Partners

ContactUs

Help

MyAccount

HOME / TRAINING / SAMPLEQUESTIONS / SECURITY+PRACTICEQUESTIONS

CompTIASecurity+Prac ce
Ques ons
Ques on1
WhichofthefollowingBESTdescribesbothchangeandincident
management?
A.IncidentmanagementisnotavalidterminIT,howeverchange
managementis
B.ChangemanagementisnotavalidterminIT,howeverincident
managementis
C.Incidentmanagementandchangemanagementareinterchangeableterms
meaningthesamething
D.Incidentmanagementisforunexpectedconsequences,change
managementisforplannedwork
Ques on2
Whichofthefollowingaccountpolicycontrolsrequiresausertoentera15
characteralphanumericalpassword?
A.Disablement
B.Length
C.Expira on
D.Passwordcomplexity
Ques on3
Whichofthefollowinginforma ontypeswouldbeconsideredpersonally
iden ableinforma on?
A.Firstname
B.Emailaddress
C.Dateofbirth
D.Lastname

Store

Ques on4
Whichofthefollowingisthebenetofsingleleversusfulldisk
encryp on?
A.Encryp onispreservedinfulldiskencryp onwhenaleiscopiedfrom
onemediatoanother
B.Encryp onispreservedinsingleleencryp onwhenaleiscopiedfrom
onemediatoanother
C.Singleleencryp onprovidesbe ersecuritywhendecryp ngsingleles
thanfulldiskencryp onwhenproperlyimplementedandused
D.Fulldiskencryp onprovidesbe ersecuritywhendecryp ngsingleles
thansingleleencryp onwhenproperlyimplementedandused
Ques on5
WhichofthefollowingisanothernameforaCAC?
A.Token
B.RFID
C.MAC
D.PIV
Ques on6
Whichofthefollowingopera ngsystemsoersTrustedOScapabili esby
default?
A.WindowsVista
B.Windows7
C.SELinux
D.Backtrack
Ques on7
Whichofthefollowingdescribesacommonopera onalproblemwhen
usingpatchmanagementso warethatresultsinafalsesenseofsecurity?
A.Conictswithvulnerabilityscansimpedepatcheec veness
B.Distributedupdatesmayfailtoapplyormaynotbeac veun lareboot
C.Vendorpatchesarereleasedtoofrequentlyconsumingexcessivenetwork
bandwidth
D.Itisresourceintensivetotestallpatches
Ques on8
WhichofthefollowingisBESTiden edasana ackerwhohasorisabout

touseaLogicbomb?
A.Greyhat
B.Maliciousinsider
C.Whitehat
D.Blackbox
Ques on9
WhichofthefollowingistheBESTchoiceinregardstotrainingsta
membersondealingwithPII?
A.PIIrequirespublicaccessbutmustbeaggedasconden al
B.PIIdatabreachesarealwaystheresultofnegligentstaandpunishableby
law
C.PIImustbehandledproperlyinordertominimizesecuritybreachesand
mishandling
D.PIImustbestoredinanencryptedfashionandonlyprintedonshared
printers
Ques on10
Whichofthefollowingprocessesareusedtoavoidemployeeexhaus on
andimplementasystemofchecksandbalances?
A.Jobrota on
B.Incidentresponse
C.Leastprivilege
D.Ongoingsecurity
Ques on11
WhendesigningsecureLDAPcompliantapplica ons,nullpasswordsshould
NOTbeallowedbecause:
A.nullpasswordcanbechangedbyallusersonanetwork
B.anullpasswordisasuccessfulanonymousbind
.nullpasswordscanonlybechangedbytheadministrator
C
D.LDAPpasswordsareonewayencrypted
Ques on12
Asecurityadministratorvisitsaremotedatacenterdressedasadelivery
person.WhichofthefollowingisMOSTlikelybeingconducted?
A.Socialengineering
B.Remoteaccess

 .Vulnerabilityscan
C
D.Trojanhorse
Ques on13
Mobiledevicesusedintheenterpriseshouldbeadministeredusing:
A.encryptednetworksandsystemlogging
B.fulldiskencryp onandcentralpasswordmanagement
.vendorprovidedso wareupdatesystems
C
D.centrallymanagedupdateservicesandaccesscontrols
Ques on14
TheChiefInforma onOcer(CIO)wantstoimplementwidespread
networkandhardwarechangeswithintheorganiza on.TheCIOhas
adoptedanaggressivedeploymentscheduleanddoesnotwanttobother
withdocumenta on,becauseitwillslowdownthedeployment.Whichof
thefollowingaretherisksassociatedwithnotdocumen ngthechanges?
A.Undocumentednetworksmightnotbeprotectedandcanbeusedto
supportinsidera acks
.Documen nganetworkhindersproduc onbecauseitis meconsuming
B
and esupcri calresources
.Documentednetworksprovideavisualrepresenta onofthenetworkfor
C
ana ackertoexploit
D.Undocumentednetworksensuretheconden alityandsecrecyofthe
networktopology
Ques on15
Whichofthefollowingcouldmi gateshouldersurng?
A.Privacyscreens
B.Hashing
.Mantraps
C
D.Screenlocks
Ques on16
WhichofthefollowingpasswordsistheMOSTcomplex?
A.5@rAru99
.CarL8241g
B
C.j1l!1b5
D.l@ur0

