CompTIA Security + Assessment Exam 01 A. Verify the user’s account exists. A.

Same sign-on
B. Look up the user’s password and tell the user what it B. SAML
1. A security administrator is implementing a security is. C. Single sign-on
program that addresses confidentiality and availability. C. Disable the user’s account. D. Biometrics
Of the following choices, what else should the D. Reset the password and configure the password to
administrator include? expire after the first use. 11. Your organization issues users a variety of different
A. Ensure critical systems provide uninterrupted service. mobile devices. However, management wants to reduce
B. Protect data in transit from unauthorized disclosure. 6. Which type of authentication does a hardware token potential data losses if the devices are lost or stolen.
C. Ensure systems are not susceptible to unauthorized provide? Which of the following is the BEST technical control to
changes. A. Biometric achieve this goal?
D. Secure data to prevent unauthorized disclosure. B. PIN A. Cable locks
C. Strong password B. Risk assessment
2. You need to transmit PII via email and you want to D. One-time password C. Disk encryption
maintain its confidentiality. Of the following choices, D. Hardening the systems
what is the BEST solution? 7. Which type of authentication is a retina scan?
A. Use hashes. A. Multifactor 12. Your primary job activities include monitoring
B. Encrypt it before sending. B. TOTP security logs, analyzing trend reports, and installing CCTV
C. Protect it with a digital signature. C. Biometric systems. Which of the following choices BEST identifies
D. Use RAID. D. Dual-factor your responsibilities? (Select TWO.)
A. Hardening systems
3. Lisa manages network devices in your organization and 8. Users are required to log on to their computers with a B. Detecting security incidents
maintains copies of the configuration files for all the smart card and a PIN. Which of the following BEST C. Preventing incidents
managed routers and switches. On a weekly basis, she describes this? D. Implementing monitoring controls
creates hashes for these files and compares them with A. Single-factor authentication
hashes she created on the same files the previous week. B. Multifactor authentication 13. A security professional has reported an increase in
Which security goal is she pursuing? C. Mutual authentication the number of tailgating violations into a secure data
A. Confidentiality D. TOTP center. What can prevent this?
B. Integrity A. CCTV
C. Availability 9. Your company recently began allowing workers to B. Mantrap
D. Safety telecommute from home one or more days a week. C. Proximity card
However, your company doesn’t currently have a remote D. Cipher lock
4. An organization wants to provide protection against access solution. They want to implement an AAA solution
malware attacks. Administrators have installed antivirus that supports different vendors. Which of the following is 14. You are redesigning your password policy. You want
software on all computers. Additionally, they the BEST choice? to ensure that users change their passwords regularly,
implemented a firewall and an IDS on the network. A. TACACS+ but they are unable to reuse passwords. What settings
Which of the following BEST identifies this principle? B. RADIUS should you configure? (Select THREE.) A. Maximum
A. Implicit deny C. Circumference password age
B. Layered security D. SAML B. Password length
C. Least privilege C. Password history
D. Flood guard 10. Your organization has implemented a system that D. Password complexity
stores user credentials in a central database. Users log on E. Minimum password age
5. Homer called into the help desk and says he forgot his once with their credentials. They can then access other
password. Which of the following choices is the BEST systems in the organization without logging on again. 15. An outside security auditor recently completed an in-
choice for what the help-desk professional should do? What does this describe? depth security audit on your network. One of the issues
he reported was related to passwords. Specifically, he B. MAC 25. Your organization has several switches used within
found the following passwords used on the network: C. Role-BAC the network. You need to implement a security control to
Pa$$, 1@W2, and G7bT3. What should be changed to D. Rule-BAC secure the switch from physical access. What should you
avoid the problem shown with these passwords? 20. Your organization’s security policy requires that PII do?
