Practice Test For CompTIA Security +

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Pocho
P
Pocho
Community Contributor
Quizzes Created: 2 | Total Attempts: 980
| Attempts: 725
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/59 Questions

    Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept?

    • Buffer Overflows.
    • Cookies
    • Cgi
    • SMTP Relay
Please wait...
Security Plus Quizzes & Trivia
About This Quiz

This practice test for CompTIA Security+ assesses knowledge on eavesdropping, access control models like RBAC, spam threats, email ports, and media for security logs. It prepares learners for certification, enhancing skills in network security management.

Quiz Preview

  • 2. 

    Which of the below options would you consider as a program that constantly observes data traveling over a network?

    • Smurfer

    • Sniffer

    • Fragmenter

    • Spoofer

    Correct Answer
    A. Sniffer
    Explanation
    A program that constantly observes data traveling over a network is called a sniffer. A sniffer is a tool that captures and analyzes network traffic, allowing users to monitor and inspect the data packets being transmitted. It can be used for various purposes, such as network troubleshooting, security analysis, and performance monitoring. By capturing and analyzing network packets, a sniffer provides valuable insights into the network's behavior and helps identify any potential issues or threats.

    Rate this question:

  • 3. 

    Which of the following definitions BEST suit Buffer Overflow?

    • It receives more data than it is programmed to accept.

    • It is used to provide a persistent, customized web experience for each visit.

    • It's an older form of scripting that was used extensively in early web systems

    • It has a feature designed into many e-mail servers that allows them to forward e-mail to other email servers

    Correct Answer
    A. It receives more data than it is programmed to accept.
    Explanation
    Buffer overflow occurs when a program or system receives more data than it is programmed to handle, causing the excess data to overflow into adjacent memory locations. This can lead to various security vulnerabilities, as the overflowed data can overwrite critical information or execute malicious code. Therefore, the definition "It receives more data than it is programmed to accept" best suits buffer overflow.

    Rate this question:

  • 4. 

    Which of the below options would you consider as a program that constantly observes data traveling over a network?

    • Smurfer

    • Sniffer

    • Fragmenter

    • Spoofer

    Correct Answer
    A. Sniffer
    Explanation
    A sniffer is a program that constantly observes data traveling over a network. It captures and analyzes network traffic, allowing users to monitor and analyze the data packets being transmitted. By passively listening to network communication, a sniffer can detect and analyze network issues, troubleshoot problems, and even capture sensitive information such as passwords. Therefore, a sniffer is the most appropriate option for a program that constantly observes data traveling over a network.

    Rate this question:

  • 5. 

    Choose the option that details one of the primary benefits of using S/MIME (Secure Multipurpose Internet Mail Extension)?

    • S/MIME allows users to send both encrypted and digitally signed e-mail messages.

    • S/MIME allows users to send anonymous e-mail messages.

    • S/MIME allows users to send e-mail messages with a return receipt.

    • S/MIME expedites the delivery of e-mail messages.

    Correct Answer
    A. S/MIME allows users to send both encrypted and digitally signed e-mail messages.
    Explanation
    S/MIME allows users to send both encrypted and digitally signed e-mail messages, which ensures the confidentiality and integrity of the messages. Encryption protects the content of the email from being accessed by unauthorized individuals, while digital signatures verify the authenticity and integrity of the email, ensuring that it has not been tampered with during transit. This provides a secure communication channel for sensitive information, protecting it from interception and unauthorized access.

    Rate this question:

  • 6. 

    Which of the following logs shows when the workstation was last shutdown?  

    • DHCP

    • Security

    • Access

    • System

    Correct Answer
    A. System
    Explanation
    The System log shows when the workstation was last shutdown. This log contains information about system events, including startup and shutdown events. By analyzing the entries in the System log, one can determine the exact time and date of the most recent shutdown of the workstation.

    Rate this question:

  • 7. 

