CompTIA Security+ Practice Questions Part 2

Which methodology proceeds through a sequence of stages, with each stage being
performed before proceeding to the next stage?

Which of the following cloud deployment model is finest for the application which is
extremely scalable and can be provided on request?

Which model of cloud deployment has the least security controls?

What is the main drawback of a private cloud model?

What is the use of Security Content Automation Protocol (SCAP)?

Why is automated testing important for configuration validation?

Complete the sentence with the right answer. Alarms are useful only if:

Which of the following is the security benefit of a Faraday cage?

Which of the following is the main problem of biometrics?

Which account is used to run processes that don’t involve human interference to start or
stop?

A person who works in the IT department of the bank informs you that the tellers are
permitted to access their terminal from 9 A.M. to 5 P.M., Monday through Saturday only.
This restriction is an example of which of the following?

The process of assigning a computer ID to a particular user is identified as?

Which is not a true category of authentication factors to be used if you are developing a
new multifactor authentication system for your company?

Which one of the following passwords seems hardest to break?

The process of ensuring that every account on a mail server is owned by a valid and active
employee is known as?

What should occur when a user is no longer authorized or no longer desires to use a
system?

For managing identities across corporates and systems, the protocols, policies, and
practices are defined by which of the following?

From the following scenarios in which it is acceptable to use a shared account?

For generating a one-time password which algorithm uses the secret key with a current
timestamp?

Which access control system needs to be used in case your company wants a system to
restrict access to the files that contain sensitive information?

Which one is not a form of hardware token?

Your client wants a system that will allow them to authenticate that messages arrived from
a particular person. What authenticity providing method you might recommend them to
use?

You modify a fingerprint scanner of your company and 1 out of 50 attempts fail despite
using a valid finger. The supervisor of the company says that “1 out of 50 is good enough”.
Which of the following is described by the supervisor for the fingerprint scanner?

Which protocol can pass a symmetric key securely over the network that is insecure and
uses a key distribution?

What is the abbreviation of RADIUS?

Which of the following is allowed by OpenID Connect?

Which service permits authorization across networks & single sign-on & federated identitybased
authentication?

Which one of the following options represents the processes of adding and removing a
person to a team or project?

Which authentication factor is not regarded as “something you are”?

The requisite level of performance of a given contractual service is essentially set by which
of the following?

Which of the following is responsible for defining the characteristics like privacy, security,
and retention policies for specific information?

Which of the following policy describes what a company considers to be the proper use of
its resources (like computer policies, internet, network, and e-mail)?

Which of the following is the step-by-step instruction that describes policies
implementation steps in a corporation?

After an incident, the target time that is set for a continuation of operations is described by
which of the following term?

The security control that is used post-event for minimizing the amount of damage is?

A mantrap is an illustration of which of the following security control? (Select all that
apply.)

From the following, which one is the best explanation of ‘Risk’?

Which term describes the steps that a corporate performs after any unusual/abnormal
situation is seen in the operation of a computer system?

Which step of the incident response process involves eliminating the issue?

Which of the following site is partially configured (usually contain peripherals & software
but not every required thing)?

The backup strategy that includes only those files that have been modified since the last
full backup is?

The process for transferring to the continuity of operation version from a regular
operational capability of the business is named as?

Getting all the team members in a cabin around the table for discussing simulated
emergency conditions is known as?

Which one of the following is the most important issue in the process of forensics from the
initial step?

Whose function is identical to the cyclic redundancy check, familiar parity
bits, or checksum?

Which of the following is not “personally identifiable information (PII)”?

Whose responsibility is to determine what data is required by the company?

From the following methods which one is perfect for destroying DVD’s data at the desktop?

Which of the following Information discloses the customer’s identity?

Which of the following form of cryptography makes key management less of a concern?