Page 1 of 49
COMPTIA SECURITY+ CERTIFICATION PRACTICE EXAMS
QUESTIONS LATEST EXAM SOLVED QUESTIONS &
ANSWERS VERIFIED 100% GRADED A+
You arrive at work today to find someone outside the building digging through
their purse. As you approach the door, the person says, "I forgot my pass at
home. Can I go in with you?" What type of attack could be occurring?
A. Tailgating
B. Dumpster diving
C. Brute force
D. Whaling
A
Your manager has requested that the combo pad locks used to secure
different areas of the company facility be replaced with electronic swipe cards.
What type of social engineering attack is your manager hoping to avoid with
this change?
A. Hoaxes
B. Tailgating
C. Dumpster diving
D. Shoulder surfing
D
Your manager has been hearing a lot about social engineering attacks and
wonders why such attacks are so effective. Which of the following identifies
reasons why the attacks are so successful? (Choose three.)
A. Authority
B. DNS poisoning
, Page 2 of 49
C. Urgency
D. Brute force
E. Trust
A, C
Jane is the lead security officer for your company and is monitoring network
traffic. Jane notices suspicious activity and asks for your help in identifying
the attack. Looking at Figure 4-1, what type of attack was performed?
A. Integer overflow
B. Directory traversal/command injection
C. Malicious add-on
D. Header manipulation
B
Which type of threat is mitigated by shredding paper documents?
A. Rootkit
B. Spyware
C. Shoulder surfing
D. Physical
D
Which of the following statements are true? (Choose two.)
A. Worms log all typed characters to a text file.
B. Worms propagate themselves to other systems.
C. Worms can carry viruses.
D. Worms infect the hard disk MBR.
B, C
One of your users, Christine, reports that when she visits web sites, pop-up
advertisements appear incessantly. After further investigation, you learn one
of the web sites she had visited had infected Flash code. Christine asks what
the problem was. What do you tell her caused the problem?
A. Cross-site scripting attack
B. Worm
C. Adware
D. Spyware
C
, Page 3 of 49
Which description best defines a computer virus?
A. A computer program that replicates itself
B. A file with a .vbs file extension
C. A computer program that gathers user information
D. A computer program that runs malicious actions
D
An exploit connects to a specific TCP port and presents the invoker with an
administrative command prompt. What type of attack is this?
A. Botnet
B. Trojan
C. Privilege escalation
D. Logic bomb
C
Ahmid is a software developer for a high-tech company. He creates a program
that connects to a chat room and waits to receive commands that will gather
personal user information. Ahmid embeds this program into an AVI file for a
current popular movie and shares this file on a P2P file-sharing network. Once
Ahmid's program is activated as people download and watch the movie, what
will be created?
A. Botnet
B. DDoS
C. Logic bomb
D. Worm
A
A user reports USB keyboard problems. You check the back of the computer
to ensure the keyboard is properly connected and notice a small connector
between the keyboard and the computer USB port. After investigation you
learn this piece of hardware captures everything a user types in. What type of
hardware is this?
A. Smartcard
B. Trojan
C. Keylogger
D. PS/2 converter
C
, Page 4 of 49
What is the difference between a rootkit and privilege escalation?
A. Rootkits propagate themselves.
B. Privilege escalation is the result of a rootkit.
C. Rootkits are the result of privilege escalation.
D. Each uses a different TCP port.
B
Which of the following are true regarding backdoors? (Choose two.)
A. They are malicious code.
B. They allow remote users access to TCP port 25.
C. They are made accessible through rootkits.
D. They provide access to the Windows root account.
A, C
You are hosting an IT security meeting regarding physical server room
security. A colleague, Syl, suggests adding CMOS hardening to existing server
security policies. What kind of security threat is Syl referring to?
A. Changing the amount of installed RAM
B. Changing CPU throttling settings
C. Changing the boot order
D. Changing power management settings
C
You are the IT security officer for a government department. You are amending
the USB security policy. Which items apply to USB security? (Choose two.)
A. Disallow external USB drives larger than 1TB.
B. Disable USB ports.
C. Prevent corporate data from being copied to USB devices unless USB
device encryption is enabled.
D. Prevent corporate data from being copied to USB devices unless USB port
encryption is enabled.
B, C
Which of the following are not considered serious cell phone threats? (Choose
two.)
