Practice Test For CompTIA Security +

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Pocho

Pocho

Community Contributor

Quizzes Created: 2 | Total Attempts: 972

Questions: 59 | Attempts: 719 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Practice test for CompTIA Security +

Questions and Answers

1.

Which of the following definitions would be correct regarding Eavesdropping?
- A.
  
  Placing a computer system between the sender and receiver to capture information.
- B.
  
  Someone looking through your files.
- C.
  
  Listening or overhearing parts of a conversation
- D.
  
  Involve someone who routinely monitors network traffic.
Correct Answer
C. Listening or overhearing parts of a conversation

Explanation
Eavesdropping refers to the act of listening or overhearing parts of a conversation without the knowledge or consent of the parties involved. It typically involves secretly monitoring or intercepting communication to gain unauthorized access to information. This can be done through various means, such as wiretapping, surveillance devices, or hacking into communication channels. Eavesdropping is considered a breach of privacy and can be illegal in many jurisdictions.

Rate this question:
2.

Which of the following access control models uses roles to determine access permissions?
- A.
  
  MAC
- B.
  
  DAC
- C.
  
  RBAC
- D.
  
  None of the above
Correct Answer
C. RBAC

Explanation
RBAC (Role-Based Access Control) is an access control model that uses roles to determine access permissions. In RBAC, users are assigned specific roles, and permissions are associated with these roles. This approach simplifies the management of access control by allowing administrators to assign permissions to roles rather than individual users. Users inherit the permissions associated with their assigned roles, making it easier to grant or revoke access as needed. This model is widely used in organizations to ensure efficient and secure access control.

Rate this question:
3.

Given: John is a network administrator. He advises the server administrator of his company to implement whitelisting, blacklisting, closing-open relays and strong authentication techniques. Question: Which threat is being addressed?
- A.
  
  Viruses
- B.
  
  Adware
- C.
  
  Spam
- D.
  
  Spyware
Correct Answer
C. Spam

Explanation
The threat being addressed in this scenario is spam. John, the network administrator, suggests implementing techniques such as whitelisting, blacklisting, closing-open relays, and strong authentication to combat spam. These techniques help in filtering out unwanted and unsolicited emails, reducing the risk of spam reaching the company's servers and email accounts.

Rate this question:
4.

Which of the following ports are typically used by email clients? (Select TWO)
- A.
  
  3389
- B.
  
  194
- C.
  
  143
- D.
  
  110
- E.
  
  49
Correct Answer(s)
C. 143
D. 110

Explanation
Port 143 is typically used by email clients for the Internet Message Access Protocol (IMAP), which allows users to retrieve and manage their emails on a mail server. Port 110 is used for the Post Office Protocol (POP3), another email retrieval protocol that allows users to download their emails from a mail server to their local device. These two ports are commonly used by email clients to establish a connection with the mail server and retrieve emails.

Rate this question:
5.

Which of the following types of removable media is write-once and appropriate for archiving security logs?
- A.
  
  Tape
- B.
  
  CD-R
- C.
  
  Hard disk
- D.
  
  USB drive
Correct Answer
B. CD-R

Explanation
CD-R stands for Compact Disc-Recordable. It is a type of removable media that can be written on only once. Once data is written onto a CD-R, it cannot be erased or modified, making it suitable for archiving purposes, such as storing security logs. Tape, hard disks, and USB drives are not write-once media and can be modified or erased, making them less suitable for long-term archiving.

Rate this question:
6.

Who is responsible for establishing access permissions to network resources in the DAC access control model?
- A.
  
  The system administrator.
- B.
  
  The owner of the resource.
- C.
  
  The system administrator and the owner of the resource.
- D.
  
  The user requiring access to the resource.
Correct Answer
B. The owner of the resource.

Explanation
In the DAC (Discretionary Access Control) access control model, the owner of the resource is responsible for establishing access permissions to network resources. This means that the owner has the discretion to determine who can access the resource and what level of access they have. The system administrator may assist in managing these permissions, but ultimately it is the owner's responsibility to control access to their own resources.

Rate this question:
7.

What does the DAC access control model use to identify the users who have permissions to a resource?
- A.
  
  Predefined access privileges.
- B.
  
  The role or responsibilities users have in the organization
- C.
  
  Access Control Lists
- D.
  
  None of the above.
Correct Answer
C. Access Control Lists

Explanation
The DAC (Discretionary Access Control) access control model uses Access Control Lists (ACLs) to identify the users who have permissions to a resource. ACLs contain a list of users or groups and their corresponding access privileges, allowing or denying them access to specific resources. This model grants control to the resource owner, who can determine and modify the access rights for individual users or groups. The other options, such as predefined access privileges or roles and responsibilities, are not specifically associated with the DAC model.

