based on a Mandatory Access Control (MAC) environment.
- C.
Group membership is based on a Mandatory Access Control (MAC) environment.
- D.
Ownership is based on a Mandatory Access Control (MAC) environment.
- 56.
- A.
It is an example of a Discretionary Access Control (DAC) model
- B.
It is an example of a Role Based Access Control (RBAC) model.
- C.
It is an example of a Mandatory Access Control (MAC) model.
- D.
It is an example of a Rule Based Access Control (RBAC) model.
- 57.Which servers should be located on a private network?
- A.
You should place a File and print server on the private network.
- B.
You should place a Remote Access Server (RAS) on the private network.
- C.
You should place an E-mail server on the private network.
- D.
You should place a Web server on the private network.
- 58.
- A.
You should identify the Discretionary Access Control (DAC) access control model.
- B.
You should identify the Role Based Access Control (RBAC) access control model.
- C.
You should identify the Mandatory Access Control (MAC) access control model.
- D.
You should identify the Rule Based Access Control (RBAC) access control model.
- E.
None of the Above
- 59.
- A.
The Discretionary Access Control (DAC) access control model would be most suitable.
- B.
The Rule Based Access Control (RBAC) access control model would be most suitable.
- C.
The Role Based Access Control (RBAC) access control model would be most suitable.
- D.
The Mandatory Access Control (MAC) access control model would be most suitable.
- 60.Which access controls are based on security labels assigned to every data item and every user?
- A.
You should identify Mandatory Access Control (MAC).
- B.
You should identify Role Based Access Control (RBAC).
- C.
You should identify Discretionary Access Control (DAC).
- D.
You should identify List Based Access Control (LBAC).
- 61.
- A.
This is a feature of Discretionary Access Control (DAC).
- B.
This is a feature of Rule Based Access Control (RBAC).
- C.
This is a feature of Role Based Access Control (RBAC).
- D.
This is a feature of Mandatory Access Control (MAC).
- 62.Which of the following password generators is based on challenge-response mechanisms?
- A.
Asynchronous
- B.
Synchronous
- C.
Cryptographic keys
- D.
Smart cards
- 63.Which of the following password management systems is designed to provide availability for a large number of users?
- A.
Self service password resets
- B.
Locally saved passwords
- C.
Multiple access methods
- D.
Synchronized passwords
- 64.Which of the following provides the best protection against an intercepted password?
- A.
VPN (Virtual Private Network).
- B.
PPTP (Point-to-Point Tunneling Protocol).
- C.
One time password.
- D.
Complex password requirement.
- 65.
- A.
Dynamic IP (Internet Protocol) routing protocols for routers and servers.
- B.
Separate network segments for the realms
- C.
Token authentication devices.
- D.
Time synchronization services for clients and servers.
- 66.
- A.
To ensure proper connections.
- B.
To ensure tickets expire correctly.
- C.
To generate the seed value for the encryptions keys.
- D.
To benchmark and set the optimal encryption algorithm.
- 67.
- A.
Which of the following factors must be considered when implementing Kerberos authentication?
- B.
Kerberos tickets can be spoofed using replay attacks to network resources.
- C.
Kerberos requires a centrally managed database of all user and resource passwords.
- D.
Kerberos uses clear text passwords.
- 68.
- A.
PPTP (Point-to-Point Tunneling Protocol)
- B.
SMTP (Simple Mail Transfer Protocol)
- C.
Kerberos
- D.
CHAP (Challenge Handshake Authentication Protocol)
- 69.Which of the following are the main components of a Kerberos server?
- A.
Authentication server, security database and privilege server.
- B.
SAM (Sequential Access Method), security database and authentication server.
- C.
Application database, security database and system manager.
- D.
Authentication server, security database and system manager.
- 70.
- A.
When establishing a connection and at anytime after the connection is established.
- B.
Only when establishing a connection and disconnecting.
- C.
Only when establishing a connection.
- D.
Only when disconnecting.
- 71.For which of the following can biometrics be used?
- A.
Authentication
- B.
Authorization
- C.
Certification
- D.
Accountability
- 72.Which of the following is the most costly method of an authentication?
- A.
Passwords
- B.
Tokens
- C.
Biometrics
- D.
Shared secrets
- 73.
- A.
Many-to-one mapping is a type of certificate-based authentication
- B.
One-to-one mapping is a type of certificate-based authentication.
- C.
One-to-many mapping is a type of certificate-based authentication.
