Security + practice exam

Description

CompTIA Security+ Exam SY0-401 All 12 practice tests in one spot
Crozeph Rede
Quiz by Crozeph Rede, updated more than 1 year ago
Crozeph Rede
Created by Crozeph Rede over 9 years ago
408
8

Resource summary

Question 1

Question
Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?
Answer
  • Non-repudiation
  • Implicit deny policy
  • Acceptable use policy
  • Post-admission NAC

Question 2

Question
A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers is known as:
Answer
  • VPN
  • Access Point (AP)
  • VLAN
  • DMZ

Question 3

Question
Which part of the 192.168.1.5/24 address identifies its network ID?
Answer
  • 192
  • 192.168
  • 192.168.1
  • 192.168.1.5

Question 4

Question
Which of the following acronyms refers to a solution allowing companies to cut costs related to managing of internal calls?
Answer
  • PBX
  • POTS
  • P2P
  • PSTN

Question 5

Question
A solution that allows to make phone calls over a broadband Internet connection instead of typical analog telephone lines is known as:
Answer
  • IMAP
  • VoIP
  • POTS
  • ITCP

Question 6

Question
Which of the following answers lists a /27 subnet mask?
Answer
  • 255.255.255.0
  • 255.255.255.128
  • 255.255.255.192
  • 255.255.255.224

Question 7

Question
What type of system can be compromised through phreaking?
Answer
  • ATX
  • PGP
  • PBX
  • BIOS

Question 8

Question
Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location?
Answer
  • DMZ
  • Virtualization
  • VLAN
  • SNMP

Question 9

Question
Which security measure is in place when a client is denied access to the network due to outdated antivirus software?
Answer
  • NAC
  • DMZ
  • VLAN
  • NAT

Question 10

Question
Which of the following terms refers to a technology that allows multiple operating systems to work simultaneously on the same hardware?
Answer
  • Hyperthreading
  • Virtualization
  • Multi core
  • Combo drive

Question 11

Question
A security stance whereby a host is being granted / denied permissions based on its actions after it has been provided with the access to the network is known as:
Answer
  • Network separation
  • Pre-admission NAC
  • Quarantine
  • Post-admission NAC

Question 12

Question
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?
Answer
  • NAC
  • ACL
  • NAT
  • DMZ

Question 13

Question
VLAN membership can be set through: (Select all that apply)
Answer
  • Trunk port
  • Group permissions
  • Encryption
  • MAC address

Question 14

Question
In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment?
Answer
  • IaaS
  • SaaS
  • P2P
  • PaaS

Question 15

Question
Which of the following cloud service types would provide the best solution for a web developer intending to create a web app?
Answer
  • SaaS
  • API
  • PaaS
  • IaaS

Question 16

Question
A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called:
Answer
  • Thick client
  • SaaS
  • Virtualization
  • IaaS

Question 17

Question
The biggest advantage of public cloud is that all services provided through this type of cloud computing service model are offered free of charge.
Answer
  • True
  • False

Question 18

Question
A concept of effective security posture employing multiple tools and different techniques to slow down an attacker is known as: (Select 2 answers)
Answer
  • Vulnerability scanning
  • Layered security
  • Authorization
  • Principle of least privilege
  • Defense in depth

Question 19

Question
Which of the IPsec modes provides entire packet encryption?
Answer
  • Tunnel
  • Payload
  • Transport
  • Default

Question 20

Question
Which of the following protocols is used in network management systems for monitoring network-attached devices?
Answer
  • RTP
  • SNMP
  • IMAP
  • STP

Question 21

Question
Which of the following protocols transmit data in an unencrypted form? (Select all that apply)
Answer
  • SCP
  • IPsec
  • SNMPv1
  • FTP
  • Telnet
  • SFTP

Question 22

Question
A group that consists of SNMP devices and one or more SNMP managers is known as:
Answer
  • SNMP trap
  • Network Management System (NMS)
  • SNMP community
  • Management Information Base (MIB)

Question 23

Question
Which of the following protocols was designed as a secure replacement for Telnet?
Answer
  • ICMP
  • FTP
  • IPv6
  • SSH

Question 24

Question
A system used to convert a computer's host name into an IP address on the Internet is known as:
Answer
  • DNS
  • NetBIOS
  • TLS
  • ICMP

Question 25

Question
DNS database AAAA record identifies:
Answer
  • Mail server
  • IPv4 address
  • Canonical name
  • IPv6 address

Question 26

Question
Which of the following protocols are used for securing HTTP connections? (Select 2 answers)
Answer
  • SCP
  • Telnet
  • SSL
  • SNMP
  • TLS

Question 27

Question
Which of the following answers refers to a suite of protocols used for connecting hosts on the Internet?
Answer
  • NetBIOS
  • IPv4
  • TCP/IP
  • LAN

Question 28

Question
FTPS is an extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
Answer
  • True
  • False

Question 29

Question
The SCP protocol is used for:
Answer
  • Directory access
  • Secure file transfer
  • Network addressing
  • Sending emails

Question 30

Question
Which of the protocols listed below is used by the PING utility?
Answer
  • TLS
  • SNMP
  • FCoE
  • ICMP

Question 31

Question
Which of the following answers lists the IPv6 loopback address?
Answer
  • ::/128
  • FF00::/8
  • ::1
  • 127.0.0.1

Question 32

Question
Which of the following answers refers to a networking standard for linking data storage devices over an IP network?
Answer
  • iSCSI
  • SSD
  • TPM
  • LDAP

Question 33

Question
Which of the following protocols facilitate communication between SAN devices? (Select 2 answers)
Answer
  • MTBF
  • TFTP
  • iSCSI
  • HTTPS
  • FCoE

Question 34

Question
The FTP protocol is designed for:
Answer
  • Sending email messages between servers
  • Serving web pages
  • Translating domain names into IP addresses
  • File exchange

Question 35

Question
Which of the protocols listed below does not provide authentication?
Answer
  • FTP
  • TFTP
  • SCP
  • SFTP

Question 36

Question
Which of the following protocols was designed as a secure replacement for Telnet?
Answer
  • FTP
  • IPv6
  • SSH
  • ICMP

Question 37

Question
FTP runs by default on ports: (Select 2 answers)
Answer
  • 25
  • 23
  • 20
  • 21
  • 22

Question 38

Question
Which of the following protocols run(s) on port number 22? (Select all that apply)
Answer
  • FTP
  • SSH
  • SMTP
  • SCP
  • SFTP

Question 39

Question
Port number 23 is used by:
Answer
  • SMTP
  • SSH
  • Telnet
  • TFTP

Question 40

Question
Which of the following TCP ports is used by SMTP?
Answer
  • 25
  • 53
  • 80
  • 23

Question 41

Question
DNS runs on port:
Answer
  • 139
  • 53
  • 443
  • 22

Question 42

Question
Which of the following ports enables HTTP traffic?
Answer
  • 110
  • 88
  • 143
  • 80

Question 43

Question
Which of the following ports enable(s) retrieving email messages from a remote server? (Select all that apply)
Answer
  • 80
  • 139
  • 110
  • 443
  • 143

Question 44

Question
Which of the port numbers listed below are used by NetBIOS? (Select all that apply)
Answer
  • 137
  • 161
  • 138
  • 162
  • 139

Question 45

Question
IMAP runs on TCP port:
Answer
  • 143
  • 25
  • 443
  • 110

Question 46

Question
Which of the following TCP ports is used by HTTPS?
Answer
  • 80
  • 443
  • 53
  • 143

Question 47

Question
Which of the following answers lists the default port number for a Microsoft-proprietary remote connection protocol?
Answer
  • 139
  • 443
  • 3389
  • 53

Question 48

Question
Which of the following protocols operate(s) at layer 3 (the network layer) of the OSI model? (Select all that apply)
Answer
  • IPSec
  • IPv6
  • HTTP
  • IPv4
  • IMAP
  • ICMP

Question 49

Question
In the OSI model, TCP resides at the:
Answer
  • Physical layer
  • Network layer
  • Application layer
  • Transport layer

Question 50

Question
A network protocol for secure file transfer over secure shell is called:
Answer
  • FCoE
  • SFTP
  • Telnet
  • TFTP

Question 51

Question
Which of the following wireless encryption schemes offers the highest level of protection?
Answer
  • WEP
  • WPA2
  • WAP
  • WPA

Question 52

Question
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities?
Answer
  • PEAP
  • CCMP
  • WPA2
  • WEP

Question 53

Question
Which of the following answers refers to an authentication framework frequently used in wireless networks and point-to-point connections?
Answer
  • DLP
  • OCSP
  • EAP
  • LDAP

Question 54

Question
A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as:
Answer
  • EMI shielding
  • Hardware lock
  • MAC filter
  • Quality of Service (QoS)

Question 55

Question
Which of the following acronyms refers to a wireless network name?
Answer
  • SSID
  • WAP
  • SSO
  • HVAC

Question 56

Question
Which of the following protocols was introduced to strengthen existing WEP implementations without requiring the replacement of legacy hardware?
Answer
  • PEAP
  • TKIP
  • CCMP
  • WPA2

Question 57

Question
Disabling SSID broadcast:
Answer
  • Is one of the measures used for securing networks
  • Makes a WLAN harder to discover
  • Blocks access to WAP
  • Prevents wireless clients from accessing the network

Question 58

Question
Which of the following protocols encapsulates EAP within an encrypted and authenticated TLS tunnel?
Answer
  • LDAP
  • PAP
  • Telnet
  • PEAP

Question 59

Question
AES-based encryption mode implemented in WPA2 is known as:
Answer
  • CCMP
  • TPM
  • TKIP
  • MTBF

Question 60

Question
An optimal WAP antenna placement provides a countermeasure against: (Select 2 answers)
Answer
  • War chalking
  • Tailgating
  • War driving
  • Shoulder surfing
  • Site survey

Question 61

Question
Which of the following WAP configuration settings allows for adjusting the boundary range of the wireless signal?
Answer
  • Beacon frame
  • Power level controls
  • Quality of Service (QoS)
  • MAC filtering

Question 62

Question
Which of the following answers refers to a solution allowing administrators to block Internet access for users until they perform required action?
Answer
  • Access logs
  • Mantrap
  • Post-admission NAC
  • Captive portal

Question 63

Question
Which of the following antenna types would provide the best coverage for workstations connecting to a WAP placed in a central point of a typical office? (Select all that apply)
Answer
  • Omnidirectional
  • Unidirectional
  • Bidirectional
  • Non-directional

Question 64

Question
Which of the following is an example of a wireless site survey?
Answer
  • Bluejacking
  • Spear phishing
  • War driving
  • Shoulder surfing

Question 65

Question
Which of the following examples falls into the category of technical security controls?
Answer
  • Change management
  • Acceptable use policy
  • Intrusion detection system
  • Incident response procedure

Question 66

Question
An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:
Answer
  • Fault tolerance
  • False positive error
  • Incident isolation
  • False negative error

Question 67

Question
Which of the following examples falls into the category of operational security controls?
Answer
  • Change management
  • Encryption
  • Antivirus software
  • Mantrap

Question 68

Question
Which of the following terms refers to a situation where no alarm is raised when an attack has taken place?
Answer
  • False negative
  • True positive
  • False positive
  • True negative

Question 69

Question
A policy outlining ways of collecting and managing personal data is known as:
Answer
  • Acceptable use policy
  • Audit policy
  • Privacy policy
  • Data loss prevention

Question 70

Question
Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put?
Answer
  • OEM
  • AUP
  • UAT
  • ARO

Question 71

Question
One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company.
Answer
  • True
  • False

Question 72

Question
Which of the following answers refers to a concept of having more than one person required to complete a given task?
Answer
  • Acceptable use policy
  • Privacy policy
  • Multifactor authentication
  • Separation of duties

Question 73

Question
A security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities is known as:
Answer
  • Order of volatility
  • Principle of least privilege
  • Privacy policy
  • Single sign-on

Question 74

Question
Which of the following acronyms refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
Answer
  • ARO
  • ALE
  • SLE
  • UAT

Question 75

Question
Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF) The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. Which of the following answers lists the EF value for an asset that is entirely lost?
Answer
  • 0
  • 100
  • 1.0
  • 0.1

Question 76

Question
A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called
Answer
  • Antivirus
  • Firewall
  • Antispyware
  • Malware

Question 77

Question
A device designed to forward data packets between networks is called
Answer
  • Switch
  • Hub
  • Router
  • MAC filter

Question 78

Question
Allowing a program through a firewall is known as creating
Answer
  • Tunnel
  • Entry
  • Access Point (AP)
  • Exception

Question 79

Question
A network device designed for managing the optimal distribution of workloads across multiple computing resources is called
Answer
  • Load balancer
  • HIDS
  • Firewall
  • Captive portal

Question 80

Question
The last default rule on a firewall is to
Answer
  • Create an exception
  • Allow all traffic
  • Deny all traffic
  • Unblock all ports

Question 81

Question
A computer network service that allows clients to make indirect network connections to other network services is called
Answer
  • Load balancer
  • Proxy
  • Network Access Control (NAC)
  • Backdoor

Question 82

Question
A solution designed for filtering malicious / restricted content from entering corporate networks is known as
Answer
  • MAC filter
  • Subnetting
  • HIPS
  • Web security gateway

Question 83

Question
One of the measures for securing networking devices includes the practice of disabling unused ports
Answer
  • True
  • False

Question 84

Question
What type of protocols ensure the privacy of a VPN connection?
Answer
  • OSPF
  • IPv6
  • Tunneling
  • Telnet

Question 85

Question
Which of the following answers refers to a dedicated device for managing secure connections established over an untrusted network, such as the Internet?
Answer
  • Load balancer
  • VPN concentrator
  • Spam filter
  • Web server

Question 86

Question
Which of the following acronyms refers to a network or host based monitoring system designed to automatically alert administrators of known or suspected unauthorized activity?
Answer
  • IDS
  • AES
  • TPM
  • EFS

Question 87

Question
A software tool used to monitor and examine contents of network traffic is known as: (Select all that apply)
Answer
  • Port scanner
  • Packet sniffer
  • Vulnerability scanner
  • Protocol analyzer

Question 88

Question
Which of the following answers list the protocol and port number used by a spam filter? (Select 2 answers)
Answer
  • HTTPS
  • 23
  • SMTP
  • 443
  • TELNET
  • 25

Question 89

Question
Which of the following acronyms refers to a network security solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?
Answer
  • MTU
  • STP
  • UTM
  • XML

Question 90

Question
Which of the following network security solutions inspects network traffic in real-time and has the capability to stop the ongoing attack?
Answer
  • NIPS
  • HIDS
  • HIPS
  • NIST

Question 91

Question
Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
Answer
  • CRL
  • NAT
  • BCP
  • ACL

Question 92

Question
Which of the following actions can be taken by passive IDS? (Select 2 answers)
Answer
  • Reconfiguring firewall
  • Closing down connection
  • Logging
  • Terminating process
  • Sending an alert

Question 93

Question
802.1x is an IEEE standard defining
Answer
  • Token ring networks
  • Port-based network access control
  • VLAN tagging
  • Wireless networking

Question 94

Question
An access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries is also known as
Answer
  • Mandatory Access Control
  • Lattice-Based Access Control
  • Role-Based Access Control
  • Rule-Based Access Control

Question 95

Question
Which type of Intrusion Detection System (IDS) relies on the previously established baseline of normal network activity in order to detect intrusions?
Answer
  • Signature-based
  • URL filter
  • Anomaly-based
  • ACL

Question 96

Question
Which of the following security solutions provides a countermeasure against denial-of-service attack characterized by increasing number of half-open connections?
Answer
  • Flood guard
  • MAC filter
  • Port scanner
  • Honeypot

Question 97

Question
Which of the following protocols protects against switching loops?
Answer
  • UTP
  • SSH
  • STP
  • HMAC

Question 98

Question
Which type of Intrusion Detection System (IDS) relies on known attack patterns to detect an intrusion?
Answer
  • Load balancer
  • Signature-based
  • Protocol analyzer
  • Anomaly-based

Question 99

Question
URL filtering restricts access to Internet sites based on which of the following criteria?
Answer
  • Virus signature
  • Web address
  • Baseline
  • Data content

Question 100

Question
Which of the following acronyms refers to a firewall controlling access to a web server?
Answer
  • WPS
  • WEP
  • MTBF
  • WAF
Show full summary Hide full summary

Similar

CompTIA Security+
michael smith0754
SY0-401 Part 1 (50 questions)
desideri
Security + Practice
Elise Berg
Ch 3 - Basic Cryptography
C Danvers
Ch 5 - Networking & Server Attacks
C Danvers
Ch 6 - Network Security Devices, Design, and Technology
C Danvers
Ch 7 - Administering a Secure Network
C Danvers
Ch 4 - Advanced Cryptography
C Danvers
Ch 2 - Malware & Social Engineering
C Danvers
CH3: OSI Layers, Devices, and Protocols
Brent Jerdo
CH3: Well-Known Ports
Brent Jerdo