CompTIA Security+ Assessment Exam
A security administrator is reviewing an organization's security policy and notices that the policy does not define a time frame for reviewing user rights and permissions. Which of the following is the MINIMUM time frame that she should recommend? A. At least once a year B. At least once every five years C. Anytime an employee leaves the organization D. Anytime a security incident has been identified
A
A technician confiscated an employee's computer after management learned the employee had unauthorized material on his system. Later, a security expert captured a forensic image of the system disk. However, the security expert reported the computer was left unattended for several hours before he captured the image. What is a potential issue if this incident goes to court? A. Chain of custody B. Order of volatility C. Time offset D. Lack of metrics
A
An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn't meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid? A. Digital signature B. Integrity C. Repudiation D. Encryption
A
An updated security policy defines what applications users can install and run on company-issued mobile devices. Which of the following technical controls will enforce this policy? A. Whitelisting B. Blacklisting C. AUP D. BYOD
A
Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with reducing the attack surface of this server to prevent future attacks. What will meet this goal? A. Disabling unnecessary services B. Installing and updating antivirus software C. Identifying the baseline D. Installing a NIDS
A
Bart installed code designed to enable his account automatically, three days after anyone disables it. What does this describe? A. Logic bomb B. Rootkit C. Armored virus D. Ransomware
A
Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy? A. Inability to ensure devices are up to date with current system patches B. Difficulty in locating lost devices C. Cost of the devices D. Devices might not be compatible with applications within the network.
A
Management within your organization wants to limit documents copied to USB flash drives. Which of the following can be used to meet this goal? A. DLP B. Content filtering C. IPS D. Logging
A
Network administrators in your organization need to administer firewalls, security appliances, and other network devices. These devices are protected with strong passwords, and the passwords are stored in a file listing these passwords. Which of the following is the BEST choice to protect this password list? A. File encryption B. Database field encryption C. Full database encryption D. Whole disk encryption
A
Of the following choices, what are valid security controls for mobile devices? A. Screen locks, device encryption, and remote wipe. B. Host-based firewalls, pop-up blockers, and SCADA access. C. Antivirus software, voice encryption, and NAC. D. Remote lock, NAC, and locking cabinets.
A
Which of the following tools is the MOST invasive type of testing? A. Pentest B. Protocol analyzer C. Vulnerability scan D. Host enumeration
A
You are configuring a switch and need to ensure that only authorized devices can connect to it and access the network through this switch. Which of the following is the BEST choice to meet this goal? A. Implement 802.1x. B. Use a Layer 3 switch. C. Create a VLAN. D. Enable RSTP.
A
You are planning to encrypt data in transit with IPsec. Which of the following is MOST likely to be used with IPsec? A. HMAC B. Blowfish C. Twofish D. MD5
A
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? A. DDoS attack B. DoS attack C. Smurf attack D. Salting attack
A
You need to ensure that several systems have all appropriate security controls and patches. However, your supervisor specifically told you not to attack or compromise any of these systems. Which of the following is the BEST choice to meet these goals? A. Vulnerability scan B. Penetration test C. Command injection D. Virus scan
A
Your organization has implemented a network design that allows internal computers to share one public IP address. Of the following choices, what did they MOST likely implement? A. PAT B. STP C. DNAT D. TLS
A
Your organization has several switches used within the network. You need to implement a security control to secure the switch from physical access. What should you do? A. Disable unused ports. B. Implement an implicit deny rule. C. Disable STP. D. Enable SSH.
A
Your organization includes the following statement in the security policy: "Security controls need to protect against both online and offline password brute force attacks." Which of the following controls is the LEAST helpful to meet these goals? A. Account expiration B. Account lockout C. Password complexity D. Password length
A
Your organization is hosting a wireless network with an 802.1x server using PEAP. On Thursday, users report they can no longer access the wireless network. Administrators verified the network configuration matches the baseline, there aren't any hardware outages, and the wired network is operational. Which of the following is the MOST likely cause for this problem? A. The RADIUS server certificate expired. B. DNS is providing incorrect host names. C. DHCP is issuing duplicate IP addresses. D. MAC filtering is enabled.