A. Hackers with the right equipment posing as cell towers
B. Having Bluetooth enabled
COMPTIA SECURITY+ CERTIFICATION PRACTICE EXAMS
QUESTIONS LATEST EXAM SOLVED QUESTIONS &
ANSWERS VERIFIED 100% GRADED A+
You arrive at work today to find someone outside the building digging through
their purse. As you approach the door, the person says, "I forgot my pass at
home. Can I go in with you?" What type of attack could be occurring?
A. Tailgating
B. Dumpster diving
C. Brute force
D. Whaling
A
Your manager has requested that the combo pad locks used to secure
different areas of the company facility be replaced with electronic swipe cards.
What type of social engineering attack is your manager hoping to avoid with
this change?
A. Hoaxes
B. Tailgating
C. Dumpster diving
D. Shoulder surfing
D
Your manager has been hearing a lot about social engineering attacks and
wonders why such attacks are so effective. Which of the following identifies
reasons why the attacks are so successful? (Choose three.)
A. Authority
B. DNS poisoning
, Page 2 of 49
C. Urgency
D. Brute force
E. Trust
A, C
Jane is the lead security officer for your company and is monitoring network
traffic. Jane notices suspicious activity and asks for your help in identifying
the attack. Looking at Figure 4-1, what type of attack was performed?
A. Integer overflow
B. Directory traversal/command injection
C. Malicious add-on
D. Header manipulation
B
Which type of threat is mitigated by shredding paper documents?
A. Rootkit
B. Spyware
C. Shoulder surfing
D. Physical
D
Which of the following statements are true? (Choose two.)
A. Worms log all typed characters to a text file.
B. Worms propagate themselves to other systems.
C. Worms can carry viruses.
D. Worms infect the hard disk MBR.
B, C
One of your users, Christine, reports that when she visits web sites, pop-up
advertisements appear incessantly. After further investigation, you learn one
of the web sites she had visited had infected Flash code. Christine asks what
the problem was. What do you tell her caused the problem?
A. Cross-site scripting attack
B. Worm
C. Adware
D. Spyware
C
, Page 3 of 49
Which description best defines a computer virus?
A. A computer program that replicates itself
B. A file with a .vbs file extension
C. A computer program that gathers user information
D. A computer program that runs malicious actions
D
An exploit connects to a specific TCP port and presents the invoker with an
administrative command prompt. What type of attack is this?
A. Botnet
B. Trojan
C. Privilege escalation
D. Logic bomb
C
Ahmid is a software developer for a high-tech company. He creates a program
that connects to a chat room and waits to receive commands that will gather
personal user information. Ahmid embeds this program into an AVI file for a
current popular movie and shares this file on a P2P file-sharing network. Once
Ahmid's program is activated as people download and watch the movie, what
will be created?
A. Botnet
B. DDoS
C. Logic bomb
D. Worm
A
A user reports USB keyboard problems. You check the back of the computer
to ensure the keyboard is properly connected and notice a small connector
between the keyboard and the computer USB port. After investigation you
learn this piece of hardware captures everything a user types in. What type of
hardware is this?
A. Smartcard
B. Trojan
C. Keylogger
D. PS/2 converter
C
, Page 4 of 49
What is the difference between a rootkit and privilege escalation?
A. Rootkits propagate themselves.
B. Privilege escalation is the result of a rootkit.
C. Rootkits are the result of privilege escalation.
D. Each uses a different TCP port.
B
Which of the following are true regarding backdoors? (Choose two.)
A. They are malicious code.
B. They allow remote users access to TCP port 25.
C. They are made accessible through rootkits.
D. They provide access to the Windows root account.
A, C
You are hosting an IT security meeting regarding physical server room
security. A colleague, Syl, suggests adding CMOS hardening to existing server
security policies. What kind of security threat is Syl referring to?
A. Changing the amount of installed RAM
B. Changing CPU throttling settings
C. Changing the boot order
D. Changing power management settings
C
You are the IT security officer for a government department. You are amending
the USB security policy. Which items apply to USB security? (Choose two.)
A. Disallow external USB drives larger than 1TB.
B. Disable USB ports.
C. Prevent corporate data from being copied to USB devices unless USB
device encryption is enabled.
D. Prevent corporate data from being copied to USB devices unless USB port
encryption is enabled.
B, C
Which of the following are not considered serious cell phone threats? (Choose
two.)
A. Hackers with the right equipment posing as cell towers
B. Having Bluetooth enabled