A. Password complexity data at rest and PII data in transit be encrypted. Of the A. Disable unused ports.
B. Password length following choices, what would the organization use to B. Implement an implicit deny rule.
C. Password history achieve these objectives? (Select TWO.) C. Disable STP.
D. Password reuse A. FTP D. Enable SSH.
B. SSH
16. A recent security audit discovered several apparently C. SMTP 26. You are configuring a switch and need to ensure that
dormant user accounts. Although users could log on to D. PGP/GPG only authorized devices can connect to it and access the
the accounts, no one had logged on to them for more E. HTTP network through this switch. Which of the following is
than 60 days. You later discovered that these accounts the BEST choice to meet this goal?
are for contractors who work approximately one week 21. Which of the following list of protocols use TCP port A. Implement 802.1x
every quarter. What is the BEST response to this 22 by default? B. Use a Layer 3 switch.
situation? A. FTPS, TLS, SCP C. Create a VLAN
A. Remove the account expiration from the accounts. B. SCP, SFTP, FTPS D. Enable RSTP.
B. Delete the accounts. C. HTTPS, SSL, TLS
C. Reset the accounts. D. SSH, SCP, SFTP 27. You need to configure a UTM security appliance to
D. Disable the accounts. E. SCP, SSH, SSL restrict access to peer-to-peer file sharing web sites.
What are you MOST likely to configure?
17. Your organization routinely hires contractors to assist 22. Bart wants to block access to all external web sites. A. Content inspection
with different projects. Administrators are rarely notified Which port should he block at the firewall? B. Malware inspection
when a project ends and contractors leave. Which of the A. TCP 22 C. URL filter
following is the BEST choice to ensure that contractors B. TCP 53 D. Stateless inspection
cannot log on with their account after they leave? C. UDP 69
A. Enable account expiration. D. TCP 80 28. Your organization has implemented a network design
B. Enable an account enablement policy. that allows internal computers to share one public IP
C. Enable an account recovery policy. 23. You need to manage a remote server. Which of the address. Of the following choices, what did they MOST
D. Enable generic accounts. following ports should you open on the firewall between likely implement?
your system and the remote server? A. PAT
18. Developers are planning to develop an application A. 25 and 3389 B. STP
using role-based access control. Which of the following B. 22 and 443 C. DNAT
would they MOST likely include in their planning? C. 22 and 3389 D. TLS
A. A listing of labels reflecting classification levels D. 21 and 23
B. A requirements list identifying need to know 29. What would you configure on a Layer 3 device to
C. A listing of owners 24. While reviewing logs on a firewall, you see several allow FTP traffic to pass through?
D. A matrix of functions matched with their required requests for the AAAA record of gcgapremium.com. A. Router
privileges What is the purpose of this request? B. Implicit deny
A. To identify the IPv4 address of gcgapremium.com C. Port security
19. An organization has implemented an access control B. To identify the IPv6 address of gcgapremium.com D. Access control list
model that enforces permissions based on data labels C. To identify the mail server for gcgapremium.com
assigned at different levels. What type of model is this? D. To identify any aliases used by gcgapremium.com
A. DAC
30. What type of device would have the following entries
used to define its operation? permit IP any any eq 80,
permit IP any any eq 443, deny IP any any
A. Layer 2 switch
B. Proxy server
C. Web server
D. Firewall
31. You are preparing to deploy an anomaly-based
detection system to monitor network activity. What
would you create first?
A. Flood guards
B. Signatures
C. Baseline
D. Honeypot
32. A security company wants to gather intelligence
about current methods attackers are using against
its clients. What can it use?
A. Vulnerability scan
B. Honeynet
C. MAC address filtering
D. Evil twin
33. Lisa oversees and monitors processes at a water
treatment plant using SCADA systems. Administrators
recently discovered malware on her system that was
connecting to the SCADA systems. Although they
removed the malware, management is still concerned.
Lisa needs to continue using her system and it’s not
possible to update the SCADA systems. What can
mitigate this risk?
A. Install HIPS on the SCADA systems.
B. Install a firewall on the border of the SCADA network.
C. Install a NIPS on the border of the SCADA network.
D. Install a honeypot on the SCADA network.
34. Your organization maintains a separate wireless
network for visitors in a conference room. However, you
have recently noticed that people are connecting to this
network even when there aren’t any visitors in the
conference room. You want to prevent these
connections, while maintaining easy access for visitors in
the conference room. Which of the following is the BEST A. IP address filtering
solution? B. Hardware address filtering
A. Disable SSID broadcasting. C. Port filtering
B. Enable MAC filtering. D. URL filtering
C. Use wireless jamming.
D. Reduce antenna power. 39. Homer recently implemented a wireless network in
his home using WEP. He asks you for advice. Which of
35. Which of the following represents the BEST action to the following is the BEST advice you can give him?
increase security in a wireless network? A. He should not use WEP because it uses a weak
A. Replace dipole antennas with Yagi antennas. encryption algorithm.
B. Replace TKIP with CCMP. B. He should also ensure he disables SSID broadcast for
C. Replace WPA with WEP. security purposes.
D. Disable SSID broadcast. C. He should ensure it is in Enterprise mode.
D. He should not use WEP because it implements weak
36. Your organization is hosting a wireless network with IVs for encryption keys.
an 802.1x server using PEAP. On Thursday, users report
they can no longer access the wireless network. 40. Which of the following is an attack against a mobile
Administrators verified the network configuration device?
