Practice Test Question 1
Q. What can you use to logically separate computers in two different departments within a company?A. A hub
B. A VLAN
C. NAT
D. A flood guard
Answer at end of post.
Practice Test Question 2
Q. Employees in the accounting department are forced to take time off from their duties on a regular basis. What would direct this?A. Account disablement policy
B. Mandatory vacation policy
C. Job rotation policy
D. Dual accounts for administrators
Answer at end of post.
Pass the Security+ SY0-301 exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Practice Test Question 3
Q. Of the following choices, what best represents an attack against specific employees of a company?A. Phishing
B. Vishing
C. Spim
D. Spear phishing
Answer at end of post.
Practice Test Question 4
Q. Your organization hosts several websites accessible on the Internet, and is conducting a security review of these sites. Of the following choices, what is the most common security issue for web-based applications?A. Input validation
B. Phishing
C. Whaling
D. Social engineering
Answer at end of post.
Realistic practice test questions for the Security+ SY0-301 exam
Available through LearnZapp on your mobile phone
Available through LearnZapp on your mobile phone
Practice Test Question 5
Q. Which one of the following includes a photo and can be used as identification? (Choose all that apply.)A. CAC
B. MAC
C. DAC
D. PIV
Answer at end of post.
Learn by listening
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio
Practice Test Question 6
Q. What type of key is used to sign an email message?A. Sender’s public key
B. Sender’s private key
C. Recipient’s public key
D. Recipient’s private key
Answer at end of post.
These practice test questions are from the CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions book. It includes 275 realistic practice test questions with in-depth explanations for the CompTIA Security+ SY0-301 exam. If you've been studying for this exam and want to test your readiness, this book is for you.
It is also available as Kindle ebook for only $9.99 and the Kindle version also includes dozens of flash cards to help you reinforce key testable topics. You can download free Kindle apps from Amazon so that you can access the ebook from just about any platform including:
- Windows PC
- MAC
- iPhone
- iPad
- Android
- BlackBerry
- Windows Phone 7
You may also like to check out these Security+ blogs:
- Active Fingerprinting vs Passive Fingerprinting
- Ports
- Intrusion Detection Systems and Intrusion Prevention Systems
- DoS, Smurf, and Fraggle Attacks
- Three Factors of Authentication and Multifactor Authentication
SY0-301: Exam Answer 1
Q. What can you use to logically separate computers in two different departments within a company?A. A hub
B. A VLAN
C. NAT
D. A flood guard
B is correct. A virtual local area network (VLAN) can group several different computers into a virtual network, or logically separate the computers in two different departments.
A is incorrect. A hub doesn’t have any intelligence and can’t separate the computers.
C is incorrect. NAT translates private IP addresses to public IP addresses, and public back to private.
D is incorrect. A flood guard protects against SYN flood attacks.
Objective: 1.2 Apply and implement secure network administration principles
All Security+ domain objectives are fully explained in the
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
SY0-301 Exam: Answer 2
Q. Employees in the accounting department are forced to take time off from their duties on a regular basis. What would direct this?A. Account disablement policy
B. Mandatory vacation policy
C. Job rotation policy
D. Dual accounts for administrators
Answer B is correct. Mandatory vacation policies require employees to take time away from their job and help to detect fraud or malicious activities.
A is incorrect. An account disablement policy (sometimes called an account expiration policy) specifies when to disable accounts.
C is incorrect. Job rotation policies require employees to change roles on a regular basis.
D is incorrect. Dual accounts for administrators help prevent privilege escalation attacks.
Objective: 2.1 Explain risk related concepts
SY0-301: Answer 3
Q. Of the following choices, what best represents an attack against specific employees of a company?A. Phishing
B. Vishing
C. Spim
D. Spear phishing
Answer D is correct. A spear phishing attack targets a specific person or specific groups of people such as employees of a company.
A is incorrect. Phishing sends email to users with the purpose of tricking them into revealing personal information, such as bank account information, but it doesn’t target specific employees of a company.
B is incorrect. Vishing is a form of phishing that uses recorded voice over the telephone.
C is incorrect. Spim is a form of spam using instant messaging (IM).
Objective: 3.2 Analyze and differentiate among types of attacks
If you're looking for more information on the CompTIA Security+ exam, click here.
The link provides a listing of relevant blogs on the Get Certified Get Ahead site.
The link provides a listing of relevant blogs on the Get Certified Get Ahead site.
SY0-301: Answer 4
Q. Your organization hosts several websites accessible on the Internet, and is conducting a security review of these sites. Of the following choices, what is the most common security issue for web-based applications?A. Input validation
B. Phishing
C. Whaling
D. Social engineering
Answer A is correct. Input validation checks input data, but because so many sites do not use it they are vulnerable to buffer overflow, SQL injection, and cross-site scripting attacks.
B is incorrect. Phishing is the practice of sending email to users with the purpose of tricking them into revealing personal information (such as bank account information).
C is incorrect. Whaling is a phishing attack that targets high-level executives.
D is incorrect. Social engineering is the practice of using social tactics to encourage a person to do something or reveal some piece of information.
Objective: 4.1 Explain the importance of application security
SY0-301 Exam: Answer 5
Q. Which one of the following includes a photo and can be used as identification? (Choose all that apply.)A. CAC
B. MAC
C. DAC
D. PIV
Answers A and D are correct. A common access card (CAC) and a personal identity verification (PIV) card both include photo identification and function as smart cards.
B and C are incorrect. MAC and DAC are access control models, not photo IDs.
Objective: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control
Learn by listening
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio
SY0-301 Exam: Answer 6
Q. What type of key is used to sign an email message?A. Sender’s public key
B. Sender’s private key
C. Recipient’s public key
D. Recipient’s private key
Answer B is correct. A digital signature is an encrypted hash of a message, encrypted with the sender’s private key.
A is incorrect. The recipient decrypts the hash using the sender’s public key.
C and D are incorrect. Recipient keys are used with encryption, but not with a digital signature.
Objective: 6.1 Summarize general cryptography concepts, 6.2 Use and apply appropriate cryptographic tools and products
If you want to take and pass the Security+ exam the first time you take it, check out the
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.
Success is within your reach.
