Security+ Practice Certification Exam

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Lazor-beam
L
Lazor-beam
Community Contributor
Quizzes Created: 3 | Total Attempts: 507
Questions: 33 | Attempts: 249

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Practice Exam - CompTIA Security+ Certification


Questions and Answers
  • 1. 

    Protecting your data from being revealed to unauthorized users is an example of ________ .

    • A.

      Confidentiality

    • B.

      Integrity

    • C.

      Signing

    • D.

      Hashing

    Correct Answer
    A. Confidentiality
    Explanation
    Protecting data from being revealed to unauthorized users refers to maintaining confidentiality. Confidentiality ensures that sensitive information is only accessible to authorized individuals, preventing unauthorized access, disclosure, or exposure of data. It involves implementing security measures such as encryption, access controls, and secure communication channels to safeguard data from unauthorized disclosure or interception.

    Rate this question:

  • 2. 

    An AUTHORIZED user while accessing a system is flagged by the IDS as an INTRUDER.  This is called a ______.

    • A.

      Non-Negative

    • B.

      Non-Intrusion

    • C.

      False Positive

    • D.

      False Alarm

    Correct Answer
    C. False Positive
    Explanation
    When an authorized user is flagged by the IDS as an intruder, it is known as a false positive. This means that the IDS has incorrectly identified the authorized user as an intruder. False positives can occur due to various reasons such as misconfiguration of the IDS or unusual user behavior that triggers the IDS's intrusion detection mechanisms. It is important to investigate and resolve false positives to ensure that legitimate users are not mistakenly flagged as intruders.

    Rate this question:

  • 3. 

    Which service either PERMITs or DENYs a user permission to view or change file data?

    • A.

      Access control

    • B.

      Data authentication

    • C.

      Data confidentiality

    • D.

      Data integrity

    Correct Answer
    A. Access control
    Explanation
    Access control is the service that either permits or denies a user permission to view or change file data. It is responsible for managing and enforcing the rules and policies that determine who can access certain resources and what actions they can perform on those resources. Access control ensures that only authorized individuals have the necessary permissions to access and modify sensitive data, helping to protect against unauthorized access and maintain the integrity and confidentiality of the data.

    Rate this question:

  • 4. 

    With Mandatory Access Control, subjects (users) must have  _______  that are equal to or higher than what is assigned to the object (system, data file) to which access is being attempted.

    • A.

      Access control lists

    • B.

      Sensitivity labels

    • C.

      Tickets

    • D.

      Tokens

    Correct Answer
    B. Sensitivity labels
    Explanation
    Mandatory Access Control (MAC) is a security mechanism that enforces access control based on predefined rules and policies. In this context, sensitivity labels are used to determine the level of access that a subject (user) can have to an object (system, data file). Sensitivity labels represent the sensitivity or classification level of the object, such as confidential, top secret, etc. Subjects must have sensitivity labels that are equal to or higher than the sensitivity label assigned to the object they are trying to access. This ensures that subjects can only access objects that they are authorized to access based on their sensitivity level.

    Rate this question:

  • 5. 

    Of the protocols listed below, which one is an older tunneling protocol that works with IP only?

    • A.

      IPX

    • B.

      L2TP

    • C.

      PPTP

    • D.

      SSH

    Correct Answer
    C. PPTP
    Explanation
    PPTP (Point-to-Point Tunneling Protocol) is an older tunneling protocol that works with IP only. It was developed by Microsoft and is primarily used for creating VPNs (Virtual Private Networks). PPTP encapsulates IP packets within IP packets, allowing them to be securely transmitted over the internet. It is considered an older protocol because it has been largely replaced by more secure protocols such as L2TP and OpenVPN.

    Rate this question:

  • 6. 

    IPSec carries the _____ which provides assurance of legitimacy of the transmission.

    • A.

      Secure Shell (SSH)

    • B.

      Password Authentication Protocol (PAP)

    • C.

      Authentication Header (AH)

    • D.

      Internet Protocol (IP)

    Correct Answer
    C. Authentication Header (AH)
    Explanation
    IPSec provides security services such as authentication, integrity, and confidentiality for IP packets. The Authentication Header (AH) protocol is responsible for providing assurance of legitimacy of the transmission. AH ensures the integrity and authenticity of the IP packets by adding a header that contains a cryptographic checksum and a sequence number. This allows the recipient to verify the integrity of the packet and ensure that it has not been modified during transmission. Therefore, AH is the correct answer as it provides the necessary assurance of legitimacy for the transmission.

