You are on page 1of 8

CompTIA Security + Assessment Exam 01 A. Verify the user’s account exists. A.

Same sign-on
B. Look up the user’s password and tell the user what it B. SAML
1. A security administrator is implementing a security is. C. Single sign-on
program that addresses confidentiality and availability. C. Disable the user’s account. D. Biometrics
Of the following choices, what else should the D. Reset the password and configure the password to
administrator include? expire after the first use. 11. Your organization issues users a variety of different
A. Ensure critical systems provide uninterrupted service. mobile devices. However, management wants to reduce
B. Protect data in transit from unauthorized disclosure. 6. Which type of authentication does a hardware token potential data losses if the devices are lost or stolen.
C. Ensure systems are not susceptible to unauthorized provide? Which of the following is the BEST technical control to
changes. A. Biometric achieve this goal?
D. Secure data to prevent unauthorized disclosure. B. PIN A. Cable locks
C. Strong password B. Risk assessment
2. You need to transmit PII via email and you want to D. One-time password C. Disk encryption
maintain its confidentiality. Of the following choices, D. Hardening the systems
what is the BEST solution? 7. Which type of authentication is a retina scan?
A. Use hashes. A. Multifactor 12. Your primary job activities include monitoring
B. Encrypt it before sending. B. TOTP security logs, analyzing trend reports, and installing CCTV
C. Protect it with a digital signature. C. Biometric systems. Which of the following choices BEST identifies
D. Use RAID. D. Dual-factor your responsibilities? (Select TWO.)
A. Hardening systems
3. Lisa manages network devices in your organization and 8. Users are required to log on to their computers with a B. Detecting security incidents
maintains copies of the configuration files for all the smart card and a PIN. Which of the following BEST C. Preventing incidents
managed routers and switches. On a weekly basis, she describes this? D. Implementing monitoring controls
creates hashes for these files and compares them with A. Single-factor authentication
hashes she created on the same files the previous week. B. Multifactor authentication 13. A security professional has reported an increase in
Which security goal is she pursuing? C. Mutual authentication the number of tailgating violations into a secure data
A. Confidentiality D. TOTP center. What can prevent this?
B. Integrity A. CCTV
C. Availability 9. Your company recently began allowing workers to B. Mantrap
D. Safety telecommute from home one or more days a week. C. Proximity card
However, your company doesn’t currently have a remote D. Cipher lock
4. An organization wants to provide protection against access solution. They want to implement an AAA solution
malware attacks. Administrators have installed antivirus that supports different vendors. Which of the following is 14. You are redesigning your password policy. You want
software on all computers. Additionally, they the BEST choice? to ensure that users change their passwords regularly,
implemented a firewall and an IDS on the network. A. TACACS+ but they are unable to reuse passwords. What settings
Which of the following BEST identifies this principle? B. RADIUS should you configure? (Select THREE.) A. Maximum
A. Implicit deny C. Circumference password age
B. Layered security D. SAML B. Password length
C. Least privilege C. Password history
D. Flood guard 10. Your organization has implemented a system that D. Password complexity
stores user credentials in a central database. Users log on E. Minimum password age
5. Homer called into the help desk and says he forgot his once with their credentials. They can then access other
password. Which of the following choices is the BEST systems in the organization without logging on again. 15. An outside security auditor recently completed an in-
choice for what the help-desk professional should do? What does this describe? depth security audit on your network. One of the issues
he reported was related to passwords. Specifically, he B. MAC 25. Your organization has several switches used within
found the following passwords used on the network: C. Role-BAC the network. You need to implement a security control to
Pa$$, 1@W2, and G7bT3. What should be changed to D. Rule-BAC secure the switch from physical access. What should you
avoid the problem shown with these passwords? 20. Your organization’s security policy requires that PII do?
