100 CompTIA Security+ Multiple Choice Questions With Answers

Comptia Security Certification Techhyme Questions MCQ with Answers

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

Nearly every profession has some criteria that you must meet to show your competence and ability to perform at a certain level, verified by some type of exam. Modern PC techs attain the CompTIA S+ certification, the essential credential that shows competence in the modern field of information technology.

Free practice tests based on the current S+ exam domains published by CompTIA. Our free CompTIA S+ tests are designed to help you learn the material. View the answer explanations at the end of each question to better understand why an answer is correct or incorrect.

1. A script kiddie is a classic example of a (n) _________.

A. attacker
B. criminal
C. threat
D. threat actor

Correct Answer – D
Explanation – A script kiddie is a classic example of a threat actor.

2. Risk is often considered formulaically as

A. Risk = Probability × Threat
B. Risk = Threat × Impact
C. Risk = Vulnerability × Threat
D. Risk = Probability × Impact

Correct Answer – D
Explanation – Risk is often considered formulaically as Risk = Probability × Impact.

3. A company makes a document called “Acceptable Use” that defines what the company allows users to do and not do on their work systems. The company requires new employees to read and sign this. What is this type of document called?

A. Standard
B. Policy
C. Procedure
D. Control

Correct Answer – B
Explanation – Policies are normally written documents that define an organization’s goals and actions. Acceptable use policies are very common.

4. A ___________ is a description of a complex process, concentrating on major steps and the flows between the steps.

A. law
B. procedure
C. framework
D. control

Correct Answer – C
Explanation – A framework is a description of a complex process, concentrating on major steps and the flows between the steps.

5. A No Trespassing sign is an example of a __________ control.

A. deterrent
B. preventative
C. detective
D. corrective

Correct Answer – A
Explanation – A deterrent control deters a threat actor from performing a threat. A No Trespassing sign is a good example.

6. A lock on the door of a building is an example of a __________ control.

A. deterrent
B. preventative
C. detective
D. corrective

Correct Answer – B
Explanation – A preventative control stops threat actors from performing a threat. Locks are a notable example.

7. An asset’s exposure factor is measured in _______.

A. dollars
B. percentages
C. units
D. reputation

Correct Answer – B
Explanation – Exposure factor is measured in terms of a percentage of loss to the value of that asset.

8. Which of the following equations is correct?

A. Single Loss Expectancy = Asset Value × Exposure Factor
B. Annualized Rate of Occurrence = Asset Value × Exposure Factor
C. Annualized Loss Expectancy = Asset Value × Exposure Factor
D. Single Rate of Occurrence = Asset Value × Exposure Factor

Correct Answer – A
Explanation – The only correct equation is Single Loss Expectancy = Asset Value × Exposure Factor.

9. Financial is one type of business impact. Which of the following names another?

A. Pride
B. Technical
C. Device
D. Reputation

Correct Answer – D
Explanation – Of the choices listed, only reputation is a common business impact.

10. Which of the following represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component?

A. MTTR
B. MTBF
C. MTMB
D. MOAB

Correct Answer – B
Explanation – Mean time between failures (MTBF) represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component.

11. Which of the following types of algorithms encrypts specified sizes of groups of Text at a time?

A. Asymmetric
B. Symmetric
C. Streaming
D. Block

Correct Answer – D
Explanation – Block algorithms encrypt entire groups of bits of text, usually of specific sizes.

12. You must implement a cryptography system in your organization. You need to be able to send large amounts of data, quickly, over the network. The system will be used by a very small group of users only, and key exchange is not a problem. Which of the following should you consider?

A. Asymmetric cryptography
B. Symmetric cryptography
C. Hybrid cryptography
D. Key escrow

Correct Answer – B
Explanation – In this scenario, symmetric key cryptography would probably be the best choice, since the user group is very small and key exchange is not a problem. You also have the requirements of speed and efficiency, as well as the ability to send large amounts of data. All are advantages of using symmetric key cryptography

13. Which of the following asymmetric algorithms uses a maximum key size of4096 bits?

A. AES
B. Diffie-Hellman
C. RSA
D. ECC

Correct Answer – C
Explanation – RSA uses key sizes between 1024 and 4096 bits.