Rate this question:

1
0
8.

One of the below is a description for a password cracker, which one is it?
- A.
  
  A program that can locate and read a password file.
- B.
  
  A program that provides software registration passwords or keys.
- C.
  
  A program that performs comparative analysis.
- D.
  
  A program that obtains privileged access to the system.
Correct Answer
C. A program that performs comparative analysis.

Explanation
The correct answer is "A program that performs comparative analysis." This is because a password cracker is a program specifically designed to analyze and compare different combinations of characters in order to guess or crack a password. It does not necessarily involve locating and reading a password file, providing software registration passwords or keys, or obtaining privileged access to the system.

Rate this question:
9.

The concept that a web script is run in its own environment and cannot interfere with any other process is known as a:
- A.
  
  Honey pot
- B.
  
  VLAN
- C.
  
  Quarantine
- D.
  
  Sandbox
Correct Answer
D. Sandbox

Explanation
The concept that a web script is run in its own environment and cannot interfere with any other process is known as a sandbox. In a sandbox environment, the web script is isolated and restricted from accessing or modifying other processes or data on the system. This provides a layer of security, as any malicious code or actions performed within the sandbox will not affect the rest of the system. Sandboxing is commonly used in web browsers and other software applications to protect against potential threats and vulnerabilities.

Rate this question:
10.

How to test the integrity of a company's backup data?
- A.
  
  By reviewing the written procedures
- B.
  
  By conducting another backup
- C.
  
  By restoring part of the backup
- D.
  
  By using software to recover deleted files
Correct Answer
C. By restoring part of the backup

Explanation
To test the integrity of a company's backup data, one can restore a part of the backup. This involves selecting a portion of the backed-up data and restoring it to ensure that the data is recoverable and intact. By performing this test, the company can verify that the backup process is functioning correctly and that the data can be successfully restored if needed. This helps to ensure the reliability and effectiveness of the backup system in preserving the company's data.

Rate this question:
11.

Most current encryption schemes are based on
- A.
  
  Digital rights management
- B.
  
  Time stamps
- C.
  
  Randomizing
- D.
  
  Algorithms
Correct Answer
D. Algorithms

Explanation
Most current encryption schemes are based on algorithms. Algorithms are step-by-step procedures or formulas for solving a problem or accomplishing a task. In the context of encryption, algorithms are used to transform plaintext into ciphertext, making the data unreadable to unauthorized individuals. These algorithms ensure the security and confidentiality of sensitive information by using mathematical functions and complex calculations. They are designed to be resistant to attacks and provide a high level of encryption. Therefore, algorithms play a crucial role in modern encryption schemes.

Rate this question:
12.

Human resource department personnel should be trained about security policy:
- A.
  
  Guidelines and enforcement.
- B.
  
  Maintenance
- C.
  
  Monitoring and administration
- D.
  
  Implementation
Correct Answer
A. Guidelines and enforcement.

Explanation
The human resource department personnel should be trained about security policy guidelines and enforcement because they are responsible for ensuring that employees are aware of and adhere to the organization's security policies. This includes educating employees about best practices, procedures, and protocols for maintaining a secure work environment. Additionally, HR personnel play a crucial role in enforcing these policies by monitoring employee compliance and taking appropriate disciplinary actions when necessary. By being trained in guidelines and enforcement, HR personnel can effectively contribute to the overall security of the organization.

Rate this question:
13.

PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature?
- A.
  
  Shared
- B.
  
  Private
- C.
  
  Hash
- D.
  
  Public
Correct Answer
B. Private

Explanation
The executive should use their private key to encrypt the signature. This is because in a PKI (Public Key Infrastructure) system, the executive's private key is used to encrypt the signature, while the assistant's public key is used to verify the signature. By encrypting the signature with their private key, the executive ensures that only someone with the corresponding public key (in this case, the assistant) can decrypt and verify the signature. This provides authentication and ensures that the email actually came from the executive.

Rate this question:
14.

Which access control system allows the system administrator to establish access permissions to network resources?
- A.
  
  MAC
- B.
  
  DAC
- C.
  
  RBAC
- D.
  