Ques on17
Whichofthefollowingisbeingu lizedwhentheBIOSandopera ng
systemsresponsibilityisplaormintegrity?
A.SSL
B.USBencryp on
.Datalosspreven on
C
D.TPM
Ques on18
WhichofthefollowingBESTdescribesaBuerOverowa ackthatallows
accesstoaremotesystem?
A.Thea ackera emptstohavethereceivingserverrunapayloadusing
programmingcommonlyfoundonwebservers
B.Thea ackeroverwhelmsasystemorapplica on,causingittocrashand
bringtheserverdowntocauseanoutage
C.Thea ackera emptstohavethereceivingserverpassinforma ontoa
backenddatabasefromwhichitcancompromisethestoredinforma on
D.Thea ackeroverwhelmsasystemorapplica on,causingittocrash,and
thenredirectsthememoryaddresstoreadfromaloca onholdingthe
payload
Ques on19
AcompanyfailstomonitorandmaintaintheHVACsysteminthe
datacenter.WhichofthefollowingistheMOSTlikelytoaectavailability
ofsystems?
A.Employeeproduc vityinahotdatacenter
.Prematurefailureofcomponents
B
C.Decreasednumberofsystemsinthedatacenter
D.Increasedu litycosts
Ques on20
WhichofthefollowingprotocolsisdenedinRFC1157asu lizingUDP
ports161and162?
A.SNMP
B.IPSec
.SSL
C
D.TLS

Ques on21
WhichofthefollowingisLEASTlikelytohavealegi matebusiness
purpose?
A.Metasploit
B.Vulnerabilityscanner
.Steganography
C
D.Portscanner
Ques on22
Whichofthefollowingdoesfulldiskencryp ononalaptopcomputerNOT
protectagainst?
A.Conden alityofthedata
B.Keyloggers
C.The ofthedata
D.Disclosureofthedata
Ques on23
WhichofthefollowingpasswordsexempliestheSTRONGESTcomplexity?
A.Passw0rd
B.P@ssw0rd
C.Passwrd
D.passwordpassword
Ques on24
WhichfollowingportrangeswouldgiveatechniciantheMOST
comprehensiveportscanofaserver?
A.102415000
B.099999
.065535
C
D.01024
Ques on25
Whichofthefollowinga acksstealscontactsfromamobiledevice?
A.Bluesnarng
B.Smurfa ack
.Sessionhijacking
C
D.Bluejacking

Ques on26
Whichofthefollowinga ackssendsunwantedmessagestoamobile
device?
A.Sessionhijacking
B.Smurfa ack
C.Bluejacking
D.Bluesnarng
Ques on27
Asmurfa ackreliesonwhichprotocoltoperformaDenialofService?
A.DNS
B.SNMP
C.SMTP
D.ICMP
Ques on28
Whichofthefollowingallowsformul pleopera ngsystemstorunona
singlepieceofhardware?
A.Virtualiza on
B.Portsecurity
C.Remoteaccess
D.DMZ
Ques on29
Ausernameisanexampleofwhichofthefollowing?
A.Iden ca on
B.Authen ca on
.Authoriza on
C
D.Access
Ques on30
TheCRLcontainsalistof:
A.privatekeys
B.publickeys
C.rootcer cates
D.validcer cates

Security+AnswerKey
Ques on1)D.Incidentmanagementisforunexpectedconsequences,
changemanagementisforplannedwork
Ques on2)D.Passwordcomplexity
Ques on3)C.Dateofbirth
Ques on4)B.Encryp onispreservedinsingleleencryp onwhenaleis
copiedfromonemediatoanother
Ques on5)D.PIV
Ques on6)B.Windows7
Ques on7)B.Distributedupdatesmayfailtoapplyormaynotbeac ve
un lareboot
Ques on8)B.Maliciousinsider
Ques on9)C.PIImustbehandledproperlyinordertominimizesecurity
breachesandmishandling
Ques on10)A.Jobrota on
Ques on11)B.anullpasswordisasuccessfulanonymousbind
Ques on12)A.Socialengineering
Ques on13)D.centrallymanagedupdateservicesandaccesscontrols
Ques on14)A.Undocumentednetworksmightnotbeprotectedandcanbe
usedtosupportinsidera acks
Ques on15)A.Privacyscreens
Ques on16)A.5@rAru99
Ques on17)D.TPM
Ques on18)D.Thea ackeroverwhelmsasystemorapplica on,causingit
tocrash,andthenredirectsthememoryaddresstoreadfromaloca on
holdingthepayload

Ques on19)B.Prematurefailureofcomponents
Ques on20)A.SNMP
Ques on21)C.Steganography
Ques on22)B.Keyloggers
Ques on23)B.P@ssw0rd
Ques on24)C.065535
Ques on25)A.Bluesnarng
Ques on26)C.Bluejacking
Ques on27)D.ICMP
Ques on28)A.Virtualiza on
Ques on29)A.Iden ca on
Ques on30)B.publickeys

AboutUs
ContactUs

CERTIFICATION

ASSOCIATION

CompTIAITCer ca ons

CompTIATheITIndustry

GOVERNMENT
RELATIONS

Store

Associa on

CompTIAAdvocacy

Blog
AccountLogin

PARTNERS
CompTIAAuthorized
PartnerProgram

PHILANTHROPY

Crea ngITFutures
Founda on

CopyrightCompTIA,Inc.AllRightsReserved

Termsofuse PrivacyStatement Trademarks