14. Which of the following asymmetric algorithms is widely used on mobile devices because of its low computational power requirements?

A. ECC
B. ElGamal
C. Diffie-Hellman
D. GPG

Correct Answer – A
Explanation – Elliptic curve cryptography (ECC) is an asymmetric algorithm widely found in use on mobile devices because it requires low amounts of computational power.

15. Which type of algorithm is typically used to encrypt data-at-rest?

A. Symmetric
B. Asymmetric
C. Streaming
D. Block

Correct Answer – A
Explanation – Symmetric algorithms are typically used to encrypt data that resides in storage.

16. Which of the following places secrecy of the key versus secrecy of the algorithm as the most important factor in developing secure and reliable cryptosystems?

A. Data Encryption Standard (DES)
B. Advanced Encryption Standard (AES)
C. Kerckhoffs’ principle
D. Digital Signature Algorithm (DSA)

Correct Answer – C
Explanation – Kerckhoffs’ principle states that reliable cryptosystems should depend upon the secrecy of the key, rather than the secrecy of the algorithm.

17. Which of the following algorithms produces a 40-character message digest?

A. MD5
B. SHA-1
C. RIPEMD-128
D. Blowfish

Correct Answer – B
Explanation – SHA-1 is a 160-bit hashing algorithm that produces a 40-character hexadecimal message digest, or hash.

18. If an individual encrypts a message with his own private key, what does this assure?

A. Confidentiality
B. Message authenticity
C. Integrity
D. Availability

Correct Answer – B
Explanation – If an individual encrypts a message with his private key, this ensures message authenticity, since he is the only person who could have encrypted it.

19. Which of the following entities can help distribute the workload of the CA by performing identification and authentication of individual certificate requestors?

A. Subordinate CA
B. Root CA server
C. Authentication authority
D. Registration authority

Correct Answer – D
Explanation – The registration authority (RA) can help distribute the workload of the CA by performing identification and authentication of individual certificate requestors.

20. Which of the following serves as the master certificate server in an organization?

A. Intermediate CA server
B. Root CA server
C. Subordinate CA server
D. Kerberos KDC

Correct Answer – B
Explanation – A root CA server is the master certificate server in an organization.

21. Which of the following terms describes the process of allowing access to different resources?

A. Authorization
B. Authentication
C. Accountability
D. Identification

Correct Answer – A
Explanation – Authorization describes the process of allowing access to different resources.

22. Which of the following states that users should be given only the level of access needed to perform their duties?

A. Separation of duties
B. Accountability
C. Principle of least privilege
D. Authorization

Correct Answer – C
Explanation – The principle of least privilege states that users should be given only the level of access needed to perform their duties.

23. Which of the following access control models allows object creators and owners to assign permissions to users?

A. Rule-based access control
B. Discretionary access control
C. Mandatory access control
D. Role-based access control

Correct Answer – B
Explanation – The discretionary access control model allows object creators and owners to assign permissions to users.

24. An administrator wants to restrict access to a particular database based upon a stringent set of requirements. The organization is using a discretionary access control model. The database cannot be written to during a specified period when transactions are being reconciled. What type of restriction might the administrator impose on access to the database?

A. Access restricted by the database owner
B. Access based upon membership in a logical group
C. Access from a particular workstation
D. Time-of-day and object permission restrictions

Correct Answer – D
Explanation – The administrator would want to impose both a time-of-day and object permission restriction on users to prevent them from writing to the database during a specified time period.

25. Which of the following allows a user to use one set of credentials throughout an enterprise?

A. TACACS
B. RADIUS
C. Single sign-on
D. TACACS+

Correct Answer – C
Explanation – Single sign-on allows a user to use one set of credentials throughout an enterprise to access various resources without having to reauthenticate with a different set of credentials.

26. Which of the following is used to prevent the reuse of passwords?

A. Disabling accounts
B. Account lockout
C. Password complexity
D. Password history

Correct Answer – D
Explanation – The password history setting in the account policy is used to prevent the reuse of older passwords.

