Crozeph Rede
Quiz by , created more than 1 year ago

CompTIA Security+ Exam SY0-401 All 12 practice tests in one spot

408
8
0
Crozeph Rede
Created by Crozeph Rede over 9 years ago
Close

Security + practice exam

Question 1 of 100

1

Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?

Select one of the following:

  • Non-repudiation

  • Implicit deny policy

  • Acceptable use policy

  • Post-admission NAC

Explanation

Question 2 of 100

1

A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers is known as:

Select one of the following:

  • VPN

  • Access Point (AP)

  • VLAN

  • DMZ

Explanation

Question 3 of 100

1

Which part of the 192.168.1.5/24 address identifies its network ID?

Select one of the following:

  • 192

  • 192.168

  • 192.168.1

  • 192.168.1.5

Explanation

Question 4 of 100

1

Which of the following acronyms refers to a solution allowing companies to cut costs related to managing of internal calls?

Select one of the following:

  • PBX

  • POTS

  • P2P

  • PSTN

Explanation

Question 5 of 100

1

A solution that allows to make phone calls over a broadband Internet connection instead of typical analog telephone lines is known as:

Select one of the following:

  • IMAP

  • VoIP

  • POTS

  • ITCP

Explanation

Question 6 of 100

1

Which of the following answers lists a /27 subnet mask?

Select one of the following:

  • 255.255.255.0

  • 255.255.255.128

  • 255.255.255.192

  • 255.255.255.224

Explanation

Question 7 of 100

1

What type of system can be compromised through phreaking?

Select one of the following:

  • ATX

  • PGP

  • PBX

  • BIOS

Explanation

Question 8 of 100

1

Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location?

Select one of the following:

  • DMZ

  • Virtualization

  • VLAN

  • SNMP

Explanation

Question 9 of 100

1

Which security measure is in place when a client is denied access to the network due to outdated antivirus software?

Select one of the following:

  • NAC

  • DMZ

  • VLAN

  • NAT

Explanation

Question 10 of 100

1

Which of the following terms refers to a technology that allows multiple operating systems to work simultaneously on the same hardware?

Select one of the following:

  • Hyperthreading

  • Virtualization

  • Multi core

  • Combo drive

Explanation

Question 11 of 100

1

A security stance whereby a host is being granted / denied permissions based on its actions after it has been provided with the access to the network is known as:

Select one of the following:

  • Network separation

  • Pre-admission NAC

  • Quarantine

  • Post-admission NAC

Explanation

Question 12 of 100

1

Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?

Select one of the following:

  • NAC

  • ACL

  • NAT

  • DMZ

Explanation

Question 13 of 100

1

VLAN membership can be set through: (Select all that apply)

Select one or more of the following:

  • Trunk port

  • Group permissions

  • Encryption

  • MAC address

Explanation

Question 14 of 100

1

In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment?

Select one of the following:

  • IaaS

  • SaaS

  • P2P

  • PaaS

Explanation

Question 15 of 100

1

Which of the following cloud service types would provide the best solution for a web developer intending to create a web app?

Select one of the following:

  • SaaS

  • API

  • PaaS

  • IaaS

Explanation

Question 16 of 100

1

A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called:

Select one of the following:

  • Thick client

  • SaaS

  • Virtualization

  • IaaS

Explanation

Question 17 of 100

1

The biggest advantage of public cloud is that all services provided through this type of cloud computing service model are offered free of charge.

Select one of the following:

  • True
  • False

Explanation

Question 18 of 100

1

A concept of effective security posture employing multiple tools and different techniques to slow down an attacker is known as: (Select 2 answers)

Select one or more of the following:

  • Vulnerability scanning

  • Layered security

  • Authorization

  • Principle of least privilege

  • Defense in depth

Explanation

Question 19 of 100

1

Which of the IPsec modes provides entire packet encryption?

Select one of the following:

  • Tunnel

  • Payload

  • Transport

  • Default

Explanation

Question 20 of 100

1

Which of the following protocols is used in network management systems for monitoring network-attached devices?