matches the baseline, there aren’t any hardware A. War chalking
outages, and the wired network is operational. Which of B. SSID hiding
the following is the MOST likely cause for this problem? C. Evil twin
A. The RADIUS server certificate expired. D. Bluejacking
B. DNS is providing incorrect host names.
C. DHCP is issuing duplicate IP addresses. 41. A network administrator needs to open a port on a
D. MAC filtering is enabled. firewall to support a VPN using PPTP. What ports should
the administrator open?
37. You are planning a wireless network for a business. A A. UDP 47
core requirement is to ensure that the solution encrypts B. TCP 50
user credentials when users enter their usernames and C. TCP 1723
passwords. Which of the following BEST meets this D. UDP 1721
requirement?
A. WPA2-PSK 42. Attackers recently attacked a web server hosted by
B. WEP over PEAP your organization. Management has tasked
C. WPS with LEAP administrators with reducing the attack surface of this
D. WPA2 over EAP-TTLS server to prevent future attacks. Which of the following
will meet this goal?
38. A small business owner modified his wireless router A. Disabling unnecessary services
with the following settings: B. Installing and updating antivirus software
PERMIT 1A:2B:3C:4D:5E:6F C. Identifying the baseline
DENY 6F:5E:4D:3C:2B:1A D. Installing a NIDS
After saving the settings, an employee reports that he
cannot access the wireless network anymore. 43. Network administrators identified what appears to
What is the MOST likely reason that the employee be malicious traffic coming from an internal computer,
cannot access the network? but only when no one is logged on to the computer. You
suspect the system is infected with malware. It
periodically runs an application that attempts to connect
to web sites over port 80 with Telnet. After comparing
the computer with a list of services from the standard
image, you verify this application is very likely the
problem. What process allowed you to make this
determination?
A. Banner grabbing
B. Hardening
C. Whitelisting
D. Baselining
44. An updated security policy defines what applications
users can install and run on company-issued mobile
devices. Which of the following technical controls will
enforce this policy?
A. Whitelisting
B. Blacklisting
C. AUP
D. BYOD
45. You want to test new security controls before
deploying them. Which of the following technologies
provides the MOST flexibility to meet this goal?
A. Baselines
B. Hardening techniques
C. Virtualization technologies
D. Patch management programs
46. An organization recently suffered a significant outage
after a technician installed an application update on a
vital server during peak hours. The server remained
down until administrators were able to install a previous
version of the application on the server. What could the
organization implement to prevent a reoccurrence of this
problem?
A. Do not apply application patches to server
applications.
B. Apply the patches during nonpeak hours.
C. Apply hardening techniques.
D. Create a patch management policy.
47. A security analyst is evaluating a critical industrial
control system. The analyst wants to ensure the system
has security controls to support availability.Which of the
following will BEST meet this need?
A. Using at least two firewalls to create a DMZ
B. Installing a SCADA system
C. Implementing control redundancy and diversity
D. Using an embedded system
48. Of the following choices, what are valid security
controls for mobile devices?
A. Screen locks, device encryption, and remote wipe
B. Host-based firewalls, pop-up blockers, and SCADA
access
C. Antivirus software, voice encryption, and NAC
D. Remote lock, NAC, and locking cabinets
49. A new mobile device security policy has authorized
the use of employee-owned devices, but mandates
additional security controls to protect them if devices are
lost or stolen. Which of the following meets this goal?
A. Screen locks and geo-tagging
B. Patch management and change management
C. Screen locks and device encryption
D. Full device encryption and IaaS
50. You want to deter an attacker from using brute force
to gain access to a mobile device. What would you
configure?