    Rate this question:

  • 7. 

    Symmetric Cryptography has several advantages, but sadly one LARGE disadvantage,  ________ .

    • A.

      Speed

    • B.

      Key distribution

    • C.

      Weak algorithms

    • D.

      Memory management

    Correct Answer
    B. Key distribution
    Explanation
    Symmetric Cryptography has several advantages, such as fast encryption and decryption processes and efficient use of memory. However, it suffers from a significant disadvantage in terms of key distribution. Symmetric encryption requires both the sender and receiver to have the same secret key, which needs to be securely shared beforehand. This process can be challenging and time-consuming, especially when multiple parties are involved.

    Rate this question:

  • 8. 

    _____  based on an algorithm called Rijndael, a word formed from the combination of the names of the two Belgian cryptographers who developed it.  Rijndael beat out 15 competing designs for adoption by both NIST and NSA.

    • A.

      AES (Advanced Encryption Standard)

    • B.

      3DES (Triple Data Encryption Standard)

    • C.

      DES (Data Encryption Standard)

    • D.

      Blowfish

    Correct Answer
    A. AES (Advanced Encryption Standard)
    Explanation
    AES (Advanced Encryption Standard) is based on an algorithm called Rijndael, which was developed by two Belgian cryptographers. Rijndael was chosen as the winner among 15 competing designs for adoption by both NIST and NSA. Therefore, AES is the correct answer.

    Rate this question:

  • 9. 

    When sender and receiver use different keys, the encryption scheme is called _______ .

    • A.

      Symmetric

    • B.

      Blowfish

    • C.

      Skipjack

    • D.

      Asymmetric

    Correct Answer
    D. Asymmetric
    Explanation
    When the sender and receiver use different keys, the encryption scheme is called asymmetric. In asymmetric encryption, a pair of keys, namely a public key and a private key, is used. The sender uses the recipient's public key to encrypt the message, and the recipient uses their private key to decrypt it. This allows for secure communication without the need to share a common key between the sender and receiver.

    Rate this question:

  • 10. 

    _______ is an asymmetric algorithm?

    • A.

      CAST (Carlisle Adams Stafford Tavares)

    • B.

      RC5 (Rivest Cipher 5)

    • C.

      RSA (Rivest Shamir Adelman)

    • D.

      SHA-1 (Secure Hashing Algorithm 1)

    Correct Answer
    C. RSA (Rivest Shamir Adelman)
    Explanation
    RSA (Rivest Shamir Adelman) is an asymmetric algorithm because it uses a pair of keys, a public key and a private key, for encryption and decryption. The public key is used for encryption, while the private key is used for decryption. This means that anyone can use the public key to encrypt data, but only the holder of the private key can decrypt it. Asymmetric algorithms are commonly used for secure communication and digital signatures.

    Rate this question:

  • 11. 

    All users should be made aware of the weakest security link,  ________ .

    • A.

      Firewalls

    • B.

      Routers

    • C.

      Viruses

    • D.

      People

    Correct Answer
    D. People
    Explanation
    People are the weakest security link because they are susceptible to social engineering attacks, such as phishing or manipulation, which can lead to unauthorized access to systems. Additionally, people may have weak passwords, fall for scams, or inadvertently disclose sensitive information, making them vulnerable to security breaches. It is important to educate and raise awareness among users to minimize the risk associated with human error in order to maintain a secure environment.

    Rate this question:

  • 12. 

    An Intrusion Detection System cannot protect a network form _______ .

    • A.

      DoS (Denial of Service)

    • B.

      Exploits of system bugs

    • C.

      Spoofed e-mail

    • D.

      Port scan

    Correct Answer
    C. Spoofed e-mail
    Explanation
    An Intrusion Detection System (IDS) is designed to monitor network traffic and identify any suspicious or malicious activity. However, it cannot protect a network from spoofed e-mails. Spoofed e-mails are emails that appear to be from a legitimate source but are actually sent by an attacker with the intention of deceiving the recipient. IDSs are not specifically designed to detect or prevent spoofed e-mails as they primarily focus on network traffic and system vulnerabilities. Protecting against spoofed e-mails typically requires other security measures such as email filtering and authentication protocols.

