CompTIA Security+ Certification Preparation
Pre-Test Questions
Course Introduction
The CompTIA Security+ Certification Preparation course is designed to equip students with foundational knowledge and practical skills in cybersecurity, aligned with the objectives of the CompTIA Security+ (SY0-601) exam. This course covers essential topics such as threat analysis, risk management, network security, access control, cryptography, and incident response. Students will engage with real-world scenarios, hands-on labs, and practice tests to develop their proficiency in identifying vulnerabilities, implementing security solutions, and maintaining organizational security posture. By completing this course, participants will be well-prepared to pursue the globally recognized CompTIA Security+ certification, enhancing their qualifications for roles in information security and network administration.
Recommended Textbook
Principles of Computer Security CompTIA Security+ and Beyond 3rd Edition by Wm. Arthur Conklin
Available Study Resources on Quizplus
25 Chapters
1136 Verified Questions
1136 Flashcards
Source URL: https://quizplus.com/study-set/2933 Page 2
Chapter 1: Introduction and Security Trends
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58443
Sample Questions
Q1) What was the Slammer Worm/Virus?
A)It was a macro virus that spread by emailing the first 50 people in the victim's address book with the subject: Important message.
B)The first Internet worm that "slammed" the Internet,created by a graduate student at Cornell University in 1988.
C)Malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes.
D)Malware that would "slam" shut your computer by not allowing you to log in.
Answer: C
Q2) In April 2009,Homeland Security Secretary Janet Napolitano told reporters
A)Organized crime made attempts to break into the US electric power grid
B)Hacktivists made attempts to break into the US electric power grid
C)Terrorists made attempts to break into the US electric power grid
D)China and Russia made attempts to break into the US electric power grid
Answer: D
Q3) The first worm to attack the Internet was the _______________.
Answer: Morris Worm
Q4) _______________ are people who attack networks with a political purpose in mind.
Answer: Hacktivists
Page 3
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: General Security Concepts
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/58442
Sample Questions
Q1) _______________ is the condition that a control can be verified as functioning. Answer: Auditability
Q2) The A in CIA refers to the term auditability.
A)True
B)False
Answer: False
Q3) Ensuring that changes made to the data are only done by users who are authorized to do so protects the data's _______________.
Answer: integrity
Q4) All applications,scripts,and batch files run in the same security context of the user who is logged in at the time.
A)True
B)False
Answer: True
Q5) Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Operational-Organizational Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58441
Sample Questions
Q1) Which of the following is NOT one of the three basic ways to protect electromagnetic emanations?
A)Put the equipment beyond the point that the emanations can be picked up.
B)Provide shielding for the equipment itself.
C)Create a reverse magnetic field around the equipment to cancel out waves emanating from or going to the equipment.
D)Provide a shielded enclosure (such as a room)to put the equipment in.
Answer: C
Q2) (p.D)Recommendations as it relates to a policy is a function of
A)Standards
B)Guidelines
C)Laws and regulations
D)CIRT emails
Answer: B
Q3) The location where wireless access points are placed can
A)Interfere with other wired network communications
B)Make it easier or harder for and attacker to access the network
C)Cause electromagnetic interference
D)Cause illness from prolonged exposure
Answer: B
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: The Role of People in Security
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58440
Sample Questions
Q1) Social engineers attempt to exploit the natural tendencies of people.They do this by
A)First trying to evoke sympathy;if this fails,then by fear of confrontation
B)First trying to evoke fear of confrontation and then by sympathy
C)First trying to guess passwords and then use a password cracker
D)First trying to evoke passion and then fear
Q2) The process of going through a target's trash in hopes of finding valuable information that might be used in a penetration attempt is known as _______________.
Q3) Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.
A)True
B)False
Q4) The process of convincing an authorized individual to provide confidential information or access to an unauthorized individual is known as _______________.
Q5) Phishing is the most common form of social engineering attack related to computer security.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Cryptography
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58439
Sample Questions
Q1) The encryption method base on the idea of two keys,one that is public and one that is private is
A)Hashing function
B)Symmetric encryption
C)Asymmetric encryption
D)Elliptical curve encryption
Q2) What are some of the uses of cryptographic algorithms?
