CompTIA Security+ Certification (SY0-501): Practice Tests

Which of the following network management protocols uses agents that respond to queries to report its status to a central program manager?

Options are :

  • SMTP
  • SNMP (Correct)
  • SHTTP
  • SSH

Answer : SNMP

Explanation The Simple Network Management Protocol (SNMP) uses SNMP agents that respond to queries to report their status to a central program manager.These protocols are not used to manage network devices.

Fabian's new load balancer has a number of scheduling options and he's trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, then returns to the first server. What is this form of scheduling?

Options are :

  • Round robin (Correct)
  • Affinity
  • On demand
  • First come

Answer : Round robin

Explanation Round robin is a turn-based scheduling method where jobs are assigned to servers in sequential order.Affinity scheduling means that the load balancer keeps a client's sessions connected to the server that's keeping the session. On demand and First come are meaningless terms created from the depths of your test writer's mind.

Which of the following regulations would guide a healthcare organization to protect the confidentiality of stored patient data adequately?

Options are :

  • HIPAA (Correct)
  • PCI
  • Sarbanes-Oxley
  • RMF

Answer : HIPAA

Explanation HIPAA regulates the protection of patient data in the healthcare and health insurance industry.RMF covers the risk management of U.S. Department of Defense systems; Sarbanes-Oxley and PCI are involved with financial data.

Which of the following resides on network devices and filters traffic coming into and out of the device?

Options are :

  • SNMP
  • SMTP
  • Syslog
  • ACL (Correct)

Answer : ACL

Explanation An access control list (ACL) resides on network devices and filters traffic coming into and out of the device.SMTP, the Simple Mail Transport Protocol, is responsible for sending e-mail. The Simple Network Management Protocol (SNMP) uses a Management Information Base, or MIB, specific to each device to obtain device information from. Syslog is a log server found in UNIX and Linux systems.

You?ve discovered that a number of systems within your network have become infected with malware; it?s believed that all the affected users visited a common site during the previous week. What type of attack would this likely be?

Options are :

  • Spoofing
  • Poisoned DNS server
  • SQL injection
  • Watering hole attack (Correct)

Answer : Watering hole attack

Explanation A watering hole attack is designed to compromise a site that certain users are likely to use, rewarding them with malware for their visit.The other attacks are incorrect because they are not valid attacks in this situation.

Which of the following answers best describes the one major advantage of TACACS+ over RADIUS?

Options are :

  • TACACS+ uses RC4 encryption.
  • TACACS+ is completely encrypted. (Correct)
  • TACACS+ is an open standard, making it more safe.
  • Kerberos is a proprietary standard, making it less safe.

Answer : TACACS+ is completely encrypted.

Explanation TACACS+ encrypts everything between all connection points.Kerberos is an open standard as is TACACS+. Open standards are consided more safe than proprietary. TACACS+ doesn't define what encryption to use, but RC4 is dated and insecure.

Type the command to create an ACL entry that you would use to create an access rule on your router to prevent any telnet traffic from passing through to the destination network 192.168.21.0.

Options are :

  • deny source all destination 192.168.21.0 tcp port 23 (Correct)
  • permit source 192.168.13.0 destination 192.168.21.0 tcp port 80
  • permit source all destination 192.168.21.0 tcp port 21
  • deny source 0.0.0.0 destination 192.168.21.0 udp port 123

Answer : deny source all destination 192.168.21.0 tcp port 23

Explanation The ACL should deny all traffic using TCP port 23. Ports 80, 21, and 123 are not related to telnet. You should also note that we want to ?deny source all,? not permit traffic or deny source 0.0.0.0.

Which of the following is a cryptographic representation of text, but not the text itself? (Choose two.)

Options are :

  • Hash (Correct)
  • Plaintext
  • Ciphertext
  • Message digest (Correct)

Answer : Hash Message digest

Explanation A hash or message digest is a cryptographic representation of variable length text, but it is not the text itself.Plaintext is unencrypted text. Ciphertext is a result of the encryption process and is encrypted text.

Which of the following solutions allow applications that users can download, install, and execute to be added to a safe list?