27. Which of the following are the best ways to ensure that user accounts are being used appropriately and securely? (Choose two.)

A. Periodically review assigned privileges.
B. Allow users to maintain their privileges indefinitely, even during promotion or transfer.
C. Continuously monitor accounts, through auditing, to ensure accountability and security.
D. Ensure that user’s permissions stay cumulative, regardless of which group or job role they occupy

Correct Answer – A, C
Explanation – Periodic reviews and continuous monitoring are two ways to ensure that accounts and privileges are used in accordance with organizational policy and in a secure manner.

28. Which of the following authentication factors would require that you input a piece of information from memory in addition to using a smart card?

A. Possession
B. Knowledge
C. Inherence
D. Temporal

Correct Answer – B
Explanation – The knowledge factor would require that you input a piece of information, such as a password or PIN, from memory in addition to using a smart card.

29. You are implementing an authentication system for a new company. This is a small company, and the owner has requested that all users be able to create accounts on their own individual workstations. You would like to explain to the owner that centralized authentication might be better to use. Which of the following are advantages of centralized authentication? (Choose two.)

A. Centralized security policies and account requirements.
B. Ability of individuals to set their own security requirements.
C. Ability to use single sign-on capabilities within the entire organization.
D. Requirements have different user names and passwords for each workstation and resource.

Correct Answer – A, C
Explanation – Centralized system security policies as well as the ability to use single sign-on throughout the organization are two advantages of centralized authentication.

30. Under which of the following circumstances would a Windows host use Kerberos instead of NTLM v2 to authenticate users?

A. Authenticating to a server using only an IP address
B. Authenticating to a modern Windows Active Directory domain
C. Authenticating to a different Active Directory forest with legacy trusts enabled
D. Authenticating to a server in a Windows workgroup

Correct Answer – B
Explanation – When authenticating to a modern Windows Active Directory domain, Windows uses Kerberos as its authentication protocol by default.

31. What does nslookup do?

A. Retrieves the name space for the network
B. Queries DNS for the IP address of the supplied host name
C. Performs a reverse IP lookup
D. Lists the current running network services on localhost

Correct Answer – B
Explanation – The nslookup command queries DNS and returns the IP address of the supplied host name.

32. What is Wireshark?

A. Protocol analyzer
B. Packet sniffer
C. Packet analyzer
D. All of the above

Correct Answer – D
Explanation – Wireshark can sniff and analyze all the network traffic that enters the computer’s NIC.

33. One of your users calls you with a complaint that he can’t reach the site www .google.com. You try and access the site and discover you can’t connect either but you can ping the site with its IP address. What is the most probable culprit?

A. The workgroup switch is down.
B. Google is down.
C. The gateway is down.
D. The DNS server is down.

Correct Answer – D
Explanation – In this case, the DNS system is probably at fault. By pinging the site with its IP address, you have established that the site is up and your LAN and gateway are functioning properly.

34. What command do you use to see the DNS cache on a Windows system?

A. ping /showdns
B. ipconfig /showdns
C. ipconfig /displaydns
D. ping /displaydns

Correct Answer – C
Explanation – To see the DNS cache on a Windows system, run the command ipconfig /displaydns at a command prompt.

35. Which of the following displays the correct syntax to eliminate the DNS cache?

A. ipconfig
B. ipconfig /all
C. ipconfig /dns
D. ipconfig /flushdns

Correct Answer – D
Explanation – The command ipconfig /flushdns eliminate the DNS cache.

36. Which tool enables you to query the functions of a DNS server?

A. ipconfig
B. nslookup
C. ping
D. xdns

Correct Answer – B
Explanation – The tool to use for querying DNS server functions is nslookup.

37. The Windows tracert tool fails sometimes because many routers block ______ packets.

A. ping
B. TCP
C. UDP
D. ICMP

Correct Answer – D
Explanation – The Windows tracert tool fails because it relies on ICMP packets that routers commonly block.

