Skip to content

CompTIA Practice Tests
A+ Practice Tests
Security+ Practice Tests
Network+ Practice Tests

CompTIA Security+ Practice Test 3

Time limit: 0

Quiz Summary

0 of 20 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Test complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Next Test Main Menu

Question 1 of 20

1. Question
Which two hardening techniques secure a host system by monitoring incoming and outgoing traffic, providing real-time protection against known and unknown threats, and monitoring the host system’s behavior? (Choose two.)
- A. Encryption
- B. Disabling ports/protocols
- C. Removing unnecessary software
- D. HIPS
- E. Firewall
Correct

Incorrect
Question 2 of 20

2. Question
An organization wants to secure all the devices connected to its network, including printers, scanners, laptops, and smartphones. Which security implementation possesses anti-virus, anti-malware, and other security solutions to protect devices connected to the network?
- A. Middlepoint protection
- B. Client-based firewall
- C. Endpoint firewall
- D. Endpoint protection software
Correct

Incorrect
Question 3 of 20

3. Question
What are the responsibilities of an IaaS cloud service provider according to the responsibility matrix?
- A. Underlying infrastructure
- B. Operating systems
- C. Applications
- D. Data
Correct

Incorrect
Question 4 of 20

4. Question
A program analyst wants to configure applications in a micro-segmentation environment where the users or applications cannot talk to other applications without a defined set of policies. Which configuration model is suitable in this situation?
- A. No-two-way model
- B. VLAN restriction
- C. Zero trust model
- D. Application isolation model
Correct

Incorrect
Question 5 of 20

5. Question
How can logical segmentation divide the internal network into different VLANs for multiple departments?
- A. Divide the network into three or four segments, grouping the related VLANS together.
- B. Separate the control plane from the data plane within network devices.
- C. Segregate the VLANs based on subnets and combine the functionalities together.
- D. Divide a network into separate subnets based on functionality, security requirements, or departmental perimeters.
Correct

Incorrect
Question 6 of 20

6. Question
There are three container images: A, B, and C. Container image B is forked from container image A. Python version 3 is added to container image B. Container image C is built on container image B. Which entities should be added to container image C so that it can have security and a web server?
- A. Nginx server
- B. OpenSSL and Nginx server
- C. Database and OpenSSL server
- D. Lamp stack and Nginx server
Correct

Incorrect
Question 7 of 20

7. Question
In a SCADA architecture, which microcomputers communicate with an array of objects such as turbines, machines, gauges, sensors, and end devices and then route the information from those objects to the SCADA computers?
- A. Human-machine interface
- B. RTAs
- C. RTUs and PLCs
- D. Remote programmable units (RPUs)
Correct

Incorrect
Question 8 of 20

8. Question
Which software component rapidly switches between tasks, giving the impression that multiple programs are being executed simultaneously on a single processing core?
- A. macOS
- B. SCADA system
- C. RxWorks
- D. Real-time operating system (RTOS)
Correct

Incorrect
Question 9 of 20

9. Question
An organization wants to implement load balancing for the web server. They want the web servers to work simultaneously sharing the load. Both the systems will run the same configuration. Which infrastructure consideration should be implemented for this scenario?
- A. Active/Passive
- B. Passive/Passive
- C. Active/Passive/Active
- D. Active/Active
Correct

Incorrect
Question 10 of 20

10. Question
Which type of proxy secures a network by keeping the machine anonymous through NAT?
- A. Cache proxy
- B. Appliance-based proxy
- C. HTTP proxy
- D. IP Proxy
Correct

Incorrect
Question 11 of 20

11. Question
The 802.1X authentication procedure has four steps. In which step does the authentication server send a reply to the authenticator by specifying the EAP method?
- A. Initialization
- B. Initiation
- C. Negotiation
- D. Authentication or Accounting
Correct

Incorrect
Question 12 of 20

12. Question
Which packet filtering type in a firewall keeps track of the state of the network connections by examining the header in each packet?
- A. Stateful packet inspection
- B. Stateless packet inspection
- C.NAT packet inspection
- D. Application-level packet inspection
Correct

Incorrect
Question 13 of 20

13. Question
You are configuring a failsafe Remote Access Service (RAS) server that uses a dial-up connection to control the network equipment in case the fiber optic connections fail. Which RAS authentication should be used to secure the RAS server?
- A. Password Authentication Protocol (PAP)
- B. Shiva Password Authentication Protocol (SPAP)
- C. PAPv2
- D. MS-CHAPv2
Correct

Incorrect
Question 14 of 20

14. Question
Which attributes are exchanged in the IKEv1 phase 1 negotiation while configuring the IPsec protocol to establish site-to-site or remote access VPN tunnels?
- A. Encryption and hashing algorithms
- B. AES-GCM protocols
- C. ISAKMP SA protocol
- D. NAT traversal
Correct

