CompTIA Security+ Certification Practice Exams
Which TCP/IP protocol is designed to synchronize time between computers? A. SNMP B. Windows time sync C. NTP D. SMTP
C
Which network device transmits data between different networks by examining the destination network address in a packet? A. Load balancer B. Layer 2 switch C. Router D. NIC
C
Which network protocol is not routable? A. HTTP B. DNS C. NetBIOS D. Telnet
C
Which of the following is Telnet used for? A. Verifying routers in a transmission path B. Performing encrypted remote command-line management C. Performing clear-text remote command-line management D. Forcing the retrieval of operating system updates
C
Which of the following statements about a security policy are true? (Choose two.) A. Users must read and sign the security policy. B. It guarantees a level of uptime for IT services. C. It is composed of subdocuments. D. Management approval must be obtained.
C, D
Which security mechanisms can be used for the purpose of nonrepudiation? (Choose two.) A. Encryption B. Clustering C. Auditing D. Digital signatures
C, D
A workstation has an IP address of 169.254.46.86. The server administrators realize the DHCP service is offline, so they start the DHCP service. What command should be used next on the workstation to immediately obtain a valid TCP/IP configuration? A. ping -t B. tracert C. netstat -a D. ipconfig /renew
D
As the network administrator for your company, you are creating a security policy such that devices connecting to the corporate VPN must have a trusted digital certificate installed. Which type of security policy are you creating? A. Mobile device encryption policy B. Accountability policy C. Authentication policy D. Remote access policy
D
While troubleshooting connectivity to your remote file server, you realize that a firewall is preventing you from pinging the server. Which type of firewall rule should you create to allow ping traffic? A. UDP B. IGMP C. TCP D. ICMP
D
You have been hired as a consultant by a pharmaceutical company. The company is concerned that confidential drug research documents might be recovered from disposed hard disks. What should you recommend? A. Format the hard drives. B. Repartition the hard drives. C. Freeze the hard drives. D. Physically shred the hard drives.
D
You need to implement a solution that ensures data stored on a USB removable drive has not been tampered with. What should you implement? A. File encryption B. Steganography C. File backup D. File hashing
D
You store personal documents and spreadsheets with a cloud provider. You would like your data to be available only to people having a special unlock key. What should you apply to your documents and spreadsheets? A. File permissions B. File hashing C. File backup D. File encryption
D
199.126.19.71 is an example of which type of address? A. IPv4 B. Port C. IPv6 D. MAC
A
Your Vancouver users cannot connect to a corporate web server housed in Seattle, but they can connect to Internet web sites. The network technicians in Seattle insist the web server is running because Seattle users have no problem connecting to the Seattle web server. From the Vancouver network, you ping the Seattle web server but do not get a reply. Which tool should you use next? A. tracert B. ipconfig C. Telnet D. HTTPA
A
Which TCP/IP protocol does not have authentication configuration options? A. TFTP B. FTP C. SNMP D. SMTP
A Trivial Trial Transport Protocol
You are a file server administrator for a health organization. Management has asked you to configure your servers to appropriately classify files containing patient medical history data. What is an appropriate data classification for these type of files? (Choose all that apply.) A. High B. Medium C. Low D. Private E. Public F. Confidential
A, D, F
You are the network administrator for a pharmaceutical firm. Last month, the company hired a third party to conduct a security audit. From the audit findings, you learn that customers' confidential medical data is not properly secured. Which security concept has been ignored in this case? A. Due diligence B. Due care C. Due process D. Separation of duties
B
You have been asked to implement a solution that separates a large busy network into many smaller collision domains. Which device should you implement? A. Load balancer B. Layer 2 switch C. Router D. NIC
B
You have been tasked with creating a corporate security policy regarding smart phone usage for business purposes. What should you do first? A. Issue smart phones to all employees. B. Obtain support from management. C. Get a legal opinion. D. Create the first draft of the policy.