38. Which tools can you (and hackers) use to open ports on your network? (Choose three.)

A. Port scanner
B. Nmap
C. Angry IP Scanner
D. hostname

Correct Answer – A, B, C
Explanation – The hostname command simply returns the host name of the local system. All other tools mentioned can scan ports to locate network vulnerabilities.

39. Which tools are used explicitly to monitor and diagnose problems with DNS?

A. Nmap or Wireshark
B. nslookup or dig
C. ping or pathping
D. tracert or pathping

Correct Answer – B
Explanation – The nslookup tool and the more powerful dig tool are used to diagnose DNS problems.

40. Your manager wants you to institute log management and analysis on a small group of workstations and servers that are not connected to the larger enterprise network for data sensitivity reasons. Based upon the level of routine usage and logging, you decide not to implement a management console but intend to examine each log separately on the individual hosts. What type of log management are you using in this scenario?

A. Centralized log management
B. Enterprise-level log management
C. Decentralized log management
D. Workgroup-level log management

Correct Answer – C
Explanation – In this scenario, you are using decentralized log management, since you are not using a centralized log management facility or console to collect all the applicable logs and review them in one place.

41. Rick logs into a public system as Guest and guesses correctly on a simple password to gain administrative access to the machine. What sort of attack surface does this represent?

A. Man-in-the-middle
B. Privilege escalation
C. Service vector
D. Zero-day

Correct Answer – B
Explanation – Privilege escalation scenarios have the bad guy increasing the scope of what he can do once authenticated to a system.

42. John receives a driver-signing error for a specific DLL file in his Windows system. This a classic symptom of what sort of attack?

A. ARP poisoning
B. MAC spoofing
C. Refactoring
D. Shimming

Correct Answer – C
Explanation – A refactoring attack tries to replace a device driver with a file that will add some sort of malicious payload.

43. Samantha recommended new systems for a group of developers at remote locations. Each system is identical, with high-end processing components. For storage, she needs a solution that provides storage redundancy and performance. She goes with RAID for each system, selecting four drives. Each user can lose up to two drives and not lose data. What RAID did she select?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 6

Correct Answer – D
Explanation – A RAID 6 array requires at least four drives, but can lose up to two drives and still not lose data.

44. Jason gets a tech call from Jill in accounting. Her system works fine most of the time, but every once in a while it loses connection to the wireless network. An inspection of Jill’s workstation shows that it’s right next to the employee break room. The break room has the typical appliances, such as refrigerator and microwave. Further questioning determines that the network drops most frequently at lunch, though sometimes during the typical afternoon break time. What could the problem be?

A. EMI
B. EMP
C. ESD
D. RFI

Correct Answer – A
Explanation – Get rid of that microwave oven! Electromagnetic interference can cause all sorts of problems, especially with wireless networks.

45. The Trusted Computing Group introduced the idea of the ________________, an integrated circuit chip that enables secure computing.

A. TCP
B. TPM
C. EMP
D. EMI

Correct Answer – B
Explanation – Trusted Platform Module (TPM) chips store a unique 2048-bit RSA key pair for security purposes.

46. John’s home system has automatic updates from Microsoft, yet at his office, his organization has a more formal method of updating systems called _______________.

A. Automatic updates
B. Patch management
C. TOS
D. White listing

Correct Answer – B
Explanation – Patch management describes the process used to keep systems updated in the enterprise.

47. Which of the following best describes a Bluetooth attack that attempts to steal data from another device?

A. Bluejacking
B. Bluesnarfing
C. Man-in-the-middle
D. Pairing override

Correct Answer – B
Explanation – Bluesnarfing attacks seek to gain data from a Bluetooth-connected device.

48. What sort of malware requires the user to pay to remove the malware?

A. Trojan horse
B. Keylogger
C. Adware
D. Ransom ware

Correct Answer – D
Explanation – Ransom ware demands payment to restore files.

49. Marisol notices a small dongle between her USB keyboard and her system. Which of the following is most likely?

A. She is using an inline encryption device.
B. She has a TPM module.
C. Someone has installed a keylogger.
D. Someone has installed a logic bomb.

Correct Answer – C
Explanation – A random USB dongle can be a malicious device, such as a keylogger.