Incorrect
Question 15 of 20

15. Question
How does Secure Access Service Edge (SASE) support an organization’s dynamic security needs by integrating network and security services into a single unified platform, providing seamless access to resources irrespective of where users are located?
- A. By using WAN capabilities
- B. By combining network security functions with WAN capabilities
- C. By combining IPsec functions with LAN capabilities
- D. By using the MAN network to combine security and service features
Correct

Incorrect
Question 16 of 20

16. Question
Which failure mode configuration should be used when a database server has confidential information, and you want to stop the database server from servicing requests altogether in case of server failure?
- A. Fail-open mode
- B. Fail-closed mode
- C. Load-balancing mode
- D. Server shutdown mode
Correct

Incorrect
Question 17 of 20

17. Question
Which compliance regulations in the United States govern and control the integrity and confidentiality of financial data? (Choose two.)
- A. Sarbanes-Oxley Act (SOX)
- B. Unauthorized Access Control (UAC)
- C. Craig Bailey Act (CBA)
- D. International Financial Reporting Standard (IFRS)
- E. Gramm-Leach-Bliley Act (GLBA)
Correct

Incorrect
Question 18 of 20

18. Question
Unauthorized access to which type of classified data can cause grave damage to an organization?
- A. Marketing plans
- B. List of known public users
- C. List of private users
- D. Proprietary source code
Correct

Incorrect
Question 19 of 20

19. Question
Which of the following restricted data types has an extra layer of security because an unauthorized disclosure could result in severe legal consequences, amounting to a significant financial loss and a tarnished reputation?
- A. Specific birthmark
- B. Name of the doctor assigned to a patient
- C. Patient’s admittance card
- D. Patient medical records
Correct

Incorrect
Question 20 of 20

20. Question
You have a large amount of data stored on external drives. To mitigate the risk of data theft, you want to secure it with strong encryption algorithms. In which state does this data exist?
- A. Data in transit
- B. Data in recess
- C. Data at rest
- D. Data in use
Correct

Incorrect

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Current
Correct
Incorrect

About Us
Contact Us
Privacy Policy

CompTIA® is a registered trademark of the Computing Technology Industry Association, Inc. This website is not endorsed, affiliated, or approved by CompTIA Inc.

Quiz Summary

Information

Results

Results

Categories

1. Question

Which two hardening techniques secure a host system by monitoring incoming and outgoing traffic, providing real-time protection against known and unknown threats, and monitoring the host system’s behavior? (Choose two.)

2. Question

An organization wants to secure all the devices connected to its network, including printers, scanners, laptops, and smartphones. Which security implementation possesses anti-virus, anti-malware, and other security solutions to protect devices connected to the network?

3. Question

What are the responsibilities of an IaaS cloud service provider according to the responsibility matrix?

4. Question

A program analyst wants to configure applications in a micro-segmentation environment where the users or applications cannot talk to other applications without a defined set of policies. Which configuration model is suitable in this situation?

5. Question

How can logical segmentation divide the internal network into different VLANs for multiple departments?

6. Question

There are three container images: A, B, and C. Container image B is forked from container image A. Python version 3 is added to container image B. Container image C is built on container image B. Which entities should be added to container image C so that it can have security and a web server?

7. Question

In a SCADA architecture, which microcomputers communicate with an array of objects such as turbines, machines, gauges, sensors, and end devices and then route the information from those objects to the SCADA computers?

8. Question

Which software component rapidly switches between tasks, giving the impression that multiple programs are being executed simultaneously on a single processing core?

9. Question

An organization wants to implement load balancing for the web server. They want the web servers to work simultaneously sharing the load. Both the systems will run the same configuration. Which infrastructure consideration should be implemented for this scenario?

10. Question

Which type of proxy secures a network by keeping the machine anonymous through NAT?

11. Question

The 802.1X authentication procedure has four steps. In which step does the authentication server send a reply to the authenticator by specifying the EAP method?

12. Question

Which packet filtering type in a firewall keeps track of the state of the network connections by examining the header in each packet?

13. Question

You are configuring a failsafe Remote Access Service (RAS) server that uses a dial-up connection to control the network equipment in case the fiber optic connections fail. Which RAS authentication should be used to secure the RAS server?

14. Question

Which attributes are exchanged in the IKEv1 phase 1 negotiation while configuring the IPsec protocol to establish site-to-site or remote access VPN tunnels?

15. Question

How does Secure Access Service Edge (SASE) support an organization’s dynamic security needs by integrating network and security services into a single unified platform, providing seamless access to resources irrespective of where users are located?

16. Question

Which failure mode configuration should be used when a database server has confidential information, and you want to stop the database server from servicing requests altogether in case of server failure?

17. Question

Which compliance regulations in the United States govern and control the integrity and confidentiality of financial data? (Choose two.)

18. Question

Unauthorized access to which type of classified data can cause grave damage to an organization?

19. Question

Which of the following restricted data types has an extra layer of security because an unauthorized disclosure could result in severe legal consequences, amounting to a significant financial loss and a tarnished reputation?

20. Question

You have a large amount of data stored on external drives. To mitigate the risk of data theft, you want to secure it with strong encryption algorithms. In which state does this data exist?