B
Which of the following are classified as availability solutions? (Choose two.) A. Auditing B. RAID C. File server backups D. Smartcard authentication
B-Redundant Array of Independent Disks (RAID) C
Which of the following are considered TCP/IP transport protocols? (Choose two.) A. HTTP B. TCP C. Telnet D. UDP
B-Transmission Control Protocol D-User Datagram Protocol
A busy web site has not been responding well because of the large volumes of HTTP connections to the web server. Which solution would increase web server performance? A. Add more RAM to the web server. B. Install two web servers hosting the same content. Configure a load balancer to distribute incoming HTTP connections between the two web servers. C. Place a router between the web server and the Internet to throttle incoming HTTP connections. D. Enable SSL on the web server.
B
Which of the following best illustrates potential security problems related to social networking sites? A. Other users can easily see your IP address. B. Talkative employees can expose a company's intellectual property. C. Malicious users can use your pictures for steganography. D. Your credit card number is easily stolen.
B
Which party determines how data labels are assigned? A. Custodian B. Owner C. Server administrator D. Human Resources department
B
While capturing network traffic you notice some packets destined for UDP port 69. What type of network traffic is this? A. FTP B. TFTP C. SNMP D. IMAP
B
What does a privacy policy protect? A. Customer data B. Trade secrets C. Employee home directories D. Firewall configurations
A
Which of the following is a security best practice for configuring an Ethernet switch? A. Disable unused ports and assign MAC addresses to enabled ports. B. Disable unused ports and configure enabled ports for half-duplex. C. Disable unused ports and configure additional VLANs. D. Disable unused ports and configure enabled ports for full-duplex.
A
You are configuring a password policy for users in the Berlin office. Passwords must be changed every 60 days. You must ensure that user passwords cannot be changed more than once within the 60-day interval. What should you configure? A. Minimum password age B. Maximum password age C. Password complexity D. Password history
A
You are evaluating public cloud-based e-mail hosting solutions. All vendors state that multiple servers are always running to ensure mailboxes are available. What is this an example of? A. Clustering B. Steganography C. Digital mailbox signatures D. Mailbox duplicity
A
You are reviewing surveillance camera footage after items have gone missing from your company's office in the evenings. On the video you notice an unidentified person entering the building's main entrance behind an employee who unlocked the door with their swipe card. What type of security breach is this? A. Tailgating B. Mantrapping C. Horseback riding D. Door jamming
A
You would like to track the modification of sensitive trade secret files. What should you implement? A. Auditing B. Encryption C. File hashing D. Disk mirroring
A
Your SAN solution uses optical technology designed solely for high-speed connectivity from servers to disk storage. Which type of SAN is this? A. Fibre Channel SAN B. SMB C. iSCSI D. TCP/IP
A
Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply? A. Confidentiality B. Integrity C. Availability D. Accountability
A
You are configuring a Wi-Fi network for a clothing retail outlet. In accordance with the Payment Card Industry (PCI) regulations for companies handling payment cards, you must ensure default passwords are changed on the wireless router. This is best described as: A. PCI policy B. Compliance with security standards C. User education and awareness D. Wi-Fi policy
B
You are reviewing document security on your private cloud document server. You notice employees in the Sales department have been given full permissions to all project documents. Sales personnel should have only read permissions to all project documents. Which security principle has been violated? A. Separation of duties B. Least privilege C. Job rotation D. Integrity
B
You are the network administrator for a legal firm. Users in Vancouver must be able to view trade secrets for patent submission. You share a network folder called Trade Secrets and allow the following NTFS permissions: • Vancouver_Staff: Read, List Folder Contents • Executives: Write • IT_Admins: Full Control Regarding Vancouver employees, which principle is being adhered to? A. Job rotation B. Least privilege C. Mandatory vacations D. Separation of duties
B
Acme Corporation is upgrading its network routers. The old routers will be sent to the head office before they are disposed of. What must be done to the routers prior to disposal to minimize security breaches? A. Change the router privileged mode password. B. Remove DNS server entries from the router configuration. C. Set the router to factory default settings. D. Format the router hard drive.