Q3) A(n)_______________ is a step-by-step,recursive computational procedure for solving a problem in a finite number of steps.
Q4) Decryption is the process of creating ciphertext from plaintext.
A)True
B)False
Q5) What is key management and why is it important?
Q6) All of the following are cryptographic applications EXCEPT:
A)PGP
B)FreeOTFE
C)StegDetect
D)GnuPG
Q7) Keeping a copy of the encryption key with a trusted third party is called
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Public Key Infrastructure
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58438
Sample Questions
Q1) What is a certificate repository?
A)A directory that calculates a message digest for the certificate
B)An entity that generates electronic credentials
C)A directory that requires a centralized infrastructure
D)A centralized directory in which the registered certificate is stored
Q2) The term used to describe a centralized directory that can be accessed by a subset of individuals is _______________
Q3) A trust domain is defined as
A)The agreed upon,trusted third party
B)A scenario where one user needs to validate the other's certificate
C)A construct of systems,personnel,applications,protocols,technologies and policies that work together to provide a certain level of protection
D)A scenario in which the certificate's issuer and subject fields hold the same information
Q4) PKI can be used as a measure to trust individuals we do not know.
A)True
B)False
Q5) A(n)_______________ certificate is used when independent CAs establish peer-to-peer trust relationships.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Standards and Protocols
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/58437
Sample Questions
Q1) What is IPsec?
A)A collection of IP security features designed to introduce security at the network or packet-processing layer
B)An application that encrypts e-mail
C)A standard setting group that dictates internet security standards
D)The company to first introduce the concept of encryption
Q2) WEP has all of the following weaknesses of EXCEPT:
A)The secret key is only 40 bits long.
B)It is susceptible to collision attacks.
C)Even the 128 bit version is vulnerable.
D)Many wireless implementations do not come with WEP enabled.
Q3) How does PGP work?
Q4) PGP uses
A)Private key encryption
B)Asymmetric encryption
C)Symmetric encryption
D)Anomalous encryption
Q5) _______________ is used to encrypt web traffic and uses port 443.
Q6) _______________ is composed of two parts: the TLS Record Protocol and the TLS Handshake protocol.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Physical Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58436
Sample Questions
Q1) A false negative is when an unauthorized person is denied access.
A)True
B)False
Q2) What kind of copy is a drive image?
A)Bit-by-bit copy
B)File-by-file copy
C)Partition copy
D)A copy of all images on the drive
Q3) ________ is the combination of two or more types of authentication.
Q4) Theft of the computer,using a boot disk to simply erase all data on the drives,or simply unplugging computers are all effective for ___________.
Q5) Setting a password on the ___________ should delay or prevent an attacker from resetting the boot sequence to boot from a device other than the hard drive
Q6) A false positive is when a biometric is scanned and allows access-when it was not the person who has authorization.
A)True
B)False
Q7) A house key is an example of a(n)__________.
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Network Fundamentals
Available Study Resources on Quizplus for this Chatper
55 Verified Questions
55 Flashcards
Source URL: https://quizplus.com/quiz/58435
Sample Questions
Q1) _______________ is the protocol that resolves a domain name to an IP address.
Q2) Network Address Translation (NAT)
A)Translates private (non-routable)IP addresses into public (routable)IP addresses
B)Translates the IP addresses of one protocol to the IP address of another protocol
C)Is one of the items in an IP packet header
D)Translates MAC addresses to IP addresses
Q3) Network components connected to the same cable are often called "the backbone" in which topology?
A)Star
B)Bus
C)Ring
D)Hybrid
Q4) The method of packaging packets so that they can traverse a network in a secure manner is called _______________.
Q5) TCP is connectionless and has lower overhead than UDP.
A)True
B)False
Q6) Another term for an IP packet is _______________.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Infrastructure Security
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58434
Sample Questions
Q1) _____________ is/are computers in a network that host applications and data for everyone to share.
