This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
Tailgating is the act of following another person through an access point, or passing through an access point while it is temporarily open. Another term for this is Piggy Backing.
This question is filed under objective 5, Access Control and Identity Management
In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint It can be either electronic or physical The act may be legal or illegal, authorized or unauthorized, depending on the circumstances However, the term more often has the connotation of being an illegal or unauthorized actTo describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used "Tailgating" implies no consent (similar to a car tailgating another vehicle on a road), while "piggybacking" usually implies consent of the authorized person… Read More
2) Keith, a network administrator, has been asked to passively monitor network traffic for potential malicious activities to the company's sales websites. Which of the following would be BEST suited for this task?
A Network Intrusion Detection System (NIDS) passively monitor network and systems for malicious activities.
This question is filed under objective 1, Network Security
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarmsIDS types range in scope from single computers to large networks The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) A system that monitors important operating system files is an example of an HIDS, while a… Read More
3) Which of the following can allow Emily, a security analyst, to encrypt individual files on a system?
Encrypting File System allows for a Microsoft Windows system to encrypt individual files or entire file system encryption
This question is filed under objective 4, Application, Data and Host Security
The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 30 of NTFS that provides filesystem-level encryption The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer EFS is available in all versions of Windows except the home versions (see Supported operating systems below) from Windows 2000 onwards By default, no files are encrypted, but encryption can be enabled by users on a per-file, per-directory, or per-drive basis Some EFS settings can also be mandated via Group Policy in Windows domain environmentsCryptographic file system implementations for other operating systems are available, but the Microsoft EFS is not… Read More
4) George, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following could be used to accomplish this task?
A Recovery Agent is a user capable of decrypting data that was encrypted by a local user.
This question is filed under objective 5, Access Control and Identity Management
5) Separation of duties is often implemented between developers and administrators in order to separate which of the following?
Employees with access to the development AND deployment processes could pose a security hazard, which is why separation of duty and need to know policies should be in place.
This question is filed under objective 2, Compliance and Operational Security
Separation of duties (SoD also known as Segregation of Duties) is the concept of having more than one person required to complete a task In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error The concept is alternatively called segregation of duties or, in the political realm, separation of powers In democracies, the separation of legislation from administration serves a similar purpose The concept is addressed in technical systems and in information technology equivalently and generally addressed as redundancy … Read More
6) Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
The goal here is to find security threats, or vulnerabilities, on the network. A vulnerability scan will help find some security threats.
This question is filed under objective 1, Network Security
In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (ie perform unauthorized actions) within a computer system To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness In this frame, vulnerabilities are also known as the attack surface Vulnerability management is the cyclical practice that varies in theory but contains common processes which include: discover all assets, prioritize assets, assess or perform a complete vulnerability scan, report on results, remediate vulnerabilities, verify remediation - repeat… Read More
7) An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
Shoulder surfing is the act of observing a person access a system, with the intent of memorizing or recording credentials.
This question is filed under objective 5, Access Control and Identity Management
In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder, either from keystrokes on a device or sensitive information being spoken and heard, also known as eavesdropping… Read More
8) A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
A block cipher encrypts data into fixed-length groups of bits, called a block. In this question, the cipher is transmitting the data one block at a time.
This question is filed under objective 6, Cryptography
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks It uses an unvarying transformation, that is, it uses a symmetric key They are specified elementary components in the design of many cryptographic protocols and are widely used to implement the encryption of large amounts of data, including data exchange protocols Even a secure block cipher is suitable only for the encryption of a single block of data at a time, using a fixed key A multitude of modes of operation have been designed to allow their repeated use in a secure way, to achieve the security goals of confidentiality and authenticity… Read More
9) A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
User accounts should be regularly reviewed to ensure employees accounts are correct, and only granted permission for information needed to perform their job. (Need to Know)
This question is filed under objective 2, Compliance and Operational Security
In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose … Read More
10) Which of the following BEST explains the use of an HSM within the company servers?
Hardware and software encryptions do essentially the same thing, but a Hardware Security Module (HSM) will allow a server to function much faster, improving response time and allowing for stronger encryptions.
This question is filed under objective 6, Cryptography
A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server A hardware security module contains one or more secure cryptoprocessor chips… Read More
11) Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
SQL injection is a code injection technique where a user input is actually given a SQL code, used to display or insert information into a database. Validating and sanitizing user input will prevent this type of attack.