A
Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use? A. TPM B. HSM C. VM escape D. DLP
A
Your organization routinely hires contractors to assist with different projects. Administrators are rarely notified when a project ends and contractors leave. Which of the following is the BEST choice to ensure that contractors cannot log on with their account after they leave ? A. Enable account expiration. B. Enable an account enablement policy. C. Enable an account recovery policy. D. Enable generic accounts.
A
Your organization's security policy requires that personnel notify security administrators if an incident occurs. However, this is not occurring consistently. Which of the following could the organization implement to ensure security administrators are notified in a timely manner? A. Routine auditing B. User rights and permissions review C. Design review D. Incident response team
A
You are redesigning your password policy. You want to ensure that users change their passwords regularly, but they are unable to reuse passwords. What settings should you configure? (Select THREE.) A. Maximum password age B. Password length C. Password history D. Password complexity E. Minimum password age
A,C,E
A network administrator is attempting to identify all traffic on an internal network. Which of the following tools is the BEST choice? A. Black box test B. Protocol analyzer C. Penetration test D. Baseline review
B
A recent change in an organization's security policy states that monitors need to be positioned so that they cannot be viewed from outside any windows. What is the purpose of this policy? A. Reduce success of phishing B. Reduce success of shoulder surfing C. Reduce success of dumpster diving D. Reduce success of impersonation
B
A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use? A. Vulnerability scan B. Honeynet C. MAC address filtering D. Evil twin
B
A security professional has reported an increase in the number of tailgating violations into a secure data center. What can prevent this? A. CCTV B. Mantrap C. Proximity card D. Cipher lock
B
A security professional is testing the functionality of an application, but does not have any knowledge about the internal coding of the application. What type of test is this tester performing? A. White box B. Black box C. Gray box D. Black hat
B
A security tester is using fuzzing techniques to test a software application. Which of the following does fuzzing use to test the application? A. Formatted input B. Unexpected input C. Formatted output D. Unexpected output
B
A small business owner modified his wireless router with the following settings: PERMIT 1A:2B:3C:3D:5E:6F DENY 6F:5E:4D:3C:2B:1A After saving the settings, an employee reports that he cannot access the wireless network anymore. What is the MOST likely reason that the employee cannot access the network? A. IP address filtering B. Hardware address filtering C. Port filtering D. URL filtering
B
A software company occasionally provides application updates and patches via its web site. It also provides a checksum for each update and patch. Which of the following BEST describes the purpose of the checksum? A. Availability of updates and patches B. Integrity of updates and patches C. Confidentiality of updates and patches D. Integrity of the application
B
An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this? A. DAC B. MAC C. Role-BAC D. Rule-BAC
B
An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle? A. Implicit deny B. Layered security C. Least privilege D. Flood guard
B
An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should be changed to avoid the problem shown with these passwords? A. Password complexity B. Password length C. Password history D. Password reuse
B
Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing? A. Confidentiality B. Integrity C. Availability D. Safety
B
Monty Burns is the CEO of the Springfield Nuclear Power Plant. What would the company have in place in case something happens to him? A. Business continuity planning B. Succession planning C. Separation of duties D. IT contingency planning
B
Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal? A. Load balancing B. Change management C. Incident management D. Key management
B
Testers are analyzing a web application your organization is planning to deploy. They have full access to product documentation, including the code and data structures used by the application. What type of test will they MOST likely perform? A. Gray box B. White box C. Black box D. White hat
B
Users are required to log on to their computers with a smart card a PIN. Which of the following best describes this? A. Single-factor authentication B. Multi-factor authentication C. Mutual authentication D. TOTP
B
Which of the following is a management control? A. Encryption B. Security policy C. Lease privilege D. Change management
B
Which of the following is a symmetric encryption algorithm that encrypts data one bit at a time? A. Block cipher B. Stream cipher C. AES D. DES E. MD5
B
Which of the following represents the BEST action to increase security in a wireless network? A. Replace dipole antennas with Yagi antennas. B. Replace TKIP with CCMP. C. Replace WPA with WEP. D. Disable SSID broadcast.
