Comptia Security + MCQs

Comptia Security + MCQs

The following Comptia Security + MCQs have been compiled by our experts through research, in order to test your knowledge of the subject of Comptia Security +. We encourage you to answer these 20 multiple-choice questions to assess your proficiency.
Please continue by scrolling down.

1: Remote Desktop port number

A.   An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.

B.   1. John the Ripper 2. Cain & Abel 3. THC Hydra

C.   A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.

D.   3389

2: IMAP port number

A.   1. MD4 - Message Digest 4 (128-bit digest) 2. MD5 - Message Digest 5 (128-bit digest - used in NTLMv2) 3. SHA - Secure Hashing Algorithm (160/256/512-bit digest)

B.   143

C.   1. Diffe-Hellman - Used in key exchange 2. Elliptic Curve - Used in OpenSSL and Bouncy Castle for Java & C# - .Net framework. 3. ElGamal - Used in PGP and GNU Privacy Guard 4. RSA - One of the best known public key ciphers - it was developed at MIT.

D.   An online or double conversion UPS will charge it's battery and provide power to any connected devices at the same time.

3: SSH port number

A.   22

B.   1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm

C.   1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get

D.   1. Access Control - MAC Filtering 2. Encryption - WEP - WPA - WPA2 3. Authentication - RADIUS 4. Isolation - VLANs

4: What formula is used to find the number of hosts?

A.   (2^number of host bits)-2 = number of hosts

B.   1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D

C.   Use a solution that supports nonrepudiation

D.   A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.

5: Symmetric Key Ciphers

A.   25

B.   An online or double conversion UPS will charge it's battery and provide power to any connected devices at the same time.

C.   1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro

D.   1701

6: In PKI what is the name of the file that tracks expired certificates?

A.   Are the same thing.

B.   1. Authentication 2. Authorization 3. Accounting

C.   The name of the file that tracks expired certificates is the CRL (Certificate Revocation List).

D.   1. MD4 - Message Digest 4 (128-bit digest) 2. MD5 - Message Digest 5 (128-bit digest - used in NTLMv2) 3. SHA - Secure Hashing Algorithm (160/256/512-bit digest)

7: How can you identify a SQL Injection attack?

A.   It can be identified by the use of a single quote character which is used to signal to the web server that what follows is a SQL query.

B.   X.509 is the standard that covers PKI

C.   1. Transport Mode - Packet data is encrypted but not the header information. 2. Tunnel Mode - Enitre packet (data & header information) is encrypted.

D.   Unsolicited Bulk Email or SPAM

8: Can a VLAN provide scalability?

A.   1. Elevation Prompt 2. Privilege Elevation

B.   Earlier versions of PGP relied on public key cryptography but not X.509 - it used a web of trust instead. Current versions of PGP include both models through a key management server - X.509 using a hierarchical approach based on a Certificate Authori

C.   1. SPI - Stateful Packet Inspection firewall 2. Stateless firewall

D.   Yes a VLAN can provide scalability because it is configured via software not hardware.

9: Checksums

A.   1. Dynamic NAT - A private IP address is mapped to a public IP address drawing from a pool of registered public IP addresses (one-to-many). 2. Static NAT - A private IP address is mapped to a public IP address the public IP address that is being mapp

B.   49

C.   1. MD4 - Message Digest 4 (128-bit digest) 2. MD5 - Message Digest 5 (128-bit digest - used in NTLMv2) 3. SHA - Secure Hashing Algorithm (160/256/512-bit digest)

D.   23

10: The 3 As

A.   1. Authentication 2. Authorization 3. Accounting

B.   BitLocker

C.   Earlier versions of PGP relied on public key cryptography but not X.509 - it used a web of trust instead. Current versions of PGP include both models through a key management server - X.509 using a hierarchical approach based on a Certificate Authori

D.   Use a solution that supports nonrepudiation

11: Can PGP be used to provide nonrepudiation?

A.   1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro

B.   If one application is deployed to 100 workstations it needs to be patched 100 times but if the same application is deployed to 1 shared virtual host it only needs to be patched once.

C.   PGP can be used to both encrypt and digitally sign emails - because it can be used to digitally sign emails it provides nonrepudiation.

D.   A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.

12: IDS/IPS Alerts

A.   If one application is deployed to 100 workstations it needs to be patched 100 times but if the same application is deployed to 1 shared virtual host it only needs to be patched once.

B.   An incremental backup backs up only those files that have changed since the backup of any type - and is quicker to complete the backup.

C.   1. True Positive - Correctly identifies an attack 2. True Negative - Correctly identifies legitimate traffic 3. False Positive - Incorrectly identifies legitimate traffic as an attack 4. False Negative - Incorrectly identifies an attack as legitimate

D.   389

13: Asymmetric Key Ciphers

A.   Earlier versions of PGP relied on public key cryptography but not X.509 - it used a web of trust instead. Current versions of PGP include both models through a key management server - X.509 using a hierarchical approach based on a Certificate Authori

B.   X.500 is the standard that covers LDAP

C.   1. Diffe-Hellman 2. Elliptic Curve (EC) 3. ElGamal 4. RSA - Rivest - Shamir - Aldeman 5. DSA - Digital Signature Algorithm

D.   1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get

14: LDAP port number

A.   1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical

B.   389

C.   1. Confidentiality 2. Integrity 3. Availability

D.   1. Elevation Prompt 2. Privilege Elevation

15: What is the SLE (Single Loss Expectancy)?