Select one of the following:

  • RTP

  • SNMP

  • IMAP

  • STP

Explanation

Question 21 of 100

1

Which of the following protocols transmit data in an unencrypted form? (Select all that apply)

Select one or more of the following:

  • SCP

  • IPsec

  • SNMPv1

  • FTP

  • Telnet

  • SFTP

Explanation

Question 22 of 100

1

A group that consists of SNMP devices and one or more SNMP managers is known as:

Select one of the following:

  • SNMP trap

  • Network Management System (NMS)

  • SNMP community

  • Management Information Base (MIB)

Explanation

Question 23 of 100

1

Which of the following protocols was designed as a secure replacement for Telnet?

Select one of the following:

  • ICMP

  • FTP

  • IPv6

  • SSH

Explanation

Question 24 of 100

1

A system used to convert a computer's host name into an IP address on the Internet is known as:

Select one of the following:

  • DNS

  • NetBIOS

  • TLS

  • ICMP

Explanation

Question 25 of 100

1

DNS database AAAA record identifies:

Select one of the following:

  • Mail server

  • IPv4 address

  • Canonical name

  • IPv6 address

Explanation

Question 26 of 100

1

Which of the following protocols are used for securing HTTP connections? (Select 2 answers)

Select one or more of the following:

  • SCP

  • Telnet

  • SSL

  • SNMP

  • TLS

Explanation

Question 27 of 100

1

Which of the following answers refers to a suite of protocols used for connecting hosts on the Internet?

Select one of the following:

  • NetBIOS

  • IPv4

  • TCP/IP

  • LAN

Explanation

Question 28 of 100

1

FTPS is an extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

Select one of the following:

  • True
  • False

Explanation

Question 29 of 100

1

The SCP protocol is used for:

Select one of the following:

  • Directory access

  • Secure file transfer

  • Network addressing

  • Sending emails

Explanation

Question 30 of 100

1

Which of the protocols listed below is used by the PING utility?

Select one of the following:

  • TLS

  • SNMP

  • FCoE

  • ICMP

Explanation

Question 31 of 100

1

Which of the following answers lists the IPv6 loopback address?

Select one of the following:

  • ::/128

  • FF00::/8

  • ::1

  • 127.0.0.1

Explanation

Question 32 of 100

1

Which of the following answers refers to a networking standard for linking data storage devices over an IP network?

Select one of the following:

  • iSCSI

  • SSD

  • TPM

  • LDAP

Explanation

Question 33 of 100

1

Which of the following protocols facilitate communication between SAN devices? (Select 2 answers)

Select one or more of the following:

  • MTBF

  • TFTP

  • iSCSI

  • HTTPS

  • FCoE

Explanation

Question 34 of 100

1

The FTP protocol is designed for:

Select one of the following:

  • Sending email messages between servers

  • Serving web pages

  • Translating domain names into IP addresses

  • File exchange

Explanation

Question 35 of 100

1

Which of the protocols listed below does not provide authentication?

Select one of the following:

  • FTP

  • TFTP

  • SCP

  • SFTP

Explanation

Question 36 of 100

1

Which of the following protocols was designed as a secure replacement for Telnet?

Select one of the following:

  • FTP

  • IPv6

  • SSH

  • ICMP

Explanation

Question 37 of 100

1

FTP runs by default on ports: (Select 2 answers)

Select one or more of the following:

  • 25

  • 23

  • 20

  • 21

  • 22

Explanation

Question 38 of 100

1

Which of the following protocols run(s) on port number 22? (Select all that apply)

Select one or more of the following:

  • FTP

  • SSH

  • SMTP

  • SCP

  • SFTP

Explanation

Question 39 of 100

1

Port number 23 is used by:

Select one of the following:

  • SMTP

  • SSH

  • Telnet

  • TFTP

Explanation

Question 40 of 100

1

Which of the following TCP ports is used by SMTP?