    Most current encryption schemes are based on

    • Digital rights management

    • Time stamps

    • Randomizing

    • Algorithms

    Correct Answer
    A. Algorithms
    Explanation
    Most current encryption schemes are based on algorithms. Algorithms are step-by-step procedures or formulas for solving a problem or accomplishing a task. In the context of encryption, algorithms are used to transform plaintext into ciphertext, making the data unreadable to unauthorized individuals. These algorithms ensure the security and confidentiality of sensitive information by using mathematical functions and complex calculations. They are designed to be resistant to attacks and provide a high level of encryption. Therefore, algorithms play a crucial role in modern encryption schemes.

    Rate this question:

  • 8. 

    Social engineering attacks would be MOST effective in which of the following environments? (Select TWO).

    • A locked, windowless building

    • A military facility with computer equipment containing biometrics.

    • A public building that has shared office space.

    • A company with a dedicated information technology (IT) security staff.

    • A company with a help desk whose personnel have minimal training.

    Correct Answer(s)
    A. A public building that has shared office space.
    A. A company with a help desk whose personnel have minimal training.
    Explanation
    Social engineering attacks are most effective in environments where there is a lack of security awareness and controls. A public building with shared office space is vulnerable because it may have a large number of people with different levels of security knowledge, making it easier for attackers to exploit human vulnerabilities. Similarly, a company with a help desk whose personnel have minimal training is also susceptible to social engineering attacks as they may not have the necessary skills to recognize and respond to such attacks effectively.

    Rate this question:

  • 9. 

    Human resource department personnel should be trained about security policy:

    • Guidelines and enforcement.

    • Maintenance

    • Monitoring and administration

    • Implementation

    Correct Answer
    A. Guidelines and enforcement.
    Explanation
    The human resource department personnel should be trained about security policy guidelines and enforcement because they are responsible for ensuring that employees are aware of and adhere to the organization's security policies. This includes educating employees about best practices, procedures, and protocols for maintaining a secure work environment. Additionally, HR personnel play a crucial role in enforcing these policies by monitoring employee compliance and taking appropriate disciplinary actions when necessary. By being trained in guidelines and enforcement, HR personnel can effectively contribute to the overall security of the organization.

    Rate this question:

  • 10. 

    In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as

    • Dual control.

    • Need to know.

    • Separation of duties

    • Acceptable use.

    Correct Answer
    A. Need to know.
    Explanation
    In a classified environment, individuals with a clearance into a Top Secret compartment are only granted access to specific information within that compartment based on their "need to know." This means that access is strictly limited to individuals who require the information to perform their duties or tasks effectively. It ensures that sensitive information is only disclosed to those who have a legitimate need for it, maintaining the confidentiality and security of classified materials.

    Rate this question:

  • 11. 

    An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?

    • Carbon Dioxide

    • Deluge sprinkler

    • Hydrogen Peroxide

    • Wet pipe sprinkler

    Correct Answer
    A. Carbon Dioxide
    Explanation
    Carbon Dioxide is the correct answer because it is a highly effective fire suppression system for server rooms. Carbon Dioxide displaces oxygen, suffocating the fire and preventing it from spreading. It is non-conductive and leaves no residue, making it safe for electrical equipment. Deluge sprinkler systems release large amounts of water, which can cause damage to sensitive equipment. Hydrogen Peroxide and Wet pipe sprinkler systems are also not suitable for server rooms as they can cause damage or leave residue on equipment.

    Rate this question:

  • 12. 

    Which of the following logs shows when the workstation was last shutdown?  

    • Security

    • DHCP

    • Acces

    • System

    Correct Answer
    A. System
    Explanation
    The System log is the correct answer because it records events related to the operating system, including system startup and shutdown. By checking the System log, one can find the timestamp of the last shutdown event, which indicates when the workstation was last shut down. The Security log focuses on security-related events, the DHCP log records DHCP server activity, and the Access log tracks access control events. None of these logs specifically indicate when the workstation was last shutdown.

    Rate this question:

  • 13. 

    Which of the following access control models uses roles to determine access permissions?

    • MAC

    • DAC

    • RBAC

    • None of the above

    Correct Answer
    A. RBAC
    Explanation
    RBAC (Role-Based Access Control) is an access control model that uses roles to determine access permissions. In RBAC, users are assigned specific roles, and permissions are associated with these roles. This approach simplifies the management of access control by allowing administrators to assign permissions to roles rather than individual users. Users inherit the permissions associated with their assigned roles, making it easier to grant or revoke access as needed. This model is widely used in organizations to ensure efficient and secure access control.