A. Password complexity data at rest and PII data in transit be encrypted. Of the A. Disable unused ports.
B. Password length following choices, what would the organization use to B. Implement an implicit deny rule.
C. Password history achieve these objectives? (Select TWO.) C. Disable STP.
D. Password reuse A. FTP D. Enable SSH.
16. A recent security audit discovered several apparently C. SMTP 26. You are configuring a switch and need to ensure that
dormant user accounts. Although users could log on to D. PGP/GPG only authorized devices can connect to it and access the
the accounts, no one had logged on to them for more E. HTTP network through this switch. Which of the following is
than 60 days. You later discovered that these accounts the BEST choice to meet this goal?
are for contractors who work approximately one week 21. Which of the following list of protocols use TCP port A. Implement 802.1x
every quarter. What is the BEST response to this 22 by default? B. Use a Layer 3 switch.
situation? A. FTPS, TLS, SCP C. Create a VLAN
A. Remove the account expiration from the accounts. B. SCP, SFTP, FTPS D. Enable RSTP.
B. Delete the accounts. C. HTTPS, SSL, TLS
C. Reset the accounts. D. SSH, SCP, SFTP 27. You need to configure a UTM security appliance to
D. Disable the accounts. E. SCP, SSH, SSL restrict access to peer-to-peer file sharing web sites.
What are you MOST likely to configure?
17. Your organization routinely hires contractors to assist 22. Bart wants to block access to all external web sites. A. Content inspection
with different projects. Administrators are rarely notified Which port should he block at the firewall? B. Malware inspection
when a project ends and contractors leave. Which of the A. TCP 22 C. URL filter
following is the BEST choice to ensure that contractors B. TCP 53 D. Stateless inspection
cannot log on with their account after they leave? C. UDP 69
A. Enable account expiration. D. TCP 80 28. Your organization has implemented a network design
B. Enable an account enablement policy. that allows internal computers to share one public IP
C. Enable an account recovery policy. 23. You need to manage a remote server. Which of the address. Of the following choices, what did they MOST
D. Enable generic accounts. following ports should you open on the firewall between likely implement?
your system and the remote server? A. PAT
18. Developers are planning to develop an application A. 25 and 3389 B. STP
using role-based access control. Which of the following B. 22 and 443 C. DNAT
would they MOST likely include in their planning? C. 22 and 3389 D. TLS
A. A listing of labels reflecting classification levels D. 21 and 23
B. A requirements list identifying need to know 29. What would you configure on a Layer 3 device to
C. A listing of owners 24. While reviewing logs on a firewall, you see several allow FTP traffic to pass through?
D. A matrix of functions matched with their required requests for the AAAA record of A. Router
privileges What is the purpose of this request? B. Implicit deny
A. To identify the IPv4 address of C. Port security
19. An organization has implemented an access control B. To identify the IPv6 address of D. Access control list
model that enforces permissions based on data labels C. To identify the mail server for
assigned at different levels. What type of model is this? D. To identify any aliases used by
30. What type of device would have the following entries the conference room. Which of the following is the BEST A. IP address filtering
used to define its operation? permit IP any any eq 80, solution? B. Hardware address filtering
permit IP any any eq 443, deny IP any any A. Disable SSID broadcasting. C. Port filtering
A. Layer 2 switch B. Enable MAC filtering. D. URL filtering
B. Proxy server C. Use wireless jamming.
C. Web server D. Reduce antenna power. 39. Homer recently implemented a wireless network in
D. Firewall his home using WEP. He asks you for advice. Which of
35. Which of the following represents the BEST action to the following is the BEST advice you can give him?
31. You are preparing to deploy an anomaly-based increase security in a wireless network? A. He should not use WEP because it uses a weak
detection system to monitor network activity. What A. Replace dipole antennas with Yagi antennas. encryption algorithm.
would you create first? B. Replace TKIP with CCMP. B. He should also ensure he disables SSID broadcast for
A. Flood guards C. Replace WPA with WEP. security purposes.
B. Signatures D. Disable SSID broadcast. C. He should ensure it is in Enterprise mode.
C. Baseline D. He should not use WEP because it implements weak
D. Honeypot 36. Your organization is hosting a wireless network with IVs for encryption keys.
an 802.1x server using PEAP. On Thursday, users report
32. A security company wants to gather intelligence they can no longer access the wireless network. 40. Which of the following is an attack against a mobile
about current methods attackers are using against Administrators verified the network configuration device?
