CERTIFICATION EXAM STUDY
GUIDE || WITH QUESTIONS &
ANSWERS (GRADED A+)
, CompTIA Security+ Certification Exam
Study Guide || With Questions &
Answers (Graded A+)
An outside security auditor recently completed an in-depth security audit on your
network. One of the issues he reported was related to passwords. Specifically, he found
the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should
be change to avoid the problem shown with these passwords? - ANSWER - Password
length
A recent security audit discovered several apparently dormant user accounts. Although
users could log on to the accounts, no one had logged on to them for more than 60
days. You later discovered that these accounts are for contractors who work
approximately one week every quarter. What is the BEST response to this situation? -
ANSWER - Disable the accounts
Your organization routinely hires contractors to assist with different projects.
Administrators are rarely notified when a project ends and contractors leave. Which is
the BEST choice to ensure that contractors cannot log on with their account after they
leave? - ANSWER - Enable account expiration
Developers are planning to develop an application using role-based access control.
Which would they MOST likely include in their planning? - ANSWER - A matrix of
functions matched with their required priviliges
An organization has implemented an access control model that enforces permissions
based on data labels assigned at different levels. What type of model is this? -
ANSWER - MAC
Which protocols use TCP port 22 by default? - ANSWER - SSH, SCP, SFTP
Bart wants to block access to all external web sites. Which port should he block at the
firewall? - ANSWER - TCP 80
You need to manage a remote server. Which ports should you open on the firewall
between your system and the remote server? - ANSWER - 22 an 3389
While reviewing logs on a firewall, you see several requests for the AAAA record of
gcgapremium.com. What is the purpose of this request? - ANSWER - To identify the
IPv6 address of gcgapremium.com
,Your organization has several switches used within the network. You need to implement
a security control to secure the switch from physical access. What should you do? -
ANSWER - Disable unused ports
You are configuring a switch and need to ensure that only authorized devices can
connect to it and access the network through this switch. Which is the BEST choice to
meet this goal? - ANSWER - Implement 802.1x
You need to configure a UTM security appliance to restrict access to peer-to-peer file
sharing web sites. What are you MOST likely to configure? - ANSWER - URL Filter
Your organization has implemented a network design that allows internal computers to
share one public IP address. What did they MOST likely implement? - ANSWER - PAT
A security administrator is implementing a security program that addresses
confidentiality and availability. What else should the administrator include? - ANSWER -
Ensure systems are not susceptible to unauthorized changes
You need to transmit PII via email and you want to maintain its confidentiality. What is
the BEST solution? - ANSWER - Encrypt it before sending
Lisa manages network devices in your organization and maintains copies of the
configuration filed for all the managed routers and switches. On a weekly basis, she
creates hashes for these files and compares them with hashes she created on the same
files the previous week. Which security goal is she pursuing? - ANSWER - Integrity
An organization wants to provide protection against malware attacks. Administrators
have installed antivirus software on all computers. Additionally, they implemented a
firewall and an IDS on the network. Which of the following BEST identifies this
principal? - ANSWER - Layered security
Homer called into the help desk and says he forgot his password. Which of the following
choices is the BEST choice for what the help-desk professional should do? - ANSWER -
Reset the password and configure the password to expire after the first use.
Which type of authentication does a hardware token provide? - ANSWER - One-time
password
Which type of authentication is a retina scan? - ANSWER - Biometric
Users are required to log on to their computers with a smart card and a PIN. Which
BEST describes this? - ANSWER - Multifactor authentication
Your company recently began allowing workers to telecommute from home one or more
days a week. However, your company doesn't currently have a remote access solution.
, They want to implement an AAA solution that supports different vendors. Which is the
BEST choice? - ANSWER - RADIUS
Your organization has implemented a system that stores user credentials in a central
database. Users log on once with their credentials. They can then access other systems
in the organization without logging on again. What does this describe? - ANSWER -
Single sign-on
Your organization issues users a variety of different mobile devices. However,
management want to reduce potential data losses if the devices are lost or stolen.
Which is the BEST technical control to achieve this goal? - ANSWER - Disk encryption
What would you configure on a Layer 3 device to allow FTP traffic to pass through? -
ANSWER - Access control list
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any - ANSWER - Firewall
You are preparing to deploy an anomaly-based detection system to monitor networks
activity. What would you create first? - ANSWER - Baseline
A security company wants to gather intelligence about current methods attackers are
using against its clients. What can it use? - ANSWER - Honeynet
Lisa oversees and monitors processes at a water treatment plant using SCADA
systems. Administrators recently discovered malware on her system that was
connecting to the SCASA system. Although they removed the malware, management is
still concerned. Lisa needs to continue using her system and it's not possible to update
the SCADA system. What can mitigate the risk? - ANSWER - Install a NIPS on the
border of the SCADA network
Your organization maintains a separate wireless network for visitors in a conference
room. However, you have recently noticed that people are connecting to this network
even when there aren't any visitors in the conference room. You want to prevent these
connections, while maintaining easy access for visitors in the conference room. Which
is the BEST solution? - ANSWER - Reduce antenna power
Which represents the BEST action to increase security in a wireless network? -
ANSWER - Replace TKIP with CCMP
Your organization is hosting a wireless network with an 802.1x server using PEAP. On
Thursday, users report they can no longer access the wireless network. Administrators
verified the network configuration matches the baseline, there aren't any hardware