    Rate this question:

  • 14. 

    A programmer plans to change the server variable in the coding of an authentication function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server?

    • Change management

    • Secure disposal

    • Password complexity

    • Chain of custody

    Correct Answer
    A. Change management
    Explanation
    Before implementing the new routine on the production application server, the programmer should follow the process of change management. Change management involves systematically planning, testing, and implementing changes to a system or software in order to minimize disruption and ensure that the changes are implemented correctly. This process helps to assess the impact of the change, identify any potential risks or issues, and ensure that appropriate documentation and communication are done to all stakeholders involved. By following change management, the programmer can ensure a smooth and controlled transition of the new routine into the production environment.

    Rate this question:

  • 15. 

    Which of the following types of removable media is write-once and appropriate for archiving security logs?

    • Tape

    • CD-R

    • Hard disk

    • USB drive

    Correct Answer
    A. CD-R
    Explanation
    CD-R stands for Compact Disc-Recordable. It is a type of removable media that can be written on only once. Once data is written onto a CD-R, it cannot be erased or modified, making it suitable for archiving purposes, such as storing security logs. Tape, hard disks, and USB drives are not write-once media and can be modified or erased, making them less suitable for long-term archiving.

    Rate this question:

  • 16. 

    How to test the integrity of a company's backup data?

    • By reviewing the written procedures

    • By conducting another backup

    • By restoring part of the backup

    • By using software to recover deleted files

    Correct Answer
    A. By restoring part of the backup
    Explanation
    To test the integrity of a company's backup data, one can restore a part of the backup. This involves selecting a portion of the backed-up data and restoring it to ensure that the data is recoverable and intact. By performing this test, the company can verify that the backup process is functioning correctly and that the data can be successfully restored if needed. This helps to ensure the reliability and effectiveness of the backup system in preserving the company's data.

    Rate this question:

  • 17. 

    After auditing file, which log will show unauthorized usage attempts?

    • Application

    • Performance

    • Security

    • System

    Correct Answer
    A. Security
    Explanation
    The correct answer is "Security". After auditing a file, the security log will show unauthorized usage attempts. This log keeps track of any security-related events such as failed login attempts, access violations, or unauthorized access attempts. It helps in identifying and investigating any potential security breaches or unauthorized activities within the system. The application, performance, and system logs may provide other useful information, but the security log specifically focuses on security-related events.

    Rate this question:

  • 18. 

    From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network?

    • Buffer Overflow attack

    • SYN attack

    • Smurf attack

    • Birthday attack

    Correct Answer
    A. SYN attack
    Explanation
    The SYN attack exploits the session initiation process between a TCP client and server within a network. In this attack, the attacker sends a large number of SYN requests to the server, but does not complete the handshake process by sending the final ACK packet. This causes the server to keep the connection half-open and consume resources. This can lead to a denial of service as the server becomes overwhelmed with half-open connections and is unable to handle legitimate requests.

    Rate this question:

  • 19. 

    Which of the following ports are typically used by email clients? (Select TWO)

    • 3389

    • 194

    • 143

    • 110

    • 49

    Correct Answer(s)
    A. 143
    A. 110
    Explanation
    Port 143 is typically used by email clients for the Internet Message Access Protocol (IMAP), which allows users to retrieve and manage their emails on a mail server. Port 110 is used for the Post Office Protocol (POP3), another email retrieval protocol that allows users to download their emails from a mail server to their local device. These two ports are commonly used by email clients to establish a connection with the mail server and retrieve emails.

    Rate this question:

  • 20. 

    From the listing of attacks, choose the attack which misuses the TCP (Transmission Control Protocol) three-way handshake process, in an attempt to overload network servers, so that authorized users are denied access to network resources?