A)Linux boxes
B)Servers
C)Firewalls
D)Cryptography
Q2) Which operating system is immune to virus attacks?
A)Windows 7
B)Red Hat Linux
C)Mac OS X
D)No operating system is immune.
Q3) _______________ are devices designed to detect,log,and respond to unauthorized network or host use,both in real time and after the fact.
Q4) ________ are applications designed to detect,log,and respond to unauthorized
A.network or host use,both in real time and after the fact
A)Windows Operating System
B)Intrusion detection systems (IDS)
C)Firewalls
D)Twisted wire pairs
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Authentication and Remote Access
Available Study Resources on Quizplus for this Chatper
46 Verified Questions
46 Flashcards
Source URL: https://quizplus.com/quiz/58433
Sample Questions
Q1) Which protocol enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP/IP network?
A)PPPP
B)PPTP
C)PTPN
D)PPTN
Q2) L2TP uses
A)UDP port 1701
B)TCP port 1701
C)TCP port 1107
D)TCP port 1217
Q3) _______________ is an authentication process by which the user can enter a single user ID and password then move from application to application or resource to resource without having to supply further authentication information.
Q4) TACACS+ is a client/server protocol that uses IP as its transport protocol.
A)True
B)False
Q5) _______________ authentication is a term that describes the use of more than one authentication mechanism at the same time.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Wireless
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58432
Sample Questions
Q1) WAP uses _______________ for its encryption scheme.
A)WEP
B)SSL
C)WTLS
D)ElGamal
Q2) _________ is sending an unauthorized message to another Bluetooth device.
A)Bluejacking
B)Bluesnarfing
C)Bluehacking
D)Bluephreaking
Q3) Why is wireless problematic from a security standpoint?
A)There is no control over physical limitations.
B)Insufficient signal strength
C)There is no control over the physical layer of traffic.
D)There is no control over the network.
Q4) NetStumbler is a program that is used to sniff wireless traffic and break WEP keys.
A)True
B)False
Q5) Describe the different wireless systems in use today.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Intrusion Detection Systems and Network Security
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58431
Sample Questions
Q1) Which of the following is NOT a component of an IDS?
A)Traffic collector
B)Signature database
C)Expert knowledge database
D)User interface and reporting
Q2) A(n)_______________ is a network device with the purpose of enforcing a security policy across its connection,by allowing or denying traffic to pass into or out of the network.
Q3) Your boss is concerned about employees viewing in appropriate or illegal web sites in the workplace.Which device would be the best at addressing this concern?
A)Antivirus
B)Firewall
C)Protocol analyzer
D)Internet content filter
Q4) How does IPS differ from an IDS?
A)IPS is passive and IDS is active.
B)IPS uses heuristics and IDS is signature based.
C)IPS will block,reject,or redirect unwanted traffic;an IDS will only alert.
D)IDS will block,reject,or redirect unwanted traffic;an IPS will only alert.
Page 15
To view all questions and flashcards with answers, click on the resource link above.
Chapter 14: Baselines
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58430
Sample Questions
Q1) List three of the new capabilities of Windows Server 2008.
Q2) In 2002,Microsoft increased the number of services that were installed and running due to public demand.
A)True
B)False
Q3) In a UNIX operating system,which run level reboots the machine?
A)0
B)1
C)3
D)6
Q4) Securing an application against local-and internet-based attacks is called
Q5) What is the process of establishing a system's security state called?
A)Hardening
B)Baselining
C)Securing
D)Controlling
Q6) List four of the new modifications and capabilities of Windows 2003 Server.
Q7) List three of the new security-specific features of Mac OS X 10.5.
Q8) What are the general steps to take to secure a network device?
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Types of Attacks and Malicious Software
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58429
Sample Questions
Q1) A(n)_______________ occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time.
Q2) Malicious code that sits dormant until a particular event occurs to release its payload is called what?
A)Trojan
B)Logic bomb
C)Trigger virus
D)Logic worm
Q3) A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday,such as Michelangelo.
