Sample Questions

Card Set Information

Author:
slmckissack
ID:
288000
Filename:
Sample Questions
Updated:
2014-11-03 15:05:22
Tags:
Comptia
Folders:

Description:
Sample questions from the comptia sample questions webpage
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user slmckissack on FreezingBlue Flashcards. What would you like to do?


  1. Which of the following Best describes both change and incident management?
    A. Incident management is not a valid term in IT, however change management is
    B. Incident management and change management are interchangeable terms meaning the same thing.
    C. Incident management is for unexpected consequences, change management is for planned work.
    D. Change management is not a valid term in IT, however incident management is.
    C. Incident management is for unexpected consequences, change management is for planned work.
    (this multiple choice question has been scrambled)
  2. Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?
    A. Disablement
    B. Length
    C. Expiration
    C. Password Complexity
    D. Password Complexity
  3. Which of the following information types would be considered personally Identifiable information?
    A. Full name, date of birth and address
    B. Date of birth
    C. Social Security Number
    D. First name and home address
    A. Full name, date of birth, and address
    (this multiple choice question has been scrambled)
  4. Which of the following is the benefit of single file versus full disk encryption?
    A. Encryption is preserved in full disk encryption when a file is copied from one media to another.
    B. Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used.
    C. Encryption is preserved in single file encryption when a file is copied from one media to another.
    D. Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used.
    C. Encryption is preserved in single file encryption when a file is copied from one media to another.
    (this multiple choice question has been scrambled)
  5. Which of the following is another name for CAC?
    A. Token
    B. RFID
    C. MAC
    D. PIV
    D. PIV
    (this multiple choice question has been scrambled)
  6. Which of the following systems offers Trusted OS capabilities by default?
    A. Backtrack
    B. SE Linux
    C. Windows 7
    D. Windows Vista
    B. SE Linux
    (this multiple choice question has been scrambled)
  7. Which of the following describes a common operational problem when using patch management software that results in a false sense of security?
    A. Vendor patches are released too frequently consuming excessive network bandwidth.
    B. It is resource intensive to test all patches.
    C. Distributed updates may fail to apply or may not active until a reboot.
    D. Conflicts with vulnerability scans impede patch effectiveness.
    C. Distributed updates may fail to applu or may not be active until a reboot.
    (this multiple choice question has been scrambled)
  8. Which of the following is BEST identified as an attacker who has or is about to use a Logic Bomb?
    A. Grey hat
    B. Malicious Insider
    C. White hat
    D. Black Box
    Malicious Insider
  9. Which of the following is the BEST choice in regards to training staff members on dealing with PII?
    A. PII requires public access but must be flagged as confidential.
    B. PII data breaches are always the result of negligent staff and punishable by law.
    C. PII must be stored in an encrypted fashion and only printed on shared printers.
    D. PII must be handled properly in order to minimize security breaches and mishandling.
    D. PII must be handled properly in order to minimize security breaches and mishandling.
    (this multiple choice question has been scrambled)
  10. Which of the following processes are used to avoid employee exhaustion and implement a system of checks and balances?
    A. Least Privilege
    B. Job Rotation
    C. Incident Respose
    D. On-going security
    B. Job Rotation
    (this multiple choice question has been scrambled)
  11. When designing secure LDAP compliant applications, null passwords should NOT be allowed because:
    A. null password can be changed by all users on a network.
    B. A null password is a successful anonymous bind.
    C. LDAP passwords are one-way encrypted.
    D. Null passwords can only be changed by the administrator.
    B. A null password is a successful anonymous bind.
    (this multiple choice question has been scrambled)
  12. A security administrator visits a remote data center dressed as a delivery person. Which of the following is MOST likely being conducted?
    A. Trojan Horse
    B. Vulnerability scan
    C. Social Engineering
    D. Remote access
    C. Social Engineering
    (this multiple choice question has been scrambled)
  13. Mobile devices used in the enterprise should be administered using:
    A. Centrally managed update services and access controls.
    B. Vendor provided software update systems.
    C. Full disk encryption and central password management
    D. Encrypted networks and system logging