    • Man in the middle attack

    • Smurf attack

    • Teardrop attack

    • SYN (Synchronize) attack

    Correct Answer
    A. SYN (Synchronize) attack
    Explanation
    The SYN (Synchronize) attack is the correct answer because it specifically targets the TCP three-way handshake process. In this attack, the attacker sends a large number of SYN requests to the server, but does not complete the handshake process by sending the final ACK packet. This causes the server to allocate resources for each incomplete connection attempt, eventually overwhelming the server and denying access to legitimate users.

    Rate this question:

  • 21. 

    The concept that a web script is run in its own environment and cannot interfere with any other process is known as a:

    • Honey pot

    • VLAN

    • Quarantine

    • Sandbox

    Correct Answer
    A. Sandbox
    Explanation
    The concept that a web script is run in its own environment and cannot interfere with any other process is known as a sandbox. In a sandbox environment, the web script is isolated and restricted from accessing or modifying other processes or data on the system. This provides a layer of security, as any malicious code or actions performed within the sandbox will not affect the rest of the system. Sandboxing is commonly used in web browsers and other software applications to protect against potential threats and vulnerabilities.

    Rate this question:

  • 22. 

    Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of following?

    • Temporary Internet files

    • CPU performance

    • System files

    • NIC performance

    Correct Answer
    A. System files
    Explanation
    A HIDS is installed to monitor system files. System files are crucial components of an operating system, and any unauthorized changes or modifications to these files can indicate a potential security breach or intrusion. By monitoring system files, a HIDS can detect and alert administrators about any suspicious activity or unauthorized access attempts, allowing them to take appropriate action to protect the system and network from further compromise.

    Rate this question:

  • 23. 

    One type of port scan can determine which ports are in a listening state on the network, and can then perform a three way handshake. Which type of port scan can perform this set of actions?

    • A TCP (transmission Control Protocol) SYN (Synchronize) scan

    • A TCP (transmission Control Protocol) connect scan

    • A TCP (transmission Control Protocol) fin scan

    • A TCP (transmission Control Protocol) null scan

    Correct Answer
    A. A TCP (transmission Control Protocol) SYN (Synchronize) scan
    Explanation
    A TCP SYN scan is a type of port scan that can determine which ports are in a listening state on the network and perform a three-way handshake. In this scan, the attacker sends a SYN packet to the target host and waits for a response. If the port is open and listening, the target host responds with a SYN-ACK packet. The attacker then sends an RST packet to close the connection. This type of scan is stealthy as it does not complete the full connection establishment process, making it difficult for intrusion detection systems to detect.

    Rate this question:

  • 24. 

    A peer-to-peer computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. Which of the following is a security risk while using peer-to-peer software?

    • Licensing

    • Cookies

    • Data leakage

    • Multiple streams

    Correct Answer
    A. Data leakage
    Explanation
    Data leakage is a security risk while using peer-to-peer software because it involves the unauthorized or unintentional transfer of sensitive or confidential data from one participant to another. Peer-to-peer networks allow direct communication and file sharing between participants, which increases the risk of data being accessed or intercepted by unauthorized users. This can result in the loss of valuable information, privacy breaches, and potential legal and financial consequences.

    Rate this question:

  • 25. 

    Which of the following definitions would be correct regarding Eavesdropping?

    • Placing a computer system between the sender and receiver to capture information.

    • Someone looking through your files.

    • Listening or overhearing parts of a conversation

    • Involve someone who routinely monitors network traffic.

    Correct Answer
    A. Listening or overhearing parts of a conversation
    Explanation
    Eavesdropping refers to the act of listening or overhearing parts of a conversation without the knowledge or consent of the parties involved. It typically involves secretly monitoring or intercepting communication to gain unauthorized access to information. This can be done through various means, such as wiretapping, surveillance devices, or hacking into communication channels. Eavesdropping is considered a breach of privacy and can be illegal in many jurisdictions.

    Rate this question:

  • 26. 

    On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the best TRUE statement.

    • Hoaxes can create as much damage as a real virus.

    • Hoaxes are harmless pranks and should be ignored.

    • Hoaxes can help educate users about a virus.

    • Hoaxes carry a malicious payload and can be destructive.

