Comptia Security+ Certification Practice Test 3

Front 1

What is the purpose of non-repudiation?

Back 1

(a) transforming plaintext to ciphertext
(b) Ensuring that received data hasn't changed in transit
(c) Preventing someone from denying that they took a specific action
(d) Hiding one piece of data in another piece of data

Hint 1

(c) Preventing someone from denying that they took a specific action

Front 2

Which of the following refers to one of the testing stages in the software development process performed by customers or end users?

Back 2

(a) NAT
(b) EULA
(c) UAT
(d) UAC

Hint 2

(c) UAT

Front 3

The practice of sending unsolicited messages over Bluetooth is also known as:

Back 3

(a) Bluejacking
(b) Phishing
(c) SPIM
(d) Bluesnarfing

Hint 3

(a) Bluejacking

Front 4

Phishing scams targeting a specific group of users are also referred to as:

Back 4

(a) Spear phishing
(b) Pharming
(c) Bluejacking
(d) Tailgating

Hint 4

(a) Spear phishing

Front 5

What is war chalking?

Back 5

(a) Marking unsecured wireless networks
(b) SSID discovery
(c) Scanning for open ports
(d) Finding unsecured wireless networks

Hint 5

(a) Marking unsecured wireless networks

Front 6

Which of the following fall(s) into the category of social engineering attacks? (Select all that apply)

Back 6

(a) Vishing
(b) Spear phishing
(c) Xmas attack
(d) MAC spoofing
(e) Whaling

Hint 6

(a) Vishing
(b) Spear phishing
(e) Whaling

Front 7

Which of the following terms refers to a microchip embedded on the motherboard of a personal computer or laptop that can store keys, passwords and digital certificates?

Back 7

(a) HCL
(b) TPM
(c) FRU
(d) EFS

Hint 7

(b) TPM

Front 8

Finding vulnerability in an application by feeding it incorrect input is also known as:

Back 8

(a) Exception handling
(b) Application hardening
(c) Patching
(d) Fuzzing

Hint 8

(d) Fuzzing

Front 9

Which of the following is an example of a multi-factor authentication?

Back 9

(a) Password and biometric scan
(b) User name and PIN
(c) Iris and fingerprint scan
(d) Smart card and identification badge

Hint 9

(a) Password and biometric scan

Front 10

Penetration test of a computer system carried out without the prior knowledge on how the system works is also known as:

Back 10

(a) Auditing
(b) Black box testing
(c) White hat testing
(d) White box

Hint 10

(b) Black box testing

Front 11

Antivirus software can be kept up to date through: (Select all that apply)

Back 11

(a) Virtualization
(b) Engine updates
(c) Virus signature updates
(d) Auditing

Hint 11

(b) Engine updates
(c) Virus signature updates

Front 12

In this access control model every resource has a sensitivity label matching a clearance level assigned to a user.

Back 12

(a) RBAC
(b) MAC
(c) HMAC
(d) DAC

Hint 12

(b) MAC

Front 13

Which of the following is used to prevent switching loops?

Back 13

(a) STP
(b) UTP
(c) RAS
(d) HMAC

Hint 13

(a) STP

Front 14

The last default rule on a firewall is to:

Back 14

(a) Allow all traffic
(b) Deny all traffic
(c) Unblock all ports
(d) Create an exception

Hint 14

(b) Deny all traffic

Front 15

Which of the following ports are used by NetBIOS? (Select all that apply)

Back 15

(a) 138
(b) 139
(c) 161
(d) 162
(e) 137

Hint 15

(a) 138
(b) 139
(e) 137

Front 16

Which of the following sequences of steps adheres to the order of volatility while collecting an evidence?

Back 16

(a) Archival media, disk files, temporary files, memory dump
(b) Memory dump, temporary files, disk files, archival media
(c) Temporary files, memory dump, archival media, disk files
(d) Memory dump, disk files, temporary files, archival media

Hint 16

(b) Memory dump, temporary files, disk files, archival media

Front 17

Phishing scams targeting people holding high positions in an organization or business are also known as:

Back 17

(a) Tailgating
(b) Pharming
(c) Shoulder surfing
(d) Whaling

Hint 17

(d) Whaling

Front 18

What is the name of a storage solution used to retain copies of private encryption keys?

Back 18

(a) Key escrow
(b) Proxy
(c) Recovery agent
(d) Trusted OS

Hint 18

(a) Key escrow

Front 19

Which of the following are the features of a Common Access Card (CAC)? (Select all that apply)

Back 19

(a) Provides access to low security areas
(b) Any type of identification badge with a photo
(c) Issued by United States Department of Defense (DoD)
(d) Smart card

Hint 19

(c) Issued by United States Department of Defense (DoD)
(d) Smart card

Front 20

Copies of lost private encryption keys can be retrieved from a key database by:

Back 20

(a) Power users
(b) GPS tracking
(c) Backup operators
(d) Recovery agents

Hint 20

(d) Recovery agents

Front 21

Which of the following can stop attacks on the network?

Back 21

(a) NIDS
(b) NIPS
(c) HIDS
(d) HIPS

Hint 21

(b) NIPS

Front 22

A type of attack exploiting the TCP three-way handshake process is also known as:

Back 22

(a) SYN flood
(b) Social engineering
(c) Xmas attack
(d) DDoS

Hint 22

(a) SYN flood

Front 23

Which security measure is in place when a client is denied access to the network due to outdated antivirus software?

Back 23

(a) IPsec
(b) DMZ
(c) NAC
(d) NAT

Hint 23

(c) NAC

Front 24

Which type of intrusion detection relies on the previously established baseline of normal network activity?

Back 24

(a) Signature-based IDS
(b) Managed Switch
(c) MD-IDS
(d) AD-IDS

Hint 24

(d) AD-IDS

Front 25

VLAN membership can be set through: (Select all that apply)

Back 25

(a) MAC addresses
(b) Switch ports
(c) Trunk ports
(d) Encryption

Hint 25

(a) MAC addresses
(b) Switch ports