CompTIA Security+ Practice Exam (1)

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Mastermind1100

Mastermind1100

Community Contributor

Quizzes Created: 4 | Total Attempts: 21,857

Questions: 89 | Attempts: 8,846 | Updated: May 2, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

CompTIA Security+ Practice Exam (1) - Quiz

Comptia Security+ Practice Exam- 1
Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.

Questions and Answers

1.

Covert channel is a communication channel that can be used for:
- A.
  
  Violating the security
- B.
  
  Strengthening the security policy
- C.
  
  Hardening the system
- D.
  
  Protecting the DMZ
Correct Answer
A. Violating the security

Explanation
Covert channels: indirect ways for transmitting information with no explicit reading of confidential information. In other words, the communication is out in plain view, but "invisible" to those who don't know how to look for it. This kind of difficulty has induced some researchers to rethink from scratch the whole problem of guaranteeing security in computer systems. Some obscure techniques which can be utilized to create covert channels include hiding messages using the first letters of each word in a longer communication, blinking eyes in "Morse code" during a conversation, etc. Even something as mundane as some of the "signals" used by a baseball team, if non-obvious enough, could be considered a covert channel.

Covert channels are not a way to strengthen the security policy of an organization, hardening the system or protecting the DMZ -- they are a security risk, not a security-enhancing technique.

Rate this question:
2.

Enforcing minimum privileges for general system users can be easily achieved through the use of:
- A.
  
  IPSEC
- B.
  
  TSTEC
- C.
  
  PRVMIN
- D.
  
  RBAC
Correct Answer
D. RBAC

Explanation
Explanation: Ensuring least privilege requires identifying what the user's job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with those privileges and nothing more. By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges couldn't be used to circumvent the organizational security policy. Although the concept of least privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system administrator. Through the use of RBAC (role based access control), enforced minimum privileges for general system users can be easily achieved.

Rate this question:
3.

Which of the following services should be logged for security purpose?
- A.
  
  Bootp
- B.
  
  Tftp
- C.
  
  Sunrpc
- D.
  
  All of the Above
- E.
  
  No Answer is Correct
Correct Answer
D. All of the Above

Explanation
Requests for the following services should be logged on all systems: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs. This list is rather UNIX-centric, nevertheless, it's possible for many of those services to be running on Windows as well (if you're running them, log them!).

Rate this question:
4.

All logs are kept on archive for a period of time. What determines this period of time?
- A.
  
  Retention policies
- B.
  
  Administrator preferences
- C.
  
  MTTF
- D.
  
  MTTR
- E.
  
  All of the Above
Correct Answer
A. Retention policies

Explanation
All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time, called a retention period. This period of time will be determined by your company policies. This allows the use of logs for regular audits, and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.

Administrator preference is often used to determine certain things like how long logs are retained ... but since these decisions can affect the ability of the company to go back and research potential security issues, it is a corporate issue that should be governed by a deliberate policy statement.

MTTF and MTTR are not relevant to setting the time for which logs will be retained. MTTF (Mean Time To Failure, sometimes called MTBF, Mean Time Before Failure) is related to the average amount of time a piece of equipment will be in service before it fails. MTTR (Mean Time To Repair) is a measure of how long it will take to repair the equipment when it fails.

Rate this question:

0
1
5.

With _______________, access decisions are based on the roles that individual users have as part of an organization.
- A.
  
  Server based access control
- B.
  
  Rule based access control
- C.
  
  Token based access control
- D.
  
  Role based access control
- E.
  
  All of the Above
Correct Answer
D. Role based access control

Explanation
With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization.

Most access control systems are rule-based -- that is, they use a preset list of rules when deciding whether or not a user should have access to a resource; this is not specific to access control systems based on user role. Most networks use server-based access control to control access to network resources, however, local resources are typically under the control of the local machine. Neither is particularly unique to role-based access control. Some networks may use token-based access control, but that is not a requirement for role-based access control, either.

Rate this question:
6.

Which of the following is a feature of the Rule based access control?
- A.
  
  The use of tokens
- B.
  
  The use of profiles
- C.
  
  The use of information flow labels
- D.
  
  The use of data flow diagrams
Correct Answer
B. The use of profiles

Explanation
Rule based access control is based on a specific profile for each user. Information can be easily changed for only one user but this scheme may become a burden in a very large environment. A rule-based access control unit will intercept every request to the server and compare the source specific access conditions with the rights of the user in order to make an access decision. A good example could be a firewall. Here a set of rules defined by the network administrator is recorded in a file. Every time a connection is attempted (incoming or outgoing), the firewall software checks the rules file to see if the connection is allowed. If it is not, the firewall closes the connection.