C
As the IT security officer, you establish a security policy requiring that users protect all paper documents so that sensitive client, vendor, or company data is not stolen. What type of policy is this? A. Privacy B. Acceptable use C. Clean desk D. Password
C
Choose the correct statement: A. Users are assigned classification labels to access sensitive data. B. Data is assigned clearance levels to access sensitive data. C. Data is assigned clearance levels to protect sensitive data. D. Users are assigned clearance levels to access sensitive data.
C
Christine is the server administrator for Contoso Corporation. Her manager provided step-by-step security policies outlining how servers should be configured to maximize security. Which type of security policy will Christine be implementing? A. Mail server acceptable use policy B. VPN server acceptable use policy C. Procedural policy D. File server acceptable use policy
C
Every month, Gene downloads and tests the latest software patches before applying them to production smart phones. To which security goal does this example apply? A. Confidentiality B. Integrity C. Availability D. Safety
C
Franco, an accountant, accesses a shared network folder containing travel expense documents to which he has read and write access. What is this an example of? A. Privilege escalation B. Due care C. Authorization D. Authentication
C
The primary purpose of security policies is to: A. Establish legal grounds for prosecution B. Improve IT service performance C. Reduce the risk of security breaches D. Ensure users are accountable for their actions
C
Which of the following organizes the appropriate identification methods from least secure to most secure? A. Smartcard, retinal scan, password B. Retinal scan, password, smartcard C. Username and password, smartcard, retinal scan D. ACL, username and password, retinal scan
C
Which protocol suite uses 128-bit IP addresses? A. IPv4 B. IPv5 C. IPv6 D. Network interface cards
C
While experimenting with various server network configurations, you discover an unknown weakness in the server operating system that could allow a remote attacker to connect to the server with administrative privileges. What have you discovered? A. Exploit B. Bug C. Vulnerability D. Denial of service
C
You are explaining how the corporate file auditing policy will work to a new IT employee. Place the following items in the correct order:___, ___, ___, and ___. A. A user opens a file, modifies the contents, and then saves the file. B. A server validates a correct username and password combination. C. A user provides a username and password at a logon screen. D. The file activity generated by the user is logged.
C, B, A, D
How do FCoE and iSCSI differ? A. FCoE uses TCP; iSCSI uses UDP. B. iSCSi uses TCP; FCoE uses UDP. C. FCoE uses TCP/IP; iSCSI does not. D. iSCSI uses TCP/IP; FCoE does not.
D
Which of the following statements regarding DNS are true? (Choose two.) A. It resolves NetBIOS computer names to IP addresses. B. Client-to-server queries use TCP port 53. C. It resolves FQDNs to IP addresses. D. Given an IP address, DNS can return an FQDN.