A)True
B)False
Q4) A term used to refer to the process of taking control of an already existing session between a client and a server is
A)TCP/IP hijacking
B)Replay attacking
C)Denial-of-service attack
D)Password guessing
To view all questions and flashcards with answers, click on the resource link above.
17
Chapter 16: E-Mail and Instant Messaging
Available Study Resources on Quizplus for this Chatper
47 Verified Questions
47 Flashcards
Source URL: https://quizplus.com/quiz/58428
Sample Questions
Q1) _______________ and _______________ are two very popular methods of encrypting e-mail.
Q2) A(n)_______________ is a mail server that will accept mail from everyone.
Q3) PGP uses _______________ encryption.
A)symmetric
B)asymmetric
C)shared key
D)elliptical
Q4) What TCP port does SMTP use?
A)25
B)110
C)143
D)443
Q5) A worm is a type of virus that ____________.
A)is scripted to send itself to other systems
B)is designed to crawl in under a firewall
C)buries itself between the kernel and the application layer of the operating system
D)is passed through e-mails with a subject heading that has the word "worm" in it
To view all questions and flashcards with answers, click on the resource link above. Page 18
Chapter 17: Web Components
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58427
Sample Questions
Q1) _______________ is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the internet.
Q2) The presence of the keyword "secure" in a cookie indicates that it can only be accessed by the web site that placed it there in the first place.
A)True
B)False
Q3) ActiveX refers to
A)A collection of APIs,protocols,and programs developed by Microsoft to automatically download and execute code over the Internet
B)A library of security protocols for Microsoft's Internet Explorer
C)A patch to fix a vulnerability that hackers exploit where the user downloads an MP3 file and the buffers of the sound card are overwritten
D)A method of blocking java scripts that comes from non Microsoft web sites
Q4) _______________ are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a web browser instance.
Q5) What are some of the security issues associated with web applications and plug-ins?
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Secure Software Development
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58426
Sample Questions
Q1) What is used to compare program responses to known inputs and comparison of the output to desired output?
A)Use cases
B)Waterfall models
C)Requirements testing
D)Good practices
Q2) You are interviewing for a job as a software developer.The interviewer asks you to explain good software development practices.
Q3) What is the waterfall model characterized by?
A)A generic,repeatable process for debugging software
B)A protocol limiting liquids in the workplace
C)A linear,multistep process
D)A process for ensuring that all inputs are tested
Q4) Unvalidated input that changes the code functioning in an unintended way is which type of coding error?
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
To view all questions and flashcards with answers, click on the resource link above. Page 20
Chapter 19: Disaster Recovery, Business Continuity, and Organizational Policies
Available Study Resources on Quizplus for this Chatper
53 Verified Questions
53 Flashcards
Source URL: https://quizplus.com/quiz/58425
Sample Questions
Q1) Which policy dictates the action that should be taken when a significant modification to the software or hardware takes place?
A)Acceptable use policy
B)Due care policy
C)Change management policy
D)Disposal and destruction policy
Q2) Describe the various components of a business continuity plan.
Q3) What is the primary purpose of a business impact analysis?
A)To address procedures for selecting user passwords
B)To create and maintain system backups
C)To identify and describe the most important functions for an organization
D)To outline an organization's plans to recover in the event a disaster strikes
Q4) ___________ are high-level,broad statements of what the organization wants to accomplish.
A)Policies
B)Procedures
C)Standards
D)Guidelines
Q6) What are the various ways a backup can be conducted and stored? Page 21
Q5) _______________ are mandatory elements regarding the implementation of a policy.
To view all questions and flashcards with answers, click on the resource link above.
Page 22
Chapter 20: Risk Management
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58424
Sample Questions
Q1) _______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.
Q2) Which of the following is the value for the expected loss of a single asset?
A)SLE
B)ALE
C)SRO
D)ARO
Q3) Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?
A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Q4) Which management tool is used for identifying relationships between a risk and the factors that can cause it?
A)Affinity grouping
B)Cause and effect analysis
C)Interrelationship digraphs
D)Risk management plan
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 21: Change Management
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/58423
Sample Questions
Q1) Configuration status _______________ consists of the procedures for tracking and maintaining data relative to each configuration item in the baseline.
