Free CompTIA Security+ Practice Exam, Security Plus Practice Test Ques...

01. Who is responsible for establishing access permissions to network resources in the DAC access control model ? (A) The system administrator (B) The owner of the resource (C) The system administrator and the owner of the resource (D) The user requiring access to the resource 02. Which access control system allows the owner of a resource to establish access permissions to that resource ? (A) MAC (B) DAC (C) RBAC (D) None of the above 03. Choose the attack method or malicious code typically used by attackers to access a company's internal network through its remote access system ? (A) A War dialer program (B) Trojan horse (C) DoS (Denial of Service) attack (D) Worm 04. Which of the following details the primary advantage of implementing a multi-homed firewall ? (A) A multi-homed firewall is relatively inexpensive to implement (B) A multi-homed firewall's rules are easier to manage (C) When a multi-homed firewall is compromised, only those systems residing in the DMZ (Demilitarized Zone) are vulnerable (D) Attackers must get around two firewalls 05. Choose the option that specifies an element which is NOT typically included in security requirements for network servers ? (A) The absence of vulnerabilities utilized by known forms of attack against network servers (B) The capability to allow administrative functions to all network users (C) The capability to deny access to data on the network server except to data that should be accessible (D) The capability to disable unnecessary network services that are included in the operating system or server software 06. From the options, choose the attack which an IDS (Intrusion Detection System) cannot detect ? (A) DoS (Denial of Service) attack (B) Vulnerability exploits (C) Spoofed e-mail (D) Port scan attack 07. From the options, choose the disadvantage of implementing an IDS (Intrusion Detection System) ? (A) False positives (B) Decrease in throughput (C) Compatibility (D) Administration 08. Which of the following types of network cables is less secure than coaxial cabling? (A) Twisted-pair cables (B) Fiber optic cable (C) All of the above 09. Which of the following network cable types is most vulnerable to electromagnetic interference (EMI) and radio frequency interference (RFI) ? (A) Coaxial cable (B) Unshielded Twisted Pair (C) Shielded Twisted Pair (D) Fiber optic cable 10. Which of the following security zones is closest to the internal network of the company, and can also be considered as being internal to the company ?

1 of 3

18-May-11 3:09 PM

Which type of NAT configuration maps a range of internal IP addresses to a range of external IP address ? (A) Static NAT (B) Dynamic NAT (C) Overloading NAT 16. Security Plus Practice Test Ques.Free CompTIA Security+ Practice Exam. To do this. and can also be considered as being internal to the company ? (A) Internet (B) Intranet (C) Extranet (D) Perimeter network 11. company. A compromise of which device could result in a VLAN being compromised? (A) Router (B) Switch (C) NAT server (D) None of the above 17. Overloading NAT allows the organization to use publicly assigned IP addresses over the Internet that is different from its private IP addresses. is a one-interface device ? (A) Bastion host (B) Application gateway (C) Screened host gateway (D) Screened subnet gateway 18. Choose the one that does not apply ? (A) Using VPN connections (B) Regularly auditing all services (C) Use host-based firewalls for computers that contain confidential data (D) Removing all unnecessary services (E) Limiting the number of services provided 13. Which of the following devices used in one of the three major types of security topologies.. From the options. Which concept correctly specifies the location where a system administrator would deploy a web server if that web server should be separated from other network servers ? (A) A honey pot (B) A hybrid subnet (C) A DMZ (Demilitarized Zone) (D) A VLAN (Virtual Local Area Network) 2 of 3 18-May-11 3:09 PM .freetechexams. http://www. Which technology allows you to segment or group users that have similar data sensitivity levels together and thereby increase security ? (A) Virtual local area network (VLAN) (B) Network address translation (NAT) (C) Tunneling (D) None of the above 15. Security for the extranet security zone can include a number of which type of mapping is performed by Overloading NAT ? (A) Performs a one-to-one mapping of an internal IP address to an external IP address (B) Maps multiple internal IP addresses to a range of external IP addresses (C) Maps multiple internal IP addresses to one external IP address by employing a port-based mapping method 14. choose the VPN (Virtual Private Network) tunneling protocol? (A) AH (Authentication Header) (B) SSH (Secure Shell) (C) IPSec (Internet Protocol Security) (D) DES (Data Encryption Standard) 19.. Which of the combinations here can be used to create an extranet? (A) Two intranets (B) Two perimeter networks (C) One intranet and one perimeter network (D) All of the above configurations 12...

com/certifications/comptia/securityplus/securit. system logs. From the options. Which of the following descriptions best describes an IDS? (A) Monitors network traffic and traffic patterns that could be indicative of attacks such as port scans and denial-of-service attacks (B) Runs as software on a host computer system to monitor machine logs. 20... which of the following elements should be reviewed because their information could indicate a possible attack ? (A) Audit log and system log (B) Hard disk space (C) Network counters (D) Network counters and access denied errors 25. Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ? (A) Network IDS (B) Host-based IDS (C) System integrity verifier (SIV) (D) Log file monitor (LFM) 23. which explains the general standpoint behind a DMZ (Demilitarized Zone) ? (A) All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet (B) No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet (C) Only those systems on the DMZ that can be accessed from the Internet can be compromised (D) No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet 21.. A passive response is the most common type of response to a number of intrusions.Free CompTIA Security+ Practice Exam. When using network monitoring systems to monitor workstations. Which if the following technologies would you use if you need to implement a system that simulates a network of vulnerable devices. (D) A VLAN (Virtual Local Area Network) http://www. Security Plus Practice Test Ques..freetechexams. Which of the following is not a passive response strategy ? (A) Logging (B) Notification (C) Deception (D) Shunning 3 of 3 18-May-11 3:09 PM . and applications interactions (C) Monitors the file structure of a system to determine if any system files were deleted or modified by an attacker (D) A hardware device with software that monitors events in a system or network to identify when intrusions are taking place (E) Works by parsing system log entries to isolate any system attacks 22. so that this network can be targeted by attackers ? (A) A IDS (B) A circuit-level firewall (C) A honeypot (D) A system integrity verifier 24.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer: Get 4 months of Scribd and The New York Times for just $1.87 per week!

Master Your Semester with a Special Offer from Scribd & The New York Times