CompTIA Security+ CE exam questions with
verified answers
Following a secure deployment methodology for custom
applications, early code testing would run in which type
of environment? - CORRECT ANSWERS ✔✔Development
Determine a solution that can combine with a cloud
access security broker (CASB) to provide a wholly cloud-
hosted platform for client access? - CORRECT ANSWERS
✔✔Next-generation secure web gateway
Consider the principles of web server hardening and
determine which actions a system administrator should
take when deploying a new server. (Select all that apply.)
- CORRECT ANSWERS ✔✔Establish a guest zone
Upload files using SSH
Use configuration templates
A user used an administrator account to download and
install a software application. After the user launched
the .exe extension installer file, the user experienced
,frequent crashes, slow computer performance, and
strange services running when turning on the computer.
What most likely happened to cause these issues? -
CORRECT ANSWERS ✔✔The user installed Trojan horse
malware.
A security operations center (SOC) analyst investigates
the propagation of a memory-resident virus across the
network and notices a rapid consumption of network
bandwidth, causing a Denial of Service (DoS). What type
of virus is this? - CORRECT ANSWERS ✔✔A worm
A user purchased a laptop from a local computer shop.
After powering on the laptop for the first time, the user
noticed a few programs like Norton Antivirus asking for
permission to install. How would an IT security specialist
classify these programs? - CORRECT ANSWERS ✔✔PUP
(potentially unwanted program)
A fileless malicious software can replicate between
processes in memory on a local host or over network
shares. What other behaviors and techniques would
classify malware as fileless rather than a normal virus?
(Select all that apply.) - CORRECT ANSWERS ✔✔-Uses
lightweight shellcode
-Uses low observable characteristic attacks
,An attacker is planning to setup a backdoor that will
infect a set of specific computers at an organization, to
inflict a set of other intrusion attacks remotely. Which of
the following will support the attackers' plan? (Select all
that apply.) - CORRECT ANSWERS ✔✔-Computer Bots,
-Command & Control
If a user's computer becomes infected with a botnet,
which of the following can this compromise allow the
attacker to do? (Select all that apply.) - CORRECT
ANSWERS ✔✔-Launch a Distributed Denial of Service
(DDoS) attack
-Establish a connection with a Command and Control
server
-Launch a mass-mail spam attack
If a user's device becomes infected with crypto-malware,
which of the following is the best way to mitigate this
compromise? - CORRECT ANSWERS ✔✔Have up-to-date
backups.
During an internal investigation, a security specialist
discovered a malicious backdoor script on a system
administrator's machine that executes if the admin's
account becomes disabled. What type of malware did the
specialist discover? - CORRECT ANSWERS ✔✔A logic
bomb
, End-users at an organization contact the cybersecurity
department. After downloading a file, they are being
redirected to shopping websites they did not intend to
navigate to, and built-in webcams turn on. The security
team confirms the issue as malicious, and notes modified
DNS (Domain Name System) queries that go to nefarious
websites hosting malware. What most likely happened to
the users' computers? - CORRECT ANSWERS
✔✔Spyware infected the computers.
An attacker installs Trojan malware that can execute
remote backdoor commands, such as the ability to upload
files and install software to a victim PC. What type of
Trojan malware is this? - CORRECT ANSWERS ✔✔A
Remote Access Trojan (RAT)
A hacker is trying to gain remote access to a company
computer by trying brute force password attacks using a
few common passwords in conjunction with multiple
usernames. What specific type of password attack is the
hacker most likely performing? - CORRECT ANSWERS
✔✔Password spraying attack
An attacker can exploit a weakness in a password
protocol to calculate the hash of a password. Which of the
following can the attacker match the hash to, as a means
verified answers
Following a secure deployment methodology for custom
applications, early code testing would run in which type
of environment? - CORRECT ANSWERS ✔✔Development
Determine a solution that can combine with a cloud
access security broker (CASB) to provide a wholly cloud-
hosted platform for client access? - CORRECT ANSWERS
✔✔Next-generation secure web gateway
Consider the principles of web server hardening and
determine which actions a system administrator should
take when deploying a new server. (Select all that apply.)
- CORRECT ANSWERS ✔✔Establish a guest zone
Upload files using SSH
Use configuration templates
A user used an administrator account to download and
install a software application. After the user launched
the .exe extension installer file, the user experienced
,frequent crashes, slow computer performance, and
strange services running when turning on the computer.
What most likely happened to cause these issues? -
CORRECT ANSWERS ✔✔The user installed Trojan horse
malware.
A security operations center (SOC) analyst investigates
the propagation of a memory-resident virus across the
network and notices a rapid consumption of network
bandwidth, causing a Denial of Service (DoS). What type
of virus is this? - CORRECT ANSWERS ✔✔A worm
A user purchased a laptop from a local computer shop.
After powering on the laptop for the first time, the user
noticed a few programs like Norton Antivirus asking for
permission to install. How would an IT security specialist
classify these programs? - CORRECT ANSWERS ✔✔PUP
(potentially unwanted program)
A fileless malicious software can replicate between
processes in memory on a local host or over network
shares. What other behaviors and techniques would
classify malware as fileless rather than a normal virus?
(Select all that apply.) - CORRECT ANSWERS ✔✔-Uses
lightweight shellcode
-Uses low observable characteristic attacks
,An attacker is planning to setup a backdoor that will
infect a set of specific computers at an organization, to
inflict a set of other intrusion attacks remotely. Which of
the following will support the attackers' plan? (Select all
that apply.) - CORRECT ANSWERS ✔✔-Computer Bots,
-Command & Control
If a user's computer becomes infected with a botnet,
which of the following can this compromise allow the
attacker to do? (Select all that apply.) - CORRECT
ANSWERS ✔✔-Launch a Distributed Denial of Service
(DDoS) attack
-Establish a connection with a Command and Control
server
-Launch a mass-mail spam attack
If a user's device becomes infected with crypto-malware,
which of the following is the best way to mitigate this
compromise? - CORRECT ANSWERS ✔✔Have up-to-date
backups.
During an internal investigation, a security specialist
discovered a malicious backdoor script on a system
administrator's machine that executes if the admin's
account becomes disabled. What type of malware did the
specialist discover? - CORRECT ANSWERS ✔✔A logic
bomb
, End-users at an organization contact the cybersecurity
department. After downloading a file, they are being
redirected to shopping websites they did not intend to
navigate to, and built-in webcams turn on. The security
team confirms the issue as malicious, and notes modified
DNS (Domain Name System) queries that go to nefarious
websites hosting malware. What most likely happened to
the users' computers? - CORRECT ANSWERS
✔✔Spyware infected the computers.
An attacker installs Trojan malware that can execute
remote backdoor commands, such as the ability to upload
files and install software to a victim PC. What type of
Trojan malware is this? - CORRECT ANSWERS ✔✔A
Remote Access Trojan (RAT)
A hacker is trying to gain remote access to a company
computer by trying brute force password attacks using a
few common passwords in conjunction with multiple
usernames. What specific type of password attack is the
hacker most likely performing? - CORRECT ANSWERS
✔✔Password spraying attack
An attacker can exploit a weakness in a password
protocol to calculate the hash of a password. Which of the
following can the attacker match the hash to, as a means