    A. Centrally managed update services and access controls.
    (this multiple choice question has been scrambled)
  14. The Chief Information Officer (CIO) wants to implement widespread network and hardware changes within the organization. The CIO has adopted an aggressive deployment schedule and does not want to bother with documentation, because it will slow down the deployment. Which of the following are the risks associated with not documenting the changes?
    A. Undocumented networks might not be protected and can be used to support insider attacks.
    B. Documented networks provide a visual representation of the network for an attacker to exploit.
    C. Undocumented networks ensure the confidentiality and secrecy of the network topology.
    D. Documenting a network hinders production because it is time consuming and ties up critical resources.
    A. Undocumented networks might not be protected and can be used to support insider attacks.
    (this multiple choice question has been scrambled)
  15. Which of the following could mitigate shoulder surfing?
    A. Man Traps
    B. Hashing
    C. Privacy Screens
    D. Screen locks
    C. Privacy Screens
    (this multiple choice question has been scrambled)
  16. Which of the following passwords is the MOST complex?
    A. l@ur0
    B. 5@rAru99
    C. CarL8241g
    D. j1!1b5
    B. 5@rAru99
    (this multiple choice question has been scrambled)
  17. Which of the following is being utilized when the BIOS and operating system's responsibility is platform integrity?
    A. USB encryption
    B. SSL
    C. TPM
    D. Data loss prevention
    C. TPM
    (this multiple choice question has been scrambled)
  18. Which of the following BEST describes a Buffer Overflow attack that allows access to a remote system?
    A. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.
    B. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
    C. The attacker overwhelms a system application, causing it to crash and bring the server down to cause an outage.
    D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
    D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
    (this multiple choice question has been scrambled)
  19. A company fails to monitor and maintain the HVAC system in the datacenter. Which of the following is the MOST likely to affect availability of systems.
    A. Employee productivity in a hot datacenter
    D. Premature failure of components
    C. Decreased number of systems in the database.
    D. Increased utility costs.
    B. Premature failure of components
  20. Which of the following protocols is defined in RFC 1157 as utilizing UDP ports 161 and 162?
    A. TLS
    B. SNMP
    C. SSL
    D. IPSec
    B. SNMP
    (this multiple choice question has been scrambled)
  21. Which of the following is LEAST likely to have a legitimate business purpose?
    A. Vulnerability Scanner
    B. Port Scanner
    C. Steganography
    D. Metaspoit
    C. Steganography
    (this multiple choice question has been scrambled)
  22. Which of the following does full disk encryption on a laptop computer NOT protect against?
    A. Theft of the data
    B. Disclosure of the data
    C. Confidentiality of the data
    D. Key Loggers
    D. Key Loggers
    (this multiple choice question has been scrambled)
  23. Which of the following passwords exemplifies the STRONGEST complexity?
    A. P@ssw0rd
    B. Passwrd
    C. passwordpassword
    D. passw0rd
    A. P@ssw0rd
    (this multiple choice question has been scrambled)
  24. Which following port ranges would give a technician the MOST comprehensive port scan of a server?
    A. 1024-15000
    B. 0-65535
    C. 0-1024
    D. 0-99999
    B. 0-65535
    (this multiple choice question has been scrambled)
  25. Which of the following attacks steals contacts from a mobile device?
    A. Bluejacking
    B. Smurf attack
    C. Session Hijacking
    D. Bluesnarfing
    D. Bluesnarfing
    (this multiple choice question has been scrambled)
  26. Which of the following attacks sends unwanted messages to a mobile device?
    A. Bulejacking
    B. bulesnarfing
    C. Session hijacking
    D. Smurf attack
    A. Bluejacking
    (this multiple choice question has been scrambled)
  27. A smurf attack relies on which protocol to preform a denial of service?
    A. SNMP
    B. ICMP
    C. DNS
    D. SMTP
    B. ICMP
    (this multiple choice question has been scrambled)
  28. Which of the following allows for multiple operating systems to run on a single piece of hardware?
    A. Port Security
    B. DMZ
    C. Virtualization
    D. Remote Access
    C. Virtualization
    (this multiple choice question has been scrambled)
  29. A user name is an example of which of the following?
    A. Authorization
    B. Authentication
    C. Access
    D. Identification
    D. Identification
    (this multiple choice question has been scrambled)
  30. The CRL contains a list of:
    A. Public Keys
    B. Valid Certificates
    C. Root Certificates
    D. Private Keys
    A. Public keys
    (this multiple choice question has been scrambled)

What would you like to do?

Home > Flashcards > Print Preview