  None of the above
Correct Answer
A. MAC

Explanation
MAC (Mandatory Access Control) is the correct answer because it is an access control system that enables the system administrator to establish access permissions to network resources. MAC uses a predefined set of rules and policies to determine access rights and permissions based on the classification level or security clearance of users and the sensitivity or classification level of the resources being accessed. This allows the system administrator to have granular control over who can access what resources, ensuring a higher level of security and confidentiality. DAC (Discretionary Access Control) and RBAC (Role-Based Access Control) are also access control systems, but they do not provide the same level of control as MAC.

Rate this question:
15.

Why malware that uses virtualization techniques is difficult to detect?
- A.
  
  The malware may be implementing a proxy server for command and control.
- B.
  
  A portion of the malware may have been removed by the IDS.
- C.
  
  The malware may be using a Trojan to infect the system.
- D.
  
  The malware may be running at a more privileged level than the antivirus software.
Correct Answer
D. The malware may be running at a more privileged level than the antivirus software.

Explanation
Malware that uses virtualization techniques can be difficult to detect because it may be running at a more privileged level than the antivirus software. This means that the malware can operate at a lower level of the system, making it harder for the antivirus software to detect its presence. By running at a higher level of privilege, the malware can also potentially bypass or disable security measures that would normally detect and prevent its activities. This allows the malware to remain hidden and continue to carry out its malicious activities without being detected by traditional security measures.

Rate this question:
16.

Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).
- A.
  
  A locked, windowless building
- B.
  
  A military facility with computer equipment containing biometrics.
- C.
  
  A public building that has shared office space.
- D.
  
  A company with a dedicated information technology (IT) security staff.
- E.
  
  A company with a help desk whose personnel have minimal training.
Correct Answer(s)
C. A public building that has shared office space.
E. A company with a help desk whose personnel have minimal training.

Explanation
Social engineering attacks are most effective in environments where there is a lack of security awareness and controls. A public building with shared office space is vulnerable because it may have a large number of people with different levels of security knowledge, making it easier for attackers to exploit human vulnerabilities. Similarly, a company with a help desk whose personnel have minimal training is also susceptible to social engineering attacks as they may not have the necessary skills to recognize and respond to such attacks effectively.

Rate this question:
17.

Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of following?
- A.
  
  Temporary Internet files
- B.
  
  CPU performance
- C.
  
  System files
- D.
  
  NIC performance
Correct Answer
C. System files

Explanation
A HIDS is installed to monitor system files. System files are crucial components of an operating system, and any unauthorized changes or modifications to these files can indicate a potential security breach or intrusion. By monitoring system files, a HIDS can detect and alert administrators about any suspicious activity or unauthorized access attempts, allowing them to take appropriate action to protect the system and network from further compromise.

Rate this question:
18.

In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as
- A.
  
  Dual control.
- B.
  
  Need to know.
- C.
  
  Separation of duties
- D.
  
  Acceptable use.
Correct Answer
B. Need to know.

Explanation
In a classified environment, individuals with a clearance into a Top Secret compartment are only granted access to specific information within that compartment based on their "need to know." This means that access is strictly limited to individuals who require the information to perform their duties or tasks effectively. It ensures that sensitive information is only disclosed to those who have a legitimate need for it, maintaining the confidentiality and security of classified materials.

Rate this question:
19.

Which of the below options would you consider as a program that constantly observes data traveling over a network?
- A.
  
  Smurfer
- B.
  
  Sniffer
- C.
  
  Fragmenter
- D.
  
  Spoofer
Correct Answer
B. Sniffer

Explanation
A program that constantly observes data traveling over a network is called a sniffer. A sniffer is a tool that captures and analyzes network traffic, allowing users to monitor and inspect the data packets being transmitted. It can be used for various purposes, such as network troubleshooting, security analysis, and performance monitoring. By capturing and analyzing network packets, a sniffer provides valuable insights into the network's behavior and helps identify any potential issues or threats.

Rate this question:
20.

After auditing file, which log will show unauthorized usage attempts?
- A.
  
  Application
- B.
  
  Performance
- C.
  
  Security
- D.
  
  System
Correct Answer
C. Security

Explanation
The correct answer is "Security". After auditing a file, the security log will show unauthorized usage attempts. This log keeps track of any security-related events such as failed login attempts, access violations, or unauthorized access attempts. It helps in identifying and investigating any potential security breaches or unauthorized activities within the system. The application, performance, and system logs may provide other useful information, but the security log specifically focuses on security-related events.

Rate this question:
21.

Risk assessment is a common first step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). As a best practice, risk assessments should be based upon which of the following?
- A.
  
  An absolute measurement of threats
- B.
  
  A qualitative measurement of risk and impact
- C.
  
  A quantitative measurement of risk, impact and asset value
- D.
  
