Free CompTIA Security+ Practice Exam, Security Plus Practice Test Ques... http://www.freetechexams.com/certifications/comptia/securityplus/securit...

01. Who is responsible for establishing access permissions to network resources in the
DAC access control model ?
(A) The system administrator
(B) The owner of the resource
(C) The system administrator and the owner of the resource
(D) The user requiring access to the resource

02. Which access control system allows the owner of a resource to establish access
permissions to that resource ?
(A) MAC
(B) DAC
(C) RBAC
(D) None of the above

03. Choose the attack method or malicious code typically used by attackers to access a
company's internal network through its remote access system ?
(A) A War dialer program
(B) Trojan horse
(C) DoS (Denial of Service) attack
(D) Worm

04. Which of the following details the primary advantage of implementing a multi-homed
firewall ?
(A) A multi-homed firewall is relatively inexpensive to implement
(B) A multi-homed firewall's rules are easier to manage
(C) When a multi-homed firewall is compromised, only those systems residing in the DMZ
(Demilitarized Zone) are vulnerable
(D) Attackers must get around two firewalls

05. Choose the option that specifies an element which is NOT typically included in
security requirements for network servers ?
(A) The absence of vulnerabilities utilized by known forms of attack against network servers
(B) The capability to allow administrative functions to all network users
(C) The capability to deny access to data on the network server except to data that should be
accessible
(D) The capability to disable unnecessary network services that are included in the operating
system or server software

06. From the options, choose the attack which an IDS (Intrusion Detection System)
cannot detect ?
(A) DoS (Denial of Service) attack
(B) Vulnerability exploits
(C) Spoofed e-mail
(D) Port scan attack

07. From the options, choose the disadvantage of implementing an IDS (Intrusion
Detection System) ?
(A) False positives
(B) Decrease in throughput
(C) Compatibility
(D) Administration

08. Which of the following types of network cables is less secure than coaxial cabling?
(A) Twisted-pair cables
(B) Fiber optic cable
(C) All of the above

09. Which of the following network cable types is most vulnerable to electromagnetic
interference (EMI) and radio frequency interference (RFI) ?
(A) Coaxial cable
(B) Unshielded Twisted Pair
(C) Shielded Twisted Pair
(D) Fiber optic cable

10. Which of the following security zones is closest to the internal network of the
company, and can also be considered as being internal to the company ?

1 of 3 18-May-11 3:09 PM
Free CompTIA Security+ Practice Exam, Security Plus Practice Test Ques... http://www.freetechexams.com/certifications/comptia/securityplus/securit...

company, and can also be considered as being internal to the company ?

(A) Internet
(B) Intranet
(C) Extranet
(D) Perimeter network

11. Which of the combinations here can be used to create an extranet?

(A) Two intranets
(B) Two perimeter networks
(C) One intranet and one perimeter network
(D) All of the above configurations

12. Security for the extranet security zone can include a number of strategies. Choose the
one that does not apply ?
(A) Using VPN connections
(B) Regularly auditing all services
(C) Use host-based firewalls for computers that contain confidential data
(D) Removing all unnecessary services
(E) Limiting the number of services provided

13. Overloading NAT allows the organization to use publicly assigned IP addresses over
the Internet that is different from its private IP addresses. To do this, which type of
mapping is performed by Overloading NAT ?
(A) Performs a one-to-one mapping of an internal IP address to an external IP address
(B) Maps multiple internal IP addresses to a range of external IP addresses
(C) Maps multiple internal IP addresses to one external IP address by employing a port-based
mapping method

14. Which technology allows you to segment or group users that have similar data
sensitivity levels together and thereby increase security ?
(A) Virtual local area network (VLAN)
(B) Network address translation (NAT)
(C) Tunneling
(D) None of the above

15. Which type of NAT configuration maps a range of internal IP addresses to a range of
external IP address ?
(A) Static NAT
(B) Dynamic NAT
(C) Overloading NAT

16. A compromise of which device could result in a VLAN being compromised?

(A) Router
(B) Switch
(C) NAT server
(D) None of the above

17. Which of the following devices used in one of the three major types of security
topologies, is a one-interface device ?
(A) Bastion host
(B) Application gateway
(C) Screened host gateway
(D) Screened subnet gateway

18. From the options, choose the VPN (Virtual Private Network) tunneling protocol?
(A) AH (Authentication Header)
(B) SSH (Secure Shell)
(C) IPSec (Internet Protocol Security)
(D) DES (Data Encryption Standard)

19. Which concept correctly specifies the location where a system administrator would
deploy a web server if that web server should be separated from other network servers ?
(A) A honey pot
(B) A hybrid subnet
(C) A DMZ (Demilitarized Zone)
(D) A VLAN (Virtual Local Area Network)

2 of 3 18-May-11 3:09 PM
Free CompTIA Security+ Practice Exam, Security Plus Practice Test Ques... http://www.freetechexams.com/certifications/comptia/securityplus/securit...

(D) A VLAN (Virtual Local Area Network)

20. From the options, which explains the general standpoint behind a DMZ (Demilitarized
Zone) ?
(A) All systems on the DMZ can be compromised because the DMZ can be accessed from the
Internet
(B) No systems on the DMZ can be compromised because the DMZ cannot be accessed from
the Internet
(C) Only those systems on the DMZ that can be accessed from the Internet can be
compromised
(D) No systems on the DMZ can be compromised because the DMZ is completely secure and
cannot be accessed from the Internet
21. Which of the following descriptions best describes an IDS?
(A) Monitors network traffic and traffic patterns that could be indicative of attacks such as port
scans and denial-of-service attacks
(B) Runs as software on a host computer system to monitor machine logs, system logs, and
applications interactions
(C) Monitors the file structure of a system to determine if any system files were deleted or
modified by an attacker
(D) A hardware device with software that monitors events in a system or network to identify
when intrusions are taking place
(E) Works by parsing system log entries to isolate any system attacks
22. Which of the following intrusion detection technologies work by monitoring the file
structure of a system to determine whether any system files were deleted or modified by
an attacker ?
(A) Network IDS
(B) Host-based IDS
(C) System integrity verifier (SIV)
(D) Log file monitor (LFM)
23. Which if the following technologies would you use if you need to implement a system
that simulates a network of vulnerable devices, so that this network can be targeted by
attackers ?
(A) A IDS
(B) A circuit-level firewall
(C) A honeypot
(D) A system integrity verifier
24. When using network monitoring systems to monitor workstations, which of the
following elements should be reviewed because their information could indicate a
possible attack ?
(A) Audit log and system log
(B) Hard disk space
(C) Network counters
(D) Network counters and access denied errors
25. A passive response is the most common type of response to a number of intrusions.
Which of the following is not a passive response strategy ?
(A) Logging
(B) Notification
(C) Deception
(D) Shunning

3 of 3 18-May-11 3:09 PM