50. Degaussing is associated with which form of data sanitation?

A. Clear
B. Purge
C. Destroy
D. Recycle

Correct Answer – B
Explanation – Although a degausser essentially renders a hard drive unusable, it falls into the category of purge.

51. Which one of the following types of filtering is used to control traffic entering a network?

A. Egress filtering
B. Ingress filtering
C. Implicit deny
D. Explicit deny

Correct Answer – B
Explanation – Ingress filtering is used to control traffic entering a network.

52. Which network device is used to send traffic to different physical networks, based upon logical addressing?

A. Router
B. Switch
C. Load balancer
D. Firewall

Correct Answer – A
Explanation – A router is used to send traffic to different physical networks, based upon logical addressing.

53. Which type of device is used to provide network protection and security by preventing hosts from connecting to the organization’s infrastructure unless they meet certain criteria?

A. Switch
B. NAT device
C. Firewall
D. NAC device

Correct Answer – D
Explanation – A Network Access Control (NAC) device is used to provide network protection and security by preventing hosts from connecting to the organization’s infrastructure unless they meet certain criteria.

54. All the following characteristics describe VLANs, except:

A. VLANs require routing between them.
B. VLANs separate hosts into logical networks.
C. VLANs can be used to apply security policies and filtering to different segments.
D. VLANs allow any host plugged into the switch to become a member of the virtual segment.

Correct Answer – D
Explanation – VLANs do not allow any hosts plugged into the switch to automatically become a member of the virtual segment; membership is based upon switch port, MAC address, or IP address.

55. Which of the following would be needed to block excessive traffic from a particular protocol?

A. Flood guard
B. Loop protection
C. ACL
D. 802.1X

Correct Answer – A
Explanation – A flood guard is used to block excessive traffic from a particular protocol.

56. Which of the following describes a network device that intercepts user or host requests and then makes those requests to other hosts or networks on behalf of the user?

A. Proxy
B. Firewall
C. NIDS
D. NIPS

Correct Answer – A
Explanation – A proxy is a network device that intercepts user or host requests and then makes those requests to other hosts or networks on behalf of the user.

57. Which of the following types of connections does a VPN concentrator control? (Choose two.)

A. Device VPN
B. Client VPN
C. User VPN
D. Site-to-site VPN

Correct Answer – B, D
Explanation – A VPN concentrator manages connections for both client and site-to-site VPN connections.

58. A NIPS is considered a __________ type of control.

A. detective
B. preventative
C. network
D. host

Correct Answer – B
Explanation – A network intrusion prevention system (NIPS) is considered a preventative type of control.

59. Which of the following terms refers to combination of multifunction security devices?

A. NIDS/NIPS
B. Application firewall
C. Web security gateway
D. Unified Threat Management

Correct Answer – D
Explanation – Unified Threat Management refers to a combination of multifunction security devices.

60. Which of the following does an application firewall focus on for traffic filtering?

A. Traffic content
B. Protocol and port
C. Source or destination IP address
D. Domain name

Correct Answer – A
Explanation – An application firewall focuses on traffic content for filtering, rather than on traffic characteristics.

61. Which of the following would be considered static hosts? (Choose all that apply.)

A. HVAC systems controlled by remote access over an IP network
B. Game consoles with Internet access
C. A user workstation in an office
D. A pumping mechanism in a sewage treatment plant that uses an embedded Linux operating system

Correct Answer – A, B, D
Explanation – User workstations in an office would not be considered as static or specialized hosts.

62. Which of the following terms describes the use of several different manufacturers and models of Web proxy devices in layered security architecture?

A. Control compensation
B. Control redundancy
C. Control diversity
D. Defense-in-depth

Correct Answer – C
Explanation – Control diversity is a concept that describes the use of several different manufacturers and models of Web proxy devices in layered security architectures.

63. Which of the following refers to a programming or software-based interface used to manage connections and traffic access to and from a host?

A. Firewall
B. Wrapper
C. Firmware
D. Embedded OS

Correct Answer – B
Explanation – A wrapper is a programming or software-based interface used to manage connections and traffic access to and from a host.