Options are :

  • Graylisting
  • Filtering
  • Blacklisting
  • Whitelisting (Correct)

Answer : Whitelisting

Explanation Applications that users are allowed to download, install, and execute are added to a whitelist by an administrator; whitelisting is the opposite of blacklisting.Blacklisting involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanisms. This ensures that users are not allowed to download, install, or execute these particular applications. There is no such term as graylisting. Filtering typically involves checking traffic on a network device, based upon specific characteristics. The term normally does not apply to software or applications.

Which of the following is the most comprehensive and expensive form of disaster recovery exercise?

Options are :

  • Tabletop exercise
  • Walkthrough test
  • Full-scale test (Correct)
  • Documentation review

Answer : Full-scale test

Explanation In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently.A tabletop exercise is a type of group review. The documentation review is the simplest form of test, in which the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans. In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster.

Which of the following cryptography types do you use when you want to perform a one-time, single-key, encrypted transaction with another company?

Options are :

  • Asymmetric
  • Symmetric (Correct)
  • Steganography
  • Hashing

Answer : Symmetric

Explanation When using symmetric encryption, both the sender and receiver use the same key.Steganography hides data within photos or another piece of data. Hashing is used to verify data integrity. Asymmetric cryptography uses a public and private key pair for encryption, so it does not use the same key for both parties.

Which of the following algorithms was one of the five finalists for the U.S. government?sponsored competition to become the Advanced Encryption Standard (AES) competition, but did not win?

Options are :

  • Blowfish
  • RC4
  • Rijindael
  • Twofish (Correct)

Answer : Twofish

Explanation Twofish, a symmetric algorithm, was one of the five finalists for the competition, but it did not win.Rijindael was selected as the winner of the NIST competition and became the U.S. government?s Advanced Encryption Standard (AES). Blowfish is also a symmetric algorithm, but it was not considered in the competition to be the AES. RC4 is a symmetric streaming cipher commonly seen in WEP and SSL implementations. It was not one of the finalists involved in the AES competition.

Which of the following types of injections use standardized database interfaces to attack a Web application?

Options are :

  • MySQL injection
  • SQL injection (Correct)
  • Hierarchical injection
  • Relational injection

Answer : SQL injection

Explanation SQL injections inesrt unaticipated SQL commands to try to break the application. MySQL is one of many forms of SQL tools. Relational injection and Hierachal injection are nonsense terms.

Which of the following access control models uses labels and security clearances to grant access to objects?

Options are :

  • Mandatory access control model (Correct)
  • Rule-based access control model
  • Role-based access control model
  • Discretionary access control model

Answer : Mandatory access control model

Explanation Mandatory access control models use labels and security clearances to grant access to objects.Rule-based access control models use a specific set of rules that control the interaction between users and objects. Role-based access control models use defined roles with specific rights and permissions assigned to those roles to control access to objects. Discretionary access control allows a user who has created or owns an object, such as a file or folder, the discretion to assign permissions for that object to anyone they choose.

Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?

Options are :

  • Directory traversal attack
  • LDAP injection attack
  • Integer overflow attack (Correct)
  • SQL injection attack

Answer : Integer overflow attack

Explanation An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.A SQL injection attack targets relational databases that reside behind Web applications. An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures.

Which of the following is a variant of a phishing attack that targets a particular type of user and includes specific information?

Options are :

  • Pharming
  • Vishing
  • Whaling
  • Spear phishing (Correct)

Answer : Spear phishing

Explanation Spear phishing involves sending e-mail to a particular type of user, regardless of rank in the organization, and basing the attack on more detailed, in-depth information to convince the target that the phishing e-mail is actually valid.Whaling is a social engineering attack that targets people in high-value positions, such as senior executives. It is a form of a phishing attack. Vishing is a form of phishing attack that takes place over Voice-over-IP (VoIP) telephone systems. Pharming is a form of DNS attack.

You are the security administrator for a small business. You want to provide your users with the ability to encrypt outbound e-mail messages, but the company cannot afford an expensive encryption solution. Which of the following is the best option?

Options are :

  • PGP/GPG (Correct)
  • HTTPS
  • WPA2
  • POP/IMAP

Answer : PGP/GPG

Explanation Pretty Good Privacy (or GNU Privacy Guard) is a low-cost solution that enables encrypted e-mail messages.HTTPS provides encryption for Web communications, not e-mail. POP/IMAP are unencrypted mail client access protocols. WPA2 provides encryption for wireless networks, not e-mail.