Information flow labels are usually associated with Mandatory Access Control (MAC). Data flow diagrams are most commonly used in software development, not in rule-based access control. Tokens are usually used for authentication, a function which is important for any type of access control.

Rate this question:

0
1
7.

A firewall can be classified as a:
- A.
  
  Rule based access control
- B.
  
  Lattice based access control
- C.
  
  Directory based access control
- D.
  
  ID based access control
- E.
  
  All of the Above
Correct Answer
A. Rule based access control

Explanation
Rule based access control is based on a specific profile for each user. Information can be easily changed for only one user but this scheme may become a burden in a very large environment. A rule-based access control unit will intercept every request to the server and compare the source specific access conditions with the rights of the user in order to make an access decision. A good example could be a firewall. Here a set of rules defined by the network administrator is recorded in a file. Every time a connection is attempted (incoming or outgoing), the firewall software checks the rules file to see if the connection is allowed. If it is not, the firewall closes the connection.

Lattice-based access control is associated with Mandatory Access Control (MAC). Directory based and ID based access controls are not relevant.

Rate this question:
8.

In the Lattice Based Access Control model, controls are applied to:
- A.
  
  Objects
- B.
  
  Scripts
- C.
  
  Factors
- D.
  
  Models
- E.
  
  Both A and B
Correct Answer
A. Objects

Explanation
Information flow is clearly central to confidentiality but to some extent it also applies to integrity. The basic work in this area was done around 1970 and was driven mostly by the defense sector. Information flow in computer systems is concerned with flow from one security class (also called security label) to another. These controls are applied to objects. An object is a container of information; an object can be a directory or file.

Controls are part of the Lattice Based Access Control (Mandatory Access Control) model, not applied to the model. Factors and scripts are not involved in the model.

Rate this question:
9.

Under MAC, which of the following is true?
- A.
  
  All that is expressly permitted is forbidden
- B.
  
  All that is not expressly permitted is not forbidden
- C.
  
  All that is not expressly permitted is forbidden
- D.
  
  Both A and B
- E.
  
  No Answer is Correct
Correct Answer
C. All that is not expressly permitted is forbidden

Explanation
MAC is the acronym for Mandatory Access Control. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.

Under MAC, you define who is allowed to access objects, and if you haven't defined an access right, access is not permitted. So, it is not the case that All that is expressly permitted is forbidden, or that All that is not expressly permitted is not forbidden

Rate this question:
10.

Under MAC, a clearance is a
- A.
  
  Privilege
- B.
  
  Subject
- C.
  
  Sensitivity
- D.
  
  Object
Correct Answer
A. Privilege

Explanation
MAC is the acronym for Mandatory Access Control. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.

In MAC, subjects (such as users) are each assigned a clearance (such as "secret" or "top secret"). Objects (containers for information, such as files) are assigned a sensitivity (classification, similar to clearance). When determining whether or not to grant a subject access to an object, the requesting subject's clearance is compared with the sensitivity of the object, and if the clearance is at or higher than the object's sensitivity level, access is granted. Therefore, a clearance functions as a privilege.

Rate this question:
11.

Access controls that are not based on the policy are characterized as:
- A.
  
  Mandatory controls
- B.
  
  Discretionary controls
- C.
  
  Secret controls
- D.
  
  Corrective controls
- E.
  
  Non of the Above
Correct Answer
B. Discretionary controls

Explanation
Access controls that are not based on the policy are characterized as discretionary controls by the U.S. government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Mandatory controls are based on policy. Secret controls and corrective controls are not related to access control.

Rate this question:
12.

DAC are characterized by many organizations as:
- A.
  
  Preventive controls
- B.
  
  Need-to-know controls
- C.
  
  Mandatory adjustable controls
- D.
  
  All of the Above
- E.
  
  None of the Above
Correct Answer
B. Need-to-know controls

Explanation
DAC is the acronym for Discretionary Access Controls. Access controls that are not based on the policy are characterized as discretionary controls by the U.S. government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Preventive controls and mandatory adjustable controls do not characterize DAC.

Rate this question:
13.

A password represents:
- A.
  
  Something you have
- B.
  
  Something you know
- C.
  
  Something you are
- D.
  
  All of the Above
- E.
  