  A survey of annual loss, potential threats and asset value
Correct Answer
C. A quantitative measurement of risk, impact and asset value

Explanation
Risk assessments should be based on a quantitative measurement of risk, impact, and asset value. This means that the assessment should involve a numerical evaluation of the likelihood and potential consequences of a risk occurring, as well as the value of the assets that could be affected. This approach allows for a more objective and comprehensive understanding of the risks involved, which can then inform the development of effective risk management strategies.

Rate this question:
22.

Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.
- A.
  
  Zombie
- B.
  
  Adware
- C.
  
  Worm
- D.
  
  Virus
Correct Answer
A. Zombie
23.

Choose the option that details one of the primary benefits of using S/MIME (Secure Multipurpose Internet Mail Extension)?
- A.
  
  S/MIME allows users to send both encrypted and digitally signed e-mail messages.
- B.
  
  S/MIME allows users to send anonymous e-mail messages.
- C.
  
  S/MIME allows users to send e-mail messages with a return receipt.
- D.
  
  S/MIME expedites the delivery of e-mail messages.
Correct Answer
A. S/MIME allows users to send both encrypted and digitally signed e-mail messages.

Explanation
S/MIME allows users to send both encrypted and digitally signed e-mail messages, which ensures the confidentiality and integrity of the messages. Encryption protects the content of the email from being accessed by unauthorized individuals, while digital signatures verify the authenticity and integrity of the email, ensuring that it has not been tampered with during transit. This provides a secure communication channel for sensitive information, protecting it from interception and unauthorized access.

Rate this question:
24.

A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings?
- A.
  
  $900
- B.
  
  $2,290
- C.
  
  $2,700
- D.
  
  $5,000
Correct Answer
B. $2,290

Explanation
By purchasing the anti-malware software for $5,000 per year, the call center can prevent 90% of the workstations from being compromised. If the workstations are compromised, it will take three hours to restore services for the 30 staff, resulting in a cost of $90 per hour per staff member. Without the software, there is a 90% chance of workstations being compromised, which means that there is a 10% chance of not needing to restore services for the staff. Therefore, the expected net savings can be calculated as: (90% * 30 * 3 * $90) - $5,000 = $2,290.

Rate this question:
25.

The purpose of a DNS server is to enable people and applications to lookup records in DNS tables. Why implement security logging on a DNS server?
- A.
  
  To monitor unauthorized zone transfers
- B.
  
  To control unauthorized DNSDoS
- C.
  
  To measure the DNS server performance
- D.
  
  To perform penetration testing on the DNS server
Correct Answer
A. To monitor unauthorized zone transfers

Explanation
Implementing security logging on a DNS server is necessary to monitor unauthorized zone transfers. This helps in detecting any unauthorized attempts to transfer DNS records from one server to another. By monitoring these transfers, administrators can identify and prevent any potential security breaches or unauthorized access to DNS information. It is an important security measure to ensure the integrity and confidentiality of DNS records.

Rate this question:
26.

A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?
- A.
  
  $2,700
- B.
  
  $4,500
- C.
  
  $5,000
- D.
  
  $7,290
Correct Answer
D. $7,290

Explanation
The annual loss expectancy (ALE) can be calculated by multiplying the annual rate of occurrence (ARO) with the single loss expectancy (SLE). In this case, the ARO is 90% (0.9) as there is a 90% chance each year that workstations would be compromised. The SLE can be calculated by multiplying the cost of restoring services ($90 per hour * 3 hours * 30 staff) which equals $8,100. Therefore, the ALE is $8,100 * 0.9 = $7,290.

Rate this question:
27.

Which security measures should be recommended while implementing system logging procedures?
- A.
  
  Collect system temporary files
- B.
  
  Apply retention policies on the log files.
- C.
  
  Perform CRC checks.
- D.
  
  Perform hashing of the log files.
Correct Answer
D. Perform hashing of the log files.

Explanation
Performing hashing of the log files is a recommended security measure while implementing system logging procedures. Hashing involves generating a unique hash value for each log file, which can be used to verify the integrity of the file. By comparing the hash value before and after transmission or storage, any unauthorized modifications or tampering can be detected. This ensures the reliability and authenticity of the log files, making them a valuable tool for forensic analysis and auditing purposes.

Rate this question:
28.

Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept?
- A.
  
  Buffer Overflows.
- B.
  
  Cookies
- C.
  
  Cgi
- D.
  
  SMTP Relay
Correct Answer
A. Buffer Overflows.