64. All of the following are characteristics of fencing you should consider when deploying it around your facility, except:

A. Gauge
B. Height
C. Mesh
D. Fire rating

Correct Answer – D
Explanation – Fire rating is not a consideration when deploying fencing, since fences are not designed to prevent or suppress the spread of fires.

65. Your manager wants you to deploy signage around your facility that expressly warns potential intruders that the facility is alarmed and that intruders will be met with armed response. In this situation, what kind of control functionality is the signage fulfilling?

A. Preventative
B. Deterrent
C. Compensating
D. Corrective

Correct Answer – B
Explanation – In this situation the signage is acting as a deterrent control, since it relies on potential intruders knowing about what it says and understanding the consequences in order for it to be effective.

66. Which of the following can happen if an attacker sets the power levels on a rogue access point to overpower the wireless transmissions of a legitimate access point?

A. Jamming
B. Beaconing
C. Deauthentication
D. Spoofing

Correct Answer – A
Explanation – Jamming can occur if an attacker sets the power levels on a rogue access point to overpower the wireless transmissions of a legitimate access point.

67. Computer-based measures that you might encounter in everyday hands-on security, such as firewalls, encryption technologies, access control lists on routers, and secure protocols are what type of control?

A. Administrative
B. Deterrent
C. Physical
D. Technical

Correct Answer – D
Explanation – Technical, or logical, controls—such as firewalls, encryption technologies, access control lists on routers, and secure protocols—are the typical computerbased measures that you might encounter in everyday hands-on security.

68. Which of the following technologies requires that two devices be touching each other in order to communicate?

A. 802.11i
B. WPA
C. Bluetooth
D. NFC

Correct Answer – D
Explanation – NFC requires that two devices be touching each other in order to communicate.

69. Your manager wants you to make sure that enough fire extinguishers are available in the data center to take care of possible electrical fires. Which class of fire extinguishers should be used in the data center?

A. Class A
B. Class B
C. Class C
D. Class D

Correct Answer – C
Explanation – Class C fire extinguishers are the appropriate type used in electrical fires.

70. Heating, ventilation, and air conditioning (HVAC) systems control all of the following environmental factors in a data center, except:

A. Power
B. Temperature
C. Humidity
D. Air filtration

Correct Answer – A
Explanation – Power is not controlled by HVAC systems.

71. Cache poisoning is directed against which of the following servers?

A. DHCP
B. Web
C. Domain controller
D. DNS

Correct Answer – D
Explanation – Cache poisoning attacks DNS servers.

72. Which two of the following are secure FTP protocols?

A. SSL
B. FTPS
C. SFTP
D. TFTP
E. SSH

Correct Answer – B, C
Explanation – The two secure FTP protocols are FTP over SSL and SSH FTP.

73. The four-step process that initiates an SSL/TLS session is called a(n) ______________.

A. initialization
B. authentication
C. handshake
D. connection

Correct Answer – C
Explanation – The four-step process that initiates an SSL/TLS session is called a handshake.

74. Encrypted IMAP uses which TCP port number?

A. 995
B. 993
C. 465
D. 587

Correct Answer – B
Explanation – Encrypted IMAP uses TCP port number 993.

75. Scott receives an e-mail from Mike with a digital signature attachment. Mike is probably using which of the following protocols?

A. Secure SMTP
B. SFTP
C. TFTP
D. S/MIME

Correct Answer – D
Explanation – E-mail attachments of all sorts use MIME; the secure version is S/MIME.

76. Inserting unexpected text into a URL is what form of attack?

A. Command injection
B. SQL injection
C. LDAP injection
D. XML injection

Correct Answer – A
Explanation – A command injection attack inserts unexpected text into a URL.

77. What kind of attack manipulates a token on an established Web session?

A. Buffer overflow
B. LDAP injection
C. Cross-site scripting
D. Click jacking

Correct Answer – C
Explanation – A cross-site scripting attack manipulates a token on an established Web session.

78. A new attack that is previously unknown to the security world is called a ______________ attack.

A. birthday
B. header manipulation
C. proto-malware
D. zero-day

Correct Answer – D
Explanation – A zero-day attack pounces on a previously unknown vulnerability in software or operating systems.