    Correct Answer
    A. Hoaxes can create as much damage as a real virus.
    Explanation
    Hoaxes can create as much damage as a real virus because they can spread misinformation and cause panic among users. They can also lead to wasted time and resources as people try to address the false threat. Additionally, hoaxes can undermine trust in legitimate virus warnings and make it harder for users to differentiate between real threats and false alarms. Therefore, it is important to take hoaxes seriously and not dismiss them as harmless pranks.

    Rate this question:

  • 27. 

    Who is responsible for establishing access permissions to network resources in the DAC access control model?

    • The system administrator.

    • The owner of the resource.

    • The system administrator and the owner of the resource.

    • The user requiring access to the resource.

    Correct Answer
    A. The owner of the resource.
    Explanation
    In the DAC (Discretionary Access Control) access control model, the owner of the resource is responsible for establishing access permissions to network resources. This means that the owner has the discretion to determine who can access the resource and what level of access they have. The system administrator may assist in managing these permissions, but ultimately it is the owner's responsibility to control access to their own resources.

    Rate this question:

  • 28. 

    What does the DAC access control model use to identify the users who have permissions to a resource?

    • Predefined access privileges.

    • The role or responsibilities users have in the organization

    • Access Control Lists

    • None of the above.

    Correct Answer
    A. Access Control Lists
    Explanation
    The DAC (Discretionary Access Control) access control model uses Access Control Lists (ACLs) to identify the users who have permissions to a resource. ACLs contain a list of users or groups and their corresponding access privileges, allowing or denying them access to specific resources. This model grants control to the resource owner, who can determine and modify the access rights for individual users or groups. The other options, such as predefined access privileges or roles and responsibilities, are not specifically associated with the DAC model.

    Rate this question:

  • 29. 

    The difference between identification and authentication is that:

    • Authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.

    • Authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group.

    • Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

    • Authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.

    Correct Answer
    A. Authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.
    Explanation
    Authentication is the process of verifying the validity of a set of credentials, such as a username and password, to ensure that the user is who they claim to be. On the other hand, identification is the process of confirming the identity of a user requesting credentials, which involves verifying their personal information or biometric data. Therefore, the correct answer is that authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

    Rate this question:

  • 30. 

    The FIRST step in creating a security baseline would be:

    • Identifying the use case

    • Installing software patches

    • Vulnerability testing.

    • Creating a security policy

    Correct Answer
    A. Creating a security policy
    Explanation
    The first step in creating a security baseline is to create a security policy. A security policy outlines the guidelines and procedures that need to be followed to ensure the security of a system or network. It defines the objectives, rules, and responsibilities related to security measures. By creating a security policy, organizations can establish a framework for implementing security controls and procedures, which will help in identifying and addressing potential risks and vulnerabilities. Once the security policy is in place, other steps such as identifying the use case, installing software patches, and vulnerability testing can be carried out based on the guidelines provided in the policy.

    Rate this question:

  • 31. 

    Which of the following is MOST effective in preventing adware?

    • Firewall

    • HIDS

    • Antivirus

    • Pop-up blocker

    Correct Answer
    A. Pop-up blocker
    Explanation
    A pop-up blocker is the most effective in preventing adware because it blocks unwanted pop-up advertisements from appearing on a user's screen. Adware often uses pop-up ads to display unwanted content or redirect users to malicious websites. By blocking these pop-ups, a user can significantly reduce the risk of encountering adware and protect their device from potential infections or unwanted software installations.

    Rate this question:

  • 32. 

    PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature?

    • Shared

    • Private

    • Hash

    • Public

    Correct Answer
    A. Private
    Explanation
    The executive should use their private key to encrypt the signature. This is because in a PKI (Public Key Infrastructure) system, the executive's private key is used to encrypt the signature, while the assistant's public key is used to verify the signature. By encrypting the signature with their private key, the executive ensures that only someone with the corresponding public key (in this case, the assistant) can decrypt and verify the signature. This provides authentication and ensures that the email actually came from the executive.

    Rate this question:

  • 33. 

    The purpose of a DNS server is to enable people and applications to lookup records in DNS tables. Why implement security logging on a DNS server?

