Comptia Security + Exam MCQ Questions Answers

1. Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?

2. Which of the following functions is MOST likely performed by a web security gateway?

3. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?

4. Which of the following is a reason to perform user awareness and training?

5. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?

6. Performing routine security audits is a form of which of the following controls?

7. Which of the following is a best practice to identify fraud from an employee in a sensitive position?

8. Which of the following assists in identifying if a system was properly handled during transport?

9. Which of the following is the BEST way to secure data for the purpose of retention?

10. Which of the following access control models allows classification and labeling of objects?

11. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?

12. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?

13. Risk can be managed in the following ways...

14. Which of the following MUST a programmer implement to prevent cross-site scripting?

15. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?

16. Which of the following is another name for a malicious attacker?

17. Which of the following is true concerning email message encryption by using S/MIME?

18. What key is used to encrypt an HTTPS session?

19. Upper management decides which risk to mitigate based on cost. This is an example of:

20. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?

21. What types of encryption are used for adding a digital signature to a message?

22. You are looking for ways to protect data on a network. Your solution should: Provide for easy backup of all user data.

23. Which of the following describes a passive attempt to identify weaknesses?

24. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?

25. Which of the following will provide the HIGHEST level of wireless network security?

26. Which of the following protocols requires the use of a CA based authentication process?

27. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?

28. Which of the following manages peer authentication and key exchange for an IPSec connection?

29. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?