Q2) Change management is only needed in the development and testing phases of the systems life cycle.
A)True
B)False
Q3) ________________ serves as a foundation for comparison or measurement.
A)Configuration identification
B)Configuration status accounting
C)Baseline
D)Configuration items
Q4) Change management makes localization efforts more complex.
A)True
B)False
Q5) What is the key concept in change management?
A)Least privilege
B)Separation of duties
C)Defense in depth
D)Redundancy
To view all questions and flashcards with answers, click on the resource link above. Page 24
Chapter 22: Privilege Management
Available Study Resources on Quizplus for this Chatper
39 Verified Questions
39 Flashcards
Source URL: https://quizplus.com/quiz/58422
Sample Questions
Q1) Groups are assigned by location,not function.
A)True
B)False
Q2) Which of the following is NOT an advantage of decentralized privilege management?
A)It is highly flexible;changes can be made whenever they are needed.
B)It does not require a dedicated set of personnel and resources.
C)It reduces bureaucracy.
D)Fewer people must be trained on tasks associated with privilege management.
Q3) _______________ tells the system how many passwords to remember and does not allow a user to reuse an old password.
Q4) The lowest level of classified information,which is defined as information that would "damage" national security,is known as "unclassified."
A)True
B)False
Q5) What are the different methods of access management (MAC,DAC,RBAC)?
Q6) _______________ is the process of restricting a user's ability to interact with the computer system.
Q7) A user who can do anything on a system is known as a(n)________.
Page 25
To view all questions and flashcards with answers, click on the resource link above.
Chapter 23: Computer Forensics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58421
Sample Questions
Q1) What are three environmental factors that evidence needs to be protected from?
Q2) Minor procedural missteps are not important provided the overall investigation is properly conducted.
A)True
B)False
Q3) There are four different types of evidence: direct,real,documentary,and
Q4) The cluster that holds the fragment of the original file is referred to as _______________,because the operating system has marked it as usable when needed.
Q5) Generally speaking,you should back up the computer using DOS instead of Windows.
A)True
B)False
Q6) List at least three important considerations when you are transporting evidence from one location to another.
Q7) The space that is left over in a cluster is called slack space. A)True B)False
Q8) The term _______________ relates to the application of scientific knowledge to legal problems. Page 26
To view all questions and flashcards with answers, click on the resource link above. Page 27
Chapter 24: Legal Issues and Ethics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58420
Sample Questions
Q1) The DMCA protects the rights of recording artists and the music industry.
A)True
B)False
Q2) Falsifying header information is not covered by the CAN-SPAM Act.
A)True
B)False
Q3) What are the laws that govern computer access and trespass?
Q4) What is the Gramm-Leach-Bliley Act?
A)Implements the principle that a signature,contract,or other record may not be deleted
B)Denies legal effect,validity,or enforceability solely because it is electronic form
C)Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
D)Makes it a violation of federal law to knowingly use another's identity
E)A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Q5) What are some ethical issues associated with information security?
Q6) Describe the laws that govern digital signatures.
To view all questions and flashcards with answers, click on the resource link above.
Page 28
Chapter 25: Privacy
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58419
Sample Questions
Q1) In order to identify a specific individual,the entire set of PII must be disclosed.
A)True
B)False
Q2) A privacy-enhancing technology called cookie cutter does which of the following?
A)Makes copies of your information for safe keeping
B)Makes sure when you connect to sites you use the same appropriate information
C)Prevents the transfer of cookies between browsers and web servers.
D)Is used by server to prevent the use of unnecessary cookies
Q3) What are some web-related privacy issues?
Q4) _______________ is a set of elements that can lead to the specific identity of a person.
Q5) The governments in Europe and the United States have taken the same approach to controlling privacy through legislation.
A)True
B)False
Q6) _______________ can be defined as the power to control what others know and what they can do with the information.
Q7) _______________ is designed to protect the privacy of student information
To view all questions and flashcards with answers, click on the resource link above. Page 29