Explanation
Buffer overflows occur when a program or application receives more data than it is programmed to accept, causing the excess data to overflow into adjacent memory locations. This can lead to the corruption of data, the execution of malicious code, and potential security vulnerabilities. In the context of web vulnerabilities, buffer overflows can be exploited by attackers to gain unauthorized access, manipulate data, or cause system crashes. Therefore, the correct answer is Buffer Overflows.

Rate this question:
29.

Which of the following definitions BEST suit Java Applet?
- A.
  
  It is a programming language that allows access to system resources of the system running the script
- B.
  
  The client browser must have the ability to run Java applets in a virtual machine on the client
- C.
  
  It can also include a digital signature to verify authenticity
- D.
  
  It allows customized controls, icons, and other features to increase the usability of web enabled systems
Correct Answer
B. The client browser must have the ability to run Java applets in a virtual machine on the client

Explanation
Java Applet is a programming language that requires the client browser to have the capability to run Java applets in a virtual machine on the client. This definition emphasizes the necessity of the client browser to support Java applets in order to execute them properly.

Rate this question:
30.

On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the best TRUE statement.
- A.
  
  Hoaxes can create as much damage as a real virus.
- B.
  
  Hoaxes are harmless pranks and should be ignored.
- C.
  
  Hoaxes can help educate users about a virus.
- D.
  
  Hoaxes carry a malicious payload and can be destructive.
Correct Answer
A. Hoaxes can create as much damage as a real virus.

Explanation
Hoaxes can create as much damage as a real virus because they can spread misinformation and cause panic among users. They can also lead to wasted time and resources as people try to address the false threat. Additionally, hoaxes can undermine trust in legitimate virus warnings and make it harder for users to differentiate between real threats and false alarms. Therefore, it is important to take hoaxes seriously and not dismiss them as harmless pranks.

Rate this question:
31.

Which of the following definitions BEST suit Buffer Overflow?
- A.
  
  It receives more data than it is programmed to accept.
- B.
  
  It is used to provide a persistent, customized web experience for each visit.
- C.
  
  It's an older form of scripting that was used extensively in early web systems
- D.
  
  It has a feature designed into many e-mail servers that allows them to forward e-mail to other email servers
Correct Answer
A. It receives more data than it is programmed to accept.

Explanation
Buffer overflow occurs when a program or system receives more data than it is programmed to handle, causing the excess data to overflow into adjacent memory locations. This can lead to various security vulnerabilities, as the overflowed data can overwrite critical information or execute malicious code. Therefore, the definition "It receives more data than it is programmed to accept" best suits buffer overflow.

Rate this question:
32.

An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?
- A.
  
  Carbon Dioxide
- B.
  
  Deluge sprinkler
- C.
  
  Hydrogen Peroxide
- D.
  
  Wet pipe sprinkler
Correct Answer
A. Carbon Dioxide

Explanation
Carbon Dioxide is the correct answer because it is a highly effective fire suppression system for server rooms. Carbon Dioxide displaces oxygen, suffocating the fire and preventing it from spreading. It is non-conductive and leaves no residue, making it safe for electrical equipment. Deluge sprinkler systems release large amounts of water, which can cause damage to sensitive equipment. Hydrogen Peroxide and Wet pipe sprinkler systems are also not suitable for server rooms as they can cause damage or leave residue on equipment.

Rate this question:
33.

When power must be delivered to critical systems, which of the following is a countermeasure?
- A.
  
  Backup generator
- B.
  
  Warm site
- C.
  
  Redundant power supplies
- D.
  
  Uninterruptible power supplies (UPSs)
Correct Answer
A. Backup generator

Explanation
A backup generator is a countermeasure that can be implemented to ensure that power is delivered to critical systems in the event of a power outage or failure. It serves as a secondary power source that can be activated automatically or manually when the primary power source is no longer available. This helps to minimize downtime and ensure that critical systems can continue to operate without interruption.

Rate this question:
34.

A programmer plans to change the server variable in the coding of an authentication function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server?
- A.
  
  Change management
- B.
  
  Secure disposal
- C.
  
  Password complexity
- D.
  
  Chain of custody
Correct Answer
A. Change management

Explanation
Before implementing the new routine on the production application server, the programmer should follow the process of change management. Change management involves systematically planning, testing, and implementing changes to a system or software in order to minimize disruption and ensure that the changes are implemented correctly. This process helps to assess the impact of the change, identify any potential risks or issues, and ensure that appropriate documentation and communication are done to all stakeholders involved. By following change management, the programmer can ensure a smooth and controlled transition of the new routine into the production environment.