  None of the Above
Correct Answer
B. Something you know

Explanation
Authentication is accomplished through something you know, something you have and/or something you are. The canonical example of something you know is a password or pass phrase. You might type or speak the value. A number of schemes are possible for obtaining what you know. It might be assigned to you, or you may have picked the value yourself. Constraints may exist regarding the form the value can take, or the alphabet from which you are allowed to construct the value might be limited to letters only. If you forget the value, you may not be able to authenticate yourself to the system.

Something you have, would be a physical item you possess, such as a smartcard. Something you are, would be a personal characteristic of you, not a piece of information you know.

Rate this question:
14.

A smartcard represents:
- A.
  
  Something you are
- B.
  
  Something you know
- C.
  
  Something you have
- D.
  
  All of the Above
- E.
  
  None of the Above
Correct Answer
C. Something you have

Explanation
Authentication is accomplished through something you know, something you have and/or something you are. One form of authentication requires possession of something ("something you have") such as a key, a smart card, a disk, or some other device. Whatever form it takes, the authenticating item should be difficult to duplicate and may require synchronization with systems other than the one to which you are requesting access. Highly secure environments may require you to satisfy multiple authentication criteria to guarantee authenticity.

Something you know, would be a piece of data known only to you, such as a password. Something you are, would be a physical characteristic of you, like your fingerprint.

Rate this question:
15.

Which of the following is NOT a good password deployment guideline?
- A.
  
  Passwords must be changed at least once every 60 days, depending on your environment.
- B.
  
  Passwords must not be the same as user id or login id.
- C.
  
  Password aging must be enforced on all systems.
- D.
  
  Password must be easy to memorize.
- E.
  
  All of the Above
Correct Answer
D. Password must be easy to memorize.

Explanation
Passwords should be easy to memorize, because that minimizes the chance that users will write the password down somewhere that others could see it.

Passwords should not be the same as the user ID, because that is one of the common passwords that common "password cracker" programs try, when attempting to discover passwords for accounts. Passwords must be changed at least once every 60 days (depending on your environment). Password aging or expiration must be enforced on all systems. Upon password expiration, if the password is not changed, only three grace logins must be allowed then the account must be disable until reset by an administrator or the help desk. Password reuse is not allowed (rotating passwords).

Rate this question:

0
1
16.

Which of the following is an effective measure against a certain type of brute force password attack?
- A.
  
  Password history is used.
- B.
  
  Password reuse is not allowed.
- C.
  
  Any password used must not be word found in a dictionary.
- D.
  
  All of the Above
- E.
  
  None of the Above
Correct Answer
C. Any password used must not be word found in a dictionary.

Explanation
A brute force password attack involves trying many possible password values, to see if any result in access to an account. In order to help prevent dictionary-based attacks, in which the list of password values to try comes from a dictionary, it is useful to have a policy that any password used must not be a word found in a dictionary.

"Password reuse is not allowed" (i.e., rotating passwords), is a good policy, but not the one most closely related to helping prevent brute force password attacks. Password history must be used to prevent users from reusing passwords. For example, on many systems with such a facility the last 12 passwords used will be kept in the history. But as with policies against password re-use, password history is not as relevant to preventing brute force password attacks as is the policy against dictionary words.

Rate this question:
17.

What type of attacks occurs when a rogue application has been planted on an unsuspecting user's workstation?
- A.
  
  Social Engineering attacks
- B.
  
  Logical attacks
- C.
  
  Physical attacks
- D.
  
  Trojan Horse attacks
- E.
  
  None of the Above
Correct Answer
D. Trojan Horse attacks

Explanation
Trojan Horse attacks - This attack involves a rogue, Trojan horse application that has been planted on an unsuspecting user's workstation. The Trojan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smartcard to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will.

Physical attacks involve physical access to hardware such as a network cable or keyboard. Social engineering attacks are based on taking advantage of human interaction rather than technology itself. (Frequently, social engineering attacks don't even require access to a computer.) There is no such thing as a "logical" attack, although many attacks do involve the use of logic to figure out how an application works and where its security vulnerabilities may be.

Rate this question:
18.

Which of the following attacks could be the most successful when the security technology is properly implemented and configured?
- A.
  
  Logical attacks
- B.
  
  Physical attacks
- C.
  
  Trojan Horse attacks
- D.
  
  Social Engineering attacks
- E.
  
  None of the Above
Correct Answer
D. Social Engineering attacks

Explanation
Social Engineering attacks: in computer security systems, this type of attack is usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. An example of a social engineering attack has a hacker impersonating a network service technician. The serviceman approaches a low-level employee and requests their password for network servicing purposes. When using smartcards instead of passwords, this type of attack is a bit more difficult. Most people would not trust an impersonator wishing to have their smartcard and PIN for service purposes.