- D.
Many-to-many mapping is a type of certificate-based authentication.
- 74.Which services is provided by message authentication codes?
- A.
You make use of message authentication codes to provide the Key recovery service.
- B.
You make use of message authentication codes to provide the Fault recovery service.
- C.
You make use of message authentication codes to provide the Acknowledgement service.
- D.
You make use of message authentication codes to provide the Integrity service.
- 75.
- A.
It is known as the TCP/IP hijacking attack.
- B.
It is known as the Man in the middle attack.
- C.
It is known as the Replay attack.
- D.
It is known as the Back door attack
- 76.Identify the authentication system where a unique username and password is used to access multiple systems within a company?
- A.
Challenge Handshake Authentication Protocol (CHAP) is used to access multiple systems within a company.
- B.
Single Sign-on is used to access multiple systems within a company.
- C.
Kerberos is used to access multiple systems within a company.
- D.
Mandatory Access Control (MAC) is used to access multiple systems within a company.
- 77.
- A.
You should make use of the Mutual authentication method.
- B.
You should make use of the Biometric authentication method.
- C.
You should make use of the Username/password authentication method.
- D.
You should make use of the Multifactor authentication method.
- 78.Identify the process where users can access numerous resources without needing multiple credentials?
- A.
The authentication process is known as need to know.
- B.
The authentication process is known as decentralized management.
- C.
The authentication process is known as Discretionary Access Control (DAC).
- D.
The authentication process is known as single sign-on.
- 79.
- A.
You should identify ATM card and PIN.
- B.
You should identify Photo ID and PIN.
- C.
You should identify Retina scan and mantrap.
- D.
You should identify Username and password.
- 80.What is based upon an authentication server that allocates tickets to users?
- A.
You should make use of the Kerberos authentication method.
- B.
You should make use of the Challenge Handshake Authentication Protocol (CHAP) authentication method.
- C.
You should make use of the Username/password authentication method
- D.
You should make use of the Multifactor authentication method.
- 81.Which authentication will provide a username, a password and undergo a thumb print scan to access a workstation?
- A.
The Biometric authentication best illustrates this scenario.
- B.
The Kerberos authentication best illustrates this scenario.
- C.
The Mutual authentication best illustrates this scenario.
- D.
The Multifactor authentication best illustrates this scenario.
- 82.
- A.
Kerberos uses key fob based identification systems.
- B.
Token uses key fob based identification systems.
- C.
Biometrics uses key fob based identification systems.
- D.
Username/password uses key fob based identification systems.
- E.
Certificates uses key fob based identification systems.
- 83.
- A.
You should identify the fingerprint scanner
- B.
You should identify the hand scanner.
- C.
You should identify the facial scanner.
- D.
You should identify the retina scanner.
- 84.Certkiller .com deploy Kerberos authentication on the network. What does Kerberos need to function properly? (Choose TWO)
- A.
Kerberos requires a Key Distribution Center.
- B.
Kerberos requires POP-3.
- C.
Kerberos requires extranets.
- D.
Kerberos requires accurate network time.
- E.
Kerberos requires SSL/TLS.
- 85.What authentication model uses a smart card and a User ID/Password for accessing network resources?
- A.
You should identify the Biometric authentication model.
- B.
You should identify the Multifactor authentication model.
- C.
You should identify the Mutual authentication model.
- D.
You should identify the Tokens authentication model.
- 86.
- A.
Do not upgrade, as new versions tend to have more security flaws.
- B.
Disable any unused features of the web browser.
- C.
Connect to the Internet using only a VPN (Virtual Private Network) connection.
- D.
Implement a filtering policy for illegal, unknown and undesirable sites.
- 87.How many ports in TCP/IP (Transmission Control Protocol/Internet Protocol) are vulnerable to being scanned, exploited, or attached?
- A.
1,024
- B.
32
- C.
16,777,216
- D.
65,535
- 88.Which of the following ports does a DNS (Domain Name Service) server require?
- A.
21
- B.
23
- C.
53
- D.
55
- 89.
- A.
Non-essential services are often appealing to attackers since less bandwidth is used.
- B.
Non-essential services are often appealing to attackers since the surface area for the attack is reduced.
- C.
Non-essential services are often appealing to attackers since root level access is offered.
- D.
Non-essential services are often appealing to attackers since attacks are maintained that go unnoticed.
- E.
Non-essential services are often appealing to attackers since it's not typically configured correctly or secured.
Back to top