D
What type of address is fe80::dca6:d048:cba6:bd06? A. IPv4 B. IPv6 C. MAC D. DMZ
B
After a lengthy interviewing process, your company hired a new payroll clerk named Stacey. Stacey will be using a web browser on a company computer at the office to access the payroll application on a public cloud provider web site over the Internet. Which type of document should Stacey read and sign? A. Internet acceptable use policy B. Password policy C. Service level agreement D. Remote access acceptable use policy
A
Michel, an IT security expert, grants permissions to folders on a file server to allow Marketing users to modify Marketing documents. Which information security goal has been satisfied? A. Confidentiality B. Integrity C. Availability D. Safety
A
Raylee is the new network administrator for a legal firm. She studies the existing file server folder structures and permissions and quickly realizes the previous administrator did not properly secure legal documents in these folders. She sets the appropriate file and folder permissions to ensure only the appropriate users can access the data, based on corporate policy. What security role has Raylee undertaken? A. Custodian B. Data owner C. User D. Power user
A
Sean is a security consultant and has been hired to perform a network penetration test against his client's network. Sean's role is best described as: A. White-hat hacker B. Black-hat hacker C. Gray-hat hacker D. Purple-hat hacker
A
Stacey, your assistant, has captured network traffic on your LAN for a 24-hour period, as shown in Figure 1-2. You would like to view network traffic related to users connecting to web sites. Which protocol in the protocol column should you filter by? A. HTTP B. DNS C. TCP D. SSDP
A
Trinity uses her building access card to enter a work facility after hours. She has access to only the second floor. What is this an example of? A. Authorization B. Authentication C. Accountability D. Confidentiality
A
You are developing a security training outline for the Accounting department that will take in the office. Which two items should not be included in the training? (Choose two.) A. Firewall configuration B. The Accounting department's support of security initiatives C. Physical security D. Social engineering
A, B
Which of the following are the best examples of the Custodian security role? (Choose three.) A. Human Resources department employee B. Server backup operator C. CEO D. Law enforcement employee responsible for signing out evidence E. E. Sales executive
A, B, D
Which of the following options best describe proper usage of PII? (Choose two.) A. Law enforcement tracking an Internet offender using a public IP address B. Distributing an e-mail contact list to marketing firms C. Logging into a secured laptop using a fingerprint scanner D. Due diligence
A, C
The creation of data security policies is most affected by which two factors? (Choose two.) A. Industry regulations B. IP addressing scheme being used C. Operating system version being used D. PII
A, D
Which of the following statements are true? (Choose two.) A. Security labels are used for data classifications such as restricted and top secret. B. PII is applicable only to biometric authentication devices. C. Forcing user password changes is considered change management. D. A person's signature on a check is considered PII.
A, D
Your network allows only trusted scripts to run on managed devices. You write a script that must run on all managed devices. What must you do? Place the following correct steps in proper order. (Choose three.) A. Obtain a trusted digital certificate and install it on your computer. B. Export the private key from your digital certificate to all managed devices. C. Create the script. D. Digitally sign the script. E. On your computer, import digital certificates from all managed devices.
A,C,D
Ana must send an important e-mail message to Glen, the director of Human Resources (HR). Corporate policy states that messages to HR must be digitally signed. Which of the following statements is correct? A. Ana's public key is used to create the digital signature. B. Ana's public key is used to verify the digital signature. C. Glen's private key is used to create the digital signature. D. Glen's private key is used to verify the digital signature.
B
Choose the best example of authentication from the following: A. Each morning a network administrator visits various web sites looking for the newest Windows Server vulnerabilities. B. Before two systems communicate with one another across a network, they exchange PKI certificates to ensure they share a common ancestor. C. A file server has two power supplies in case one fails. D. An application has some unintended behavior that could allow a malicious user to write to the Windows registry.
B