B
While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request? A. To identify the IPv4 address of gcgapremium.com B. To identify the IPv6 address of gcgapremium.com C. To identify the mail server for gcgapremium.com D. To identify any aliases used by gcgapremium.com
B
You are a technician at a small organization. You need to add fault-tolerance capabilities within the business to increase the availability of data. However, you need to keep costs as low as possible. Which of the following is the BEST choice to meet these needs? A. Failover cluster B. RAID-6 C. Backups D. UPS
B
You are asked to identify the number of times a specific type of incident occurs per year. Which of the following BEST identifies this? A. ALE B. ARO C. MTTF D. SLE
B
You need to transmit PII via email and you want to maintain its confidentiality. Of the following choices, what is the BEST solution? A. Use hashes. B. Encrypt it before sending. C. Protect it with a digital signature. D. Use RAID.
B
You want to deter an attacker from using brute force to gain access to a mobile device. What would you configure? A. Remote wiping B. Account lockout settings C. Geo-tagging D. RFID
B
You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, what should be your FIRST response? A. Preparation B. Identification C. Escalation D. Mitigation
B
Your company recently began allowing workers to telecommunicate from home one or more days a week. However, your company doesn't currently have a remote access solution. They want to implement an AAA solution that supports different vendors. Which of the following is the BEST choice? A. TACACS+ B. RADIUS C. Circumference D. SAML
B
Your organization's security policy requires that PII data at rest and PII data in transit be encrypted. Of the following choices, what would the organization use to achieve these objectives? (Select TWO) A. FTP B. SSH C. SMTP D. PGP/GPG E. HTTP
B, D
Your primary job activities include monitoring security logs, analyzing trend reports, and installing CCTV systems. Which of the following choices BEST identifies your responsibilities? (Select TWO.) A. Hardening systems B. Detecting security incidents C. Preventing incidents D. Implementing monitoring controls
B, D
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? A. XSRF B. XSS C. Input validation D. Fuzzing
C
A continuity of operations plan for an organization includes the user of a warm site. The BCP coordinator wants to verify that the organization's backup data center is prepared to implement the warm site if necessary. Which of the following is the BEST choice to meet this need? A. Perform a review of the disaster recovery plan. B. Ask the managers of the backup data center. C. Perform a disaster recovery exercise. D. Perform a test restore.
C
A network administrator needs to open a port on a firewall to support a VPN using PPTP. Which port should the administrator open? A. UDP 47 B. TCP 50 C. TCP 1723 D. UDP 1721
C
A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if devices are lost or stolen. Which of the following meets this goal? A. Screen locks and geo-tagging B. Patch management and change management C. Screen locks and device encryption D. Full device encryption and IaaS
C
A security administrator is implementing a security program that addresses confidentiality and availability. Of the following choices, what else should the administrator include? A. Ensure critical systems provide uninterrupted service. B. Protect data in transit from unauthorized disclosure. C. Ensure systems are not susceptible to unauthorized changes. D. Secure data to prevent unauthorized disclosure.
C
A security analyst is evaluating a critical industrial control system. The analyst wants to ensure the system has security controls to support availability. Which of the following will BEST meet this need? A. Using at least two firewalls to create a DMZ. B. Installing a SCADA system. C. Implementing control redundancy and diversity. D. Using an embedded system.
C
A supply company has several legacy systems connected together within a warehouse. An external security audit discovered the company is using DES and mandated the company upgrade DES to meet minimum security requirements. The company plans to replace the legacy systems next year, but needs to meet the requirements from the audit. Which of the following is MOST likely to be the simplest upgrade for these systems? A. AES B. HMAC C. 3DES D. SSL
C
A web site is using a certificate. Users have recently been receiving errors from the web site indicating that the web site's certificate is revoked. Which of the following includes a list of certificates that have been revoked? A. CRL B. CA C. OCSP D. CSR
C
Application developers are creating an application that requires users to log on with strong passwords. The developers want to store the passwords in such a way that it will thwart brut force attacks. Which of the following is the BEST solution? A. 3DES B. MD5 C. PBKDF2 D. Database fields
C
Bart, an employee at your organization, is suspected of leaking data to a competitor. Investigations indicate he sent several email messages containing pictures of his dog. Investigators have not been able to identify any other suspicious activity. Which of the following is MOST likely occurring? A. Bart is copying the data to a USB drive. B. Bart is encrypting the data. C. Bart is leaking data using steganography. D. Bart is sending the data as text in the emails.
