This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) Tom, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?
Voice phishing (Vishing) is the act of using social engineering over a telephone system.
This question is filed under objective 3, Threats and Vulnerabilities
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks Landline telephone services have traditionally been trustworthy terminated in physical locations known to the telephone company, and associated with a bill-payer Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some… Read More
2) A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?
High availability is a system design approach and implementation that ensures high availability of system resources for users.
This question is filed under objective 1, Network Security
High-availability clusters (also known as HA clusters , fail-over clusters or Metroclusters Active/Active) are groups of computers that support server applications that can be reliably utilized with a minimum amount of down-time They operate by using high availability software to harness redundant computers in groups or clusters that provide continued service when system components fail Without clustering, if a server running a particular application crashes, the application will be unavailable until the crashed server is fixed HA clustering remedies this situation by detecting hardware/software faults, and immediately restarting the application on another system without requiring administrative intervention, a process known as failover… Read More
3) Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
Succession planning is the process for identifying internal personnel to fill key leadership positions if needed.
This question is filed under objective 2, Compliance and Operational Security
Succession planning is a process for identifying and developing new leaders who can replace old leaders when they leave, retire or die Here the planning is usually a close process, so that those who have been selected are not likely to know that they are on a succession list or chat Succession planning can be defined as the process of identifying critical roles in a company and the core skills associated with those roles, and then identifying possible internal candidates to assume those jobs when the incumbents leave In dictatorships, succession planning aims for continuity of leadership, preventing a chaotic power struggle by preventing a power vacuum… Read More
4) Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
In this case, a NIDS or NIPS will not prevent malicious traffic, because traffic between virtual machines on the same physical machine may not be transmitted on network devices. Because of this, we need Host Intrusion PROTECTION Systems (HIPS).
This question is filed under objective 4, Application, Data and Host Security
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarmsIDS types range in scope from single computers to large networks The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) A system that monitors important operating system files is an example of an HIDS, while a… Read More
5) Which of the following is the MOST secure protocol to transfer files?
Only File Transfer Protocol (FTP) and File Transfer Protocol SSL (FTPS) are used for transferring files, and of the two FTPS is the only secure, encrypted protocol.
This question is filed under objective 4, Application, Data and Host Security
FTPS (also known FTP-SSL, and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols FTPS should not be confused with the SSH File Transfer Protocol (SFTP), a secure file transfer subsystem for the Secure Shell (SSH) protocol with which it is not compatible It is also different from FTP over SSH, which is the practice of tunneling FTP through an SSH connection … Read More
6) Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
Protected Extensible Authentication Protocol (PEAP) provides encrypted, mutual authentication, while the Microsoft Challenge Handshake Authentication Protocol provides network authentication through username and password.
This question is filed under objective 1, Network Security
PEAP is also an acronym for Personal Egress Air PacksThe Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel The purpose was to correct deficiencies in EAP EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not providedPEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security PEAPv0 was the version included with Microsoft Windows XP and was nominally defined in draft-kamath-pppext-peapv0-00… Read More
7) Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?
Unfortunately, the only viable recovery option listed is to attempt to brute force the user's password. However, this method should only be used as a last resort.
This question is filed under objective 3, Threats and Vulnerabilities
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly The attacker systematically checks all possible passwords and passphrases until the correct one is found Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function This is known as an exhaustive key search A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner) Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption… Read More
8) Which of the following is an example of multifactor authentication?
The three types of authentication are something you KNOW, something you HAVE, and something you ARE. A multifactor authentication uses 2 or more of these factors. A credit card is something you HAVE while a PIN is something you know.
This question is filed under objective 5, Access Control and Identity Management
Multi-factor authentication (MFA encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is) MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and constantly refreshing code to use for authentication… Read More
9) A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
Both IPSec and NAT were created to address problems in the native IPv4. IPv6 no longer needs NAT, and has IPSec built directly into the protocol.
This question is filed under objective 1, Network Security
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion IPv6 is intended to replace IPv4 In December 1998, IPv6 became a Draft Standard for the IETF, who subsequently ratified it as an Internet Standard on 14 July 2017Devices on the Internet are assigned a unique IP address for identification and location definition With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more… Read More
10) A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?
