CompTIA CertMaster CE Security+ Section 2 Practice Questions – CompTIA Security+, 2026 | Verified Questions with Correct Answers

COMPTIA CERTMASTER CE SECURITY+ SECTION 2
QUESTIONS WITH CORRECT ANSWERS 2026
A firewall - CORRECT ANSWER -
any software or hardware device that protects a system or network by blocking unwanted network tra
ffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a proc
ess called implicit deny.



A stateful firewall - CORRECT ANSWER -
A stateful firewall does track the active state of a connection and is able to make decisions based on t
he contents of a network packet as it relates to the state of the connection.



stateless firewall - CORRECT ANSWER -
does not track the active state of a connection as it reaches the firewall. It allows or blocks traffic bas
ed on some static value associated with that traffic.



An access control list (ACL) - CORRECT ANSWER -
a list of objects with permissions attached to those objects. The list specifies which entities (such as in
dividuals) have the rights to access specific resources and to what extent those resources may be mo
dified (if at all).



Implicit deny - CORRECT ANSWER -
The principle that establishes that everything that is not explicitly allowed is denied.



A VPN concentrator - CORRECT ANSWER -
A single device that incorporates advanced encryption and authentication methods in order to handle
a large number of VPN tunnels.



Remote access vs. site-to-site - CORRECT ANSWER -
A remote access VPN connects individual remote users to the private network, whereas a site-to-
site VPN connects two private networks together.



Internet Protocol Security (IPSec) - CORRECT ANSWER -an open-
source protocol framework for security development within the TCP/IP family of protocol standards. IP
Sec is not application dependent as it operates at the network layer (layer 3) of the OSI model.

, IPSec transport mode - CORRECT ANSWER -
IPSec encrypts just the IP payload, leaving the IP packet header unchanged so it can be easily routed t
hrough the internet



IPSec tunnel mode - CORRECT ANSWER -both the packet contents and header are encrypted.



IPSec, Authentication Header (AH) - CORRECT ANSWER -
One of the two protocols used in IPSec, Authentication Header (AH) provides authentication for the or
igin of transmitted data as well as integrity and protection against replay attacks.



IPSec, Encapsulation Security Payload (ESP) - CORRECT ANSWER -
One of the two protocols used in IPSec, provides the same functionality as Authentication Header (AH
), with the addition of encryption to support the confidentiality of transmitted data.



Split tunnel vs. full tunnel - CORRECT ANSWER -
When a device is connected to the VPN in full tunnel mode, all network traffic is sent through the tun
nel and encrypted. In split mode, only some of the traffic is sent through the tunnel and encrypted.



TLS/SSL (Transport Layer Security and Secure Sockets Layer) - CORRECT ANSWER -
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are security protocols that combine digit
al certificates for authentication with public key data encryption.



Always-on VPN - CORRECT ANSWER -Some VPN concentrators support an always-
on capability so that the user's device will automatically connect to the VPN any time it has an Intern
et connection.



NIPS (network-based intrusion prevention system) - CORRECT ANSWER -
A network intrusion prevention system (NIPS) monitors suspicious traffic on the network and reacts in
real time to block it.



NIDS (network-based intrusion detection system) - CORRECT ANSWER -
A NIDS primarily uses passive hardware sensors to monitor traffic on a specific segment of the networ
k. It can sniff traffic and send alerts about anomalies or concerns.