Select one of the following:

  • 25

  • 53

  • 80

  • 23

Explanation

Question 41 of 100

1

DNS runs on port:

Select one of the following:

  • 139

  • 53

  • 443

  • 22

Explanation

Question 42 of 100

1

Which of the following ports enables HTTP traffic?

Select one of the following:

  • 110

  • 88

  • 143

  • 80

Explanation

Question 43 of 100

1

Which of the following ports enable(s) retrieving email messages from a remote server? (Select all that apply)

Select one or more of the following:

  • 80

  • 139

  • 110

  • 443

  • 143

Explanation

Question 44 of 100

1

Which of the port numbers listed below are used by NetBIOS? (Select all that apply)

Select one or more of the following:

  • 137

  • 161

  • 138

  • 162

  • 139

Explanation

Question 45 of 100

1

IMAP runs on TCP port:

Select one of the following:

  • 143

  • 25

  • 443

  • 110

Explanation

Question 46 of 100

1

Which of the following TCP ports is used by HTTPS?

Select one of the following:

  • 80

  • 443

  • 53

  • 143

Explanation

Question 47 of 100

1

Which of the following answers lists the default port number for a Microsoft-proprietary remote connection protocol?

Select one of the following:

  • 139

  • 443

  • 3389

  • 53

Explanation

Question 48 of 100

1

Which of the following protocols operate(s) at layer 3 (the network layer) of the OSI model? (Select all that apply)

Select one or more of the following:

  • IPSec

  • IPv6

  • HTTP

  • IPv4

  • IMAP

  • ICMP

Explanation

Question 49 of 100

1

In the OSI model, TCP resides at the:

Select one of the following:

  • Physical layer

  • Network layer

  • Application layer

  • Transport layer

Explanation

Question 50 of 100

1

A network protocol for secure file transfer over secure shell is called:

Select one of the following:

  • FCoE

  • SFTP

  • Telnet

  • TFTP

Explanation

Question 51 of 100

1

Which of the following wireless encryption schemes offers the highest level of protection?

Select one of the following:

  • WEP

  • WPA2

  • WAP

  • WPA

Explanation

Question 52 of 100

1

Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities?

Select one of the following:

  • PEAP

  • CCMP

  • WPA2

  • WEP

Explanation

Question 53 of 100

1

Which of the following answers refers to an authentication framework frequently used in wireless networks and point-to-point connections?

Select one of the following:

  • DLP

  • OCSP

  • EAP

  • LDAP

Explanation

Question 54 of 100

1

A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as:

Select one of the following:

  • EMI shielding

  • Hardware lock

  • MAC filter

  • Quality of Service (QoS)

Explanation

Question 55 of 100

1

Which of the following acronyms refers to a wireless network name?

Select one of the following:

  • SSID

  • WAP

  • SSO

  • HVAC

Explanation

Question 56 of 100

1

Which of the following protocols was introduced to strengthen existing WEP implementations without requiring the replacement of legacy hardware?

Select one of the following:

  • PEAP

  • TKIP

  • CCMP

  • WPA2

Explanation

Question 57 of 100

1

Disabling SSID broadcast:

Select one of the following:

  • Is one of the measures used for securing networks

  • Makes a WLAN harder to discover

  • Blocks access to WAP

  • Prevents wireless clients from accessing the network

Explanation

Question 58 of 100

1

Which of the following protocols encapsulates EAP within an encrypted and authenticated TLS tunnel?

Select one of the following:

  • LDAP

  • PAP

  • Telnet

  • PEAP

Explanation

Question 59 of 100

1

AES-based encryption mode implemented in WPA2 is known as:

Select one of the following:

  • CCMP

  • TPM

  • TKIP

  • MTBF

Explanation

Question 60 of 100

1

An optimal WAP antenna placement provides a countermeasure against: (Select 2 answers)

Select one or more of the following:

  • War chalking

  • Tailgating

  • War driving

  • Shoulder surfing

  • Site survey

Explanation

Question 61 of 100

1

Which of the following WAP configuration settings allows for adjusting the boundary range of the wireless signal?