A. Remote wiping
B. Account lockout settings
C. Geo-tagging
D. RFID
51. Management within your company is considering
allowing users to connect to the corporate network with
their personally owned devices. Which of the following
represents a security concern with this policy?
A. Inability to ensure devices are up to date with current
system patches
B. Difficulty in locating lost devices
C. Cost of the devices
D. Devices might not be compatible with applications
within the network
52. Your organization is planning to issue mobile devices
to some employees, but they are concerned about
protecting the confidentiality of data if the devices are
lost or stolen. Which of the following is the BEST way to
secure data at rest on a mobile device?
A. Strong passwords
B. Hashing
C. RAID-6
D. Full device encryption
53. Your organization recently purchased several new
laptop computers for employees. You’re asked to encrypt
the laptop’s hard drives without purchasing any
additional hardware. What would you use?
A. TPM
B. HSM
C. VM escape
D. DLP
54. Management within your organization wants to limit
documents copied to USB flash drives. Which of the
following can be used to meet this goal?
A. DLP
B. Content filtering
C. IPS
D. Logging
55. Bart installed code designed to enable his account
automatically, three days after anyone disables it. What
does this describe?
A. Logic bomb
B. Rootkit
C. Armored virus
D. Ransomware
56. Lisa recently completed an application used by the
Personnel department to store PII and other employee
information. She programmed in the ability to access this
application with a username and password that only she
knows, so that she can perform remote maintenance on
the application if necessary. What does this describe?
A. Armored virus
B. Polymorphic virus
C. Backdoor
D. Trojan application isn’t vulnerable to all of the following attacks C. Risk deterrence
except one. Which of the following attacks are NOT D. Risk mitigation
57. A recent change in an organization’s security policy prevented by validating user input? E. Risk transference
states that monitors need to be positioned so that they A. XSS
cannot be viewed from outside any windows. What is the B. SQL injection 66. You are asked to identify the number of times a
purpose of this policy? C. Buffer overflow specific type of incident occurs per year. Which of the
A. Reduce success of phishing D. Command injection following BEST identifies this?
B. Reduce success of shoulder surfing E. Whaling A. ALE
C. Reduce success of dumpster diving B. ARO
D. Reduce success of impersonation 62. Checking the logs of a web server, you see the C. MTTF
following entry: D. SLE
58. You are troubleshooting an intermittent connectivity 198.252.69.129 --[1/Sep/2013:05:20]"GET index.php?
issue with a web server. After examining the logs, you username=ZZZZZZZZZZZZZZZZZZZZBBBBBBBBCCCCCCCHT 67. Lisa needs to calculate the total ALE for a group of
identify repeated connection attempts from various IP TP1.1" servers used in the network. During the past two years,
addresses. You realize these connection attempts are "http://gcgapremium.com/security/" "Chrome31" five of the servers failed. The hardware cost to replace
overloading the server, preventing it from responding to Which of the following is the BEST choice to explain this each server is $3,500, and the downtime has resulted in
other connections. Which of the following is MOST likely entry? $2,500 of additional losses. What is the ALE?
occurring? A. A SQL injection attack A. $7,000
A. DDoS attack B. A pharming attack B. $10,000
B. DoS attack C. A phishing attack C. $15,000
C. Smurf attack D. A buffer overflow attack D. $30,000
D. Salting attack
63. Looking at logs for an online web application, you see 68. Security experts at your organization have
59. Your organization includes the following statement in that someone has entered the following phrase into determined that your network has been repeatedly
the security policy: “Security controls need to protect several queries: ' or '1'='1' -- Which of the following is the attacked from multiple entities in a foreign country.
against both online and offline password brute force MOST likely explanation for this? Research indicates these are coordinated and
attacks.” Which of the following controls is the LEAST A. A buffer overflow attack sophisticated attacks. What BEST describes this activity?
helpful to meet these goals? B. An XSS attack A. Fuzzing
A. Account expiration C. A SQL injection attack B. Sniffing
B. Account lockout D. An LDAP injection attack C. Spear phishing
C. Password complexity D. Advanced persistent threat
D. Password length 64. A security tester is using fuzzing techniques to test a
software application. Which of the following does fuzzing 69. Bart is performing a vulnerability assessment. Which
60. A code review of a web application discovered that use to test the application? of the following BEST represents the goal of this task?
the application is not performing boundary checking. A. Formatted input A. Identify services running on a system.