    • To monitor unauthorized zone transfers

    • To control unauthorized DNSDoS

    • To measure the DNS server performance

    • To perform penetration testing on the DNS server

    Correct Answer
    A. To monitor unauthorized zone transfers
    Explanation
    Implementing security logging on a DNS server is necessary to monitor unauthorized zone transfers. This helps in detecting any unauthorized attempts to transfer DNS records from one server to another. By monitoring these transfers, administrators can identify and prevent any potential security breaches or unauthorized access to DNS information. It is an important security measure to ensure the integrity and confidentiality of DNS records.

    Rate this question:

  • 34. 

    Recently, your company has implemented a work from home program. Employees should connect securely from home to the corporate network. Which encryption technology can be used to achieve this goal?

    • L2TP

    • IPSec

    • PPPoE

    • PPTP

    Correct Answer
    A. IPSec
    Explanation
    IPSec (Internet Protocol Security) can be used to achieve a secure connection from home to the corporate network. IPSec provides authentication and encryption of IP packets, ensuring the confidentiality, integrity, and authenticity of the data transmitted over the network. It establishes a secure tunnel between the employee's device and the corporate network, making it an ideal choice for remote access and work from home scenarios. L2TP, PPPoE, and PPTP are not encryption technologies but rather tunneling protocols that can be used in conjunction with IPSec for added security.

    Rate this question:

  • 35. 

    Choose the statement which best defines the characteristics of a computer virus.

    • A computer virus is a find mechanism, initiation mechanism and can propagate.

    • A computer virus is a learning mechanism, contamination mechanism and can exploit.

    • A computer virus is a search mechanism, connection mechanism and can integrate.

    • A computer virus is a replication mechanism, activation mechanism and has an objective.

    Correct Answer
    A. A computer virus is a replication mechanism, activation mechanism and has an objective.
    Explanation
    The given answer correctly defines the characteristics of a computer virus. A computer virus is a replication mechanism as it is capable of making copies of itself and spreading to other systems. It is also an activation mechanism as it requires specific conditions or triggers to activate and carry out its malicious activities. Additionally, a computer virus has an objective, which is usually to cause harm, steal information, or disrupt the normal functioning of a computer system.

    Rate this question:

  • 36. 

    The main objective of risk management in an organization is to reduce risk to a level:

    • Where the ALE is lower than the SLE.

    • Where the ARO equals the SLE.

    • The organization will mitigate.

    • The organization will accept.

    Correct Answer
    A. The organization will accept.
    Explanation
    The main objective of risk management in an organization is to identify, assess, and mitigate risks. However, it is not always possible or practical to eliminate all risks entirely. In some cases, the cost of mitigating a risk may outweigh the potential impact of that risk. Therefore, the organization may choose to accept certain risks and focus on managing them rather than trying to eliminate them completely. This approach allows the organization to prioritize resources and efforts on risks that are more critical or have a higher potential impact.

    Rate this question:

  • 37. 

    Why malware that uses virtualization techniques is difficult to detect?

    • The malware may be implementing a proxy server for command and control.

    • A portion of the malware may have been removed by the IDS.

    • The malware may be using a Trojan to infect the system.

    • The malware may be running at a more privileged level than the antivirus software.

    Correct Answer
    A. The malware may be running at a more privileged level than the antivirus software.
    Explanation
    Malware that uses virtualization techniques can be difficult to detect because it may be running at a more privileged level than the antivirus software. This means that the malware can operate at a lower level of the system, making it harder for the antivirus software to detect its presence. By running at a higher level of privilege, the malware can also potentially bypass or disable security measures that would normally detect and prevent its activities. This allows the malware to remain hidden and continue to carry out its malicious activities without being detected by traditional security measures.

    Rate this question:

  • 38. 

    Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.

    • Zombie

    • Adware

    • Worm

    • Virus

    Correct Answer
    A. Zombie
  • 39. 

    Which statement correctly describes the difference between a secure cipher and a secure hash?

    • A hash can be reversed, a cipher cannot.

    • A hash produces a variable output for any input size, a cipher does not

    • A cipher can be reversed, a hash cannot.

    • A cipher produces the same size output for any input size, a hash does not.