    Rate this question:

  • 13. 

    TACACS uses port _____ .

    • A.

      21

    • B.

      161

    • C.

      53

    • D.

      49

    Correct Answer
    D. 49
    Explanation
    TACACS uses port 49.

    Rate this question:

  • 14. 

    Secure Shell (SSH) uses both ____ and port ___ .

    • A.

      TCP (Transmission Control Protocol), 22

    • B.

      UDP (User Datagram Protocol), 69

    • C.

      TCP (Transmission Control Protocol), 179

    • D.

      UDP (User Datagram Protocol), 17

    Correct Answer
    A. TCP (Transmission Control Protocol), 22
    Explanation
    SSH (Secure Shell) is a network protocol that provides secure remote access and control over a network. It uses the TCP (Transmission Control Protocol) as its transport protocol and operates on port 22. TCP ensures reliable and ordered delivery of data packets, making it suitable for secure and error-free communication. Port 22 is the well-known port assigned to SSH, and it is used for establishing a secure connection between the client and the server.

    Rate this question:

  • 15. 

    Professional codes of conduct require computer forensic experts to protect IT evidence gathered from a crime scene.  This important guideline is known as _______ .

    • A.

      Evidence protection

    • B.

      Chain of custody

    • C.

      Chain of command

    • D.

      Incident response

    Correct Answer
    B. Chain of custody
    Explanation
    The professional code of conduct for computer forensic experts includes a guideline known as "chain of custody." This guideline ensures that the IT evidence gathered from a crime scene is protected and properly documented throughout its handling and storage. It involves maintaining a detailed record of who has had access to the evidence, when, and for what purpose. This helps to maintain the integrity and admissibility of the evidence in a court of law.

    Rate this question:

  • 16. 

    An attacker may overload a server by not responding with the third segment of a TCP Three Way Handshake.  This is known as a _____ attack.

    • A.

      Man in the Middle

    • B.

      Smurf

    • C.

      Teardrop

    • D.

      SYN (Synchronize)

    Correct Answer
    D. SYN (Synchronize)
  • 17. 

    A worm is ______ whereas a Trojan is not.

    • A.

      Spread by way of e-mail

    • B.

      Self replicating

    • C.

      A form of malicious code

    • D.

      Self destructing

    Correct Answer
    B. Self replicating
    Explanation
    A worm is self-replicating, meaning it can create copies of itself and spread to other systems without any user intervention, while a Trojan is not. A Trojan is a form of malicious code that disguises itself as legitimate software and tricks users into downloading and installing it. Unlike worms, Trojans do not have the ability to self-replicate and spread on their own.

    Rate this question:

  • 18. 

    Attackers commonly use this method to locate wireless networks.

    • A.

      War driving

    • B.

      Stake out

    • C.

      War dialing

    • D.

      Stake in

    Correct Answer
    A. War driving
    Explanation
    War driving is a method commonly used by attackers to locate wireless networks. It involves driving around with a device that can detect and identify wireless networks, allowing the attacker to map out the location and characteristics of the networks. This information can then be used for malicious purposes, such as unauthorized access or network attacks.

    Rate this question:

  • 19. 

    Lack of attention to proper programming practices leads to application that may suffer from ______ .

    • A.

      CGI (Common Gateway Interface) script

    • B.

      Birthday

    • C.

      Buffer overflow

    • D.

      Dictionary

    Correct Answer
    C. Buffer overflow
    Explanation
    Lack of attention to proper programming practices can lead to a buffer overflow in an application. A buffer overflow occurs when a program tries to write more data to a buffer than it can hold, resulting in the excess data overwriting adjacent memory locations. This can cause the application to behave unexpectedly, crash, or even be exploited by attackers to execute malicious code. Therefore, it is important to follow proper programming practices to prevent buffer overflows and ensure the security and stability of the application.

    Rate this question:

  • 20. 

    Attackers may alter ICMP (Internet Control Message Protocol) transmissions to initiate a _____ .

    • A.

      Man in the Middle attack

    • B.

      Smurf attack

    • C.

      Ping of death attack

    • D.