Logical, physical and Trojan horse attacks are often much less successful when security is properly implemented on a network.

Rate this question:
19.

What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?
- A.
  
  RADIUS
- B.
  
  PPTP
- C.
  
  L2TP
- D.
  
  IPSec
- E.
  
  None of the Above
Correct Answer
A. RADIUS

Explanation
RADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server, which desires to authenticate its links and a shared Authentication Server. RADIUS uses a centralized database for simplified management. RADIUS is a standard published in RFC2138 as mentioned above.

The other protocols listed are network communication protocols, not authentication protocols responsible for carrying traffic between a NAS and an Authentication Server.

Rate this question:
20.

In a RADIUS architecture, which of the following acts as a client?
- A.
  
  A Network Access Server
- B.
  
  The end user
- C.
  
  The authentication server
- D.
  
  All of the Above
- E.
  
  None of the Above
Correct Answer
A. A Network Access Server

Explanation
A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to a designated RADIUS server, and then acting on the response, which is returned. Radius uses a centralized database, simplifying password management. The end user's computer does not make the RADIUS request. The NAS makes the request after receiving the network connection request from the end user.

Rate this question:
21.

The majority of commercial intrusion detection systems are:
- A.
  
  Host-based
- B.
  
  Identity-based
- C.
  
  Signature-based
- D.
  
  Network-based
Correct Answer
D. Network-based

Explanation
The majority of commercial intrusion detection systems are network-based. These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts.

Historically, IDS started out as host-based, which is the other major type of IDS. Identity-based and signature-based are not types of IDS.

Rate this question:
22.

Which of the following is a drawback of Network-based IDSs?
- A.
  
  It is very costly to set up.
- B.
  
  It is not effective.
- C.
  
  It cannot analyze encrypted information.
- D.
  
  It is very costly to manage.
- E.
  
  All of the Above
Correct Answer
C. It cannot analyze encrypted information.

Explanation
Network-based IDSs cannot analyze encrypted information. This problem is increasing as more organizations (and attackers) use virtual private networks. Most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated. This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.

Rate this question:
23.

Which of the following will you consider as clear-text protocols?
- A.
  
  Telnet
- B.
  
  POP
- C.
  
  FTP
- D.
  
  SSH
- E.
  
  All of the Above
Correct Answer(s)
A. Telnet
B. POP
C. FTP

Explanation
There are many clear-text protocols still in use today. Telnet is still alive and well. FTP and POP email both use clear-text protocols. Creating a server to emulate any of these services is trivial. Combining that and some DNS spoofing can cause "normal" traffic to come to your fake servers where the usernames and passwords can be obtained.

Rate this question:
24.

Microsoft supports the _______________ and ______standards for use in extranet.
- A.
  
  CORBA
- B.
  
  IPSec
- C.
  
  PPTP
- D.
  
  DCOM
- E.
  
  Both A & D
Correct Answer(s)
B. IPSec
C. PPTP

Explanation
Netscape, Oracle, and Sun Microsystems have announced an alliance to ensure that their extranet products can work together by standardizing on JavaScript and the Common Object Request Broker Architecture (CORBA). Microsoft supports the Point-to-Point Tunneling Protocol (PPTP) and IPSec.

CORBA and DCOM are programming technologies.

Rate this question:
25.

Which of the following protocols did Microsoft develop for use in VPNs?
- A.
  
  PPTP
- B.
  
  IPSEC
- C.
  
  OSPF
- D.
  
  L2TP
- E.
  
  None of the Above
Correct Answer(s)
A. PPTP
B. IPSEC

Explanation
A protocol or set of communication rules called Point-to-Point Tunneling Protocol (PPTP) has been proposed that would make it possible to create a virtual private network (VPN) through "tunnels" over the Internet. This would mean that companies would no longer need their own leased lines for wide-area communication but could securely use the public networks. IPSec is more resource intensive, and provides higher security. IPSec is available in Windows 2000 and XP/.Net Operating Systems.

L2TP is a successor to PPTP. Its development was done by an industry coalition, and it includes the best features of PPTP and L2F. OSPF is a routing protocol.

Rate this question:
26.

To allow your Windows clients to connect to your Windows NT Server using the public network as a medium, what technology might you find useful?
- A.
  
  PPTP
- B.
  
  L2TP
- C.
  