Rate this question:
35.

The difference between identification and authentication is that:
- A.
  
  Authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.
- B.
  
  Authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group.
- C.
  
  Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.
- D.
  
  Authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.
Correct Answer
C. Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

Explanation
Authentication is the process of verifying the validity of a set of credentials, such as a username and password, to ensure that the user is who they claim to be. On the other hand, identification is the process of confirming the identity of a user requesting credentials, which involves verifying their personal information or biometric data. Therefore, the correct answer is that authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

Rate this question:
36.

The main objective of risk management in an organization is to reduce risk to a level:
- A.
  
  Where the ALE is lower than the SLE.
- B.
  
  Where the ARO equals the SLE.
- C.
  
  The organization will mitigate.
- D.
  
  The organization will accept.
Correct Answer
D. The organization will accept.

Explanation
The main objective of risk management in an organization is to identify, assess, and mitigate risks. However, it is not always possible or practical to eliminate all risks entirely. In some cases, the cost of mitigating a risk may outweigh the potential impact of that risk. Therefore, the organization may choose to accept certain risks and focus on managing them rather than trying to eliminate them completely. This approach allows the organization to prioritize resources and efforts on risks that are more critical or have a higher potential impact.

Rate this question:
37.

The FIRST step in creating a security baseline would be:
- A.
  
  Identifying the use case
- B.
  
  Installing software patches
- C.
  
  Vulnerability testing.
- D.
  
  Creating a security policy
Correct Answer
D. Creating a security policy

Explanation
The first step in creating a security baseline is to create a security policy. A security policy outlines the guidelines and procedures that need to be followed to ensure the security of a system or network. It defines the objectives, rules, and responsibilities related to security measures. By creating a security policy, organizations can establish a framework for implementing security controls and procedures, which will help in identifying and addressing potential risks and vulnerabilities. Once the security policy is in place, other steps such as identifying the use case, installing software patches, and vulnerability testing can be carried out based on the guidelines provided in the policy.

Rate this question:
38.

Which of the following logs shows when the workstation was last shutdown?
- A.
  
  Security
- B.
  
  DHCP
- C.
  
  Acces
- D.
  
  System
Correct Answer
D. System

Explanation
The System log is the correct answer because it records events related to the operating system, including system startup and shutdown. By checking the System log, one can find the timestamp of the last shutdown event, which indicates when the workstation was last shut down. The Security log focuses on security-related events, the DHCP log records DHCP server activity, and the Access log tracks access control events. None of these logs specifically indicate when the workstation was last shutdown.

Rate this question:
39.

Which of the following logs shows when the workstation was last shutdown?
- A.
  
  DHCP
- B.
  
  Security
- C.
  
  Access
- D.
  
  System
Correct Answer
D. System

Explanation
The System log shows when the workstation was last shutdown. This log contains information about system events, including startup and shutdown events. By analyzing the entries in the System log, one can determine the exact time and date of the most recent shutdown of the workstation.

Rate this question:
40.

Which one of the following options overwrites the return address within a program to execute malicious code?
- A.
  
  Buffer overflow
- B.
  
  Rootkit
- C.
  
  Logic bomb
- D.
  
  Privilege escalation
Correct Answer
A. Buffer overflow

Explanation
A buffer overflow is a type of vulnerability where a program writes data beyond the allocated buffer, overwriting adjacent memory. In the context of this question, a buffer overflow can be exploited to overwrite the return address of a program's function, causing it to execute malicious code instead of returning to its intended execution point. This allows an attacker to gain control of the program and potentially execute arbitrary commands or inject malware.

Rate this question:
41.

Which of the following attacks are being referred to if packets are not connection-oriented and do not require the synchronization process?
- A.
  
  TCP/IP Hijacking
- B.
  
  UDP Attack
- C.
  
  ICMP Attacks
- D.
  
  Smurf Attacks
Correct Answer
B. UDP Attack

Explanation
UDP Attack refers to a type of attack where the attacker sends a large number of User Datagram Protocol (UDP) packets to a target system in order to overwhelm its network resources. Unlike TCP/IP Hijacking, ICMP Attacks, and Smurf Attacks, UDP attacks do not require the synchronization process and are not connection-oriented. This means that the attacker can send UDP packets without establishing a connection or ensuring that the packets are received in the correct order. Consequently, UDP attacks can be used to flood a target system with a high volume of traffic, causing it to become unresponsive or crash.

Rate this question:
42.

Which of the below options would you consider as a program that constantly observes data traveling over a network?
- A.
  
