The purpose of this book is to provide you with

information about the Security+ exam. These

questions will make you very familiar with both the
type and the difficulty level of the questions on the
SY0-501 certification test. To get familiar with real
exam environment, we suggest you try this CompTIA
Security+ Certification Practice Exam. This book gives
you the feeling of reality and is a clue to the questions
asked in the actual CompTIA Security+ certification
exam.

These questions are simple and basic questions that

represent likeness to the real CompTIA SY0-
501 exam questions. When you solve real time
scenario based questions practically, you come across
many difficulties that give you an opportunity to
improve.

CompTIA SY0-501 Questions:

01. Which of the following reduces the
effectiveness of a good password policy?
a) Account lockout
b) Password recovery
c) Account disablement
d) Password reuse

02. You identify a system that becomes

progressively slower over a couple days until it
is unresponsive. Which of the following is most
likely the reason for this behavior?
a) Improper error handling
b) Race condition
c) Memory leak
d) Untrained user

03. Which one of the following best provides an

example of detective controls versus prevention
controls?
a) IDS/camera versus IPS/guard
b) IDS/IPS versus camera/guard
c) IPS/camera versus IDS/guard
d) IPS versus guard

04. An organization is implementing a server-

side application using OAuth 2.0. Which of the
following grant types should be used?
a) Implicit
b) Authorization code
c) Password credentials
d) Client credentials

05. Which of the following is associated with

certificate issues?
a) Unauthorized transfer of data
b) Release of private or confidential information
c) Algorithm mismatch error
d) Prevention of legitimate content

06. Eliminating email to avoid the risk of email-

borne viruses is an effective solution but is not
likely to be a realistic approach for which of the
following?
a) Risk avoidance
b) Risk transference
c) Risk acceptance
d) Risk mitigation

07. Which of the following best describes a

biometric false acceptance rate (FAR)?
a) The point at which acceptances and rejections are
equal
b) Rejection of an authorized user
c) Access allowed to an unauthorized user
d) Failure to identify a biometric image

08. Advanced malware tools use which of the

following analysis methods?
a) Static analysis
b) Context based
c) Signature analysis
 d) Manual analysis

09. If the organization requires a firewall

feature that controls network activity
associated with DoS attacks, which of the
following safeguards should be implemented?
a) Loop protection
b) Flood guard
c) Implicit deny
d) Port security

10. Which of the following is not a certificate

trust model for arranging Certificate
Authorities?
a) Bridge CA architecture
b) Hierarchical CA architecture
c) Single-CA architecture
d) Sub-CA architecture

Answers:
Question: 1 Question: 2 Question: 3 Question: 4 Question: 5
Answer: d Answer: c Answer: a Answer: b Answer: c
Question:6 Question: 7 Question: 8 Question: 9 Question: 10
Answer: a Answer: c Answer: b Answer: b Answer: d

1) Harmful programs used to disrupt computer operation,

gather sensitive information, or gain unauthorized access to
computer systems are commonly referred to as:

a) Adware
b) Malware
c) Ransom ware
d) Spyware
The correct answer: b

2) Which of the following statements apply to the definition

of a computer virus? (Select 3 answers)

a) A self-replicating computer program containing

malicious segment
b) Requires its host application to be run to make the virus
active
c) A standalone malicious computer program that
replicates itself over a computer network
d) Can run by itself without any interaction
e) Attaches itself to an application program or other
executable component
f) A self-contained malicious program or code that does
need a host to propagate itself

The correct answers: a,b,e

3) Which of the terms listed below refers to an example of a

crypto-malware?

a) Backdoor
b) Ransom ware
c) Key logger
d) Rootkit
The correct answer: b

4) Malware that restricts access to a computer system by

encrypting files or locking the entire system down until the
user performs requested action is known as:

a) Gray ware
b) Adware
c) Ransom ware
d) Spyware

The correct answer: c

5) A standalone malicious computer program that typically

propagates itself over a computer network to adversely affect
system resources and network bandwidth is called:

a) Spyware
b) Worm
c) Trojan
d) Spam

The correct answer: b

6) A type of software that performs unwanted and harmful

actions in disguise of a legitimate and useful program is known
as a Trojan horse. This type of malware may act like a
legitimate program and have all the expected functionalities,
but apart from that it will also contain a portion of malicious
code that the user is unaware of.