its clients. What can it use? matches the baseline, there aren’t any hardware A. War chalking
A. Vulnerability scan outages, and the wired network is operational. Which of B. SSID hiding
B. Honeynet the following is the MOST likely cause for this problem? C. Evil twin
C. MAC address filtering A. The RADIUS server certificate expired. D. Bluejacking
D. Evil twin B. DNS is providing incorrect host names.
C. DHCP is issuing duplicate IP addresses. 41. A network administrator needs to open a port on a
33. Lisa oversees and monitors processes at a water D. MAC filtering is enabled. firewall to support a VPN using PPTP. What ports should
treatment plant using SCADA systems. Administrators the administrator open?
recently discovered malware on her system that was 37. You are planning a wireless network for a business. A A. UDP 47
connecting to the SCADA systems. Although they core requirement is to ensure that the solution encrypts B. TCP 50
removed the malware, management is still concerned. user credentials when users enter their usernames and C. TCP 1723
Lisa needs to continue using her system and it’s not passwords. Which of the following BEST meets this D. UDP 1721
possible to update the SCADA systems. What can requirement?
mitigate this risk? A. WPA2-PSK 42. Attackers recently attacked a web server hosted by
A. Install HIPS on the SCADA systems. B. WEP over PEAP your organization. Management has tasked
B. Install a firewall on the border of the SCADA network. C. WPS with LEAP administrators with reducing the attack surface of this
C. Install a NIPS on the border of the SCADA network. D. WPA2 over EAP-TTLS server to prevent future attacks. Which of the following
D. Install a honeypot on the SCADA network. will meet this goal?
38. A small business owner modified his wireless router A. Disabling unnecessary services
34. Your organization maintains a separate wireless with the following settings: B. Installing and updating antivirus software
network for visitors in a conference room. However, you PERMIT 1A:2B:3C:4D:5E:6F C. Identifying the baseline
have recently noticed that people are connecting to this DENY 6F:5E:4D:3C:2B:1A D. Installing a NIDS
network even when there aren’t any visitors in the After saving the settings, an employee reports that he
conference room. You want to prevent these cannot access the wireless network anymore. 43. Network administrators identified what appears to
connections, while maintaining easy access for visitors in What is the MOST likely reason that the employee be malicious traffic coming from an internal computer,
cannot access the network? but only when no one is logged on to the computer. You
suspect the system is infected with malware. It has security controls to support availability.Which of the 52. Your organization is planning to issue mobile devices
periodically runs an application that attempts to connect following will BEST meet this need? to some employees, but they are concerned about
to web sites over port 80 with Telnet. After comparing A. Using at least two firewalls to create a DMZ protecting the confidentiality of data if the devices are
the computer with a list of services from the standard B. Installing a SCADA system lost or stolen. Which of the following is the BEST way to
image, you verify this application is very likely the C. Implementing control redundancy and diversity secure data at rest on a mobile device?
problem. What process allowed you to make this D. Using an embedded system A. Strong passwords
determination? B. Hashing
A. Banner grabbing 48. Of the following choices, what are valid security C. RAID-6
B. Hardening controls for mobile devices? D. Full device encryption
C. Whitelisting A. Screen locks, device encryption, and remote wipe
D. Baselining B. Host-based firewalls, pop-up blockers, and SCADA 53. Your organization recently purchased several new
access laptop computers for employees. You’re asked to encrypt
44. An updated security policy defines what applications C. Antivirus software, voice encryption, and NAC the laptop’s hard drives without purchasing any
users can install and run on company-issued mobile D. Remote lock, NAC, and locking cabinets additional hardware. What would you use?
devices. Which of the following technical controls will A. TPM
enforce this policy? 49. A new mobile device security policy has authorized B. HSM
A. Whitelisting the use of employee-owned devices, but mandates C. VM escape
B. Blacklisting additional security controls to protect them if devices are D. DLP
C. AUP lost or stolen. Which of the following meets this goal?
D. BYOD A. Screen locks and geo-tagging 54. Management within your organization wants to limit
B. Patch management and change management documents copied to USB flash drives. Which of the
45. You want to test new security controls before C. Screen locks and device encryption following can be used to meet this goal?