The corporate IT manager wants you to implement a process that will allow administrators to restrict users from installing and executing certain applications on their mobile devices. Which of the following meets those goals?

Options are :

  • Blacklisting (Correct)
  • Containerization
  • Sandboxing
  • Whitelisting

Answer : Blacklisting

Explanation Blacklisting allows you to restrict users from installing and executing certain applications on their mobile devices.Whitelisting allows an administrator to determine which applications and other software the user is allowed to install and execute. Containerization is a technique used to separate different sensitivities of data, such as corporate and personal data, on a mobile device. Sandboxing separates applications from each other and does not allow them to share execution, user, or data space.

Disabling ________ will help prevent security issues caused by having ping and traceroute enabled.

Options are :

  • SNMP
  • DNS
  • ICMP (Correct)
  • NTP

Answer : ICMP

Explanation ICMP is the protocol used by the ping and traceroute utilities for network diagnostics, and it should be disabled unless it?s being used for important purposes.NTP is used by time services, DNS is used for IP/host name resolution, and SNMP enables network monitoring.

Which of the following methods will help improve SNMP security?

Options are :

  • Ensure the monitoring station is protected by a firewall.
  • Close SNMP, TCP, and UDP port 161 on the client.
  • Disable ICMP.
  • Change the ?public? community name. (Correct)

Answer : Change the ?public? community name.

Explanation Changing the community name for SNMP is the single most important thing you can do to ensure that any user cannot access your SNMP device.A firewall will not help protect the clients. Disabling SNMP on the client will cripple the SNMP functionality, and ICMP is unrelated.

Your company allows a number of employees to telecommute, and others travel extensively. You have been tasked with finding a centralized solution that will allow access to shared data over the Internet. Which of the following is best?

Options are :

  • Cloud services (Correct)
  • Virtualization
  • Subnetting
  • NAT

Answer : Cloud services

Explanation Cloud services can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud.Virtualization allows multiple virtual machines to run on the same piece of hardware. Subnetting and network address translation (NAT) are important, but incorrect, security concepts.

Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?

Options are :

  • Accountability (Correct)
  • Authorization
  • Auditing
  • Authentication

Answer : Accountability

Explanation Accountability uses auditing to ensure that users are traced to and held responsible for their actions.Authorization is the process of controlling access to resources through methods that include permissions, rights, and privileges. Authentication is the process of validating that a user?s credentials are authentic, after they have presented them through the identification process. Auditing is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data.

Which type of network intrusion detection system uses defined rule sets to determine when attacks may be occurring?

Options are :

  • Rule-based system (Correct)
  • Filter-based system
  • Signature-based system
  • Anomaly-based system

Answer : Rule-based system

Explanation Rule-based systems use predefined rule sets.An anomaly-based system detects unusual network traffic patterns based upon a baseline of normal network traffic. Signature-based systems use predefined traffic signatures, typically downloaded from a vendor. Filter-based systems, such as routers and firewalls, base detection on access control lists that specify traffic that is permitted and denied.

Which of the following is a logging facility found in UNIX and Linux systems?

Options are :

  • SIEM
  • Decentralized
  • Centralized
  • Syslog (Correct)

Answer : Syslog

Explanation Syslog is a logging facility found in UNIX and Linux systems, which can be used on either a centralized or decentralized basis. Centralized log management involves collecting logs from across the network into on system and being able to review them as a group. Security Information Event Management (SIEM) is a centralized method of obtaining logs and other data from disparate devices across the network. Decentralized log management means that logs are managed and reviewed on a host-by-host basis, rather than as a centralized, consolidated group.

Which of the following 802.11 encryption protocols would you implement to provide the strongest encryption for communications across your wireless network?

Options are :

  • WPA
  • HTTPS
  • WEP
  • WPA2 (Correct)

Answer : WPA2

Explanation WPA2 (Wi-Fi Protected Access version 2) currently provides the strongest available encryption for wireless networks.WPA and WEP are weaker protocols. HTTPS is a secure protocol for connecting on the Web, but not within your own network.

Three organizations require access to each other's shared resources. To enable access, the three groups decide to use a single sign-on database that all three agree will handle authentication. What form of trust relationship is this?

