Saturday, June 9, 2012

Free Security+ Practice Test Questions (Set 2)

If you're preparing for the Security+ SY0-301 exam, you might like to check your readiness with a few free practice test questions. This page includes six free practice test questions, one from each of the six domains in the Security+ SY0-301 exam.

Security+ Practice Test Questions (set 2)

These practice test questions came from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. The Study Guide includes full explanations of all the objectives and includes over 450 realistic practice test questions.

Question 1

Q. Of the following choices, what is the best choice for a device to filter and cache content from web pages?
A. Web security gateway
B. VPN concentrator
C. Proxy server
D. MAC filtering
Answer below.

Practice Test Question 2

Q. Employees in the accounting department are forced to take time off from their duties on a regular basis. What would direct this?
A. Account disablement policy
B. Mandatory vacation policy
C. Job rotation policy
D. Dual accounts for administrators
Answer below.
Pass the Security+ SY0-301 exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Practice Test Question 3

Q. What type of malware do users inadvertently install with USB thumb drives?
A. Spam
B. Trojans
C. Buffer overflow
D. Logic bomb
Answer below.

Practice Test Question 4

Q. An attacker is entering incorrect data into a form on a web page. The result shows the attacker the type of database used by the website and provides hints on what SQL statements the database accepts. What can prevent this?
A. Error handling
B. Antivirus software
C. Antispam software
D. Flood guards
Answer below.
Learn by listening
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio

Practice Test Question 5

Q. A user is issued a token with a number displayed in an LCD. What does this provide?
A. Rolling password for one-time use
B. Multifactor authentication
C. CAC
D. PIV
Answer below.

Practice Test Question 6

Q. Sally encrypted a project file with her public key. Later, an administrator accidentally deleted her account that had exclusive access to her private key. Can this project file be retrieved?
A. No. If the private key is lost, the data cannot be retrieved.
B. Yes. The public key can decrypt the file.
C. Yes, if a copy of her public key is stored in escrow.
D. Yes, if the organization uses a recovery agent.
Answer below.

Answers to Security+ Practice Test Questions

Other resources available to help you take and pass the Security+ exam the first time you take it include:

1 - Proxy Server

Q. Of the following choices, what is the best choice for a device to filter and cache content from web pages?
A. Web security gateway
B. VPN concentrator
C. Proxy server
D. MAC filtering
Ans: C is correct. A proxy server includes the ability to filter and cache content from web pages.
A is incorrect. A web security gateway can filter web-based content, but it doesn’t always have caching capabilities.
B is incorrect. A VPN concentrator provides access to VPN clients.
D is incorrect. MAC filtering can be used with port security on a switch, but doesn’t filter web page content.
Objective: 1.1 Explain the security function and purpose of network devices and technologies

2 - Mandatory Vacations

Q. Employees in the accounting department are forced to take time off from their duties on a regular basis. What would direct this?
A. Account disablement policy
B. Mandatory vacation policy
C. Job rotation policy
D. Dual accounts for administrators
Ans. B is correct. Mandatory vacation policies require employees to take time away from their job and help to detect fraud or malicious activities.
A is incorrect. An account disablement policy (sometimes called an account expiration policy) specifies when to disable accounts.
C is incorrect. Job rotation policies require employees to change roles on a regular basis.
D is incorrect. Dual accounts for administrators help prevent privilege escalation attacks.
Objective: 2.1 Explain risk related concepts

3 - Trojans

Q. What type of malware do users inadvertently install with USB thumb drives?
A. Spam
B. Trojans
C. Buffer overflow
D. Logic bomb
Ans. B is correct. Users can unknowingly transfer and install Trojan horse malware onto their systems with USB thumb drives.
A is incorrect. Spam is unwanted email filtered with antispam software.
C is incorrect. A buffer overflow occurs when a system receives unexpected data or more data than program can handle.
D is incorrect. A logic bomb is a program or code snippet that executes in response to an event, such as a specific time or date.
Objective: 3.1 Analyze and differentiate among types of malware

4 - Error Handling

Q. An attacker is entering incorrect data into a form on a web page. The result shows the attacker the type of database used by the website and provides hints on what SQL statements the database accepts. What can prevent this?
A. Error handling
B. Antivirus software
C. Antispam software
D. Flood guards
Ans. A is correct. Error handling will return a generic error web page rather than a detailed error that can provide an attacker with valuable information to launch a SQL injection attack.
B is incorrect. Antivirus software can detect malware, such as viruses and worms, and prevent it from running on a computer.
C is incorrect. Antispam software can filter out unwanted or unsolicited email (also called spam).
D is incorrect. Flood guards can prevent SYN flood attacks.
Objective: 4.1 Explain the importance of application security

5 - Rolling Password

Q. A user is issued a token with a number displayed in an LCD. What does this provide?
A. Rolling password for one-time use
B. Multifactor authentication
C. CAC
D. PIV
Ans. A is correct. A token (such as an RSA token) provides a rolling password for one-time use.
B is incorrect. While it can be used with multifactor authentication (requiring the user to also enter other information such as a password), it doesn’t provide multifactor authentication by itself.
C and D are incorrect. A CAC and a PIV are both specialized types of smart cards that include photo identification.
Objective: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control.

6 - Recovery Agent

Q. Sally encrypted a project file with her public key. Later, an administrator accidentally deleted her account that had exclusive access to her private key. Can this project file be retrieved?
A. No. If the private key is lost, the data cannot be retrieved.
B. Yes. The public key can decrypt the file.
C. Yes, if a copy of her public key is stored in escrow.
D. Yes, if the organization uses a recovery agent.
Ans. D is correct. If an organization uses a recovery agent, the recovery agent can decrypt the file, in some cases by recovering a copy of the private key, and in other cases by using a special recovery agent key.
A and B are incorrect. Data encrypted with a public key cannot be decrypted with the same public key.
C is incorrect. A private key is stored in escrow, but a public key would not be stored in escrow.
Objective: 6.3 Explain the core concepts of public key infrastructure

Other Resources

You may also like to check out these Security+ blogs and other links:

Good Luck with the Security+ Exam

I hope you've found these Security+ practice test questions useful. Good luck on the exam.
Posted by at