This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) Which of the following is a computer hardware component that can process and store cryptographic keys?
TPM (Trusted Platform Module) is a specification detailing secure cryptoprocessor. The device itself is often called a "TPM Chip" or "TPM Device."
This question is filed under objective 6, Cryptography
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys … Read More
2) What is the default port of Kerberos?
Kerberos is an authentication method uses to verify identity, and permit access to a resource. It uses port 88 by default.
This question is filed under objective 5, Access Control and Identity Management
Kerberos () is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of Hades Its designers aimed it primarily at a client–server model and it provides mutual authentication—both the user and the server verify each other's identity Kerberos protocol messages are protected against eavesdropping and replay attacks Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication… Read More
3) A list of permissions on a router that determines who can access specific areas of a network, is known as what?
ACL (Access Control List) is a list of permissions, normally allow or deny, for a specific resource. This is commonly found on IPS, Firewalls, and routing devices.
This question is filed under objective 5, Access Control and Identity Management
In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object) An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects Each entry in a typical ACL specifies a subject and an operation For instance, if a file object has an ACL that contains (Alice: read,write Bob: read), this would give Alice permission to read and write the file and only give Bob permission to read it … Read More
4) What port is used for HTTPS?
HTTP uses port 80, while HTTPS uses TCP port 443.
This question is filed under objective 4, Application, Data and Host Security
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) It is used for secure communication over a computer network, and is widely used on the Internet In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL) The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and… Read More
5) SHA and MD5 are examples of which of the following?
SHA and MD5 are hashing algorithms, used for one way encryption and data integrity.
This question is filed under objective 6, Cryptography
A hash function is any function that can be used to map data of arbitrary size to fixed-size values The values returned by a hash function are called hash values, hash codes, digests, or simply hashes The values are usually used to index a fixed-size table called a hash table Use of a hash function to index a hash table is called hashing or scatter storage addressing Hash functions and their associated hash tables are used in data storage and retrieval applications to access data in a small and nearly constant time per retrieval, and require an amount of storage space only fractionally greater than the total space required for the data or records themselves… Read More
6) Which option will provide short-term system availability in case of loss or failure?
RAID 5 (Striping with parity) uses data striping to increase read/write time, and parity disk(s) to provide for availability in case of a hard drive failure. A cold site is an empty area (no infrastructure standing by) for use in the event of a major disaster, it is not a short term solution. Raid 0 is striping and only provides faster data access.
This question is filed under objective 2, Compliance and Operational Security
In computer storage, the standard RAID levels comprise a basic set of RAID ("Redundant Array of Independent Disks" or "Redundant Array of Inexpensive Disks") configurations that employ the techniques of striping, mirroring, or parity to create large reliable data stores from multiple general-purpose computer hard disk drives (HDDs) The most common types are RAID 0 (striping), RAID 1 (mirroring) and its variants, RAID 5 (distributed parity), and RAID 6 (dual parity) Multiple RAID levels can also be combined or nested, for instance RAID 10 (striping of mirrors) or RAID 01 (mirroring stripe sets) RAID levels and their associated data formats are standardized by the Storage Networking Industry Association (SNIA) in the Common RAID Disk Drive… Read More
7) When converted into binary, how many bits are present in an IPv4 Address?
IPv4 addressing consists of four octets of eight bits each. 8x4=32 bits per address. Example: 192.168.1.1 in binary is 11000000.10101000.00000001.00000001, which is 32 bits.
This question is filed under objective 2, Compliance and Operational Security
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP) It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983 It still routes most Internet traffic today, despite the ongoing deployment of a successor protocol, IPv6 IPv4 uses a 32-bit address space which provides 4,294,967,296 (232) unique addresses, but large blocks are reserved for special networking methods … Read More
8) Which port is used by telnet?
Telnet is a remote command line interface tool, which uses port 23 to communicate.
This question is filed under objective 4, Application, Data and Host Security
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP) Telnet was developed in 1969 beginning with RFC 15, extended in RFC 855, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards The name stands for "teletype network"Historically, Telnet provided access to a command-line interface on a remote host However, because of serious security concerns when using Telnet over an open network such as… Read More
9) Which of the following choices properly defines the term war chalking?
War Chalking is marking a building or sidewalk to note the type of WiFi available. In modern times this is not very common, but in the early days of WiFi this practice was used by malicious users to find unsecure wireless networks.