Select one of the following:

  • Beacon frame

  • Power level controls

  • Quality of Service (QoS)

  • MAC filtering

Explanation

Question 62 of 100

1

Which of the following answers refers to a solution allowing administrators to block Internet access for users until they perform required action?

Select one of the following:

  • Access logs

  • Mantrap

  • Post-admission NAC

  • Captive portal

Explanation

Question 63 of 100

1

Which of the following antenna types would provide the best coverage for workstations connecting to a WAP placed in a central point of a typical office? (Select all that apply)

Select one or more of the following:

  • Omnidirectional

  • Unidirectional

  • Bidirectional

  • Non-directional

Explanation

Question 64 of 100

1

Which of the following is an example of a wireless site survey?

Select one of the following:

  • Bluejacking

  • Spear phishing

  • War driving

  • Shoulder surfing

Explanation

Question 65 of 100

1

Which of the following examples falls into the category of technical security controls?

Select one of the following:

  • Change management

  • Acceptable use policy

  • Intrusion detection system

  • Incident response procedure

Explanation

Question 66 of 100

1

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:

Select one of the following:

  • Fault tolerance

  • False positive error

  • Incident isolation

  • False negative error

Explanation

Question 67 of 100

1

Which of the following examples falls into the category of operational security controls?

Select one of the following:

  • Change management

  • Encryption

  • Antivirus software

  • Mantrap

Explanation

Question 68 of 100

1

Which of the following terms refers to a situation where no alarm is raised when an attack has taken place?

Select one of the following:

  • False negative

  • True positive

  • False positive

  • True negative

Explanation

Question 69 of 100

1

A policy outlining ways of collecting and managing personal data is known as:

Select one of the following:

  • Acceptable use policy

  • Audit policy

  • Privacy policy

  • Data loss prevention

Explanation

Question 70 of 100

1

Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put?

Select one of the following:

  • OEM

  • AUP

  • UAT

  • ARO

Explanation

Question 71 of 100

1

One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company.

Select one of the following:

  • True
  • False

Explanation

Question 72 of 100

1

Which of the following answers refers to a concept of having more than one person required to complete a given task?

Select one of the following:

  • Acceptable use policy

  • Privacy policy

  • Multifactor authentication

  • Separation of duties

Explanation

Question 73 of 100

1

A security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities is known as:

Select one of the following:

  • Order of volatility

  • Principle of least privilege

  • Privacy policy

  • Single sign-on

Explanation

Question 74 of 100

1

Which of the following acronyms refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?

Select one of the following:

  • ARO

  • ALE

  • SLE

  • UAT

Explanation

Question 75 of 100

1

Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF)

The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. Which of the following answers lists the EF value for an asset that is entirely lost?

Select one of the following:

  • 0

  • 100

  • 1.0

  • 0.1

Explanation

Question 76 of 100

1

A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called

Select one of the following:

  • Antivirus

  • Firewall

  • Antispyware

  • Malware

Explanation

Question 77 of 100

1

A device designed to forward data packets between networks is called

Select one of the following:

  • Switch

  • Hub

  • Router

  • MAC filter

Explanation

Question 78 of 100

1

Allowing a program through a firewall is known as creating

Select one of the following:

  • Tunnel

  • Entry

  • Access Point (AP)

  • Exception

Explanation

Question 79 of 100

1

A network device designed for managing the optimal distribution of workloads across multiple computing resources is called

Select one of the following:

  • Load balancer

  • HIDS

  • Firewall

  • Captive portal

Explanation

Question 80 of 100

1

The last default rule on a firewall is to

Select one of the following:

  • Create an exception

  • Allow all traffic

  • Deny all traffic

  • Unblock all ports

Explanation

Question 81 of 100

1

A computer network service that allows clients to make indirect network connections to other network services is called

Select one of the following:

  • Load balancer

  • Proxy

  • Network Access Control (NAC)

  • Backdoor

Explanation

Question 82 of 100

1

A solution designed for filtering malicious / restricted content from entering corporate networks is known as

Select one of the following:

  • MAC filter

  • Subnetting

  • HIPS

  • Web security gateway

Explanation

Question 83 of 100

1

One of the measures for securing networking devices includes the practice of disabling unused ports

Select one of the following:

  • True
  • False

Explanation

Question 84 of 100

1

What type of protocols ensure the privacy of a VPN connection?

