Try our new practice tests feature: configure your own test including the number of questions, objectives and time limits

CompTIA Security Plus SY0 501 Test 3

This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.

  • Questions: 20
  • Time: 60 seconds per question (0 hours, 20 minutes, 0 seconds)

Which term best applies to the following statement: Plain text data is converted to an unreadable format that cannot be converted back into it's original format

  • Codebook
  • Asymmetric Encryption
  • Hashing
  • Encryption

What term defines an operating system that has been verified as having a sufficient level of security based on the Common Criteria for Information Technology Security Evaluation?

  • SFRs
  • Trusted Operating System (TOS)
  • Protection Profiled Operating System (PPOS)
  • Certified Secure Operating System (CSOS)

A junior security professional on your team is trying to export a public certificate and share it with a colleague outside of the IT department. They ask you if they should use a CER or PFX format. Which format should be used?

  • Both are acceptable
  • PFX
  • CER
  • Neither are acceptable

What improvements does a VLAN offer for network security?

  • Allows for session dropping in the event of an anomaly detection
  • Physically restricts unauthorized devices from network access
  • Provides layer 4 filtering (TCP/UDP)
  • Logically separates network segments

How many rounds does 3DES perform when encrypting data?

  • 8
  • 32
  • 48
  • 16

A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?

  • Trusted Platform Module
  • PKI
  • Hardware Security Module
  • RADIUS

What type of public certificate can be used with multiple sub-domains?

  • Wildcard
  • Multipurpose
  • Self-signed
  • Domain validated certificate

What type of certificate can be used for a list of explicitly given domains, IP addresses or sub domains?

  • SAN
  • Wildcard
  • Self signed
  • Code signed

Which of the following options is a protocol used to check if a certificate has been revoked?

  • MD5
  • PKI
  • OCSP
  • CSR

You have joined a new enterprise as a member of the IT Security team. During on boarding you receive two computers, one with access to highly confidential systems and one with access to less critical data and the internet. You cannot send data or documents from one network to the other and have to manage separate credentials for each. What concept best defines this approach?

  • VPN
  • Physical de-segmentation
  • Air gap
  • Data aggregated network segmentation (DANS)

James is sending an email to Bob. To ensure confidentially James needs to send the email in an encrypted format using PKI. What will James use to encrypt the email so Bob can decrypt it?

  • Bob's public key
  • James' public key
  • James' private key
  • Bob's private key

What term refers to a holistic approach to IT security including diversification of vendors, controls (both administrative and technical) and user training?

  • Regulatory standard framework
  • DMZ
  • Holistic IA
  • Defense-in-depth

Your employer has always been very security conscious and to date does not use an company owned mobile or wireless devices like laptops and smart phones. A new project aims to evaluate options on the market for security implementing laptops within the company. One requirement is that all data stored on the laptop's drive must be encrypted. What type of drive could fulfill this requirement?

  • PKI-SSD
  • RAID 0
  • VPN
  • SED

You are responsible for network security within your employer's network architecture team. Your team is implementing a new network that can allow unauthenticated WiFi users access to the internet without allowing them access to any internal systems. What type of WiFi network is this?

  • NAT
  • DMZ
  • Guest
  • Extranet

Which of the following acronyms refers to a cryptographic hardware component capable of securely storing data like passwords and keys?

  • DMZ
  • TPM
  • DLP
  • NAT

You work as a freelance security consultant. You are now working for a large government and have been contracted to create a stand-alone system that should attract malicious activity. The system should mimic an existing productive system but with fake non-sensitive data. The activity in this new system should be recorded so security analysts can review and identify patterns in the malicious activity. What best defines this type of system?

  • Honeynet
  • DMZ
  • Ad hoc target
  • DDoS Mitigator

What is the name of the process used to digitally sign executables?

  • Code pinning
  • Code signing
  • Code validation signature
  • Executable Signature Signing

Your employer has asked your team to define and implement a new network area that will be accessible to authorized 3rd party companies through a dedicated WAN connection. A critical requirement is that access to this new network area should not also allow network access to the companies internal network and systems. What type of network best defines this setup?

  • Guess WiFi
  • Intranet
  • Extranet
  • VLAN

Out of the following algorithms, which is a symmetric-key algorithm?

  • PGP/GPG
  • DES
  • DSA
  • RSA

Which of the following is used in PKI for key agreement?

  • RSA
  • ECDH
  • HMAC
  • CTR