79. Which of the following is a minimum set of performance values that define a certain aspect of what the application must do?

A. Requirements
B. Agile
C. Model
D. Baseline

Correct Answer – D
Explanation – A baseline documents a minimum set of performance values that define aspects of an application.

80. Scrum is a ____________ based on the Agile philosophy.

A. timing system
B. DevOps cycle
C. process framework
D. manifesto

Correct Answer – C
Explanation – A Scrum is a process framework based on the Agile program development philosophy.

81. Which of the following vulnerabilities can be avoided with data sanitization?

A. Embedded systems
B. End-of-life systems
C. Lack of vendor support
D. System sprawl

Correct Answer – B
Explanation – Eliminating data on end-of-life systems avoids vulnerabilities to sensitive data.

82. Which of the following attacks is conducted by trying to get a view of sensitive information on a user’s screen?

A. Dumpster diving
B. Tailgating
C. Eavesdropping
D. Shoulder surfing

Correct Answer – D
Explanation – Shoulder surfing is an attack in which the perpetrator tries to view sensitive information on a user’s screen.

83. You are a security administrator in a company, and a user has just forwarded a suspicious e-mail to you that directs the user to click a link to a banking Web site and enter their credentials to verify the account. What type of social engineering attack is being attempted?

A. Phishing
B. Vishing
C. Man-in-the middle
D. E-mail hoax

Correct Answer – A
Explanation – A phishing attack is conducted by sending an e-mail to an unsuspecting user to get the user to click a link in the e-mail and enter sensitive information, such as credentials or other personal information, into the site.

84. An attacker calls an administrative assistant and tells him that she is the new executive assistant for the company senior vice president. She claims the VP is traveling, and she needs access to certain sensitive files in a file share. The attacker tries to bully the admin assistant into giving her permissions to the file share by threatening to have him fired if he doesn’t oblige. Which two characteristics of human behavior is the attacker trying to take advantage of in this attack? (Choose two.)

A. Trust
B. Fear of authority
C. Social proof
D. Respect of authority

Correct Answer – B, D
Explanation – The attacker is taking advantage of the human tendency to fear and respect authority figures.

85. A person calls and tells you that he has locked his account because he forgot his remote access password. He tells you that he doesn’t have time to come down to your desk and positively identify himself because he is off-site at a customer facility and must present an important briefing to the customer within the next few minutes. He insists that he needs his remote access password changed immediately, but promises to come and see you after he returns to the office to verify his identity. What kind of social engineering tactic is being used in this attack?

A. Authority
B. Familiarity
C. Intimidation
D. Urgency

Correct Answer – D
Explanation – The attacker is trying to use a tactic involving urgency of need to get the remote access password reset, without having his identity verified.

86. Your manager wants you to attempt to determine what security vulnerabilities may be present in an application before it goes into production. You’re to take the application directly from the programmers and go through the program itself. Which of the following assessment techniques should you use first?

A. Architecture review
B. Design review
C. Code review
D. Port scan

Correct Answer – C
Explanation – Code review is an appropriate assessment technique in this case to run first, since you are looking at the program itself before it goes into production. You would of course also run a network scanner and other tools against the box with the app loaded on it to test for security vulnerabilities.

87. Which of the following types of assessments actually exploits weaknesses found in a system?

A. Code review
B. Architecture review
C. Vulnerability test
D. Penetration test

Correct Answer – D
Explanation – A penetration test is designed to exploit any vulnerabilities found in a system.

88. You are performing a penetration test and are given only some basic information on the target system, including its IP addresses range and a basic network diagram. What type of penetration test is this considered to be?

A. Gray box test
B. Black box test
C. White box test
D. Double-blind test

Correct Answer – A
Explanation – A gray box test is one in which the tester is given only limited information on the target network.

89. A security testing tool that does not interfere with the operation of the system or network at all is considered:

A. Active
B. Passive
C. Less accurate
D. Easily detectable

Correct Answer – B
Explanation – A passive tool does not interfere with the operation or performance of the system or network.