What should the web developer add to this application B. Unexpected input B. Determine if vulnerabilities can be exploited.
to resolve this issue? C. Formatted output C. Determine if input validation is in place.
A. XSRF D. Unexpected output D. Identify the system’s security posture.
B. XSS
C. Input validation 65. An organization has purchased fire insurance to 70. You need to ensure that several systems have all
D. Fuzzing manage the risk of a potential fire. What method are appropriate security controls and patches.
they using? However, your supervisor specifically told you not to
61. A web developer is using methods to validate user A. Risk acceptance attack or compromise any of these systems.
input in a web site application. This ensures the B. Risk avoidance
Which of the following is the BEST choice to meet these Which of the following could the organization implement A. Cold site
goals? to ensure security administrators are notified in a timely B. Warm site
A. Vulnerability scan manner? C. Hot site
B. Penetration test A. Routine auditing D. Mobile site
C. Command injection B. User rights and permissions reviews
D. Virus scan C. Design review 80. Monty Burns is the CEO of the Springfield Nuclear
D. Incident response team Power Plant. What would the company have
71. Which of the following tools is the MOST invasive in place in case something happens to him?
type of testing? 76. A security administrator is reviewing an A. Business continuity planning
A. Pentest organization’s security policy and notices that the policy B. Succession planning
B. Protocol analyzer does not define a time frame for reviewing user rights C. Separation of duties
C. Vulnerability scan and permissions. Which of the following is the MINIMUM D. IT contingency planning
D. Host enumeration time frame that she should recommend?
A. At least once a year 81. A continuity of operations plan for an organization
72. A security professional is testing the functionality of B. At least once every five years includes the use of a warm site. The BCP coordinator
an application, but does not have any knowledge about C. Anytime an employee leaves the organization wants to verify that the organization’s backup data
the internal coding of the application. What type of test D. Anytime a security incident has been identified center is prepared to implement the warm site if
is this tester performing? necessary. Which of the following is the BEST choice to
A. White box 77. Security personnel recently performed a security meet this need?
B. Black box audit. They identified several employees who had A. Perform a review of the disaster recovery plan.
C. Gray box permissions for previously held jobs within the company. B. Ask the managers of the backup data center.
D. Black hat What should the organization implement to prevent this C. Perform a disaster recovery exercise.
in the future? D. Perform a test restore.
73. Testers are analyzing a web application your A. Role-BAC model
organization is planning to deploy. They have full access B. Account disablement policy 82. Users are complaining of intermittent connectivity
to product documentation, including the code and data C. Vulnerability assessment issues. When you investigate, you discover that new
structures used by the application. What type of test will D. Account management controls network cables for these user systems were run across
they MOST likely perform? several fluorescent lights. What environmental control
A. Gray box 78. You are a technician at a small organization. You need will resolve this issue?
B. White box to add fault-tolerance capabilities within the business to A. HVAC system
C. Black box increase the availability of data. However, you need to B. Fire suppression
D. White hat keep costs as low as possible. C. Humidity controls
Which of the following is the BEST choice to meet these D. EMI shielding
74. A network administrator is attempting to identify all needs?
traffic on an internal network. Which of the following A. Failover cluster 83. A software company occasionally provides
tools is the BEST choice? B. RAID-6 application updates and patches via its web site. It also
A. Black box test C. Backups provides a checksum for each update and patch. Which
B. Protocol analyzer D. UPS of the following BEST describes the purpose of the
C. Penetration test checksum?
D. Baseline review 79. An organization needs to identify a continuity of A. Availability of updates and patches
operations plan that will allow it to provide temporary IT B. Integrity of updates and patches
75. Your organization security policy requires that support during a disaster. The organization does not C. Confidentiality of updates and patches
personnel notify security administrators if an incident want to have a dedicated site. D. Integrity of the application
occurs. However, this is not occurring consistently. Which of the following provides the best solution?
84. A function converts data into a string of characters
and the string of characters cannot be reversed to
recreate the original data. What type of function is this?
A. Symmetric encryption
B. Asymmetric encryption
C. Stream cipher
D. Hashing
85. Which of the following is a symmetric encryption
algorithm that encrypts data one bit at a time?