  OSPF
- D.
  
  IPSEC
- E.
  
  All of the Above
Correct Answer(s)
A. PPTP
D. IPSEC

Explanation
A protocol or set of communication rules called Point-to-Point Tunneling Protocol (PPTP) has been proposed that would make it possible to create a virtual private network (VPN) through "tunnels" over the Internet. This would mean that companies would no longer need their own leased lines for wide-area communication but could securely use the public networks. IPSec is more resource intensive, and provides higher security. IPSec is available in Windows 2000 and XP/.Net Operating Systems.

L2TP is a successor to PPTP. Its development was done by an industry coalition, and it includes the best features of PPTP and L2F. OSPF is a routing protocol.

Rate this question:

0
1
27.

What technology involves the use of electronic wallet?
- A.
  
  TLS
- B.
  
  SSH
- C.
  
  SHTTP
- D.
  
  SET
- E.
  
  All of the Above
Correct Answer
D. SET

Explanation
SET (Secure Electronic Transaction) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by MasterCard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure Sockets Layer (SSL (Secure Sockets Layer)), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (public key infrastructure).

TLS, SSL and SHTTP could all be used for this, but SET is specific to the financial services industry.

Rate this question:
28.

With Java, what can be embedded in a web browser, allowing programs to be executed as they are downloaded from the World Wide Web?
- A.
  
  JVM
- B.
  
  Bytecode
- C.
  
  Interpreter
- D.
  
  Just-in-time compiler
- E.
  
  All of the Above
Correct Answer
B. Bytecode

Explanation
Java is a modern, object-oriented language that has a syntax similar to C++. It also has dynamic binding, garbage collection, and a simple inheritance model. Java is a general-purpose computer language and is not limited to writing web applications. References to java bytecode can be embedded in a web browser, allowing programs to be executed as they are downloaded from the World Wide Web. The JVM on the user's machine can execute the Java bytecode using an interpreter, or use a just-in-time compiler to convert the bytecode into native machine code.

Rate this question:
29.

ActiveX controls can be digitally signed using a technology called:
- A.
  
  Java Applet
- B.
  
  CGI
- C.
  
  Sandbox
- D.
  
  Authenticode
- E.
  
  All of the Above
Correct Answer
D. Authenticode

Explanation
The ActiveX code is bundled into a single file called an ActiveX control. ActiveX controls can be digitally signed using Microsoft's Authenticode technology. Internet Explorer can be configured to disregard any ActiveX control that isn't signed, to run only ActiveX controls that have been signed by specific publishers, or to accept ActiveX controls signed by any registered software publisher. ActiveX controls do not run in a sandbox. The burden is on the user to determine which ActiveX controls s/he feels are "safe" to run.

Applets and CGI are alternate types of content, and a sandbox refers to a protected area of the system in which web content runs.

Rate this question:
30.

A centralized database of remote users for a multi-site network typically uses
- A.
  
  RADIUS
- B.
  
  PAP
- C.
  
  MS-CHAP
- D.
  
  CHAP
Correct Answer
A. RADIUS

Explanation
RADIUS (Remote Authentication Dial-In User Service) lowers administration costs and increases security by having a centralized database for authenticating remote users. PAP is the simplest of authentication protocols, which uses clear text.

Rate this question:

1
0
31.

Which of the following is more of an irritation than a security threat?
- A.
  
  Rootkit
- B.
  
  Adware
- C.
  
  Trojan
- D.
  
  Adware
Correct Answer
D. Adware

Explanation
Adware is more of an irritation than a security threat. Adware refers to software that displays unwanted advertisements on a user's device. While it can be annoying and disrupt the user experience, it typically does not pose a direct security risk. Adware may track user behavior and collect data for targeted advertising purposes, but it does not typically have the same level of malicious intent as other threats like rootkits or Trojans, which can gain unauthorized access to systems and steal sensitive information.

Rate this question:

0
7
32.

Creating a basic standard for application settings, security settings, and active services on every company laptop would be considered
- A.
  
  Group policy
- B.
  
  Baseline configuration
- C.
  
  Patch management
- D.
  
  A security template
Correct Answer
D. A security template

Explanation
Creating a basic standard for application settings, security settings, and active services on every company laptop would be considered a security template. A security template is a predefined configuration that contains security settings for a computer system or network. It helps to ensure consistency and compliance with security policies across multiple devices. By applying a security template, organizations can easily enforce the desired security settings and reduce the risk of vulnerabilities or unauthorized access.

Rate this question:
33.