C
Lisa needs to calculate the total ALE for a group of servers used in the network. During the past two years, five of the servers failed. The hardware cost to replace each server is $3,500, and the downtime has resulted in $2,500 of additional losses. What is the ALE? A. $7,000 B. $10,000 C. $15,000 D. $30,000
C
Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connecting to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it's not possible to update the SCADA systems. What can mitigate this risk? A. Install HIPS on the SCADA systems. B. Install a firewall on the border of the SCADA network. C. Install a NIPS on the border of the SCADA network. D. Install a honeypot on the SCADA network.
C
Lisa recently completed an application used by the Personnel department to store PII and other employee information. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. What does this describe? A. Armored virus B. Polymorphic virus C. Backdoor D. Trojan
C
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: ' or '1'='-- What is MOST likely the explanation for this? A. Buffer overflow attack B. XSS attack C. SQL injection attack D. LDAP injection attack
C
Which type of authentication is a retina scan? A. Multifactor B. TOTP C. Biometric D. Dual-factor
C
You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first? A. Flood guards B. Signatures C. Baseline D. Honeypot
C
You need to configure a UTM security appliance to restrict access to peer-to-peer file sharing web sites. What are you MOST likely to configure? A. Content inspection B. Malware inspection C. URL filter D. Stateless inspection
C
You need to manage a remote server. Which of the following ports should you open on the firewall between your system and the remote server? A. 25 adn 3389 B. 22 and 443 C. 22 and 3389 D. 21 and 23
C
You want to test new security controls before deploying them. Which of the following technologies provides the MOST flexibility to meet this goal? A. Baselines B. Hardening techniques C. Virtualization technologies D. Patch management programs
C
Your organization has implemented a systems that stores user credentials in a central database. Users log on once with their credentials. They can then access other systems in the organization without logging on again. What does this describe? A. Same sign-on B. SAML C. Single sign-on D. Biometrics
C
Your organization issues users a variety of different mobile devices. However, management wants to reduce potential data losses if the devices are lose or stolen. Which of the following is the BEST technical control to achieve this goal? A. Cable locks B. Risk assessment C. Disk encryption D. Hardening the systems
C
A function converts data into a string of characters and the string of characters cannot be reversed to re-create the original data. What type of function is this? A. Symmetric encryption B. Asymmetric encryption C. Stream cipher D. Hashing
D
A recent security audit discovered several apparently dormant users accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. What is the BEST response to this situation? A. Remove the account expiration from the accounts. B. Delete the accounts. C. Reset the accounts. D. Disable the accounts.
D
An organization needs to identify a continuity of operations plan that will allow it to provide temporary IT support during a disaster. The organization does not want to have a dedicated site. Which of the following provides the best situation? A. Cold site B. Warm site C. Hot site D. Mobile site
D
An organization recently suffered a significant outage after a technician installed an application update on a vital server during peak hours. The server remained down until administrators were able to install a previous version of the application on the server. What could the organization implement to prevent a reoccurrence of this problem? A. Do not apply application patches to server applications. B. Apply the patches during non peak hours. C. Apply hardening techniques. D. Create a patch management policy.
D
Bart is performing a vulnerability assessment. Which of the following BEST represents the goal of this task? A. Identify services running on a system. B. Determine if vulnerabilities can be exploited. C. Determine if input validation is in place. D. Identify the system's security posture.
D
Bart wants to block access to all external web sites. Which port should he block at the firewall? A. TCP 22 B. TCP 53 C. UDP 69 D. TCP 80
D
Bart wants to send a secure email to Lisa, so he decides to encrypt it. Bart wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement? A. Bart's public key B. Bart's private key C. Lisa's public key D. Lisa's private key
D
Checking the logs of a web server, you see the following entry: 198.252.69.129--[1/Sep/2013:05:20] "GET/index.php?username=ZZZZZZZZZZZZZZZBBBBBBBBCCCCCCCHTTP/1.1""http://gcgapremium.com/security/""Chrome31"" What is the BEST choice to explain this entry? A. SQL injection B. Pharming attack C. Phishing attack D. Buffer overflow attack
D
Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning? A. A listing of labels reflecting classification levels B. A requirements list identifying need to know C. A listing of owners D. A matrix of functions matched with their required privileges
D
Homer called into the help desk and says he forgot his password. Which of the following choices is the BEST choice for what the help-desk professional should do? A. Verify the user's account exists. B. Look up the user's password and tell the user what it is. C. Disable the user's account. D. Reset the password and configure the password to expire after the first use.