deploying them. Which of the following technologies D. Full device encryption and IaaS A. DLP
provides the MOST flexibility to meet this goal? B. Content filtering
A. Baselines 50. You want to deter an attacker from using brute force C. IPS
B. Hardening techniques to gain access to a mobile device. What would you D. Logging
C. Virtualization technologies configure?
D. Patch management programs A. Remote wiping 55. Bart installed code designed to enable his account
B. Account lockout settings automatically, three days after anyone disables it. What
46. An organization recently suffered a significant outage C. Geo-tagging does this describe?
after a technician installed an application update on a D. RFID A. Logic bomb
vital server during peak hours. The server remained B. Rootkit
down until administrators were able to install a previous 51. Management within your company is considering C. Armored virus
version of the application on the server. What could the allowing users to connect to the corporate network with D. Ransomware
organization implement to prevent a reoccurrence of this their personally owned devices. Which of the following
problem? represents a security concern with this policy? 56. Lisa recently completed an application used by the
A. Do not apply application patches to server A. Inability to ensure devices are up to date with current Personnel department to store PII and other employee
applications. system patches information. She programmed in the ability to access this
B. Apply the patches during nonpeak hours. B. Difficulty in locating lost devices application with a username and password that only she
C. Apply hardening techniques. C. Cost of the devices knows, so that she can perform remote maintenance on
D. Create a patch management policy. D. Devices might not be compatible with applications the application if necessary. What does this describe?
within the network A. Armored virus
47. A security analyst is evaluating a critical industrial B. Polymorphic virus
control system. The analyst wants to ensure the system C. Backdoor
D. Trojan application isn’t vulnerable to all of the following attacks C. Risk deterrence
except one. Which of the following attacks are NOT D. Risk mitigation
57. A recent change in an organization’s security policy prevented by validating user input? E. Risk transference
states that monitors need to be positioned so that they A. XSS
cannot be viewed from outside any windows. What is the B. SQL injection 66. You are asked to identify the number of times a
purpose of this policy? C. Buffer overflow specific type of incident occurs per year. Which of the
A. Reduce success of phishing D. Command injection following BEST identifies this?
B. Reduce success of shoulder surfing E. Whaling A. ALE
C. Reduce success of dumpster diving B. ARO
D. Reduce success of impersonation 62. Checking the logs of a web server, you see the C. MTTF
following entry: D. SLE
58. You are troubleshooting an intermittent connectivity --[1/Sep/2013:05:20]"GET index.php?
issue with a web server. After examining the logs, you username=ZZZZZZZZZZZZZZZZZZZZBBBBBBBBCCCCCCCHT 67. Lisa needs to calculate the total ALE for a group of
identify repeated connection attempts from various IP TP1.1" servers used in the network. During the past two years,
addresses. You realize these connection attempts are "" "Chrome31" five of the servers failed. The hardware cost to replace
overloading the server, preventing it from responding to Which of the following is the BEST choice to explain this each server is $3,500, and the downtime has resulted in
other connections. Which of the following is MOST likely entry? $2,500 of additional losses. What is the ALE?
occurring? A. A SQL injection attack A. $7,000
A. DDoS attack B. A pharming attack B. $10,000
B. DoS attack C. A phishing attack C. $15,000
C. Smurf attack D. A buffer overflow attack D. $30,000
D. Salting attack
63. Looking at logs for an online web application, you see 68. Security experts at your organization have
59. Your organization includes the following statement in that someone has entered the following phrase into determined that your network has been repeatedly
the security policy: “Security controls need to protect several queries: ' or '1'='1' -- Which of the following is the attacked from multiple entities in a foreign country.
against both online and offline password brute force MOST likely explanation for this? Research indicates these are coordinated and
attacks.” Which of the following controls is the LEAST A. A buffer overflow attack sophisticated attacks. What BEST describes this activity?
helpful to meet these goals? B. An XSS attack A. Fuzzing
A. Account expiration C. A SQL injection attack B. Sniffing
B. Account lockout D. An LDAP injection attack C. Spear phishing
C. Password complexity D. Advanced persistent threat
D. Password length 64. A security tester is using fuzzing techniques to test a
software application. Which of the following does fuzzing 69. Bart is performing a vulnerability assessment. Which
60. A code review of a web application discovered that use to test the application? of the following BEST represents the goal of this task?
the application is not performing boundary checking. A. Formatted input A. Identify services running on a system.
