This free CompTIA Security+ practice exam covers basic knowledge in the field of Information Systems Security. To pass the CompTIA Security+ exam, a candidate will need knowledge in Network Security, Compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography, and application, data, and host security. This free practice test will test your knowledge and readiness for the CompTIA Security+ Examination.
An injection is when a hacker uses a computer language such as PHP, JavaScript, or SQL in an input field to trick a program into running the injected script, thus taking control of the program.
This question is filed under objective 3, Threats and Vulnerabilities
A HUB forwards all packets out all interfaces, except the one the packet was received on. This means information sent from Host A to Host B, is very easily intercepted by Host C. Even if Host C wasn't addressed in the data header. A HUB is considered a layer 1 (Physical Layer) device in the OSI Model.
This question is filed under objective 1, Network Security
Secure Shell, is a tunnel encryption using port 22. It is commonly used as a secure alternative to telnet. SSH can also be used to encrypt just about any plain-text protocol, for example FTP over SSH. Secure Socket Layer (SSL) and Transport Security Layer (TLS) are very similar to SSH but are most commonly used in HTTPS. Blowfish is an older, but still common symmetric-key block cipher.
This question is filed under objective 4, Application, Data and Host Security
MD5 (Message-Digest algorithm 5) is a hashing algorithm, commonly used to verify integrity when downloading or transferring files. MD5 is used before and after the file transfer and the generated 128 bit digests can be compared. If they match, the file is exactly the same. If not, some sort of error or malicious attack has occurred.
This question is filed under objective 4, Application, Data and Host Security
Virtualization is a broad term used to describe the use of virtual hardware. This can be to install an operating system or emulator, or to run a software that would not otherwise be compatible with an OS.
This question is filed under objective 4, Application, Data and Host Security
Vishing (Voice Phishing) is a type of phishing attack that uses a telephone or VOIP call to trick an unsuspecting user into divulging important information. Xmas Attack, MAC Spoofing and DDoS are not examples of social engineering, but are malicious attacks.
This question is filed under objective 3, Threats and Vulnerabilities
Implicit Deny is a security stance that prevents an action (network traffic, file access, etc) unless it is explicitly given. For example, network traffic will all be denied by a firewall unless a rule is given to allow traffic from the source and destination IP addresses.
This question is filed under objective 1, Network Security
The employees are receiving advertisements and other mail unrelated to them, this is known as spam or junk mail. Whaling and Phishing attempts to trick users into providing confidential data. Bluesnarfing is the unauthorized access of data through Bluetooth.
This question is filed under objective 3, Threats and Vulnerabilities
SNMP (Simple Network Management Protocol) is a standard protocol used to automatically monitor network equipment.
This question is filed under objective 2, Compliance and Operational Security
A honeypot is used to try and lead a hacker away from real content, and is monitored to detect any unauthorized access.
This question is filed under objective 2, Compliance and Operational Security
A smart card is a physical token, which holds a certificate used to authenticate your identify. A pin number or password is generally required as well.
This question is filed under objective 5, Access Control and Identity Management
PAT (Port Address Translation) uses TCP Port numbers to "translate" a group of private IP addresses to a single public IP addresses (one to many). You may also see this one-to-many IP translation called Network Address Translation (NAT) with overload. Both would be acceptable answers here and the terms are both commonly used by different vendors.
This question is filed under objective 1, Network Security
PKI, or Public-Key-Infrastructure uses asymmetric encryption. There is a public key, and a private key, anything encrypted with a key can only be decrypted with the opposing key.
This question is filed under objective 6, Cryptography
Creating a firewall exception will allow that program or data on that port to bypass the firewall. Allowing a session and establishing a tunnel both refer to creating a connection (for example creating an SSH connection). Creating an AP would be creating an Access Point in a wireless network.
This question is filed under objective 1, Network Security
Whaling (sometimes called spear phishing) is a phishing attack targeted at high level employees of a company or organization.
This question is filed under objective 3, Threats and Vulnerabilities
DoS (Denial of Service) attacks are normally done in large numbers (Distributed-DoS) and attempt to overload a service, such as an http server, so that the server can no longer do it's normal function and is rendered inoperable.
This question is filed under objective 3, Threats and Vulnerabilities
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Bluesnarfing is the unauthorized access to data over Bluetooth.
This question is filed under objective 3, Threats and Vulnerabilities
Penetration testing is an active test, in which some one attempts to penetrate a network solely for security reasons. Any security holes will be addressed afterwords.
This question is filed under objective 2, Compliance and Operational Security
Wardriving is the act of searching for unsecured WiFi network in a moving vehicle using a mobile device such as a laptop or smartphone.
This question is filed under objective 3, Threats and Vulnerabilities
You can go back and review your answers or grade your test.