CompTIA Security+ (Free Quiz)

During the examination of the infected laptop, it is noticed that the malware loads on startup
and also loads a file called netutilities.dll every time MS Word is opened. This is an
example represents which of the following attack?

While testing a new application your group noted that when 3 or more of you click ‘submit’
at the same time on a particular form, the application crashes every time. This is an example
of which error?

Which one is a Passive Tool?

From the following choose the example of Initial Exploitation?

In which type of testing, the testers are not provided with any type of information for
performing assessment?

From the following which is not correct regarding insider threat?

Which of the following can be included in criminal activity on the internet? (Select all that
apply.)

Which of the following have the ability to write scripts that exploit vulnerabilities and are
also able to discover new vulnerabilities?

In which of the following threat category the attacks by an attacker or a small group of
attackers falls?

When the input supplied to the program is more than it can process, what type of
vulnerability occurs?

A user reports that he is unable to connect to the network. When you troubleshoot the
issue, you notice that the MAC address for his default gateway is not matching with the
MAC address of your company’s router. What type of attack is he facing?

High traffic load is crashing your e-commerce site. When you look at the traffic logs, you
identify that thousands of requests coming from hundreds of various IP addresses for the
same URL. You are facing which of the following attacks?

Which of the following can help in cracking the password of a disgruntled user who is fired
recently in the least time?

The attack in which network traffic is captured and retransmitted at a later time by the
attacker is known as?

You notice a man in a red shirt standing close to a locked door with a large box in his hands.
He waits for someone else to come along and open the locked door, then proceeds to follow
him inside. What type of social engineering attack is this?

In your company, the desktops are being infected by a malware in a way that more and
more systems are becoming a victim of that malware every hour despite the fact that users
are not sharing any e-mails, programs, or even files. Which malware is causing this
infection?

You are not able to open any of the Word document stored on the local system and when
a document is forced open for analyzation purpose you see only random characters and
there is no sign that the file is still a Word document. You are a victim of which malware?

Some desktops in your company are displaying the message “Your files have been
encrypted. Pay 2 bitcoins in order to recover them.” These desktops have been affected by
which malware?

A member of your company is facing issues with his laptop. Whenever he opens a browser,
he sees various pop-ups after every few minutes and whatever website he visits, the popups
appear. His laptop is affected by which malware?

For what reason NAT will likely keep on being used in even IPv6 systems?
Why will NAT likely continue to be used even in IPv6 networks?

You are requested to suggest a VPN methodology to a senior management of your company
for newly purchased VPN concentrators. For what reason would you
firmly recommend IPSec VPNs?

Which of the following is the core technology of NIPS on which it relies?

How can security be improved through a proxy server?

For encryption keys, the temper protection can be provided by which of the following
device?

From the following which one represents most network tools that detect an attack?

The tcpdump command-line tool is a category of which of the following?

A company was attacked by the bad guys multiple times and that attack results in data
violations. Therefore the company set up some vulnerable virtual machines containing fake
data that looks exactly like the company’s real machines in order to identify how the bad
guys get into the system. Which of the following mechanism was implemented by the
company?

If a worm is going through your company that reaches out to other nodes on port TCP/1337.
Which of the following tools would you need to identify the affected nodes on your
network?

Related to log and event anomalies which principle is valid?

The most likely reason behind access violation errors is?

Which statement is true regarding firewalls?

Satellite communications (SATCOM) usage is most common in which of the following
scenario?

For establishing trust relationship which mechanism is used by the Bluetooth?

From the following which one is not a part of a proper Mobile Device Management (MDM)
policy?

ANT is correctly described by which of the following?

A user is receiving “cannot resolve address” error notes from his browser. Which port is
possibly an issue on his firewall?

Which of the following defines the Secure Shell (SSH) protocol?

Which port is used by FTPS?

Which of the following statement regarding Transport Layer Security (TLS) is correct?

Which of the following is the purpose of using Tunneling?

The defense-in-depth is not supported by which one of the following?

Which of the following can result in the highest risk if configured improperly?

Why is UEFI preferred rather than BIOS?

Which of the following is not performed by a Secure Boot?

What is not true about hardware roots of trust?

What is the simple way of improving the security of a system?

Which statement is not true regarding systems on a chip?

Which aspect is important to remember while dealing with the medical device’s security?

Which term describes the loss of control over data during operations?

In which testing environment fuzz testing works great?

Which methodology proceeds through a sequence of stages, with each stage being
performed before proceeding to the next stage?

Which of the following cloud deployment model is finest for the application which is
extremely scalable and can be provided on request?

Which model of cloud deployment has the least security controls?

What is the main drawback of a private cloud model?

What is the use of Security Content Automation Protocol (SCAP)?

Why is automated testing important for configuration validation?

Complete the sentence with the right answer. Alarms are useful only if:

Which of the following is the security benefit of a Faraday cage?

Which of the following is the main problem of biometrics?