Select one of the following:

  • OSPF

  • IPv6

  • Tunneling

  • Telnet

Explanation

Question 85 of 100

1

Which of the following answers refers to a dedicated device for managing secure connections established over an untrusted network, such as the Internet?

Select one of the following:

  • Load balancer

  • VPN concentrator

  • Spam filter

  • Web server

Explanation

Question 86 of 100

1

Which of the following acronyms refers to a network or host based monitoring system designed to automatically alert administrators of known or suspected unauthorized activity?

Select one of the following:

  • IDS

  • AES

  • TPM

  • EFS

Explanation

Question 87 of 100

1

A software tool used to monitor and examine contents of network traffic is known as: (Select all that apply)

Select one or more of the following:

  • Port scanner

  • Packet sniffer

  • Vulnerability scanner

  • Protocol analyzer

Explanation

Question 88 of 100

1

Which of the following answers list the protocol and port number used by a spam filter? (Select 2 answers)

Select one or more of the following:

  • HTTPS

  • 23

  • SMTP

  • 443

  • TELNET

  • 25

Explanation

Question 89 of 100

1

Which of the following acronyms refers to a network security solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?

Select one of the following:

  • MTU

  • STP

  • UTM

  • XML

Explanation

Question 90 of 100

1

Which of the following network security solutions inspects network traffic in real-time and has the capability to stop the ongoing attack?

Select one of the following:

  • NIPS

  • HIDS

  • HIPS

  • NIST

Explanation

Question 91 of 100

1

Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

Select one of the following:

  • CRL

  • NAT

  • BCP

  • ACL

Explanation

Question 92 of 100

1

Which of the following actions can be taken by passive IDS? (Select 2 answers)

Select one or more of the following:

  • Reconfiguring firewall

  • Closing down connection

  • Logging

  • Terminating process

  • Sending an alert

Explanation

Question 93 of 100

1

802.1x is an IEEE standard defining

Select one of the following:

  • Token ring networks

  • Port-based network access control

  • VLAN tagging

  • Wireless networking

Explanation

Question 94 of 100

1

An access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries is also known as

Select one of the following:

  • Mandatory Access Control

  • Lattice-Based Access Control

  • Role-Based Access Control

  • Rule-Based Access Control

Explanation

Question 95 of 100

1

Which type of Intrusion Detection System (IDS) relies on the previously established baseline of normal network activity in order to detect intrusions?

Select one of the following:

  • Signature-based

  • URL filter

  • Anomaly-based

  • ACL

Explanation

Question 96 of 100

1

Which of the following security solutions provides a countermeasure against denial-of-service attack characterized by increasing number of half-open connections?

Select one of the following:

  • Flood guard

  • MAC filter

  • Port scanner

  • Honeypot

Explanation

Question 97 of 100

1

Which of the following protocols protects against switching loops?

Select one of the following:

  • UTP

  • SSH

  • STP

  • HMAC

Explanation

Question 98 of 100

1

Which type of Intrusion Detection System (IDS) relies on known attack patterns to detect an intrusion?

Select one of the following:

  • Load balancer

  • Signature-based

  • Protocol analyzer

  • Anomaly-based

Explanation

Question 99 of 100

1

URL filtering restricts access to Internet sites based on which of the following criteria?

Select one of the following:

  • Virus signature

  • Web address

  • Baseline

  • Data content

Explanation

Question 100 of 100

1

Which of the following acronyms refers to a firewall controlling access to a web server?

Select one of the following:

  • WPS

  • WEP

  • MTBF

  • WAF

Explanation