A virus is a type of malware that infects another program (typically an exe/executable) and has the ability to spread itself to other systems. Both viruses and worms may have the ability to replicate themselves with or without user intervention. They key difference is that a worm is a standalone program while a virus infects an existing program, for example a critical Windows executable.
This question is filed under objective 3, Threats and Vulnerabilities
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code If this replication succeeds, the affected areas are then said to be "infected" with a computer virusComputer viruses generally require a host program The virus writes its own code into the host program When the program runs, the written virus program is executed first, causing infection and damage A computer worm does not need a host program, as it is an independent program or code chunk Therefore, it is not restricted by the host program, but can run independently and actively carry out attacks… Read More
11) A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?
The Simple Network Management Protocol (SNMP) is used to manage devices on IP networks. It is used to monitor, configure, and manage network devices. SNMPv3 is the correct answer because it provides authentication, integrity, and confidentiality while version 1 and 2 did not.
This question is filed under objective 1, Network Security
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and moreSNMP is widely used in network management for network monitoring SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications Three significant versions of SNMP have been developed and… Read More
12) Which of the following is a difference between TFTP and FTP?
Trivial File Transfer Protocol (TFTP) is designed to be a simpler, less secure version of FTP. It uses little to no authentication, and UDP instead of TCP.
This question is filed under objective 1, Network Security
The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network FTP is built on a client–server model architecture using separate control and data connections between the client and the server FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP)… Read More
13) Which of the following is a protocol that could be used to support authentication services for several local devices from a central location without the use of tokens or tickets?
The Terminal Access Controller Access-Control System Plus (TACACS+) protocol handles authentication, authorization, and accounting (AAA) using username and passwords.
This question is filed under objective 5, Access Control and Identity Management
Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks it spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network… Read More
14) Rebecca, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $350. The likelihood that their database would be breached in the next year is only 8%. Which of the following is the ALE that Rebecca should report to management for a security breach?
Annualized Loss Expectancy (ALE) is an estimate of the average monetary value lost per year. In this case it can be calculated by finding the total loss of all records: 250 * 350 = $87,500. This gives us the Single Loss Expectancy (SLE) of the entire database. Take the SLE divided by the Annualized Rate of Occurrence (ARO) of 8%: 87,500 * .08, which gives us the ALE of $7,000.
This question is filed under objective 2, Compliance and Operational Security
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE) It is mathematically expressed as: ALE = ARO × SLE {\displaystyle {\text{ALE}}={\text{ARO}}\times {\text{SLE}}} Suppose that an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25% The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000 The annualized loss expectancy is the product of the annual rate of occurrence (ARO) and the single loss expectancy ALE = ARO * SLE For an annual rate of occurrence of one, the annualized loss expectancy is 1… Read More
15) A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?
The change management process is the process of requesting, planning, evaluating, and implementing changes to a computer system.
This question is filed under objective 2, Compliance and Operational Security
The change request management process in systems engineering is the process of requesting, determining attainability, planning, implementing, and evaluating of changes to a system Its main goals are to support the processing and traceability of changes to an interconnected set of factors … Read More
16) A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?
A Replay Attack is a malicious network attack where valid transmission data is replayed or duplicated in order to obtain illegal access to a system.
This question is filed under objective 3, Threats and Vulnerabilities
A replay attack (also known as playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution This is one of the lower-tier versions of a man-in-the-middle attack Replay attacks are usually passive in nature Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run… Read More
17) Which of the following should Bill, a security administrator, perform before a hard drive is analyzed with forensics tools?
The system image should be captured and backed up on another storage device.
This question is filed under objective 2, Compliance and Operational Security
18) An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?
Privilege creep is the accumulation of access rights beyond what is required for an individual to do their job. Reviewing user rights regularly can prevent privilege creep.
This question is filed under objective 2, Compliance and Operational Security
In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose … Read More
19) An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?
This web based injection is targeting the LDAP server. Specifically, the admin account and its password.
This question is filed under objective 3, Threats and Vulnerabilities
20) A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. How many authentication factors are in use by the VPN system?
The three types of authentication factors are something you know, something you have, and something you are. In this case 2 factors are used: 1. The user must know the username and password. 2. The user must have a valid client side certificate.
This question is filed under objective 5, Access Control and Identity Management
Multi-factor authentication (MFA encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is) MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and constantly refreshing code to use for authentication… Read More
You can go back and review your answers or grade your test.