Which account is used to run processes that don’t involve human interference to start or
stop?

A person who works in the IT department of the bank informs you that the tellers are
permitted to access their terminal from 9 A.M. to 5 P.M., Monday through Saturday only.
This restriction is an example of which of the following?

The process of assigning a computer ID to a particular user is identified as?

Which is not a true category of authentication factors to be used if you are developing a
new multifactor authentication system for your company?

Which one of the following passwords seems hardest to break?

The process of ensuring that every account on a mail server is owned by a valid and active
employee is known as?

What should occur when a user is no longer authorized or no longer desires to use a
system?

For managing identities across corporates and systems, the protocols, policies, and
practices are defined by which of the following?

From the following scenarios in which it is acceptable to use a shared account?

For generating a one-time password which algorithm uses the secret key with a current
timestamp?

Which access control system needs to be used in case your company wants a system to
restrict access to the files that contain sensitive information?

Which one is not a form of hardware token?

Your client wants a system that will allow them to authenticate that messages arrived from
a particular person. What authenticity providing method you might recommend them to
use?

You modify a fingerprint scanner of your company and 1 out of 50 attempts fail despite
using a valid finger. The supervisor of the company says that “1 out of 50 is good enough”.
Which of the following is described by the supervisor for the fingerprint scanner?

Which protocol can pass a symmetric key securely over the network that is insecure and
uses a key distribution?

What is the abbreviation of RADIUS?

Which of the following is allowed by OpenID Connect?

Which service permits authorization across networks & single sign-on & federated identitybased
authentication?

Which one of the following options represents the processes of adding and removing a
person to a team or project?

Which authentication factor is not regarded as “something you are”?

The requisite level of performance of a given contractual service is essentially set by which
of the following?

Which of the following is responsible for defining the characteristics like privacy, security,
and retention policies for specific information?

Which of the following policy describes what a company considers to be the proper use of
its resources (like computer policies, internet, network, and e-mail)?

Which of the following is the step-by-step instruction that describes policies
implementation steps in a corporation?

After an incident, the target time that is set for a continuation of operations is described by
which of the following term?

The security control that is used post-event for minimizing the amount of damage is?

A mantrap is an illustration of which of the following security control? (Select all that
apply.)

From the following, which one is the best explanation of ‘Risk’?

Which term describes the steps that a corporate performs after any unusual/abnormal
situation is seen in the operation of a computer system?

Which step of the incident response process involves eliminating the issue?

Which of the following site is partially configured (usually contain peripherals & software
but not every required thing)?

The backup strategy that includes only those files that have been modified since the last
full backup is?

The process for transferring to the continuity of operation version from a regular
operational capability of the business is named as?

Getting all the team members in a cabin around the table for discussing simulated
emergency conditions is known as?

Which one of the following is the most important issue in the process of forensics from the
initial step?

Whose function is identical to the cyclic redundancy check, familiar parity
bits, or checksum?

Which of the following is not “personally identifiable information (PII)”?

Whose responsibility is to determine what data is required by the company?

From the following methods which one is perfect for destroying DVD’s data at the desktop?

Which of the following Information discloses the customer’s identity?

Which of the following form of cryptography makes key management less of a concern?

What is the finest way to obtain the plaintext from a hash value?

Which of the following is the reason behind digitally signed messages distinction from
encrypted messages?

If a huge quantity of data in the form of a streaming video file is given, what type of
encryption technique will be the best to secure the content from unauthorized live
viewing?

What does Diffie-Hellman permit us to do?

Your corporation wishes to set up a new encryption system that will secure the majority of
data with a symmetric cipher of at least 256 bits in strength. What is the rightest option of
cipher for the massive amount of data?

In the IEEE 802.1AE standard which cipher mode is employed and accepted by NIST?

The boss of your company wants you to initiate the attempt to implement digital signatures
in the company and want to get notified about what is required for appropriate security of
those signatures. Which of the following algorithm you possibly have to consider?

A hash collision is bad for malware prevention. Why?

For key exchange protocol why the ephemeral key is important?

Which of the following is the perfect solution if you are setting up a Wi-Fi network in a
company that is meant to be used only by company members (using company’s laptops)
and must be extremely secure.

Your task is to implement Wi-Fi in enterprise mode and the initial diagram of a network
presents only network switches and the updated access points. What is the missing
component in the diagram?

Why is it not recommended to enable WPS?

What enables RADIUS to scale to a global authentication network?

What is the correct reason for “TKIP enhance security”?

Which of the following does certificate authority consist?

Your boss demands you to examine the corporation’s internal PKI system’s CPS
for applicability and verification and to assure that it satisfies present demands. What are
you most likely to concentrate on?

To which of the following does the standard X.509 relate?

Internet SSL public key infrastructure is best described by which of the following models?

A certificate is delivered to you through email but the file does not contain the extension.
The email mentions that your certificate, the root CA and the intermediate CAs are all
included in the file. What is the format of the certificate?