      TCP SYN (Transmission Control Protocol / Synchronized) attack

    Correct Answer
    C. Ping of death attack
    Explanation
    Attackers may alter ICMP (Internet Control Message Protocol) transmissions to initiate a Ping of death attack. In this type of attack, the attacker sends an oversized or malformed ICMP packet to a target system. When the target system receives and tries to process this packet, it can cause the system to crash or become unresponsive. This attack takes advantage of vulnerabilities in the way certain systems handle large or malformed ICMP packets, leading to a denial of service (DoS) condition.

    Rate this question:

  • 21. 

    Attacks may be detected by monitoring for ________   which amount to known bit patterns.

    • A.

      Viruses

    • B.

      Signatures

    • C.

      Hackers

    • D.

      Malware

    Correct Answer
    B. Signatures
    Explanation
    Attacks can be detected by monitoring for signatures, which are known bit patterns that indicate the presence of viruses, hackers, or malware. Signatures are unique identifiers that are created based on the characteristics of specific attacks. By monitoring for these signatures, security systems can identify and respond to potential threats.

    Rate this question:

  • 22. 

    Misrepresenting a computer with the identifying address information of another is called ______ .

    • A.

      DoS (Denial of Service)

    • B.

      Spoofing

    • C.

      Brure force attack

    • D.

      Reverse DNS (Domain Name Service)

    Correct Answer
    B. Spoofing
    Explanation
    Spoofing is the correct answer because it refers to the act of misrepresenting a computer or network device by using the identifying address information of another. This can involve falsifying IP addresses, MAC addresses, or other identifying information in order to deceive or impersonate another computer or network device. Spoofing can be used for malicious purposes, such as launching attacks or gaining unauthorized access to systems.

    Rate this question:

  • 23. 

    A _____ attaches itself to an otherwise normal program, resulting in an infection that may spread to other programs doing harm each location.

    • A.

      Replicator

    • B.

      Virus

    • C.

      Trojan horse

    • D.

      Logic bomb

    Correct Answer
    B. Virus
    Explanation
    A virus is a type of malicious software that attaches itself to a normal program, causing an infection. Once infected, the virus can spread to other programs and cause harm. This is different from a replicator, which simply duplicates itself without causing harm, a Trojan horse, which disguises itself as a legitimate program, or a logic bomb, which is a type of malware that is triggered by a specific event or condition.

    Rate this question:

  • 24. 

    A password which has been hashed for security, may yet be revealed by a ________ attack.

    • A.

      Man in the Middle

    • B.

      Brute force

    • C.

      Reverse engineering

    • D.

      DoS (Denial of Service)

    Correct Answer
    B. Brute force
    Explanation
    Brute force attack is a method where an attacker systematically tries all possible combinations of passwords until the correct one is found. In the context of a hashed password, a brute force attack involves trying different input values and hashing them until a match is found with the hashed password. This attack is effective because it does not rely on any specific vulnerabilities or weaknesses in the system, but rather on the attacker's persistence and computational power to try all possible combinations. Therefore, a password that has been hashed for security can still be revealed through a brute force attack.

    Rate this question:

  • 25. 

    A ____ attack may not steal or corrupt data, but it does overwhelm the system, denying access to legitimate users.

    • A.

      ACL

    • B.

      BBC

    • C.

      CVS

    • D.

      DOS

    Correct Answer
    D. DOS
    Explanation
    A DOS (Denial of Service) attack is an attack that overwhelms a system, making it unable to respond to legitimate user requests. It does not steal or corrupt data, but rather floods the system with a high volume of traffic or requests, causing it to become unresponsive or crash. This type of attack disrupts the availability of a system or network, denying access to legitimate users.

    Rate this question:

  • 26. 

    Encrypting a message before sending it across the internet addresses which fundamental security objective?

    • A.

      Authentication

    • B.

      Integrity

    • C.

      Confidentiality

    • D.

      Non-repudiation

    Correct Answer
    C. Confidentiality
    Explanation
    Encrypting a message before sending it across the internet addresses the fundamental security objective of confidentiality. Encryption ensures that the message is encoded in such a way that only the intended recipient can decrypt and read it. This protects the content of the message from unauthorized access or interception by third parties, maintaining its confidentiality.

    Rate this question:

  • 27. 

    You discover that a session with a distant server is being monitored and altered by a third party.  This is known as a ______ attack.

    • A.

      DDos

    • B.

      Back Door

    • C.

      Spoofing

    • D.

