This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) You are a member of the security team in the IT Infrastructure department at a manufacturer. You have received a ticket from the network architecture team who have requested your approval of a proposed network change. The change is to replace a network device that allows internal servers to make requests to the internet without external systems being able to determine what internal server made the original request. What type of system is being changed?
2) Your employer's security policies state that all externally facing servers should only be accessible via ports that are absolutely required. Generally your company only has web servers that are accessible from outside the companies network. A recent security review showed that it was possible to ping several of these web servers. What protocol should be disabled using a firewall to ensure pings do not successfully contact the servers?
3) What is the third step of the incident response process?
4) You are a network engineer for a mid-sized consulting company. Your employer is currently in the role of a systems integrator for a transformation project at a retail company. You have been tasked with configuring a new network switch. Upon accessing the switch via SSH you receive a message stating only authorized users from ACME Enterprise and authorized 3rd party partners are permitted. You are not required to acknowledge or accept this warning in any way. What type of control best classifies this type of message?
5) You need to record packet data being sent to and from a server running a Linux operating system. After recording the network traffic you want to view the data in a visualization tool like Wireshark. What command line tool is best suited for this task?
6) What acronym refers to the amount of time between the failure of a device and the device's return to normally functionality?
7) Which of the following options is a functionality or tool that disallows access to a wireless network based on the layer 2 address of the client device?
8) Which of the following options is a vendor neutral standard for message logging?
9) You are a network security technician at a mid-sized company. Your employer is planning for significant growth and the CIO has tasked you with implementing a system to consolidate all critical network device logs to a central location. The system should support logs from all routers, firewalls, switches and business critical servers and should send alerts in the event of security issues. What type of solution would best meet these requirements?
10) Which of the following options is the most costly form of disaster recovery options?
11) You are in the onboarding process with a new employer. Your new manager has asked you to review and sign a document that outlines how you can use their IT systems and what types of uses are not permitted. What type of policy document is this?
12) A string of text is converted to a numeric value that uniquely identifies the original text. With only the numeric value it is impossible to reproduce the original text value. Which term correctly identifies this numeric value?
13) Your employer has several thousand internal users all who need to access the internet on a daily basis to complete their work. What technology should be used to mask the internal IP addresses of these users and allow access to the internet through shared public IP addresses?
14) Which of the following options is a valid type of evidence in a computer forensics investigation that proves innocence?
15) A large chemical company will soon be legally required to offer phone support for customers to contact in the event of a chemical spill or other similar issue. The new law requires the company be available 24/7, 365 days a year or large fines will be levied against the company. You have been contracted to ensure a power outage does not prevent the help desk from being available to callers. You have been given the requirement that all electronic equipment (desktops, servers, network equipment, phones, etc.) must operate for up to 24 hours without interruption during a power outage. Which of the following options would best meet requirement?
16) You are an IT specialist on the Network Security team of a large enterprise. You have been tasked to implement a wireless network to be used by employees in the corporate headquarters. Your employer is very security conscious and instructs you to use the best possible encryption protocol available. What 802.11 protocol would you use to fulfill this requirement?
17) Your employer uses a third party service provider to store files like word documents and presentations. These files can be accessed and collaborated on by other employees through a website. There are many companies that use this same service, but data is controlled using various methods to ensure users can only access their own companies files. What type of service is this?
18) What type of NIDS commonly uses artificial intelligence and data mining to identify malicious network traffic?
19) You are a penetration tester for a network security consulting company. You are currently on-site at a customer's premises and are doing your first analysis of the customer's network security. You check if they are using Wifi and find that they are using a deprecated protocol with known vulnerabilities. Which of the options is most likely being used?
20) When configuring a wireless access point what configuration change will hide the name of the wireless network and require users who want to connect to the network to know the wireless name?
You can go back and review your answers or grade your test.