This question is filed under objective 3, Threats and Vulnerabilities
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (eg to dump the database contents to the attacker) SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or… Read More
12) Which of the following defines a business goal for system restoration and acceptable data loss?
RTO, or Recovery Time Objective, is a set time for recovery of your IT and business systems after experiencing a disaster.
This question is filed under objective 2, Compliance and Operational Security
Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events Disaster recovery can therefore be considered a subset of business continuity Disaster Recovery assumes that the primary site is not recoverable (at least for some time) and represents a process of restoring data and services to a secondary survived site, which is opposite to the process of restoring back to… Read More
13) Which of the following is true about asymmetric encryption?
In asymmetric encryption, there are two keys (generally public and private keys), anything encrypted with one key, can only be decrypted with the opposite key.
This question is filed under objective 6, Cryptography
Public-key cryptography, or asymmetric cryptography, is a cryptographic system which uses pairs of keys: public keys (which may be known to others), and private keys (which may never be known by any except the owner) The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way functions Effective security requires keeping the private key private the public key can be openly distributed without compromising securityIn such a system, any person can encrypt a message using the intended receiver's public key, but that encrypted message can only be decrypted with the receiver's private key… Read More
14) Which of the following presents the STRONGEST access control?
Mandatory Access Control (MAC) is a type of access control where permissions and usage policies are assigned by a central authority (administrator) and cannot be changed by any user.
This question is filed under objective 5, Access Control and Identity Management
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target In the case of operating systems, a subject is usually a process or thread objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc Subjects and objects each have a set of security attributes Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place… Read More
15) An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
Using a script to check for inactive accounts is a good idea, but not a preventative measure. Applying an expiration date to temporary employees accounts will prevent them from accessing the network once they leave the company.
This question is filed under objective 2, Compliance and Operational Security
16) Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
Because of it's specialization in spyware, an Anti-spyware software is needed in this situation. Notice the question specifically asks about a TRACKING cookie.
This question is filed under objective 4, Application, Data and Host Security
Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user for example by violating their privacy or endangering their device's security This behavior may be present in malware as well as in legitimate software Websites may also engage in spyware behaviors like web tracking Hardware devices may also be affected Spyware is frequently associated with advertising and involves many of the same issues Because these behaviors are so common, and can have non-harmful uses, providing a precise definition of spyware is a difficult task… Read More
17) A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
This configuration is known as a router on a stick. Where a single router routes for multiple VLANS, through sub-interfaces or several physical interfaces. Each interface will have it's own IP, belonging to a seperate subnet and VLAN.
This question is filed under objective 1, Network Security
A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2) LAN is the abbreviation for local area network and in this context virtual refers to a physical object recreated and altered by additional logic VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed… Read More
18) Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?
Public/Private key encryption is asymmetric, meaning anything encrypted with one key must be decrypted using the opposite key. If the data was encrypted with the public key, only the private key can decrypt it.
This question is filed under objective 5, Access Control and Identity Management
Public-key cryptography, or asymmetric cryptography, is a cryptographic system which uses pairs of keys: public keys (which may be known to others), and private keys (which may never be known by any except the owner) The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way functions Effective security requires keeping the private key private the public key can be openly distributed without compromising securityIn such a system, any person can encrypt a message using the intended receiver's public key, but that encrypted message can only be decrypted with the receiver's private key… Read More
19) An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
Lightweight Directory Access Protocol (LDAP) is used to distribute organized sets of records and uses TCP/UDP ports 389 by default.
This question is filed under objective 1, Network Security
The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory Similarly, a telephone directory is a list of subscribers with an address and a phone number LDAP is specified in a series of Internet Engineering Task Force… Read More
20) The Chief Information Officer (CIO) of your employer has mandated that the internal payroll software be replaced by a cloud based application. The new software is a web based industry standard and will be licensed for use by the company. Which of the following best describes this situation?
Software as a Service (SaaS) is a service model where software and applications are hosted by a service provider for use through a network, normally the internet.
This question is filed under objective 4, Application, Data and Host Security
Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft SaaS applications are also known as on-demand software and Web-based/Web-hosted softwareSaaS is considered to be part of cloud computing, along with infrastructure as a service (IaaS), platform as a service (PaaS), desktop as a service (DaaS), managed software as a service (Dancing Numbers)(MSaaS), mobile backend as a service (MBaaS), datacenter as a service (DCaaS), and information technology management as a service (ITMaaS)… Read More
You can go back and review your answers or grade your test.