Comptia Security+ Exam Practice 5

Time limit: 0

Quiz Summary

0 of 20 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Average score
Your score

Categories

Not categorized 0%
Security+ 0%

Current
Review / Skip
Answered
Correct
Incorrect

Question 1 of 20

1. Question
0 point(s)
Match the system log entries to the to the corresponding type of possible malicious activity.
Sort elements
- Unauthorized Access
- Normal Operation
- Malware Infection
- System Tampering
- User ‘admin’ logged in from a foreign country.
- Scheduled system backup completed
- Multiple software installation failures
- Unexpected system shutdown and restart
Correct

Incorrect
Question 2 of 20

2. Question
0 point(s)
An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
* Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
* Internal users in question were changing their passwords frequently during that time period.
* A jump box that several domain administrator users use to connect to remote devices was recently compromised.
* The authentication method used in the environment is NTLM.
Which of the following types of attacks is MOST likely being used to gain unauthorized access?
- Pass-the-hash
- Brute-force
- Directory traversal
- Replay
Correct

Incorrect
Question 3 of 20

3. Question
0 point(s)
A help desk technician receives a phone call from someone claiming to be a part of the organization’s cybersecurity incident response team. The caller asks the technician to verify the network’s internal firewall IP Address. Which of the following is the technician’s BEST course of action?
- Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
- Ask for the caller’s name, verify the person’s identity in the email directory, and provide the requested information over the phone.
- Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization’s cybersecurity officer.
- Request the caller send an email for identity verification and provide the requested information via email to the caller.
Correct

Incorrect
Question 4 of 20

4. Question
0 point(s)
A multinational corporation is implementing a new internal communication system that includes email, chat, and file-sharing capabilities. The corporation wants to ensure that all communications and data transfers within this system are secure and confidential. What cryptographic protocol should be the focus of the security implementation to achieve end-to-end encryption within the communication system?
- Hypertext Transfer Protocol Secure (HTTPS) for secure web-based communications.
- Pretty Good Privacy (PGP) for encrypting emails and files within the system
- Secure/Multipurpose Internet Mail Extensions (S/MIME) for securing email and data transfer.
- Wi-Fi Protected Access 3 (WPA3) for securing wireless network communications.
Correct

Incorrect
Question 5 of 20

5. Question
0 point(s)
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?
- Incremental backups followed by differential backups
- Full backups followed by incremental backups
- Delta backups followed by differential backups
- Incremental backups followed by delta backups
- Full backups followed by differential backups
Correct

Incorrect
Question 6 of 20

6. Question
0 point(s)
You work for a large healthcare company in the US that recently had a breach of over 52,000 medical records. The records contained securely encrypted payment data and plaintext patient and doctor names and were intercepted through an insecure Wi-Fi connection. The board of directors initially chose not to disclose the breach to regulators or the public. However, after a third-party audit uncovered the breach, the board reported the incident according to the relevant laws, and also notified the media and affected patients.

What is the MOST likely outcome in this scenario?
- The organization will not face financial penalties because no sensitive data was compromised, and the patients were notified of the incident.
- The organization will face financial penalties and patients may find unauthorized charges on their credit cards.
- The organization will face financial penalties and the board of directors will face criminal charges
- The organization will face financial penalties and may be subject to increased auditing.
- The organization will face financial penalties and insurance providers will drop it from their network due to liability concerns.
Correct

Incorrect
Question 7 of 20

7. Question
0 point(s)
A company’s network security system detects an unusual increase in outbound traffic. Further investigation reveals that a recently opened PDF document contained a hidden script which, when activated, began exfiltrating sensitive data from the user’s computer. The PDF was received as an email attachment from a seemingly legitimate source. This incident is indicative of which type of file-based threat?
- Ransomware
- Logic bomb
- Trojan horse
- Rootkit
Correct

Incorrect
Question 8 of 20

8. Question
0 point(s)
A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?
- Blockchain
- Salting
- Quantum
- Digital signature
Correct

Incorrect

Question 9 of 20

9. Question

0 point(s)

Match the term for an element of effective security governance with its brief description.

Sort elements

Guidelines
Policies
Standards
Procedures
External considerations

Detailed instructions or recommendations that help users make decisions and perform tasks securely.

High-level statements that outline the organization’s objectives, rules, and responsibilities regarding security practices and procedures

Specific rules or criteria set by regulatory bodies, industry best practices, or legal requirements that must be adhered to for compliance.

Step-by-step instructions for carrying out security-related tasks or actions.

Factors outside the organization that impact security governance, such as industry standards, legal regulations, and contractual obligations

Correct

Incorrect

Question 10 of 20

10. Question
0 point(s)
healthcare organization experienced a ransomware attack that encrypted critical patient data and disabled key systems. The organization had a disaster recovery plan in place, but recovery efforts were slower than expected, leading to prolonged service disruptions. In revising their disaster recovery plan, what should be the organization’s PRIMARY focus to improve response times in future incidents?
- Increasing the frequency of data backups.
- Establishing predefined recovery time objectives (RTOs) and recovery point objectives (RPOs).
- Investing in more advanced cybersecurity technologies
- Negotiating a lower ransom payment in case of future attacks.
Correct

Incorrect
Question 11 of 20

11. Question
0 point(s)
A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?
- MAC address filtering
- 802.1X
- Captive portal
- WPS
Correct

Incorrect

Question 12 of 20

12. Question