CompTIA Security+ SY0-401 (Practice Test)

CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. The official exam objectives are 1.0 Network Security, 2.0 Compliance and Operational Security, 3.0 Threats and Vulnerabilities, 4.0 Application Data and Host Security, 5.0 Access Control and Identity Management and 6.0 Cryptography.

  • Questions: 20
  • Time: 60 seconds per question (0 hours, 20 minutes, 0 seconds)
  • Included Objectives:
    • Access Control and Identity Management
    • Network Security
    • Compliance and Operational Security
    • Threats and Vulnerabilities
    • Application, Data and Host Security
    • Cryptography

Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

  • Enforcement of password complexity requirements
  • Implementation of configuration management processes
  • A recent security breach in which passwords were cracked
  • Implementation of account lockout procedures.

Which of the following presents the STRONGEST access control?

  • DAC
  • RBAC
  • MAC

Which of the following is not an example of biometric authentication?

  • Finger print scanner
  • Voice authentication
  • Smart card
  • Retina Scanner

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

  • Session hijacking and XML injection
  • Cookies and attachments
  • Buffer overflow and XSS
  • SQL injection

Rebecca, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $350. The likelihood that their database would be breached in the next year is only 8%. Which of the following is the ALE that Rebecca should report to management for a security breach?

  • $75,000
  • $7,000
  • $27,500
  • $7,500

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

  • Impersonation
  • Tailgating
  • Dumpster diving
  • Shoulder surfing

A malicious program that disguises itself as a legitimate program is known as a?

  • Injection
  • Trojan Horse
  • Virus
  • Spyware

Several high level executives at a business have been targeted by phishing attacks. Which of the following terms describes this type of phishing?

  • Whaling
  • Pharming
  • Phreaking
  • Tailgaiting

Your organization has a web server that must be accessible by external users. Which of the following options is the best location for the server?

  • Inside of a DMZ
  • Inside of a VPN
  • Inside of a VLAN
  • Behind the internal firewall

Which of the following assets is MOST likely considered for DLP?

  • Reverse proxy
  • Print server
  • USB mass storage device
  • Application server content

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. How many authentication factors are in use by the VPN system?

  • 2
  • 4
  • 3
  • 1

After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?

  • IV attack
  • Rogue access points
  • War chalking
  • War dialing

Which of the following is true about asymmetric encryption?

  • A message encrypted with a shared key, can be decrypted by the same key
  • A message encrypted with the private key can be decrypted by the same key
  • A message encrypted with the public key can be decrypted with the private key
  • A message encrypted with the public key can be decrypted with a shared key

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

  • Social engineering
  • Tailgating
  • Password reuse
  • Phishing

Which of the following is an example of multifactor authentication?

  • Credit card and PIN
  • Password and PIN
  • Username and Password
  • Fingerprint and Retina scan

You are a network administrator for a large business. Recently, you've noticed a large amount of unusual traffic and you suspect they are SYN attacks. What choice will help you defend against these attacks?

  • VLAN
  • Spanning Tree Protocol
  • Implicit Deny
  • Flood guards

Which of the following ACL rules will deny DHCP traffic?


SHA and MD5 are examples of which of the following?

  • Encryption algorithms
  • Hashing algorithms
  • Tunneling protocols
  • HIPS

Sara, an application developer, has just implemented error and exception handling in an application. Which of the following does this help prevent?

  • Buffer overflow
  • Pop-up blockers
  • Fuzzing
  • Cross-site scripting

A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?

  • WPA2
  • IPv6
  • WPA
  • IPv4