A.   1. SPI - Stateful Packet Inspection firewall 2. Stateless firewall

B.   1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice

C.   The asset value multiplied by the exposure factor asset value x exposure factor = SLE

D.   1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results

16: What is the difference between an online UPS and a double conversion UPS?

A.   X.500 is the standard that covers LDAP

B.   BitLocker

C.   Are the same thing.

D.   1. Transport Mode - Packet data is encrypted but not the header information. 2. Tunnel Mode - Enitre packet (data & header information) is encrypted

17: DHCP port number

A.   67 - 68

B.   A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.

C.   1. Voluntary Tunnel 2. Compulsory Tunnel - Incoming Call 3. Compulsory Tunnel - Remote Dial 4. Multi-Hop Connection Tunnel

D.   1. Something you know2. Something you have 3. Something you are

18: What is output validation?

A.   20. What is a Zombie?

B.   Yes a VLAN can provide scalability because it is configured via software not hardware.

C.   119

D.   389

E.   A system that has been compromised by malware and can be remote controlled by another computer during an attack - usually a DDoS attack. Zombies are also known as bots or network robots.

19: The 3 Ss

A.   1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get

B.   1. Something you know2. Something you have 3. Something you are

C.   Through the use of digital signatures

D.   1. John the Ripper 2. Cain & Abel 3. THC Hydra

20: Access Control Models

A.   67 - 68

B.   1. MAC - Mandatory Access Control 2. DAC - Discretionary Access Control 3. RBAC - Role-Based Access Control 4. NAC - Network Access Control 5. Physical

C.   1. Online - The most available type of storage. Disk containing data is attached to the network or a system that is attached to the network. Examples include normal backup disk - RAID - and SAN. No direct physical human interaction is required to get

D.   389

21: What is a Trojan?

A.   1. Phishing 2. Hoaxes 3. Dumpster Diving 4. Shoulder Surfing

B.   Through the use of digital signatures

C.   A program that appears to be harmless but delivers malicious code to a computer NetBUS and BackOrrifice are two of the most popular trojans - they are typically embedded in benign looking programs - when the programs are executed a backdoor to the sy

D.   1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results

22: Weaknesses of Antivirus Software

A.   1. Authentication 2. Authorization 3. Accounting

B.   1. Signatures must be updated 2. Zero day exploits

C.   1723

D.   80

23: . Ways to Secure a WiFi Access Point

A.   1. Access Control - MAC Filtering 2. Encryption - WEP - WPA - WPA2 3. Authentication - RADIUS 4. Isolation - VLANs

B.   1. DES - Data Encryption Standard 2. 3DES - Triple Data Encryption Standard 3. AES - Advanced Encryption Standard 4. AES256 - Advanced Encryption Standard 256-bit 5. RC5 - Rivest Cipher 5 6. RC6 - Rivest Cipher 6 7. Blowfish 8. IDEA - International D

C.   No - all hosts on a VLAN do not have to be connected to the same switch - a VLAN can span multiple switches.

D.   Are the same thing.

24: What is PWDUMP?

A.   1. DES - 64-bit block - 56-bit key - 16 rounds 2. 3DES - DES is used 3 times with 3 different keys 3. AES - 128-bit block - 128/192-bit key - 10/12/14 rounds 4. AES256 - AES used with a 256-bit key 5. RC5 - 32/64/128-bit block - 0-2040 key - 0-255 ro

B.   An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.

C.   1. LM - Local Area Network Manager (Used in XP and before - DES is the hash) 2. NTLMv1/v2 - New Technology LANMAN (Used in Vista - 7 - and Server 2008) 3. Kerberos - Used in Active Directory

D.   A tool used to extract NTLM and LANMAN hashes from a Windows based targeted host.

25: Steps in the OVAL Assessment Process

A.   (2^number of host bits)-2 = number of hosts

B.   1. Represent the configuration of the system(s) to be tested. 2. Analyze the system(s) 3. Report the results

C.   A rootkit is a form of malicious software that grants full system control to the user. The term comes from the UNIX/Linux environment - where the highest level of system administrator is called the root user.

D.   Unsolicited Bulk Email or SPAM

26: What is the name of Vista's hard drive encryption technology?

A.   BitLocker

B.   A combination of files geared - towards fixing one or more security issues with a given piece of software. Note that hotfixes are usually created shortly after a security hole is identified.

C.   An offline UPS remains idle until AC power is lost then it uses its' internal battery to provide power to attached equipment.

D.   1. Technology Weakness 2. Configuration Weakness 3. Policy Weakness 4. Human Error or Malice