What should the web developer add to this application B. Unexpected input B. Determine if vulnerabilities can be exploited.
to resolve this issue? C. Formatted output C. Determine if input validation is in place.
A. XSRF D. Unexpected output D. Identify the system’s security posture.
C. Input validation 65. An organization has purchased fire insurance to 70. You need to ensure that several systems have all
D. Fuzzing manage the risk of a potential fire. What method are appropriate security controls and patches.
they using? However, your supervisor specifically told you not to
61. A web developer is using methods to validate user A. Risk acceptance attack or compromise any of these systems.
input in a web site application. This ensures the B. Risk avoidance
Which of the following is the BEST choice to meet these Which of the following could the organization implement A. Cold site
goals? to ensure security administrators are notified in a timely B. Warm site
A. Vulnerability scan manner? C. Hot site
B. Penetration test A. Routine auditing D. Mobile site
C. Command injection B. User rights and permissions reviews
D. Virus scan C. Design review 80. Monty Burns is the CEO of the Springfield Nuclear
D. Incident response team Power Plant. What would the company have
71. Which of the following tools is the MOST invasive in place in case something happens to him?
type of testing? 76. A security administrator is reviewing an A. Business continuity planning
A. Pentest organization’s security policy and notices that the policy B. Succession planning
B. Protocol analyzer does not define a time frame for reviewing user rights C. Separation of duties
C. Vulnerability scan and permissions. Which of the following is the MINIMUM D. IT contingency planning
D. Host enumeration time frame that she should recommend?
A. At least once a year 81. A continuity of operations plan for an organization
72. A security professional is testing the functionality of B. At least once every five years includes the use of a warm site. The BCP coordinator
an application, but does not have any knowledge about C. Anytime an employee leaves the organization wants to verify that the organization’s backup data
the internal coding of the application. What type of test D. Anytime a security incident has been identified center is prepared to implement the warm site if
is this tester performing? necessary. Which of the following is the BEST choice to
A. White box 77. Security personnel recently performed a security meet this need?
B. Black box audit. They identified several employees who had A. Perform a review of the disaster recovery plan.
C. Gray box permissions for previously held jobs within the company. B. Ask the managers of the backup data center.
D. Black hat What should the organization implement to prevent this C. Perform a disaster recovery exercise.
in the future? D. Perform a test restore.
73. Testers are analyzing a web application your A. Role-BAC model
organization is planning to deploy. They have full access B. Account disablement policy 82. Users are complaining of intermittent connectivity
to product documentation, including the code and data C. Vulnerability assessment issues. When you investigate, you discover that new
structures used by the application. What type of test will D. Account management controls network cables for these user systems were run across
they MOST likely perform? several fluorescent lights. What environmental control
A. Gray box 78. You are a technician at a small organization. You need will resolve this issue?
B. White box to add fault-tolerance capabilities within the business to A. HVAC system
C. Black box increase the availability of data. However, you need to B. Fire suppression
D. White hat keep costs as low as possible. C. Humidity controls
Which of the following is the BEST choice to meet these D. EMI shielding
74. A network administrator is attempting to identify all needs?
traffic on an internal network. Which of the following A. Failover cluster 83. A software company occasionally provides
tools is the BEST choice? B. RAID-6 application updates and patches via its web site. It also
A. Black box test C. Backups provides a checksum for each update and patch. Which
B. Protocol analyzer D. UPS of the following BEST describes the purpose of the
C. Penetration test checksum?
D. Baseline review 79. An organization needs to identify a continuity of A. Availability of updates and patches
operations plan that will allow it to provide temporary IT B. Integrity of updates and patches
75. Your organization security policy requires that support during a disaster. The organization does not C. Confidentiality of updates and patches
personnel notify security administrators if an incident want to have a dedicated site. D. Integrity of the application
occurs. However, this is not occurring consistently. Which of the following provides the best solution?
84. A function converts data into a string of characters dog. Investigators have not been able to identify any C. PBKDF2
and the string of characters cannot be reversed to other suspicious activity. Which of the following is MOST D. Database fields
recreate the original data. What type of function is this? likely occurring?