All of the following are correct about LDAP EXCEPT:
- A.
  
  Most of the implementations use the x.500 directory model
- B.
  
  Some of the implementations use default TCP ports 389 and 636
- C.
  
  Some implementations use x.509 certificates for securing communications
- D.
  
  All attributes will be encrypted
Correct Answer
D. All attributes will be encrypted

Explanation
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining distributed directory information services over an IP network. While LDAP can support encryption, it does not guarantee that all attributes will be encrypted by default. Encryption can be implemented on specific attributes or in certain scenarios, but it is not a requirement for all attributes in LDAP.

Rate this question:
34.

An administrator wishes to enable network auditing policies. Which of the following should the security administrator log?
- A.
  
  Both logon successes and logon failures
- B.
  
  Only logon failures for non-existent users
- C.
  
  Only logon success
- D.
  
  Only logon failures
Correct Answer
A. Both logon successes and logon failures

Explanation
Enabling network auditing policies allows the administrator to monitor and track logon activities on the network. By logging both logon successes and logon failures, the administrator can have a comprehensive view of all logon attempts, whether they were successful or not. This information is crucial for detecting and investigating any unauthorized access attempts or suspicious activities on the network. Logging only logon failures for non-existent users or only logon successes or only logon failures would provide limited information and may not give a complete picture of the network's security status.

Rate this question:
35.

From a security perspective a performance baseline is MOST useful for:
- A.
  
  Detecting performance anomalies that may be due to security breaches
- B.
  
  Assuring that systems are working to their optimal capacity
- C.
  
  Knowing when security scans are going to finish
- D.
  
  Predicting the end of useful life for the firewall
- E.
  
  All of the Above
Correct Answer
A. Detecting performance anomalies that may be due to security breaches

Explanation
A performance baseline is a reference point that represents the normal functioning and performance of a system. By establishing a baseline, any deviations from the normal behavior can be easily identified. In the context of security, detecting performance anomalies can be a strong indicator of a security breach. Unusual or unexpected changes in performance metrics may suggest that an attacker is manipulating the system or attempting to exploit vulnerabilities. Therefore, a performance baseline is most useful for detecting performance anomalies that may be due to security breaches.

Rate this question:
36.

A company creates its own application that accesses the company databases and requires a unique login, based on the user’s domain account. The developer has an undocumented login for testing that does not need to be authenticated against the domain. Which of the following is a security issue regarding this scenario?
- A.
  
  The login should be the same as the domain account for authentication purposes
- B.
  
  The application should not be deployed if it is not fully tested
- C.
  
  It is not considered best practice to have a user remember multiple logins
- D.
  
  It can be used as a backdoor into the company’s databases
Correct Answer
D. It can be used as a backdoor into the company’s databases

Explanation
The presence of an undocumented login that does not require authentication against the domain poses a security issue because it can be exploited as a backdoor into the company's databases. This means that unauthorized individuals could potentially gain access to sensitive information and compromise the company's data security. It is important to ensure that all logins and access points are properly authenticated and secured to prevent unauthorized access.

Rate this question:
37.

In order to perform a TCP hijacking attack, an attacker would be required to:
- A.
  
  Have a protocol analyzer intercept traffic between two hosts
- B.
  
  Know the IP addresses of both hosts and sequence numbers of the TCP/IP packets
- C.
  
  Perform a man-in-the-middle attack and communicate directly with two hosts
- D.
  
  Obtain the MAC address of the both hosts
Correct Answer
B. Know the IP addresses of both hosts and sequence numbers of the TCP/IP packets

Explanation
To perform a TCP hijacking attack, an attacker needs to know the IP addresses of both hosts and the sequence numbers of the TCP/IP packets. This information is crucial for the attacker to be able to intercept and manipulate the TCP connection between the two hosts. By knowing the IP addresses, the attacker can identify the source and destination of the packets, and with the sequence numbers, they can manipulate the order or inject malicious packets into the communication. This allows the attacker to gain unauthorized access or control over the connection, potentially leading to various malicious activities.

Rate this question:
38.

Which if the following technologies would you use if you need to implement a system that simulates a network of vulnerable devices, so that this network can be targeted by attackers ?
- A.
  
  A circuit-level firewall
- B.
  
  A honeypot
- C.
  
  A IDS
- D.
  
  A system integrity verifier
Correct Answer
B. A honeypot

Explanation
A honeypot is the correct answer because it is a technology used to simulate a network of vulnerable devices in order to attract and deceive attackers. It is designed to appear as a legitimate target to attackers, allowing security professionals to monitor their activities and gather information about their techniques. By deploying a honeypot, organizations can study attack patterns, identify vulnerabilities, and develop effective countermeasures to protect their actual network from similar attacks.

Rate this question:
39.

Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ?
- A.
  
  Log file monitor (LFM)
- B.
  
  System integrity verifier (SIV)
- C.
  
  Host-based IDS
- D.
  
  Network IDS
Correct Answer
B. System integrity verifier (SIV)

Explanation
System integrity verifier (SIV) is the correct answer because it works by monitoring the file structure of a system to detect any changes made by an attacker. It compares the current state of the system files with a known baseline or reference point to identify any modifications or deletions. This helps in identifying any unauthorized changes made to the system files, which could indicate a potential intrusion or compromise.

Rate this question:
40.

Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?
- A.
  
  RBAC (Role Based Access Control)
- B.
  
  DAC (Discretionary Access Control)
- C.
  
  MAC (Mandatory Access Control)
- D.
  
  All of the Above
- E.
  
  None of the above.
Correct Answer
A. RBAC (Role Based Access Control)

Explanation
The RBAC model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. Users can be assigned certain roles system wide.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12

Rate this question:
41.

Which of the following is an inherent flaw of DAC (Discretionary Access Control)?
- A.
  
  DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.
- B.
  
  DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.
- C.
  
  DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.
- D.
  
  DAC (Discretionary Access Control) has no known security flaws.
Correct Answer
A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.

Explanation
In a DAC model, network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users. The process allows a more flexible environment, but it increases the risk of unauthorized disclosure of information. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 440

Rate this question:
42.

Which of the following access control methods provides the most granular access to protected objects?
- A.
  
  Capabilities
- B.
  
  Access control lists
- C.
  
  Permission bits
- D.
  
  Profiles
Correct Answer
B. Access control lists

Explanation
Access control lists enable devices in your network to ignore requests from specified users or systems, or grant certain network capabilities to them. ACLs allow a stronger set of access controls to be established in your network. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 235

Rate this question:

0
1
43.

You work as the security administrator at Certkiller .com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows: Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write, - User "A" is the owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the file?
- A.
  
  User B has read, write and execute permissions on the file
- B.
  
  User B has read and write permissions on the file.
- C.
  
  User B has no permissions on the file.
- D.
  
  User B has read permissions on the file.
- E.
  
  None of the Above
Correct Answer
C. User B has no permissions on the file.

Explanation
The Owner is allowed to: Read, Write, & Execute User A is allowed to: Read, Write, & - Sales is allowed to: Read, -, - Marketing is allowed to: -, Write, - Others are allowed to: Red, Write, - And User B is allowed to do nothing! -,-,-(None)

Rate this question:
44.

You work as the security administrator at Certkiller .com. Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including files, printers, and mailboxes and four distinct departments with distinct functions including Sales, Marketing, Management, and Production in the system. Each department needs access to different resources. Each user has a workstation. Which roles should you create to support the RBAC (Role Based Access Control) model?
- A.
  
  File, printer, and mailbox roles
- B.
  
  Sales, marketing, management, and production roles
- C.
  
  User and workstation roles
- D.
  
  Allow access and deny access roles
Correct Answer
B. Sales, marketing, management, and production roles

Explanation
Each distinct department (sales, marketing, management, and production) has their own role in the company, which probably includes using the: filer server, print server, and mail server. So it would be wise to create roles for each department.

Rate this question:
45.

With regard to DAC (Discretionary Access Control), which of the following statements are true?
- A.
  
  Files that don't have an owner CANNOT be modified.
- B.
  
  The administrator of the system is an owner of each object.
- C.
  
  The operating system is an owner of each object.
- D.
  
  Each object has an owner, which has full control over the object.
- E.
  
  None of the Above
Correct Answer
D. Each object has an owner, which has full control over the object.

Explanation
The DAC model allows the owner of a resource to establish privileges to the information they own. The DAC model would allow a user to share a file or use a file that someone else has shared. The DAC model establishes an ACL that identifies the users who have authorized to that information. This allows the owner to grant or revoke access to individuals or group of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12

Rate this question:
46.

Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment?
- A.
  
  Sensitivity labels
- B.
  
  Group membership
- C.
  
  Ownership
- D.
  
  Access control lists
Correct Answer
A. Sensitivity labels

Explanation
Mandatory Access Control is a strict hierarchical model usually associated with governments. All objects are given security labels known as sensitivity labels and are classified accordingly. Then all users are given specific security clearances as to what they are allowed to access.