Options are :

  • Transitive trust
  • Federated trust (Correct)
  • Web of trust
  • One-way trust

Answer : Federated trust

Explanation A federated system involves the use of a common authentication system and credentials database that multiple entities use and share.A web of trust isnt a trust relationship, it is a method to handle trust for certificates. A one-way trust shows one party trusts another but not the reverse. A transitive trust is where if entity B trusts entity A and entity C trusts entity B than entity C trusts entity A.

Which of the following is the most common public-private key generation algorithm used in public key cryptography?

Options are :

  • ECDH
  • SHA-2
  • RSA (Correct)
  • AES

Answer : RSA

Explanation RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography.Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to initially negotiate, agree upon, and establish a secure session between two parties. AES is the Advanced Encryption Standard, and it is not used in public key cryptography; it is a symmetric key cryptography algorithm. SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.

If a person does not know a control exists, and this control keeps her from performing a malicious act, what type of control would this be classified as?

Options are :

  • Deterrent control
  • Preventative control (Correct)
  • Compensating control
  • Corrective control

Answer : Preventative control

Explanation A preventative control keeps someone from performing a malicious act, provided that she doesn?t know the control is there and is not aware of the consequences for violating it.A corrective control is used to correct a condition when there is either no control at all or the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. The difference between a deterrent control and a preventive control is that a deterrent control requires the person to have knowledge of the control in order for it to work. Users do not have to have knowledge of a preventative control for it to function. A compensating control assists and mitigates the risk an existing control is unable to mitigate.

Which of the following requires team members to go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster?

Options are :

  • Tabletop exercise
  • Documentation review
  • Full-scale test
  • Walkthrough test (Correct)

Answer : Walkthrough test

Explanation In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster.A tabletop exercise is a type of group review. The documentation review is the simplest form of test, in which the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans. In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently.

Which of the following attacks attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?

Options are :

  • Session hijacking attack
  • SYN flood
  • Smurf attack
  • ARP poisoning attack (Correct)

Answer : ARP poisoning attack

Explanation ARP poisoning is an attempt to send unsolicited ARP messages to a client to add false entries to its ARP cache.A session hijacking attack is an attempt to hijack a user?s Web browsing session by stealing cookies or using other network attack methods. A SYN flood uses TCP SYN segments in its attack, not ICMP. A smurf attack uses ICMP.

Which of the following is a key negotiation and agreement protocol used in public key cryptography?

Options are :

  • DHE (Correct)
  • RSA
  • ECC
  • OCSP

Answer : DHE

Explanation Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol used in public key cryptography.RSA is the de facto standard used to generate public and private key pairs in a PKI. The Online Certificate Status Protocol (OCSP) is used to obtain the revocation status of digital certificates. It is used as an alternative to certificate revocation lists, enabling clients to request and receive the electronic status of digital certificates automatically in real-time. Elliptic curve cryptography (ECC) is a public key cryptography protocol used on small mobile devices because of its low power and computing requirements.

A password is an example of which of the following authentication factors?

Options are :

  • Something you do
  • Something you know (Correct)
  • Something you have
  • Something you are

Answer : Something you know

Explanation A password is memorized, therefore you know it.Something you do would be an action unique to you like a written signature. Something you have is an item on your person like an ID card. Something you are is an aspect of your physical person that's unique to you like a finger print.

A virtual LAN (VLAN) does NOT offer which of the following security controls?

Options are :

  • Allows different security policies to be applied to different hosts
  • Creates broadcast domains
  • Allows logical segmentation of hosts by IP subnet
  • Allows physical segmentation of hosts by IP subnet (Correct)

Answer : Allows physical segmentation of hosts by IP subnet

Explanation VLANS do not physically segment hosts; they logically segment them. VLANs break up broadcast domains from a single large one into smaller, logically separated ones. VLANS allow different segments to receive different security policies.

Which of the following is a port-based authentication method?

Options are :

  • 802.1X (Correct)
  • WPA2
  • WPA
  • WEP

Answer : 802.1X

Explanation 802.1X is a port-based authentication method, not a wireless encryption protocol.WPA2 is an advanced encryption protocol, which uses AES. WEP is a legacy wireless encryption protocol, which has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks. WPA was an interim protocol used to correct some of WEP?s weaknesses. It uses the TKIP protocol.

Which of the following terms represents the manufacturer?s best guess (based on historical data) regarding how much time will pass between major failures of a component produced by that manufacturer?