A. Symmetric encryption A. Bart is copying the data to a USB drive. 93. A web site is using a certificate. Users have recently
B. Asymmetric encryption B. Bart is encrypting the data. been receiving errors from the web site indicating that
C. Stream cipher C. Bart is leaking data using steganography. the web site’s certificate is revoked. Which of the
D. Hashing D. Bart is sending the data as text in the emails. following includes a list of certificates that have been
85. Which of the following is a symmetric encryption 89. You are planning to encrypt data in transit with IPsec. A. CRL
algorithm that encrypts data one bit at a time? Which of the following is MOST likely to be used with B. CA
A. Block cipher IPsec? C. OCSP
B. Stream cipher A. HMAC D. CSR
C. AES B. Blowfish
D. DES C. Twofish 94. Which of the following is a management control?
E. MD5 D. MD5 A. Encryption
B. Security policy
86. A supply company has several legacy systems 90. Bart wants to send a secure email to Lisa, so he C. Least privilege
connected together within a warehouse. An external decides to encrypt it. He wants to ensure that only D. Change management
security audit discovered the company is using DES and Lisa can decrypt it. Which of the following does Lisa need
mandated the company upgrade DES to meet minimum to meet this requirement? 95. Security personnel recently identified potential fraud
security requirements. The company plans to replace the A. Bart’s public key committed by a network administrator.
legacy systems next year, but needs to meet the B. Bart’s private key Investigators discovered this administrator performs
requirements from the audit. Which of the following is C. Lisa’s public key several job functions within the organization, including
MOST likely to be the simplest upgrade for these D. Lisa’s private key database administration and application development.
systems? Which of the following is the BEST solution to reduce risk
A. AES 91. An organization requested bids for a contract and associated with this activity?
B. HMAC asked companies to submit their bids via email. A. Mandatory vacations
C. 3DES After winning the bid, Acme realized it couldn’t meet the B. Mandatory access control
D. SSL requirements of the contract. Acme instead stated that it C. Change management
never submitted the bid. Which of the following would D. Separation of duties
87. Network administrators in your organization need to provide proof to the organization that Acme did submit
administer firewalls, security appliances, and other the bid? 96. Security experts want to reduce risks associated with
network devices. These devices are protected with A. Digital signature updating critical operating systems. Which of the
strong passwords, and the passwords are stored in a file B. Integrity following will BEST meet this goal?
listing these passwords. Which of the following is the C. Repudiation A. Load balancing
BEST choice to protect this password list? D. Encryption B. Change management
A. File encryption C. Incident management
B. Database field encryption 92. Application developers are creating an application D. Key management
C. Full database encryption that requires users to log on with strong passwords. The
D. Whole disk encryption developers want to store the passwords in such a way 97. Your company is considering implementing SSO
that it will thwart brute force attacks. Which of the capabilities to company applications and linking them to
88. Bart, an employee at your organization, is suspected following is the BEST solution? a social media site. When implemented, users can log on
of leaking data to a competitor. Investigations indicate he A. 3DES to Facebook and then access company applications
sent several email messages containing pictures of his B. MD5
without logging on again. What is a potential risk related
to this plan?
A. A data breach exposing passwords on the company
site will affect the social media site.
B. SAML lacks adequate security when used on the
C. XML lacks adequate security when used on the
D. A data breach exposing passwords on the social media
site will affect the company application.

98. You work as a help-desk professional in a large

organization. You have begun to receive an extraordinary
number of calls from employees related to malware.
Using common incident response procedures, what
should be your FIRST response?
A. Preparation
B. Identification
C. Escalation
D. Mitigation

99. A technician confiscated an employee’s computer

after management learned the employee had
unauthorized material on his system. Later, a security
expert captured a forensic image of the system disk.
However, the security expert reported the computer was
left unattended for several hours before
he captured the image. Which of the following is a
potential issue if this incident goes to court?
A. Chain of custody
B. Order of volatility
C. Time offset
D. Lack of metrics

100. Social engineers have launched several successful

phone-based attacks against your organization resulting
in several data leaks. Which of the following would be
the MOST effective at reducing the success of these
A. Implement a BYOD policy.
B. Update the AUP.
C. Provide training on data handling.
D. Implement a program to increase security awareness.