CompTIA Security+ SY0-401 (Practice Test)

CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. The official exam objectives are 1.0 Network Security, 2.0 Compliance and Operational Security, 3.0 Threats and Vulnerabilities, 4.0 Application Data and Host Security, 5.0 Access Control and Identity Management and 6.0 Cryptography.

  • Questions: 20
  • Time: 60 seconds per question (0 hours, 20 minutes, 0 seconds)
  • Included Objectives:
    • Application, Data and Host Security
    • Network Security
    • Compliance and Operational Security
    • Threats and Vulnerabilities
    • Access Control and Identity Management
    • Cryptography

Which of the following is an access control method, which is based of a persons job?

  • DAC
  • RBAC
  • MAC
  • HMAC

A user ID and password together provide which of the following?

  • Authorization
  • Identifcation
  • Authentication
  • Auditing

An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

  • Implement time of day restrictions for all temporary employees
  • Implement an account expiration date for temporary employees
  • Implement a password expiration policy
  • Run a last logon script to look for inactive accounts

An administrator is receiving an error in browser stating a website's certificate is invalid. Which of the following is the browser referring to?

  • CRL
  • Public key
  • Private key
  • Recovery agent

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

  • More experienced employees from less experienced employees
  • The network access layer from the application access layer
  • Upper level management users from standard development employees
  • Changes to program code and the ability to deploy to production

Your supervisor asks you to implement a new KDC. Which of the following protocols is your supervisor planning to implement?

  • Radius
  • LDAP
  • Kerberos

Which of the following is an example of a physical security measure?

  • Honeypot
  • Mantrap
  • NIPS
  • HIDS

Which of the following terms involves the sending and receiving of unsolicited messages over Bluetooth?

  • Phishing
  • Spim
  • Bluesnarfing
  • BlueJacking

Which of the following options describes a zero-day attack?

  • A known attack, which has been patched and is no longer a threat
  • A commonly known attack, which is still unpatched
  • An attack that exploits an new or unknown vulnerability
  • A type of social attack, in which the attacker targets high level executives.

You are a network administrator for a large business. Recently, you've noticed a large amount of unusual traffic and you suspect they are SYN attacks. What choice will help you defend against these attacks?

  • Flood guards
  • VLAN
  • Spanning Tree Protocol
  • Implicit Deny

Which of the following terms would be used when configuring a firewall to allow certain traffic to pass unobstructed?

  • Creating an exception
  • Creating an AP
  • Allowing a session
  • Establishing a tunnel

You are creating a new network for your company, you only want to purchase one public IP but have many hosts that will be on the network. What will ensure this is possible?

  • PAT
  • NAC
  • DMZ
  • HIDS

Which of the following is a protocol that prevents loops in layer 2 switching devices?

  • STP
  • RDP
  • TCP
  • HVAC

Which of the following options can be used to verify data integrity?

  • Blowfish
  • MD5
  • AES
  • RAID 0

Which port is used by telnet?

  • 23
  • 22
  • 21
  • 20

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

  • XSS
  • LDAP injection
  • SQL injection
  • Command injection

What device will work best for servers that need to store private keys?

  • host firewall
  • SSD hard drive
  • Network firewall
  • Hardware Security Module

SHA and MD5 are examples of which of the following?

  • Tunneling protocols
  • HIPS
  • Hashing algorithms
  • Encryption algorithms

Your organization has a web server that must be accessible by external users. Which of the following options is the best location for the server?

  • Inside of a VLAN
  • Behind the internal firewall
  • Inside of a VPN
  • Inside of a DMZ

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?

  • The network uses the subnet of
  • The switch has several VLANs configured on it
  • The sub-interfaces are configured for VoIP traffic
  • The sub-interfaces each implement quality of service