    Correct Answer
    A. A cipher can be reversed, a hash cannot.
    Explanation
    A secure cipher refers to an encryption algorithm that can be reversed or decrypted, meaning that the original plaintext can be recovered from the ciphertext using the appropriate key. On the other hand, a secure hash function is a one-way mathematical function that transforms input data into a fixed-size output called a hash value or digest. It is computationally infeasible to reverse the process and obtain the original input from the hash value. Therefore, the correct answer is that a cipher can be reversed, while a hash cannot.

    Rate this question:

  • 40. 

    Which access control system allows the system administrator to establish access permissions to network resources?

    • MAC

    • DAC

    • RBAC

    • None of the above

    Correct Answer
    A. MAC
    Explanation
    MAC (Mandatory Access Control) is the correct answer because it is an access control system that enables the system administrator to establish access permissions to network resources. MAC uses a predefined set of rules and policies to determine access rights and permissions based on the classification level or security clearance of users and the sensitivity or classification level of the resources being accessed. This allows the system administrator to have granular control over who can access what resources, ensuring a higher level of security and confidentiality. DAC (Discretionary Access Control) and RBAC (Role-Based Access Control) are also access control systems, but they do not provide the same level of control as MAC.

    Rate this question:

  • 41. 

    Risk assessment is a common first step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). As a best practice, risk assessments should be based upon which of the following?

    • An absolute measurement of threats

    • A qualitative measurement of risk and impact

    • A quantitative measurement of risk, impact and asset value

    • A survey of annual loss, potential threats and asset value

    Correct Answer
    A. A quantitative measurement of risk, impact and asset value
    Explanation
    Risk assessments should be based on a quantitative measurement of risk, impact, and asset value. This means that the assessment should involve a numerical evaluation of the likelihood and potential consequences of a risk occurring, as well as the value of the assets that could be affected. This approach allows for a more objective and comprehensive understanding of the risks involved, which can then inform the development of effective risk management strategies.

    Rate this question:

  • 42. 

    A technician is helping an organization to correct problems with staff members unknowingly downloading malicious code from Internet websites. Which of the following should the technician do to resolve the problem?

    • Use Java virtual machines to reduce impact

    • Disable unauthorized ActiveX controls

    • Implement a policy to minimize the problem

    • Install a NIDS

    Correct Answer
    A. Disable unauthorized ActiveX controls
    Explanation
    To resolve the problem of staff members unknowingly downloading malicious code from Internet websites, the technician should disable unauthorized ActiveX controls. ActiveX controls are a type of browser plugin that can execute code on a user's computer. By disabling unauthorized ActiveX controls, the technician can prevent staff members from inadvertently downloading and executing malicious code through these controls, thus reducing the risk of malware infections. This action helps to enforce security measures and protect the organization's systems and data from potential threats.

    Rate this question:

  • 43. 

    A protocol analyzer will most likely detect which security related anomalies?

    • Many malformed or fragmented packets

    • Passive sniffing of local network traffic

    • Decryption of encrypted network traffic

    • Disabled network interface on a server

    Correct Answer
    A. Many malformed or fragmented packets
    Explanation
    A protocol analyzer is a tool used to capture and analyze network traffic. It can detect many malformed or fragmented packets, which are packets that do not adhere to the expected structure or are divided into smaller fragments for transmission. These anomalies can indicate potential security issues or attacks on the network. Passive sniffing of local network traffic, decryption of encrypted network traffic, and a disabled network interface on a server are not directly related to the function of a protocol analyzer in detecting security-related anomalies.

    Rate this question:

  • 44. 

    A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?

    • $2,700

    • $4,500

    • $5,000

    • $7,290

    Correct Answer
    A. $7,290
    Explanation
    The annual loss expectancy (ALE) can be calculated by multiplying the annual rate of occurrence (ARO) with the single loss expectancy (SLE). In this case, the ARO is 90% (0.9) as there is a 90% chance each year that workstations would be compromised. The SLE can be calculated by multiplying the cost of restoring services ($90 per hour * 3 hours * 30 staff) which equals $8,100. Therefore, the ALE is $8,100 * 0.9 = $7,290.

    Rate this question:

  • 45. 

    To which of the following viruses does the characteristic when the virus will attempt to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive, form part of?

