This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
1) You are a network security technician at a mid-sized company. Your employer is planning for significant growth and the CIO has tasked you with implementing a system to consolidate all critical network device logs to a central location. The system should support logs from all routers, firewalls, switches and business critical servers and should send alerts in the event of security issues. What type of solution would best meet these requirements?
Security Information and Event Management (SIEM) systems are used to centralize logging and alerting from various types of network devices. Common functionalities include data aggregation, alerting, forensic analysis and data retention/compliance. They are most commonly found in mid-size to larger networks where there are too many devices to monitor separately.
This question is filed under objective 2, Technologies and Tools
In the field of computer security, security information and event management (SIEM), software products and services combine security information management (SIM) and security event management (SEM) They provide real-time analysis of security alerts generated by applications and network hardware Vendors sell SIEM as software, as appliances, or as managed services these products are also used to log security data and generate reports for compliance purposesThe term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005… Read More
2) You are an IT specialist on the Network Security team of a large enterprise. You have been tasked to implement a wireless network to be used by employees in the corporate headquarters. Your employer is very security conscious and instructs you to use the best possible encryption protocol available. What 802.11 protocol would you use to fulfill this requirement?
WiFi Protected Access 2 (WPA2) is the strongest encryption currently available for wireless networks. WPA and Wired Equivalent Privacy (WEP) are both options available on the market but are less secure and have known vulnerabilities. WIFI-S is not a real protocol.
This question is filed under objective 6, Cryptography and PKI
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are three security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)WPA (sometimes referred to as the draft IEEE 80211i standard) became available in 2003 The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 and is a common shorthand for the full IEEE 802… Read More
3) Which of the following options is a valid type of evidence in a computer forensics investigation that proves innocence?
Exculpatory evidence is evidence in an investigation the proves the innocence of a suspected person or party. Inculpatory evidence is the opposite and proves guilt. Demonstrative evidence is evidence that helps explain facts, common examples are charts, graphs, videos, etc.
This question is filed under objective 5, Risk Management
Exculpatory evidence is evidence favorable to the defendant in a criminal trial that exonerates or tends to exonerate the defendant of guilt It is the opposite of inculpatory evidence, which tends to present guilt In many countries, including the United States, police and prosecutors are required to disclose to the defendant exculpatory evidence they possess before the defendant enters a plea (guilty or not guilty)Per the Brady v Maryland decision, prosecutors have a duty to disclose exculpatory evidence even if not requested to do so While the prosecution is not required to search for exculpatory evidence and must disclose only the evidence in its possession, custody, or control, the prosecution's duty is to disclose all information… Read More
4) You need to record packet data being sent to and from a server running a Linux operating system. After recording the network traffic you want to view the data in a visualization tool like Wireshark. What command line tool is best suited for this task?
tcpdump is a packet analyzer or packet sniffer available on many Linux operating systems. It can be used to record all packets being sent to/from a server and reviewed in real time or saved to a file for later review/analysis.
5) What is the third step of the incident response process?
The steps of the incident response process are: Preparation, Identification, Containment, Eradication, Recovery, Lessons learned.
This question is filed under objective 5, Risk Management
6) What type of NIDS commonly uses artificial intelligence and data mining to identify malicious network traffic?
An anomaly-based Network Intrusion Detection System (NIDS) detects unusual network traffic after first being 'trained' on normal network traffic. Theses systems use data mining and artificial intelligence to classify traffic as normal or anomaly/potentially malicious.
This question is filed under objective 2, Technologies and Tools
An anomaly-based intrusion detection system, is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been createdIn order to positively identify attack traffic, the system must be taught to recognize normal system activity The two phases of a majority of anomaly detection systems consist of the training phase (where a profile of normal… Read More
7) A string of text is converted to a numeric value that uniquely identifies the original text. With only the numeric value it is impossible to reproduce the original text value. Which term correctly identifies this numeric value?
A hash value, hashed value or just a hash is the result of a one-way cryptographic function. Hashes are used to verify the integrity of data (e.g. a file download) as well as to store sensitive data such like passwords.
This question is filed under objective 6, Cryptography and PKI
A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography It is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that is, a function which is practically infeasible to invert Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes Cryptographic hash functions are a basic tool of modern cryptography… Read More
8) You are a network engineer for a mid-sized consulting company. Your employer is currently in the role of a systems integrator for a transformation project at a retail company. You have been tasked with configuring a new network switch. Upon accessing the switch via SSH you receive a message stating only authorized users from ACME Enterprise and authorized 3rd party partners are permitted. You are not required to acknowledge or accept this warning in any way. What type of control best classifies this type of message?
This type of warning is a deterrent. Deterrents is anything intended to warn a (potential) malicious user that they should not access a system, area or conduct a certain action. Examples are warning messages, signs, posted notices, etc.
This question is filed under objective 5, Risk Management
9) What acronym refers to the amount of time between the failure of a device and the device's return to normally functionality?
Mean time to recovery (MTTR) is the estimated amount of time between a failure and recovery of a device. Mean time between failures (MTBF) is the average amount of time between failures of a device (generally provided by the manufacturer). Mean time to failure (MTTF) is the length of time a device lasts in operation. MRTR is something we made up.
This question is filed under objective 5, Risk Management
Mean time to recovery (MTTR) is the average time that a device will take to recover from any failure Examples of such devices range from self-resetting fuses (where the MTTR would be very short, probably seconds), up to whole systems which have to be repaired or replaced The MTTR would usually be part of a maintenance contract, where the user would pay more for a system MTTR of which was 24 hours, than for one of, say, 7 days This does not mean the supplier is guaranteeing to have the system up and running again within 24 hours (or 7 days) of being notified of the failure… Read More
10) Which of the following options is the most costly form of disaster recovery options?