90. Which of the following is considered a dangerous type of finding because it can actually mean that potential security vulnerability goes undetected?

A. False positive
B. False negative
C. False flag
D. False scan

Correct Answer – B
Explanation – A false negative can mean that an actual vulnerability goes undetected

91. You are recommending personnel for incident response team lead positions. You have several candidates from which to choose and are recommending personnel based upon key characteristics. On which of the following characteristics should you base your recommendations? (Choose two.)

A. Certifications
B. Seniority
C. Training
D. Experience

Correct Answer – C, D
Explanation – Training and experience are key characteristics to consider when recommending personnel for incident response team lead positions.

92. Which of the following are considered part of executing an incident response? (Choose two.)

A. Detection and analysis
B. Preparation
C. Containment and eradication
D. Reporting

Correct Answer – A, C
Explanation – Detection, analysis, containment, and eradication are all steps performed when executing an incident response.

93. When you are collecting evidence at the scene of the crime, you should store electronic components in which type of containers?

A. Plastic bags
B. Paper bags
C. Metal containers
D. Anti-static bags

Correct Answer – D
Explanation – When collecting evidence at the scene of the crime, you should store electronic components in anti-static bags to prevent damage to them.

94. Which two United States evidence guidelines provide standards of submitting evidence into criminal and civil court cases? (Choose two.)

A. Federal Rules of Evidence
B. 4th Amendment of the U.S. Constitution
C. Federal Rules of Civil Procedure
D. Electronic Communications Privacy Act

Correct Answer – A, C
Explanation – The Federal Rules of Evidence (FRE) and the Federal Rules of Civil Procedure (FRCP) are two standards that dictate how evidence should be introduced into criminal and civil courts, respectively.

95. You are the first responder in a company to a potential computer incident involving an employee’s workstation. What is the first step you should take when you arrive at the scene?

A. Unplug the workstation.
B. Secure the scene.
C. Capture the contents of RAM.
D. Inventory the workstation and its peripherals.

Correct Answer – B
Explanation – Securing the scene is the first step a first responder should take in investigating a potential computer-related incident.

96. Which of the following should be immediately established when collecting electronic components as evidence?

A. Authority over the investigation
B. Guilt of the suspect
C. Chain-of-custody
D. Sequence of events and timeline

Correct Answer – C
Explanation – A chain-of-custody should be established immediately when collecting evidence from the scene of a crime.

97. Which two potential recovery and continuity issues are solved through succession planning? (Choose two.)

A. Alternate business processes
B. Lack of disaster recovery training
C. Alternate leadership positions
D. Critical disaster team member alternate positions

Correct Answer – C, D
Explanation – Alternate leadership positions and critical disaster team member alternate positions are personnel issues that are resolved through effective succession planning as part of BCP.

98. Which of the following clustering configurations involves a group of servers configured to service a request instantly and automatically if one of the members of the cluster fails?

A. Passive-active
B. Passive-passive
C. Active-passive
D. Active-active

Correct Answer – D
Explanation – An active-active cluster configuration will instantly and automatically service a request if one of the members of a server cluster fails.

99. Your business needs to be able to resume processing within 12 hours after a disaster. You are looking at recovery site options and decide that the site must have all utilities, redundant equipment, and daily data backups restored to the site. What type of recovery site have you decided to implement?

A. Cold site
B. Warm site
C. Hot site
D. Shared site

Correct Answer – C
Explanation – Given the desired timeframe to recover the business operations, and the level of equipment and support at the site the business needs, this would be a hot site.

100. You are evaluating several possible solutions for alternate processing sites for your business. You decide that you can afford the expense of a warm site and balance it against the time it will take to set up and recover the business operations to the site. Which of the following are characteristics of a warm site? (Choose two.)

A. Fully redundant equipment located at the site, loaded with the most current daily backups
B. Some equipment located at the site to begin limited operations
C. Heat, water, electricity, and communications in a standby mode
D. No utilities

Correct Answer – B, C
Explanation – A warm site is characterized by having heat, water, electricity, and communications, often in a standby mode, as well as having some equipment located at the site to begin limited operations during a recovery.