This question is filed under objective 2, Compliance and Operational Security
Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them Within days of Jones publishing a blog entry about warchalking, articles appeared in dozens of publications and stories appeared on several major television news programs around the worldThe word is formed by analogy to wardriving, the practice of driving around an area in a car to detect open Wi-Fi nodes… Read More
10) Which of the following is a common synonym for a Protocol Analyzer?
A packet sniffer intercepts and logs network packets, allows a network user to analyze and review network data.
This question is filed under objective 1, Network Security
A packet analyzer or packet sniffer is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network Packet capture is the process of intercepting and logging traffic As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications A packet analyzer used for intercepting traffic on wireless networks is known as a wireless analyzer or WiFi analyzer… Read More
11) Which of the following STOPS attacks on a host system?
A HIPS (Host Intrusion Prevention System) will stop and report attacks on a host system. A HIDS (Host Intrusion Detection System) can detect and log an attack, but not actively prevent or stop it.
This question is filed under objective 1, Network Security
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarmsIDS types range in scope from single computers to large networks The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) A system that monitors important operating system files is an example of an HIDS, while a… Read More
12) Which of the following is a Denial of Service attack using a succession of TCP Handshake requests?
A SYN Flood attack opens a large amount of SYN requests (the first step in the TCP 3 way handshake) in an attempt to overload a system's memory or network.
This question is filed under objective 3, Threats and Vulnerabilities
A SYN flood is a form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection The server has to spend resources waiting for half-opened connections, which can consume enough resources to make the system unresponsive to legitimate trafficThe packet that the attacker sends is the SYN packet, a part of TCP's three-way handshake used to establish a connection … Read More
13) True or False: It is good practice to disable unused or publicly accessible network ports?
14) Which of the following is a protocol that prevents loops in layer 2 switching devices?
STP (Spanning Tree Protocol) is a layer 2 protocol used to prevent switching loops. STP can be attacked by a hacker, and cause a network outage.
This question is filed under objective 3, Threats and Vulnerabilities
The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them Spanning tree also allows a network design to include backup links providing fault tolerance if an active link fails As the name suggests, STP creates a spanning tree that characterizes the relationship of nodes within a network of connected layer-2 bridges, and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes STP is based on an algorithm that was invented by Radia Perlman while she was working for Digital Equipment Corporation… Read More
15) Which of the following protocols is used to encrypt emails?
PGP (Pretty Good Privacy) is a data encryption/authentication protocol, which is commonly used for email messages.
This question is filed under objective 4, Application, Data and Host Security
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications Phil Zimmermann developed PGP in 1991PGP and similar software follow the OpenPGP, an open standard of PGP encryption software, standard (RFC 4880) for encrypting and decrypting data … Read More
16) A server on your network needs to be accessed by external users. The content of the server should be publicly available and does not contain any confidential information. Where should you place it?
A DMZ (Demilitarized Zone) is a part of a network that is somewhat protected, and allowed to be accessed externally and internally. However, it is also separated from the internal network, allowing a more secure environment internally.
This question is filed under objective 1, Network Security
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled The DMZ functions as a small, isolated network positioned between the Internet and the private network … Read More
17) Which of the following is an example of multi-factor authentication?
Multi-factor authentication means it uses more than 1 type of authentication. The factors are something the user IS (bio-metric), user knows (knowledge), and user has (physical token).
This question is filed under objective 5, Access Control and Identity Management
Multi-factor authentication (MFA encompassing Two-factor authentication or 2FA, along with similar terms) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is) MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and constantly refreshing code to use for authentication… Read More
18) Which authentication protocol periodically verifies a client with a 3-way handshake?
CHAP (Challenge-Handshake Authentication Protocol) uses a 3 way handshake to authenticate a user or host, and then will verify the host randomly during it's connection.
This question is filed under objective 5, Access Control and Identity Management
In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity That entity may be, for example, an Internet service provider CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP) which is vulnerable for both these reasons The MS-CHAP variant does not require either peer to know the plaintext and does not transmit it, but has been broken… Read More
19) Which of the following is an access control method, which is based of a persons job?
RBAC (Role Based Access Control) is an access control, where a persons level of access is dependent on their job in an origination.
This question is filed under objective 5, Access Control and Identity Management
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users It is used by the majority of enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC) Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations RBAC can be used to facilitate administration of security in large organizations with… Read More
20) Which of the following describes the most secure firewall configuration?
Implicit Deny describes a configuration where everything is denied by default, and exceptions are granted only when absolutely necessary. This is the most restrictive and secure method to securing a network, but also requires a high level of administration.
This question is filed under objective 1, Network Security
You can go back and review your answers or grade your test.