Rate this question:
47.

Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?
- A.
  
  MACs (Mandatory Access Control)
- B.
  
  RBACs (Role Based Access Control)
- C.
  
  LBACs (List Based Access Control)
- D.
  
  DACs (Discretionary Access Control)
Correct Answer
A. MACs (Mandatory Access Control)

Explanation
The MAC model is a static model that uses a predefined set of access privileges to files on the system. The system administrator establishes these parameters and associates them with an account, files or resources. The MAC model can be very restrictive.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 11

Rate this question:

0
1
48.

Which of the following access control methods relies on user security clearance and data classification?
- A.
  
  RBAC (Role Based Access Control).
- B.
  
  NDAC (Non-Discretionary Access Control).
- C.
  
  MAC (Mandatory Access Control).
- D.
  
  DAC (Discretionary Access Control).
Correct Answer
C. MAC (Mandatory Access Control).

Explanation
Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

Rate this question:
49.

Which of the following is a characteristic of MAC (Mandatory Access Control)?
- A.
  
  Use levels of security to classify users and data
- B.
  
  Allow owners of documents to determine who has access to specific documents
- C.
  
  Use access control lists which specify a list of authorized users
- D.
  
  Use access control lists which specify a list of unauthorized users
Correct Answer
A. Use levels of security to classify users and data

Explanation
Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

Rate this question:
50.

Which of the following terms represents a MAC (Mandatory Access Control) model?
- A.
  
  Lattice
- B.
  
  Bell La-Padula
- C.
  
  BIBA
- D.
  
  Clark and Wilson
Correct Answer
A. Lattice

Explanation
The word lattice is used to describe the upper and lower level bounds of a user' access permission.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
May 02, 2023

Quiz Edited by
ProProfs Editorial Team
Apr 11, 2009

Quiz Created by
Mastermind1100

CompTIA Security+ Practice Exam (1)

Covert channel is a communication channel that can be used for:

Enforcing minimum privileges for general system users can be easily achieved through the use of:

Which of the following services should be logged for security purpose?

All logs are kept on archive for a period of time. What determines this period of time?

With _______________, access decisions are based on the roles that individual users have as part of an organization.

Which of the following is a feature of the Rule based access control?

A firewall can be classified as a:

In the Lattice Based Access Control model, controls are applied to:

Under MAC, which of the following is true?

Under MAC, a clearance is a

Access controls that are not based on the policy are characterized as:

DAC are characterized by many organizations as:

A password represents:

A smartcard represents:

Which of the following is NOT a good password deployment guideline?

Which of the following is an effective measure against a certain type of brute force password attack?

What type of attacks occurs when a rogue application has been planted on an unsuspecting user's workstation?

Which of the following attacks could be the most successful when the security technology is properly implemented and configured?

What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?

In a RADIUS architecture, which of the following acts as a client?

The majority of commercial intrusion detection systems are:

Which of the following is a drawback of Network-based IDSs?

Which of the following will you consider as clear-text protocols?

Microsoft supports the _______________ and ______standards for use in extranet.

Which of the following protocols did Microsoft develop for use in VPNs?

To allow your Windows clients to connect to your Windows NT Server using the public network as a medium, what technology might you find useful?

What technology involves the use of electronic wallet?

With Java, what can be embedded in a web browser, allowing programs to be executed as they are downloaded from the World Wide Web?

ActiveX controls can be digitally signed using a technology called:

A centralized database of remote users for a multi-site network typically uses

Which of the following is more of an irritation than a security threat?

Creating a basic standard for application settings, security settings, and active services on every company laptop would be considered

All of the following are correct about LDAP EXCEPT:

An administrator wishes to enable network auditing policies. Which of the following should the security administrator log?

From a security perspective a performance baseline is MOST useful for:

In order to perform a TCP hijacking attack, an attacker would be required to:

Which if the following technologies would you use if you need to implement a system that simulates a network of vulnerable devices, so that this network can be targeted by attackers ?

Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ?

Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?

Which of the following is an inherent flaw of DAC (Discretionary Access Control)?

Which of the following access control methods provides the most granular access to protected objects?

With regard to DAC (Discretionary Access Control), which of the following statements are true?

Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment?

Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?

Which of the following access control methods relies on user security clearance and data classification?

Which of the following is a characteristic of MAC (Mandatory Access Control)?

Which of the following terms represents a MAC (Mandatory Access Control) model?

Microsoft supports the _________ and standards for use in extranet.