      Man in the Middle

    Correct Answer
    D. Man in the Middle
    Explanation
    A Man in the Middle attack occurs when a third party intercepts and alters the communication between two parties without their knowledge. In this scenario, the session with the distant server is being monitored and altered by the third party, indicating that they are positioned in the middle of the communication. Therefore, the correct answer is Man in the Middle.

    Rate this question:

  • 28. 

    A server is placed in your network with the goal of attracting and monitoring attackers.  This kind of server is known as a ________ .

    • A.

      Honey pot

    • B.

      Lame duck

    • C.

      Teaser

    • D.

      Pigeon

    Correct Answer
    A. Honey pot
    Explanation
    A server that is intentionally placed in a network to attract and monitor attackers is known as a honey pot. The purpose of a honey pot is to deceive and lure potential attackers, allowing organizations to gather information about their tactics, techniques, and intentions. By analyzing the activities of attackers on the honey pot server, organizations can enhance their cybersecurity measures and protect their actual network from real threats.

    Rate this question:

  • 29. 

    While each of the methods listed below is appropriate for combating the threat of “dumpster diving”, which is the MOST important?

    • A.

      Increased security staff

    • B.

      Paper and media distruction

    • C.

      Video surveillance equipment

    • D.

      Frequent trash removal

    Correct Answer
    B. Paper and media distruction
    Explanation
    Paper and media destruction is the most important method for combating the threat of "dumpster diving" because it ensures that any sensitive or confidential information that may be discarded in the trash is properly destroyed and cannot be accessed by unauthorized individuals. Increased security staff, video surveillance equipment, and frequent trash removal are also important measures, but they may not be as effective in preventing the retrieval of valuable information from the trash. Properly destroying paper and media materials minimizes the risk of data breaches and protects the privacy and security of individuals and organizations.

    Rate this question:

  • 30. 

    TLS is the updated version of _____.

    • A.

      ACL

    • B.

      AES

    • C.

      SSH

    • D.

      SSL

    Correct Answer
    D. SSL
    Explanation
    TLS (Transport Layer Security) is the updated version of SSL (Secure Sockets Layer). SSL was a cryptographic protocol that provided secure communication over a computer network. However, due to security vulnerabilities in SSL, it was replaced by TLS. TLS is an improved and more secure version of SSL, offering better encryption algorithms and enhanced security features. Therefore, TLS can be considered as the updated version of SSL.

    Rate this question:

  • 31. 

    Your have been asked to assess the security of a network.  The _______ stage of the assessment involves identifying weaknesses and attempting to defeat the security system.

    • A.

      Penetration

    • B.

      Control

    • C.

      Audit planning

    • D.

      Discovery

    Correct Answer
    A. Penetration
    Explanation
    The correct answer is "Penetration". In the assessment of network security, the penetration stage involves identifying weaknesses and attempting to defeat the security system. This stage focuses on actively testing the security measures in place by simulating real-world attacks and attempting to gain unauthorized access to the network. The goal is to uncover vulnerabilities and assess the effectiveness of the security controls in order to strengthen the overall security posture of the network.

    Rate this question:

  • 32. 

    The arrival of a Digital Signature along with a message gives what assurance to the recipient?

    • A.

      Authentication

    • B.

      Integrity

    • C.

      Confidentiality

    • D.

      Non-repudiation

    Correct Answer
    C. Confidentiality
    Explanation
    A digital signature provides assurance of the authenticity and integrity of a message, but it does not guarantee confidentiality. Confidentiality refers to the protection of the message from unauthorized access or disclosure. A digital signature does not encrypt the message or protect it from being seen by others. Therefore, the correct answer in this case is not "Confidentiality," but rather "Non-repudiation," which ensures that the sender cannot deny sending the message.

    Rate this question:

  • 33. 

    What protocol is commonly used with e-mail?

    • A.

      S/MIME

    • B.

      HTTPS

    • C.

      SSH

    • D.

      SSL

    Correct Answer
    A. S/MIME
    Explanation
    S/MIME (Secure/Multipurpose Internet Mail Extensions) is a commonly used protocol with email. It provides a secure way to send and receive emails by encrypting the content and digitally signing the messages. This ensures the confidentiality, integrity, and authenticity of the email communication. S/MIME is widely supported by email clients and servers, making it a popular choice for secure email communication.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 14, 2008
    Quiz Created by
    Lazor-beam
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.