Options are :

  • Mean time to recovery
  • Mean time to failure
  • Mean time between failures (Correct)
  • Mean time to replace

Answer : Mean time between failures

Explanation Mean time between failures (MTBF) represents the manufacturer?s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced.Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from a failure. The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Mean time to replace is not a valid term.

Which of the following attacks targets relational databases that reside behind Web applications?

Options are :

  • SQL injection attack (Correct)
  • LDAP injection attack
  • Directory traversal attack
  • Integer overflow attack

Answer : SQL injection attack

Explanation A SQL injection attack targets relational databases that reside behind Web applications.An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures. An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.

Which of the following is a non-secure client-side e-mail protocol that uses TCP port 110?

Options are :

  • SMTP
  • IMAP4
  • IMAPS
  • POP3 (Correct)

Answer : POP3

Explanation POP3 is a non-secure client-side e-mail protocol that uses TCP port 110.SMTP is a server-side e-mail protocol and is not used over SSL or TLS. SMTP uses TCP port 25. IMAPS is a secure version of the IMAP4 protocol and is used over SSL or TLS connections on TCP port 993. IMAP4 is a non-secure client-side e-mail protocol that uses TCP port 143.

What type of evidence in a computer forensics investigation directly supports a particular assertion?

Options are :

  • Documentary evidence (Correct)
  • Exculpatory evidence
  • Demonstrative evidence
  • Inculpatory evidence

Answer : Documentary evidence

Explanation Documentary evidence directly supports or proves a definitive assertion.Exculpatory evidence proves innocence. Inculpatory evidence proves guilt. Demonstrative evidence, which can be in the form of charts, graphs, drawings, and so forth, is used to help nontechnical people, such as the members of a jury, understand an event.

What is the last step in the incident response life cycle?

Options are :

  • Post-incident activity (Correct)
  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery

Answer : Post-incident activity

Explanation Post-incident activity is the last step of the incident response life cycle.In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

For which of the following should employees receive training to establish how to handle end-of-life and unnecessary data?

Options are :

  • Information classification
  • Data disposal (Correct)
  • Clean desk policies
  • Protection of personally identifiable information on social media

Answer : Data disposal

Explanation Data disposal guidelines explain how different classifications of data should be properly disposed of to ensure that data is not later pieced together or recovered and exploited.Clean desk policies often dictate how sensitive information should be stored after hours and while uncleared visitors are near the area. Protection of personally identifiable information on social media would be part of an organization?s social media policy. An organization?s information classification policy not only outlines what level of security protections certain data receives, but it also serves to instruct employees on how to treat sensitive data.

Which of the following can be established in a cloud environment through effective security controls and well-written service-level agreements? (Choose two.)

Options are :

  • Accountability (Correct)
  • Availability
  • Control
  • Responsibility (Correct)

Answer : Accountability Responsibility

Explanation Accountability and responsibility can be established through effective security controls and well-written service-level agreements.Lack of control over data and the infrastructure is probably the greatest risk to cloud computing and cannot be completely managed through agreements. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.

Which of the following best describes cookies?

Options are :

  • Objects that are particular to Web sites that use the Adobe Flash player for certain content.
  • Small text files stored on a browser that contain information about the Web sites you visit. (Correct)
  • An HTML file that comes attached to an e-mail.
  • HTTP request and response messages.

Answer : Small text files stored on a browser that contain information about the Web sites you visit.

Explanation Small text files stored on a browser that contain information about the Web sites you visit are called cookies. In some cases, they are used to retain user preferences for the site, but they can contain sensitive information, such as user credentials or financial data (credit card information, for example) as well.HTTP request and response messages are sent back and forth between the Web application and the browser so the client can access content in the Web application. These HTTP requests and responses have headers that contain information such as commands, directives, and so on. An HTML file that comes attached to e-mail is an HTTP attachment. Locally shared objects (also called flash cookies) are objects that are particular to Web sites that use the Adobe Flash player for certain content.

Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user?s browser?

Options are :

  • Logic bomb
  • Virus
  • Trojan
  • Adware (Correct)

Answer : Adware

Explanation Adware is the usually annoying advertisements that come in the form of pop-up messages in a user?s browser.A virus is a piece of malicious software that must be propagated through a definite user action. A Trojan is a piece of software that seems to be of value to the user, but in reality is malware. A logic bomb is a script set to execute at a certain time, which is usually created by rogue administrators or disgruntled employees.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions