CompTIA Security+ Practice Test Questions

CompTI A SECURI TY+

Question 1
Creating a basic standard for application settings, securit settings, and acti!e ser!ices on e!er compan
laptop "ould be considered###
A. group policy
B. baseline configuration
C. patch management
D. a security template
Question $
All of t%e follo"ing are correct about &'A( E)CE(T*
A. some implementations use x.!" certificates for securing communications
B. some of the implementations use #efault TCP ports $%" an# &$&
C. all attributes 'ill be encrypte#
D. most of the implementations use the x.!! #irectory mo#el
Question +
,%ic% of t%e follo"ing is a -e reason for using !irtual mac%ines in a test lab "%ere attac-ers or mal"are
ma compromise a mac%ine.
A. (asier for the attac)er to compromise the machine
B. *ar#er for the attac)er to compromise the machine
C. (asier to restore the system to the original state
D. *ar#er to restore the system to the original state
Question /
,%ic% of t%e follo"ing is more of an irritation t%an a securit t%reat.
A. +oot)it
B. A#'are
C. Spy'are
D. Tro,an
Question 0
&east pri!ilege is defined as gi!ing access to information*
A. base# on tenure at the company
B. base# on sense of urgency from management
C. that may be re-eale# to the public
D. nee#e# to complete the tas)
Question 1
,%ic% of t%e follo"ing describes a piece of malicious code t%at is acti!ated "%en specified conditions are
met.
A. Tro,an
B. Spy'are
C. .ogic Bomb
D. /irus
Question 2
An administrator "is%es to enable net"or- auditing policies# ,%ic% of t%e follo"ing s%ould t%e securit
administrator log.
A. 0nly logon failures
B. 0nly logon success
C. Both logon successes an# logon failures
D. 0nly logon failures for non1existent users
Question 3
4rom a securit perspecti!e a performance baseline is 56ST useful for*
A. #etecting performance anomalies that may be #ue to security breaches
B. assuring that systems are 'or)ing to their optimal capacity
C. )no'ing 'hen security scans are going to finish
D. pre#icting the en# of useful life for the fire'all
Question 7
A compan creates its o"n application t%at accesses t%e compan databases and re8uires a uni8ue login,
based on t%e user9s domain account# T%e de!eloper %as an undocumented login for testing t%at does not
need to be aut%enticated against t%e domain# ,%ic% of t%e follo"ing is a securit issue regarding t%is
scenario.
A. The login shoul# be the same as the #omain account for authentication purposes
B. It can be use# as a bac)#oor into the company2s #atabases
C. The application shoul# not be #eploye# if it is not fully teste#
D. It is not consi#ere# best practice to ha-e a user remember multiple logins
Question 1:
In order to perform a TC( %i;ac-ing attac-, an attac-er "ould be re8uired to*
A. ha-e a protocol analy3er intercept traffic bet'een t'o hosts
B. )no' the IP a##resses of both hosts an# se4uence numbers of the TCP5IP pac)ets
C. perform a man1in1the1mi##le attac) an# communicate #irectly 'ith t'o hosts
D. obtain the 6AC a##ress of the both hosts

Question 1
7correspon#ing ob,ecti-e8 9.$:
Creating a basic stan#ar# for application settings; security settings; an# acti-e ser-ices on e-ery company laptop
'oul# be consi#ere#...
A. group policy
B. baseline configuration
C. patch management
'# a securit template
Question $
7correspon#ing ob,ecti-e8 $.<:
All of the follo'ing are correct about .DAP (=C(PT8
A. some implementations use x.!" certificates for securing communications
B. some of the implementations use #efault TCP ports $%" an# &$&
C# all attributes "ill be encrpted
D. most of the implementations use the x.!! #irectory mo#el
Question +
7correspon#ing ob,ecti-e8 9.&:
>hich of the follo'ing is a )ey reason for using -irtual machines in a test lab 'here attac)ers or mal'are may
compromise a machine?
A. (asier for the attac)er to compromise the machine
B. *ar#er for the attac)er to compromise the machine
C# Easier to restore t%e sstem to t%e original state
D. *ar#er to restore the system to the original state
Question /
7correspon#ing ob,ecti-e8 9.9:
>hich of the follo'ing is more of an irritation than a security threat?
A. +oot)it
<# Ad"are
C. Spy'are
D. Tro,an
Question 0
7correspon#ing ob,ecti-e8 $.9:
.east pri-ilege is #efine# as gi-ing access to information8
A. base# on tenure at the company
B. base# on sense of urgency from management
C. that may be re-eale# to the public
'# needed to complete t%e tas-
Question 1
7correspon#ing ob,ecti-e8 9.9:
>hich of the follo'ing #escribes a piece of malicious co#e that is acti-ate# 'hen specifie# con#itions are met?
A. Tro,an
B. Spy'are
C# &ogic <omb
D. /irus
Question 2
7correspon#ing ob,ecti-e8 @.&:
An a#ministrator 'ishes to enable net'or) au#iting policies. >hich of the follo'ing shoul# the security a#ministrator
log?
A. 0nly logon failures
B. 0nly logon success
C# <ot% logon successes and logon failures
D. 0nly logon failures for non1existent users
Question 3
7correspon#ing ob,ecti-e8 @.@:
Arom a security perspecti-e a performance baseline is 60ST useful for8
A# detecting performance anomalies t%at ma be due to securit breac%es
B. assuring that systems are 'or)ing to their optimal capacity
C. )no'ing 'hen security scans are going to finish
D. pre#icting the en# of useful life for the fire'all
Question 7
7correspon#ing ob,ecti-e8 B.:
A company creates its o'n application that accesses the company #atabases an# re4uires a uni4ue login; base# on
the user2s #omain account. The #e-eloper has an un#ocumente# login for testing that #oes not nee# to be
authenticate# against the #omain. >hich of the follo'ing is a security issue regar#ing this scenario?
A. The login shoul# be the same as the #omain account for authentication purposes
<# It can be used as a bac-door into t%e compan9s databases
C. The application shoul# not be #eploye# if it is not fully teste#
D. It is not consi#ere# best practice to ha-e a user remember multiple logins
Question 1:
7correspon#ing ob,ecti-e8 B.9:
In or#er to perform a TCP hi,ac)ing attac); an attac)er 'oul# be re4uire# to8
A. ha-e a protocol analy3er intercept traffic bet'een t'o hosts
<# -no" t%e I( addresses of bot% %osts and se8uence numbers of t%e TC(=I( pac-ets
C. perform a man1in1the1mi##le attac) an# communicate #irectly 'ith t'o hosts
D. obtain the 6AC a##ress of the both hosts