A. Block cipher
B. Stream cipher
C. AES
D. DES
E. MD5
86. A supply company has several legacy systems
connected together within a warehouse. An external
security audit discovered the company is using DES and
mandated the company upgrade DES to meet minimum
security requirements. The company plans to replace the
legacy systems next year, but needs to meet the
requirements from the audit. Which of the following is
MOST likely to be the simplest upgrade for these
systems?
A. AES
B. HMAC
C. 3DES
D. SSL
87. Network administrators in your organization need to
administer firewalls, security appliances, and other
network devices. These devices are protected with
strong passwords, and the passwords are stored in a file
listing these passwords. Which of the following is the
BEST choice to protect this password list?
A. File encryption
B. Database field encryption
C. Full database encryption
D. Whole disk encryption
88. Bart, an employee at your organization, is suspected
of leaking data to a competitor. Investigations indicate he A. 3DES
sent several email messages containing pictures of his
dog. Investigators have not been able to identify any C. PBKDF2
other suspicious activity. Which of the following is MOST D. Database fields
likely occurring?
A. Bart is copying the data to a USB drive. 93. A web site is using a certificate. Users have recently
B. Bart is encrypting the data. been receiving errors from the web site indicating that
C. Bart is leaking data using steganography. the web site’s certificate is revoked. Which of the
D. Bart is sending the data as text in the emails. following includes a list of certificates that have been
revoked?
89. You are planning to encrypt data in transit with IPsec. A. CRL
Which of the following is MOST likely to be used with B. CA
IPsec? C. OCSP
A. HMAC D. CSR
B. Blowfish
C. Twofish 94. Which of the following is a management control?
D. MD5 A. Encryption
B. Security policy
90. Bart wants to send a secure email to Lisa, so he C. Least privilege
decides to encrypt it. He wants to ensure that only D. Change management
Lisa can decrypt it. Which of the following does Lisa need
to meet this requirement? 95. Security personnel recently identified potential fraud
A. Bart’s public key committed by a network administrator.
B. Bart’s private key Investigators discovered this administrator performs
C. Lisa’s public key several job functions within the organization, including
D. Lisa’s private key database administration and application development.
Which of the following is the BEST solution to reduce risk
91. An organization requested bids for a contract and associated with this activity?
asked companies to submit their bids via email. A. Mandatory vacations
After winning the bid, Acme realized it couldn’t meet the B. Mandatory access control
requirements of the contract. Acme instead stated that it C. Change management
never submitted the bid. Which of the following would D. Separation of duties
provide proof to the organization that Acme did submit
the bid? 96. Security experts want to reduce risks associated with
A. Digital signature updating critical operating systems. Which of the
B. Integrity following will BEST meet this goal?
C. Repudiation A. Load balancing
D. Encryption B. Change management
C. Incident management
92. Application developers are creating an application D. Key management
that requires users to log on with strong passwords. The
developers want to store the passwords in such a way 97. Your company is considering implementing SSO
that it will thwart brute force attacks. Which of the capabilities to company applications and linking them to
following is the BEST solution? a social media site. When implemented, users can log on
to Facebook and then access company applications
B. MD5
without logging on again. What is a potential risk related
to this plan?
A. A data breach exposing passwords on the company
site will affect the social media site.
B. SAML lacks adequate security when used on the
Internet.
C. XML lacks adequate security when used on the
Internet.
D. A data breach exposing passwords on the social media
site will affect the company application.

98. You work as a help-desk professional in a large

organization. You have begun to receive an extraordinary
number of calls from employees related to malware.
Using common incident response procedures, what
should be your FIRST response?
A. Preparation
B. Identification
C. Escalation
D. Mitigation

99. A technician confiscated an employee’s computer

after management learned the employee had
unauthorized material on his system. Later, a security
expert captured a forensic image of the system disk.
However, the security expert reported the computer was
left unattended for several hours before
he captured the image. Which of the following is a
potential issue if this incident goes to court?
A. Chain of custody
B. Order of volatility
C. Time offset
D. Lack of metrics

100. Social engineers have launched several successful

phone-based attacks against your organization resulting
in several data leaks. Which of the following would be
the MOST effective at reducing the success of these
attacks?
A. Implement a BYOD policy.
B. Update the AUP.
C. Provide training on data handling.
D. Implement a program to increase security awareness.