This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
2) The Chief Information Officer (CIO) of your employer has mandated that the internal payroll software be replaced by a cloud based application. The new software is a web based industry standard and will be licensed for use by the company. Which of the following best describes this situation?
3) Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
4) A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
5) An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
6) Separation of duties is often implemented between developers and administrators in order to separate which of the following?
7) A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
8) Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
9) Keith, a network administrator, has been asked to passively monitor network traffic for potential malicious activities to the company's sales websites. Which of the following would be BEST suited for this task?
10) George, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following could be used to accomplish this task?
11) Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?
12) Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
13) An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
14) Which of the following presents the STRONGEST access control?
15) Which of the following can allow Emily, a security analyst, to encrypt individual files on a system?
16) Which of the following BEST explains the use of an HSM within the company servers?
17) Which of the following is true about asymmetric encryption?
18) Which of the following defines a business goal for system restoration and acceptable data loss?
19) A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
20) Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
You can go back and review your answers or grade your test.