  Smurfer
- B.
  
  Sniffer
- C.
  
  Fragmenter
- D.
  
  Spoofer
Correct Answer
B. Sniffer

Explanation
A sniffer is a program that constantly observes data traveling over a network. It captures and analyzes network traffic, allowing users to monitor and analyze the data packets being transmitted. By passively listening to network communication, a sniffer can detect and analyze network issues, troubleshoot problems, and even capture sensitive information such as passwords. Therefore, a sniffer is the most appropriate option for a program that constantly observes data traveling over a network.

Rate this question:
43.

From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network?
- A.
  
  Buffer Overflow attack
- B.
  
  SYN attack
- C.
  
  Smurf attack
- D.
  
  Birthday attack
Correct Answer
B. SYN attack

Explanation
The SYN attack exploits the session initiation process between a TCP client and server within a network. In this attack, the attacker sends a large number of SYN requests to the server, but does not complete the handshake process by sending the final ACK packet. This causes the server to keep the connection half-open and consume resources. This can lead to a denial of service as the server becomes overwhelmed with half-open connections and is unable to handle legitimate requests.

Rate this question:
44.

Which statement correctly describes the difference between a secure cipher and a secure hash?
- A.
  
  A hash can be reversed, a cipher cannot.
- B.
  
  A hash produces a variable output for any input size, a cipher does not
- C.
  
  A cipher can be reversed, a hash cannot.
- D.
  
  A cipher produces the same size output for any input size, a hash does not.
Correct Answer
C. A cipher can be reversed, a hash cannot.

Explanation
A secure cipher refers to an encryption algorithm that can be reversed or decrypted, meaning that the original plaintext can be recovered from the ciphertext using the appropriate key. On the other hand, a secure hash function is a one-way mathematical function that transforms input data into a fixed-size output called a hash value or digest. It is computationally infeasible to reverse the process and obtain the original input from the hash value. Therefore, the correct answer is that a cipher can be reversed, while a hash cannot.

Rate this question:
45.

A peer-to-peer computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. Which of the following is a security risk while using peer-to-peer software?
- A.
  
  Licensing
- B.
  
  Cookies
- C.
  
  Data leakage
- D.
  
  Multiple streams
Correct Answer
C. Data leakage

Explanation
Data leakage is a security risk while using peer-to-peer software because it involves the unauthorized or unintentional transfer of sensitive or confidential data from one participant to another. Peer-to-peer networks allow direct communication and file sharing between participants, which increases the risk of data being accessed or intercepted by unauthorized users. This can result in the loss of valuable information, privacy breaches, and potential legal and financial consequences.

Rate this question:
46.

From the listing of attacks; which analyzes how the operating system (OS) responds to specific network traffic, in an attempt to determine the operating system running in your networking environment?
- A.
  
  Operating system scanning.
- B.
  
  Reverse engineering.
- C.
  
  Fingerprinting
- D.
  
  Host hijacking.
Correct Answer
C. Fingerprinting

Explanation
Fingerprinting is the correct answer because it refers to the process of analyzing how the operating system responds to specific network traffic in order to determine the operating system running in the networking environment. This technique involves sending specific packets to a target system and analyzing the responses to identify the operating system. It is commonly used by attackers to gather information about a target system and exploit any vulnerabilities specific to that operating system.

Rate this question:
47.

From the listing of attacks, choose the attack which misuses the TCP (Transmission Control Protocol) three-way handshake process, in an attempt to overload network servers, so that authorized users are denied access to network resources?
- A.
  
  Man in the middle attack
- B.
  
  Smurf attack
- C.
  
  Teardrop attack
- D.
  
  SYN (Synchronize) attack
Correct Answer
D. SYN (Synchronize) attack

Explanation
The SYN (Synchronize) attack is the correct answer because it specifically targets the TCP three-way handshake process. In this attack, the attacker sends a large number of SYN requests to the server, but does not complete the handshake process by sending the final ACK packet. This causes the server to allocate resources for each incomplete connection attempt, eventually overwhelming the server and denying access to legitimate users.

Rate this question:
48.

A technician is helping an organization to correct problems with staff members unknowingly downloading malicious code from Internet websites. Which of the following should the technician do to resolve the problem?
- A.
  
  Use Java virtual machines to reduce impact
- B.
  
  Disable unauthorized ActiveX controls
- C.
  
  Implement a policy to minimize the problem
- D.
  
