Posted filed under Uncategorized.

CompTIA Security+ Practice Test Q & A 1

Please enter your email:

1. Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff. Which of the following would MOST likely help mitigate this issue?


2. A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?


3. Which of the following cloud models provides clients with servers, storage, and networks but nothing else?


4. Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?


5. A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?


6. A network administrator has been asked to install an IDS to improve the security posture of an organization.
Which of the following control types is an IDS?


7. A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?


8. In which of the following situations would it be BEST to use a detective control type for mitigation?


9. A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?


10. An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?


11. Which of the following differentiates a collision attack from a rainbow table attack?


12. An organization wants to implement a solution that allows for automated logical controls for network defense. An
engineer plans to select an appropriate network security component, which automates response actions based on
security threats to the network. Which of the following would be MOST appropriate based on the engineer’s


13. A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user
reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the case?


14. A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign
This is an example of which of the following attacks?


15. A penetration testing is preparing for a client engagement in which the tester must provide data that proves and
validates the scanning tools’ results.
Which of the following is the best method for collecting this information?


16. An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization’s needs for a third factor?


17. A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?


18. A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?


19. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?


20. A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?


Question 1 of 20

Comments are closed.