From the following list, which best describes authentication? A. Logging in to a TFTP server with a username and password B. Using a username, password, and token card to connect to the corporate VPN C. Checking corporate web mail on a secured web site at http://owa.acme.com after supplying credentials D. Copying files from a server to a USB flash drive
B
You receive the e-mail message shown here. What type of threat is this? Dear valued Acme Bank customer, Acme Bank will be updating web server banking software next week. To ensure continued access to your accounts, we ask that you go to http://www.acmebank.us./accounts and reset your password within the next 24 hours. We sincerely appreciate your business. Acme Bank A. Denial of service B. Phishing attack C. Zero-day exploit D. Ping of death
B
Your company has decided to adopt a public cloud device management solution where all devices are centrally managed from a web site hosted on servers in a data center. Management has instructed you to ensure that the solution is reliable and always available. Which type of document should you focus on? A. Password policy B. Service level agreement C. Remote access acceptable use policy D. Mobile device acceptable use policy
B
Your company requires all desktop computers to run a malware detection program twice daily. You configure your network so that only the specific digital version of the executable program that you specify is allowed to run. To which fundamental security concept does this apply? A. Confidentiality B. Integrity C. Availability D. Accountability
B
Your company restricts firewall administrators from modifying firewall logs. Only IT security personnel are allowed to do this. What is this an example of? A. Due care B. Separation of duties C. Principle of least privilege D. Acceptable use
B
Your network consists of routers and switches, as well as a variety of other network devices. You are configuring a wireless router, as shown in Figure 1-1, and need to allow network management traffic through. Which protocol should be removed from the blocked list? A. SMTP B. SNMP C. IKE D. None
B
Your newly configured SMTP mail server is not receiving mail from the Internet. You realize you did not configure any DNS records for SMTP mail transfer. Which type of DNS resource record must you create? A. CNAME B. MX C. PTR D. A
B
John is issuing a digital certificate for Carolyn's computer. What can the certificate be used for? (Choose two.) A. Setting permissions on sensitive files B. Encrypting sensitive files C. Verifying the computer's identity to secure servers D. Sending encrypted e-mail messages
B, C
Which of the following are examples of PII? (Choose two.) A. Private IP address on an internal network B. Mobile phone number C. Digital certificate D. Gender
B, C
A corporate security policy emphasizes data confidentiality, and you must configure computing devices accordingly. What should you do? (Choose two.) A. Install smartcard readers so users can identify themselves before sending important e-mail messages. B. Enforce SD card encryption on smart phones issued to employees. C. Configure a server failover cluster to ensure sensitive documents are always available. D. Set file and folder permissions to control user file access.
B, D
Which of the following network connectivity devices function primarily using computer MAC addresses? (Choose two.) A. Router B. Bridge C. Hub D. Switch
B, D
A large corporation requires new employees to present a driver's license and passport to a security officer before receiving a company-issued laptop. Which security principle does this map to? A. Authorization B. Confidentiality C. Identification D. Custodian
C
You are attempting to connect to one of your user's computers using RDP but cannot get connected. A new firewall has been installed on your network. Which port must be opened on the firewall to allow RDP traffic? A. 143 B. 389 C. 3389 D. 443
C
You are testing your router configuration and discover a security vulnerability. After searching the Internet, you realize that this vulnerability is unknown. Which type of attack is your router vulnerable to? A. Denial of service B. Phishing attack C. Zero-day exploit D. Ping of death
C
You are the network administrator for your company. Your manager has asked you to evaluate cloud backup solutions for remote branch offices. To which fundamental security concept does this apply? A. Confidentiality B. Integrity C. Availability D. Accountability
C
You are troubleshooting TCP/IP settings on a workstation. The workstation IP address is 10.17.6.8/24, the DNS server setting is set to 199.126.129.86, and the default gateway setting is set to 10.17.5.6. The router has a public IP address of 199.126.129.76/24 and a private internal IP address of 10.17.5.6/24. This workstation is the only station on the network that cannot connect to the Internet. What should you do? A. Change the DNS server setting to 10.17.5.6. B. Change the router private internal IP address to 10.17.6.6. C. Change the workstation IP address to 10.17.5.8. D. Change the default gateway setting to 199.126.129.76.