True
 False

The correct answer: True

7) A collection of software tools used by a hacker to mask

intrusion and obtain administrator-level access to a computer
or computer network is known as:

a) Rootkit
b) Spyware
c) Backdoor
d) Trojan

The correct answer: a

8) Which of the following answers lists an example of

spyware?

a) Key logger
b) Vulnerability scanner
c) Computer worm
d) Packet sniffer

The correct answer: a

9) What is adware?

a) Unsolicited or undesired electronic messages

b) Malicious program that sends copies of itself to other
computers on the network
c) Software that displays advertisements
d) Malicious software that collects information about
users without their knowledge
The correct answer: c

10) Malicious software collecting information about users

without their knowledge/consent is known as:

a) Crypto-malware
b) Adware
c) Ransom ware
d) Spyware

The correct answer: d

11) A malware-infected networked host under remote control

of a hacker is commonly referred to as:

a) Trojan
b) Worm
c) Bot
d) Honeypot

The correct answer: c

12) Which of the terms listed below applies to a collection of

intermediary compromised systems that are used as a
platform for a DDoS attack?

a) Honey net
b) Botnet
c) Quarantine network
d) Malware

The correct answer: b

13) Which type of Trojan enables unauthorized remote access
to a compromised system?

a) pcap
b) RAT
c) MaaS
d) pfSense

The correct answer: b

14) Malicious code activated by a specific event is called:

a) Backdoor
b) Logic bomb
c) Dropper
d) Retrovirus

The correct answer: b

15) Which of the following answers refers to an

undocumented (and often legitimate) way of gaining access to
a program, online service, or an entire computer system?

a) Logic bomb
b) Trojan horse
c) Rootkit
d) Backdoor

The correct answer: d

16) An unauthorized practice of obtaining confidential
information by manipulating people into disclosing sensitive
data is referred to as:

a) Shoulder surfing
b) Privilege escalation
c) Social engineering
d) Penetration testing

The correct answer: c

17) A fraudulent email requesting its recipient to reveal

sensitive information (e.g. user name and password) used later
by an attacker for the purpose of identity theft is an example
of: (Select all that apply)

a) Phishing
b) Watering hole attack
c) Social engineering
d) Blue jacking
e) Vishing

The correct answer: a,c

18) A social engineering technique whereby attackers under

disguise of legitimate request attempt to gain access to
confidential information they shouldn't have access to is
commonly referred to as:

a) Phishing
b) Privilege escalation
c) Backdoor access
d) Shoulder surfing
The correct answer: a

19) Phishing scams targeting a specific group of people are

referred to as:

a) Vishing
b) Spear phishing
c) Spoofing
d) Whaling

The correct answer: b

20) Phishing scams targeting people holding high positions in

an organization or business are known as:

a) Vishing
b) Bluesnarfing
c) Whaling
d) Bluejacking

The correct answer: c

21) The practice of using a telephone system to manipulate

user into disclosing confidential information is called:

a) Whaling
b) Spear phishing
c) Vishing
d) Pharming

The correct answer: c

22) What is tailgating?

a) Acquiring unauthorized access to confidential data

b) Looking over someone's shoulder to get information
c) Gaining unauthorized access to restricted areas by
following another person
d) Manipulating a user into disclosing confidential
information

The correct answer: c

23) Which social engineering attack relies on identity theft?

a) Impersonation
b) Dumpster diving
c) Watering hole attack
d) Shoulder surfing

The correct answer: a

24) In computer security, the term "Dumpster diving" is used

to describe a practice of sifting through trash for discarded
documents containing sensitive data. Found documents
containing names and surnames of the employees along with
the information about positions held in the company and
other data can be used to facilitate social engineering attacks.
Having the documents shredded or incinerated before disposal
makes dumpster diving less effective and mitigates the risk of
social engineering attacks.

True
 False

The correct answer: True

25) A situation in which an unauthorized person can view

another user's display or keyboard to learn their password or
other confidential information is referred to as:

a) Spear phishing
b) Tailgating
c) Shoulder surfing
d) Spoofing

The correct answer: c

Practice Test 2:
1) Privacy filter (a.k.a. privacy screen) is a protective
overlay placed on the computer screen that narrows the
viewing angle, so the screen content is only visible
directly in front of the monitor and cannot be seen by
others nearby. Privacy filter is one of the
countermeasures against shoulder surfing.
a) True
 b) False
Correct answer: True

2) An email message containing a warning related to a

non-existent computer security threat, asking a user to
delete system files falsely identified as malware, and/or
prompting them to share the message with others would
be an example of:
a) Vishing
b) Impersonation
c) Virus hoax
d) Phishing

Correct answer: c

3) Which of the terms listed below refers to a platform

used for watering hole attacks?
a) Mail gateways
b) Websites
c) PBX systems
d) Web browsers

Correct answer: b
4) An attacker impersonates a company's managing staff
member to manipulate a lower rank employee into
disclosing confidential data. The attacker informs the
victim that the information is essential for a task that
needs to be completed within the business hours on the
same day and mentions potential financial losses for the
company in case the victim refuses to comply. Which
social engineering principles apply to this attack
scenario? (Select 3 answers)
a) Urgency
b) Familiarity
c) Authority
d) Consensus
e) Intimidation
f) Scarcity