    • Polymorphic Virus

    • Trojan Horse Virus

    • Stealth Virus

    • Retrovirus

    Correct Answer
    A. Stealth Virus
    Explanation
    A stealth virus is a type of virus that attempts to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive, making it difficult to detect and remove. Unlike polymorphic viruses, which change their code to avoid detection, and Trojan horse viruses, which disguise themselves as legitimate programs, a stealth virus specifically focuses on hiding its presence from detection. A retrovirus, on the other hand, is a type of virus that uses reverse transcription to replicate its genetic material. Therefore, the correct answer is Stealth Virus.

    Rate this question:

  • 46. 

    Which one of the following options will allow for a network to remain operational after a T1 failure?

    • Redundant servers

    • Redundant ISP

    • RAID 5 drive array

    • Uninterruptible Power Supply (UPS)

    Correct Answer
    A. Redundant ISP
    Explanation
    Having a redundant ISP (Internet Service Provider) allows for a network to remain operational after a T1 failure. This means that if one ISP fails, there is another one available to provide internet connectivity and ensure that the network continues to function. Redundancy in the ISP ensures that there is a backup option in case of any failure or downtime, minimizing the impact on network operations.

    Rate this question:

  • 47. 

    A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings?

    • $900

    • $2,290

    • $2,700

    • $5,000

    Correct Answer
    A. $2,290
    Explanation
    By purchasing the anti-malware software for $5,000 per year, the call center can prevent 90% of the workstations from being compromised. If the workstations are compromised, it will take three hours to restore services for the 30 staff, resulting in a cost of $90 per hour per staff member. Without the software, there is a 90% chance of workstations being compromised, which means that there is a 10% chance of not needing to restore services for the staff. Therefore, the expected net savings can be calculated as: (90% * 30 * 3 * $90) - $5,000 = $2,290.

    Rate this question:

  • 48. 

    From the listing of attacks; which analyzes how the operating system (OS) responds to specific network traffic, in an attempt to determine the operating system running in your networking environment?

    • Operating system scanning.

    • Reverse engineering.

    • Fingerprinting

    • Host hijacking.

    Correct Answer
    A. Fingerprinting
    Explanation
    Fingerprinting is the correct answer because it refers to the process of analyzing how the operating system responds to specific network traffic in order to determine the operating system running in the networking environment. This technique involves sending specific packets to a target system and analyzing the responses to identify the operating system. It is commonly used by attackers to gather information about a target system and exploit any vulnerabilities specific to that operating system.

    Rate this question:

  • 49. 

    Which of the following has largely replaced SLIP?

    • SLIP (Serial Line Internet Protocol)

    • PPP (Point-to-Point Protocol)

    • VPN

    • RADIUS (Remote Authentication Dial-In User Service)

    Correct Answer
    A. PPP (Point-to-Point Protocol)
    Explanation
    PPP (Point-to-Point Protocol) has largely replaced SLIP (Serial Line Internet Protocol) because it provides more advanced features and capabilities. Unlike SLIP, which only supports IP, PPP supports multiple protocols, including IP, IPX, and AppleTalk. PPP also offers authentication and encryption mechanisms, making it more secure than SLIP. Additionally, PPP supports error detection and correction, ensuring reliable data transmission over serial lines. Overall, PPP is a more versatile and robust protocol, which is why it has become the preferred choice over SLIP.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 17, 2009
    Quiz Created by
    Pocho

Related Topics

Recent Quizzes

Comptia Security PLUS Practice Exam Comptia Security PLUS Practice Exam
Comptia Security+ Practice Exam: Quiz! Comptia Security+ Practice Exam: Quiz!
Chapter 7 & 8 Security + Chapter 7 & 8 Security +
Securty + Ch. 2-6 test Securty + Ch. 2-6 test
SECURITY + Systems Security SECURITY + Systems Security
SECURITY + Network Infrastructure SECURITY + Network Infrastructure
SECURITY + Access Control SECURITY + Access Control
Do you know about Sec+ study guide G quiz Do you know about Sec+ study guide G quiz
SECURITY + Certification in Organizational Security SECURITY + Certification in Organizational Security
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.