C
You need a server to store router configuration files. The server must not require a username or password. Which type of server is the best choice? A. Windows file server B. FTP C. TFTP D. FTPS
C
You would like to send a confidential message to a family member through e-mail, but you have no way of encrypting the message. What alternative method would allow you to achieve your goal? A. PKI B. File hashing C. Steganography D. File permissions
C
Your Linux virtual file server is running out of disk space. It has been decided that a network storage appliance on a dedicated TCP/IP network will provide disk space to your file server. Which type of SAN disk access protocol will be used by the file server? A. Fibre Channel SAN B. SMB C. iSCSI D. TCP/IP
C
Your local ISP provides a PDF file stating a 99.97 percent service availability for T1 connectivity to the Internet. How would you classify this type of documentation? A. Top secret B. Acceptable use policy C. Service level agreement D. Availability
C
Your manager has asked you to implement a solution that will prevent users from viewing inappropriate web sites. Which solution should you employ? A. Router ACLs B. Web site permissions C. Proxy server D. Digital certificates
C
Which protocol uses TCP port 443? A. FTPS B. HTTP C. HTTPS D. SSH
C Hypertext Transfer Protocol Secure
Your wiring closet consists of three 24-port Ethernet switches all linked together. Computers from the Accounting department are plugged into each Ethernet switch, as are computers from the Research department. Your manager asks you to ensure computers in the Accounting department are on a different network than computers in the Research department. What could you do? (Choose two.) A. Replace the Ethernet switches with Ethernet hubs. B. Configure all Accounting computers on the same TCP/IP subnet (e.g., 192.268.2.0 /24) and configure all Research computers on their own TCP/IP subnet (e.g., 192.168.3.0 /16). C. Configure an Accounting VLAN that includes the Accounting computers and a Research VLAN that includes the Research computers. D. Configure all Accounting computers on the same TCP/IP subnet (e.g., 192.168.2.0 /24) and configure all Research computers on their own TCP/IP subnet (e.g., 192.168.3.0 /24).
C, D
Match the following security controls under the appropriate headings of Confidentiality, Integrity, and Availability: Security Controls Confidentiality Integrity Availability Nightly backups Disk mirroring File permissions Mailbox encryption Digitally signing scripts
Confidentiality - file permissions; mailbox encryption Integrity - digitally signing scripts Availability - nightly backups; disk mirroring
Sean is capturing Wi-Fi network traffic using a packet analyzer and is able to read the contents of network transmissions. What can be done to keep network transmissions private? A. Install digital certificates on each transmitting device. B. Set a strong administrator password for the Wi-Fi router. C. Use smartcard authentication. D. Encrypt the Wi-Fi traffic.
D
The Accounts Payable department notices large out-of-country purchases made using a corporate credit card. After discussing the matter with Juan, the employee whose name is on the credit card, they realize somebody has illegally obtained the credit card details. You also learn that he recently received an e-mail from what appeared to be the credit card company asking him to sign in to their web site to validate his account, which he did. How could this have been avoided? A. Provide credit card holders with smartcards. B. Tell users to increase the strength of online passwords. C. Install a workstation-based firewall. D. Provide security awareness training to employees.
D
What is the primary purpose of enforcing a mandatory vacation policy? A. To adhere to government regulation B. To ensure employees are refreshed C. To allow other employees to experience other job roles D. To prevent improper activity
D
Which TCP/IP protocol gives administrators a remote command prompt to a network service? A. POP B. ARP C. UDP D. Telnet
D
Which TCP/IP protocol uses TCP ports 20 and 21? A. SNMP B. DNS C. HTTP D. FTP
D
Which TCP/IP protocols use encryption to secure data transmissions? A. SCP, DNS, SSH B. SSH, SCP, TELNET C. HTTPS, FTP, SSH D. SSH, SCP, FTPS
D
Which of the following best embodies the concept of least privilege? A. Detecting inappropriate Internet use B. Detecting malware running without elevated privileges C. Assigning users full control permissions to network resources D. Assigning needed permissions to enable users to complete a task
D
Which of the following is depicted in Figure 2-1? A. Authentication B. Authorization C. Nonrepudiation D. Identification Figure 2-1: Windows Server 2012 R2 logon screen Username and Password
D
Your network consists of customers who connect to the Internet using their Wi-Fi mobile devices as well as employees who use their wired desktops for company business. You must ensure customer traffic and corporate network traffic are kept isolated. What should you do? A. Install and configure a load balancer. B. Use a separate network switch for customers. C. Upgrade the desktop NICs to 10Gbps. D. Place the wireless access point on a separate VLAN.
D
Your company's networks and devices were recently migrated to IPv6, although there are still a small number of IPv4 hosts online. You are asked to verify that a server named hq-01.acme.us is reachable on the network via IPv6. Write the command(s) you would use to verify this: ____________________
ping -6 hq-01.acme.us
