Free CompTIA Security+ Practice Exam, Security Plus Practice Test Questions

Scroll through the page to review your answers. The correct answer is highlighted in green. Your incorrect answers (if any) are highlighted in red. If you'd like to take the test over again, click the reset button at the end of the test.

01. Who is responsible for establishing access permissions to network resources in the DAC access control model ?

(A) The system administrator

(B) The owner of the resource

(D) The user requiring access to the resource

02. Which access control system allows the owner of a resource to establish access permissions to that resource ?

(A) MAC

(B) DAC

(D) None of the above

03. Choose the attack method or malicious code typically used by attackers to access a company's internal network through its remote access system ?

(A) A War dialer program

(B) Trojan horse

(D) Worm

04. Which of the following details the primary advantage of implementing a multi-homed firewall ?

(A) A multi-homed firewall is relatively inexpensive to implement

(B) A multi-homed firewall's rules are easier to manage

(C) When a multi-homed firewall is compromised, only those systems residing in the DMZ (Demilitarized Zone) are vulnerable

(D) Attackers must get around two firewalls

05. Choose the option that specifies an element which is NOT typically included in security requirements for network servers ?

(A) The absence of vulnerabilities utilized by known forms of attack against network servers

(B) The capability to allow administrative functions to all network users

(D) The capability to disable unnecessary network services that are included in the operating system or server software

06. From the options, choose the attack which an IDS (Intrusion Detection System) cannot detect ?

(A) DoS (Denial of Service) attack

(B) Vulnerability exploits

(D) Port scan attack

07. From the options, choose the disadvantage of implementing an IDS (Intrusion Detection System) ?

(A) False positives

(B) Decrease in throughput

(D) Administration

08. Which of the following types of network cables is less secure than coaxial cabling?

(A) Twisted-pair cables

(B) Fiber optic cable

09. Which of the following network cable types is most vulnerable to electromagnetic interference (EMI) and radio frequency interference (RFI) ?

(A) Coaxial cable

(B) Unshielded Twisted Pair

(D) Fiber optic cable

10. Which of the following security zones is closest to the internal network of the company, and can also be considered as being internal to the company ?

(A) Internet

(B) Intranet

(D) Perimeter network

11. Which of the combinations here can be used to create an extranet?

(A) Two intranets

(B) Two perimeter networks

(D) All of the above configurations

12. Security for the extranet security zone can include a number of strategies. Choose the one that does not apply ?

(A) Using VPN connections

(B) Regularly auditing all services

(D) Removing all unnecessary services

(E) Limiting the number of services provided

13. Overloading NAT allows the organization to use publicly assigned IP addresses over the Internet that is different from its private IP addresses. To do this, which type of mapping is performed by Overloading NAT ?

(A) Performs a one-to-one mapping of an internal IP address to an external IP address

(B) Maps multiple internal IP addresses to a range of external IP addresses

14. Which technology allows you to segment or group users that have similar data sensitivity levels together and thereby increase security ?

(A) Virtual local area network (VLAN)

(B) Network address translation (NAT)

(D) None of the above

15. Which type of NAT configuration maps a range of internal IP addresses to a range of external IP address ?

(A) Static NAT

(B) Dynamic NAT

16. A compromise of which device could result in a VLAN being compromised?

(A) Router

(B) Switch

(D) None of the above

17. Which of the following devices used in one of the three major types of security topologies, is a one-interface device ?

(A) Bastion host

(B) Application gateway

(D) Screened subnet gateway

18. From the options, choose the VPN (Virtual Private Network) tunneling protocol?

(A) AH (Authentication Header)

(B) SSH (Secure Shell)

(D) DES (Data Encryption Standard)

19. Which concept correctly specifies the location where a system administrator would deploy a web server if that web server should be separated from other network servers ?

(A) A honey pot

(B) A hybrid subnet

(D) A VLAN (Virtual Local Area Network)

20. From the options, which explains the general standpoint behind a DMZ (Demilitarized Zone) ?

(A) All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet

(B) No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet

(D) No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet

21. Which of the following descriptions best describes an IDS?

(A) Monitors network traffic and traffic patterns that could be indicative of attacks such as port scans and denial-of-service attacks

(B) Runs as software on a host computer system to monitor machine logs, system logs, and applications interactions

(D) A hardware device with software that monitors events in a system or network to identify when intrusions are taking place

(E) Works by parsing system log entries to isolate any system attacks

22. Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ?

(A) Network IDS

(B) Host-based IDS

(D) Log file monitor (LFM)

23. Which if the following technologies would you use if you need to implement a system that simulates a network of vulnerable devices, so that this network can be targeted by attackers ?

(A) A IDS

(B) A circuit-level firewall

(D) A system integrity verifier

24. When using network monitoring systems to monitor workstations, which of the following elements should be reviewed because their information could indicate a possible attack ?

(A) Audit log and system log

(B) Hard disk space

(D) Network counters and access denied errors

25. A passive response is the most common type of response to a number of intrusions. Which of the following is not a passive response strategy ?

(A) Logging

(B) Notification

(D) Shunning

Security+ Practice Exam Questions (Test):

Start Your CompTIA Security+ Exam SY0-101 Practice Test