D
Homer recently implemented a wireless network in his home using WEP. He asks you for advice. Which of the following is the BEST advice you can give him? A. He should not use WEP because it uses a weak encryption algorithm. B. He should also ensure he disables SSID broadcast for security purposes. C. He should ensure it is in Enterprise mode. D. He should not use WEP because it implements weak IVs for encryption keys.
D
Network administrators identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of services from the standard image, you verify this application is very likely the problem. What process allowed you to make this determination? A. Banner grabbing B. Hardening C. Whitelisting D. Baselining
D
Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity? A. Fuzzing B. Sniffing C. Spear phishing D. Advanced persistent threat
D
Security personnel recently identified potential fraud committed by a network administrator. Investigators discovered this administrator performs several job functions within the organization, including database administration and application development. Which of the following is the BEST solution to reduce risk associated with this activity? A. Mandatory vacations B. Mandatory access control C. Change management D. Separation of duties
D
Security personnel recently performed a security audit. They identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future? A. Role-BAC model B. Account disablement policy C. Vulnerability assessment D. Account management controls
D
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be the MOST effective at reducing the success of these attacks? A. Implement a BYOD policy. B. Update the AUP. C. Provide training on data handling. D. Implement a program to increase security awareness.
D
Users are complaining of intermittent connectivity issues. When you investigate, you discover that new network cables for these user systems were run across several fluorescent lights. What environmental control will resolve this issue? A. HVAC system B. Fire suppression C. Humidity controls D. EMI shielding
D
What type of device would have the following entries used to define its operation? permit IP any any eq 80 permit IP any any eq 443 deny IP any any A. Layer 2 switch B. Proxy server C. Web server D. Firewall
D
What would you configure on a Layer 3 device to allow FTP traffic to pass through? A. Router B. Implicit deny C. Port security D. Access control list
D
Which of the following is an attack against a mobile device? A. War chalking B. SSID hiding C. Evil twin D. Bluejacking
D
Which of the following lists of protocols use TCP port 22 by default? A. FTPS, TLS, SCP B. SCP, SFTP, FTPS C. HTTPS, SSL, TLS D. SSH, SCP, SFTP E. SCP, SSH, SSL
D
Which type of authentication does a hardware token provide? A. Biometric B. PIN C. Strong password D. One-time password
D
You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users enter their usernames and passwords. Which of the following BEST meets this requirement? A. WPA2-PSK B. WEP over PEAP C. WPS with LEAP D. WPA2 over EAP-TTLS
D
Your company is considering implementing SSO capabilities to company applications and linking them to a social media site. When implemented, users can log on to Facebook and then access company applications without logging on again. What is a potential risk related to this plan? A. A data breach exposing passwords on the company site will affect the social media site. B. SAML lacks adequate security when used on the Internet. C. XML lacks adequate security when used on the Internet. D. A data breach exposing passwords on the social media site will affect the company application.
D
Your organization is planning to issue mobile devices to some employees, but management is concerned about protecting the confidentiality of data if the devices are lost or stolen. Which of the following is the BEST way to secure data at rest on a mobile device? A. Strong passwords B. Hashing C. RAID-6 D. Full device encryption
D
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent these connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solution? A. Enable SSID broadcasting B. Enable MAC filtering C. Use wireless jamming D. Reduce antenna power
D
A web developer is using methods to validate user input in a web site application. This ensures the application isn't vulnerable to XSS, SQL Injection, Buffer Overflow, and Command Injection. What attack is not prevented by validating user input? A. XSS B. SQL Injection C. Buffer overflow D. Command injection E. Whaling
E
An organization has purchased fire insurance to manage the risk of a potential fire. What method are they using? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
E