  Install a NIDS
Correct Answer
B. Disable unauthorized ActiveX controls

Explanation
To resolve the problem of staff members unknowingly downloading malicious code from Internet websites, the technician should disable unauthorized ActiveX controls. ActiveX controls are a type of browser plugin that can execute code on a user's computer. By disabling unauthorized ActiveX controls, the technician can prevent staff members from inadvertently downloading and executing malicious code through these controls, thus reducing the risk of malware infections. This action helps to enforce security measures and protect the organization's systems and data from potential threats.

Rate this question:
49.

A protocol analyzer will most likely detect which security related anomalies?
- A.
  
  Many malformed or fragmented packets
- B.
  
  Passive sniffing of local network traffic
- C.
  
  Decryption of encrypted network traffic
- D.
  
  Disabled network interface on a server
Correct Answer
A. Many malformed or fragmented packets

Explanation
A protocol analyzer is a tool used to capture and analyze network traffic. It can detect many malformed or fragmented packets, which are packets that do not adhere to the expected structure or are divided into smaller fragments for transmission. These anomalies can indicate potential security issues or attacks on the network. Passive sniffing of local network traffic, decryption of encrypted network traffic, and a disabled network interface on a server are not directly related to the function of a protocol analyzer in detecting security-related anomalies.

Rate this question:
50.

One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this?
- A.
  
  Man in the middle attack.
- B.
  
  Ciphertext only attack.
- C.
  
  Birthday attack.
- D.
  
  Brute force attack.
Correct Answer
C. Birthday attack.

Explanation
A birthday attack is a type of network attack where two different messages are sent using the same hash function, resulting in the same message digest. This attack takes advantage of the birthday paradox, which states that in a group of only 23 people, there is a 50% chance that two people will have the same birthday. Similarly, in a hash function, as the number of messages increases, the probability of two messages having the same digest also increases. Therefore, the correct answer is a birthday attack.

Rate this question:

Practice Test For CompTIA Security +

Which of the following definitions would be correct regarding Eavesdropping?

Which of the following access control models uses roles to determine access permissions?

Given: John is a network administrator. He advises the server administrator of his company to implement whitelisting, blacklisting, closing-open relays and strong authentication techniques. Question: Which threat is being addressed?

Which of the following ports are typically used by email clients? (Select TWO)

Which of the following types of removable media is write-once and appropriate for archiving security logs?

Who is responsible for establishing access permissions to network resources in the DAC access control model?

What does the DAC access control model use to identify the users who have permissions to a resource?

One of the below is a description for a password cracker, which one is it?

The concept that a web script is run in its own environment and cannot interfere with any other process is known as a:

How to test the integrity of a company's backup data?

Most current encryption schemes are based on

Human resource department personnel should be trained about security policy:

Which access control system allows the system administrator to establish access permissions to network resources?

Why malware that uses virtualization techniques is difficult to detect?

Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).

Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of following?

In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as

Which of the below options would you consider as a program that constantly observes data traveling over a network?

After auditing file, which log will show unauthorized usage attempts?

Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.

Choose the option that details one of the primary benefits of using S/MIME (Secure Multipurpose Internet Mail Extension)?

The purpose of a DNS server is to enable people and applications to lookup records in DNS tables. Why implement security logging on a DNS server?

Which security measures should be recommended while implementing system logging procedures?

Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept?

Which of the following definitions BEST suit Java Applet?

On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the best TRUE statement.

Which of the following definitions BEST suit Buffer Overflow?

An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?

When power must be delivered to critical systems, which of the following is a countermeasure?

A programmer plans to change the server variable in the coding of an authentication function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server?

The difference between identification and authentication is that:

The main objective of risk management in an organization is to reduce risk to a level:

The FIRST step in creating a security baseline would be:

Which of the following logs shows when the workstation was last shutdown?

Which of the following logs shows when the workstation was last shutdown?

Which one of the following options overwrites the return address within a program to execute malicious code?

Which of the following attacks are being referred to if packets are not connection-oriented and do not require the synchronization process?

Which of the below options would you consider as a program that constantly observes data traveling over a network?

From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network?

Which statement correctly describes the difference between a secure cipher and a secure hash?

From the listing of attacks; which analyzes how the operating system (OS) responds to specific network traffic, in an attempt to determine the operating system running in your networking environment?

From the listing of attacks, choose the attack which misuses the TCP (Transmission Control Protocol) three-way handshake process, in an attempt to overload network servers, so that authorized users are denied access to network resources?

A technician is helping an organization to correct problems with staff members unknowingly downloading malicious code from Internet websites. Which of the following should the technician do to resolve the problem?

A protocol analyzer will most likely detect which security related anomalies?

One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this?