A full-scale test is exactly what it sounds like, a full test of disaster recovery. This type of test simulates a real-life disaster scenario as closely as possible and will require extensive resources and manpower.
This question is filed under objective 5, Risk Management
Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events Disaster recovery can therefore be considered a subset of business continuity… Read More
11) Your employer uses a third party service provider to store files like word documents and presentations. These files can be accessed and collaborated on by other employees through a website. There are many companies that use this same service, but data is controlled using various methods to ensure users can only access their own companies files. What type of service is this?
This question is filed under objective 3, Architecture and Design
12) Which of the following options is a functionality or tool that disallows access to a wireless network based on the layer 2 address of the client device?
Layer 2 addresses (also called physical address) are MAC addresses. Using MAC filtering you can disallow any devices that are not explicitly granted access. While this can help increase security, it is not fool proof and advanced attackers can easily spoof the MAC address to gain access. MAC filtering alone is not sufficient to protect a network.
This question is filed under objective 2, Technologies and Tools
13) When configuring a wireless access point what configuration change will hide the name of the wireless network and require users who want to connect to the network to know the wireless name?
When a wireless network broadcasts it includes the network name, called a Service Set Identifier (SSID). Most commonly the SSID will be a user-friendly name to help people identify which network they want to connect to (e.g. Smith WiFi, Friendly's Guest, etc.). Disabling SSID broadcast will still allow the network to be visible to nearby devices but in order to connect to the network they will need to know the SSID (as well as a password/key if configured).
This question is filed under objective 2, Technologies and Tools
14) Your employer has several thousand internal users all who need to access the internet on a daily basis to complete their work. What technology should be used to mask the internal IP addresses of these users and allow access to the internet through shared public IP addresses?
Network Address Translation (NAT) allows many devices to share an IP when accessing another network. Most commonly it is used to allow internal devices to share public IP addresses when accessing the internet. Benefits of NAT include minimizing the number of public IP addresses required (they cost money and for IPv4 there is a limited number available) as well as masking the origin of the request which provides security benefits. Generally NAT is used on a router or firewall.
This question is filed under objective 3, Architecture and Design
15) A large chemical company will soon be legally required to offer phone support for customers to contact in the event of a chemical spill or other similar issue. The new law requires the company be available 24/7, 365 days a year or large fines will be levied against the company. You have been contracted to ensure a power outage does not prevent the help desk from being available to callers. You have been given the requirement that all electronic equipment (desktops, servers, network equipment, phones, etc.) must operate for up to 24 hours without interruption during a power outage. Which of the following options would best meet requirement?
A generator is the best option here because it can operate for as long as there is fuel and can power entire buildings at once. It is also the most expensive solution. An Uninterruptible Power Supply (UPS) will provide temporary power (a few minutes to a few hours) to electronic devices in the event of a power outage, so while helpful it is not enough to meet the 24 hour requirement.
This question is filed under objective 5, Risk Management
16) Your employer's security policies state that all externally facing servers should only be accessible via ports that are absolutely required. Generally your company only has web servers that are accessible from outside the companies network. A recent security review showed that it was possible to ping several of these web servers. What protocol should be disabled using a firewall to ensure pings do not successfully contact the servers?
Network diagnostic tools like ping and tracert use the Internet Control Message Protocol (ICMP) to function. Using a firewall to block external systems from using this protocol to contact internal solutions will ensure ping cannot be used against the servers discussed in the question.
This question is filed under objective 2, Technologies and Tools
17) Which of the following options is a vendor neutral standard for message logging?
syslog is a vendor neutral standard for message logging. It includes a standard format for logs as well as a network protocol for sending log data to another device. Common uses of syslog are on Unix and Linux operating systems and network devices like routers, switches and firewalls.
This question is filed under objective 2, Technologies and Tools
In computing, syslog is a standard for message logging It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages A wide variety of devices, such as printers, routers, and message receivers across many platforms use the syslog standard This permits the consolidation of logging data from different types of systems in a central repository… Read More
18) You are a penetration tester for a network security consulting company. You are currently on-site at a customer's premises and are doing your first analysis of the customer's network security. You check if they are using Wifi and find that they are using a deprecated protocol with known vulnerabilities. Which of the options is most likely being used?
Wired Equivalent Privacy (WEP) was a commonly used security protocol for encrypted wireless networks. It has been deprecated and is outdated with known vulnerabilities. WEP should not be used, instead a newer and more robust option like WPA2 should be implemented.
This question is filed under objective 3, Architecture and Design
19) You are a member of the security team in the IT Infrastructure department at a manufacturer. You have received a ticket from the network architecture team who have requested your approval of a proposed network change. The change is to replace a network device that allows internal servers to make requests to the internet without external systems being able to determine what internal server made the original request. What type of system is being changed?
When a user or system wants to make a request to another system without revealing it's identity a proxy can be used. Proxies act as intermediaries to transmit data between systems. The most common use case is to route web requests from internal users and devices through a reverse proxy so that external web servers cannot tell which internal user or device made the original request.
This question is filed under objective 2, Technologies and Tools
20) You are in the onboarding process with a new employer. Your new manager has asked you to review and sign a document that outlines how you can use their IT systems and what types of uses are not permitted. What type of policy document is this?
An Acceptable Use Policy (AUP) will outline how users can use an IT system or group of IT systems. They are generally used by businesses and organisations to ensure users are aware of what actions are acceptable and what actions could warrant administrative actions. For example an acceptable use policy could state that pirating movies using company resources is not permitted.
This question is filed under objective 5, Risk Management
You can go back and review your answers or grade your test.