Correct answer: a,c,e

5) An attacker impersonating a software beta tester
replies to a victim's post in a forum thread discussing the
best options for affordable productivity software. A while
later, he/she follows up by sending the victim private
message mentioning the discussion thread and offering
free access to a closed beta version of a fake office app.
Which social engineering principles apply to this attack
scenario? (Select 3 answers)
a) Authority
b) Intimidation
c) Consensus
 d) Scarcity
e) Familiarity
f) Trust
g) Urgency
Correct answer: d,e,f
6) While conducting a web research that would help in
making a better purchasing decision, a user visits series
of Facebook pages and blogs containing fake reviews and
testimonials in favor of a paid app intentionally infected
with malware. Which social engineering principle applies
to this attack scenario?
a) Scarcity
b) Authority
c) Consensus
d) Intimidation
e) Urgency
Correct answer: c
7) An attempt to flood the bandwidth or resources of a
targeted system so that it becomes overwhelmed with
false requests and in result doesn't have time or
resources to handle legitimate requests is called:
a) Bluesnarfing
b) MITM attack
c) Session hijacking
d) DoS attack
Correct answer: d
 8) As opposed to the simple Denial of Service (DoS)
attacks that usually are performed from a single system,
a Distributed Denial of Service (DDoS) attack uses
multiple compromised computer systems to perform the
attack against its target. The intermediary systems that
are used as platform for the attack are the secondary
victims of the DDoS attack; they are often referred to as
zombies, and collectively as a botnet.
a) True
b) False
Correct answer: True
9) Which of the following attacks relies on intercepting
and altering data sent between two networked hosts?
a) Zero-day attack
b) MITM attack
c) Watering hole attack
d) Replay attack
Correct answer: b
10) A type of exploit that relies on overwriting contents
of memory to cause unpredictable results in an
application is known as:
a) IV attack
b) SQL injection
c) Buffer overflow
d) Fuzz test
Correct answer: c
11) Entry fields of web forms lacking input validation are
vulnerable to what kind of attacks?
a) Replay attacks
b) SQL injection attacks
c) Brute-force attacks
d) Dictionary attacks
Correct answer: b

12) Which of the answers listed below refers to a

common target of cross-site scripting (XSS)?
a) Physical security
b) Alternate sites
c) Dynamic web pages
d) Removable storage

Correct answer: c
13) Cross-site request forgery (CSRF/XSRF) is a security
exploit that allows for infecting a website with malicious
code. The malicious code, often in the form of JavaScript,
can then be sent to the unsuspecting user and executed
via the user's web browser application.
a) True
b) False
Correct answer: False
 14) Which type of attack allows for tricking a user into
sending unauthorized commands to a web application?
(Select 2 answers)
a) IRC
b) CSRF
c) XSS
d) XSRF
e) CSR
Correct answer: b,d
15) Which of the following facilitate(s) privilege
escalation attacks? (Select all that apply)
a) System/application vulnerability
b) Distributed Denial of Service (DDoS)
c) Social engineering techniques
d) Attribute-Based Access Control (ABAC)
e) System/application misconfiguration

Correct answer: a,c,e

16) An attacker managed to associate his/her MAC
address with the IP address of the default gateway. In
result, a targeted host is sending network traffic to the
attacker's IP address instead of the IP address of the
default gateway. Based on the given info, which type of
attack is taking place in this scenario?
a) ARP poisoning
b) Replay attack
c) Cross-site request forgery
 d) DNS poisoning
Correct answer: a

17) Which of the attack types listed below relies on the

amplification effect?
a) Zero-day attack
b) DDoS attack
c) Brute-force attack
d) MITM attack
Correct answer: b
18) Remapping a domain name to a rogue IP address is
an example of what kind of exploit?
a) DNS poisoning
b) Domain hijacking
c) ARP poisoning
d) URL hijacking
Correct answer: a
19) The term "Domain hijacking" refers to a situation in
which a domain registrant due to unlawful actions of
third parties loses control over his/her domain name.
a) True
b) False

Correct answer: True

20) Which of the terms listed below refers to a computer
security exploit that takes advantage of vulnerabilities in
a user's web browser application?
a) MTTR
b) MITM
c) MTBF
d) MITB
Correct answer: d
21) A type of attack aimed at exploiting vulnerability that
is present in already released software but unknown to
the software developer is called:
a) Xmas attack
b) Zero-day attack
c) IV attack
d) Replay attack

Correct answer: b
22) A replay attack occurs when an attacker intercepts
user data and tries to use this information later to
impersonate the user to obtain unauthorized access to
resources on a network.
a) True
b) False
Correct answer: True
23) A technique that allows an attacker to authenticate
to a remote server without extracting a cleartext
password from the digest and use the digest instead of a
password credential is known as:
a) Pass the hash
b) Replay attack
c) Hash collision
d) Rainbow table
Correct answer: a
24) In computer security, the term "Clickjacking" refers to
a malicious technique of tricking a user into clicking on
something different from what the user thinks they are
clicking on.
a) True
b) False

Correct answer: True

25) In a session hijacking attack, a hacker takes

advantage of the session ID stored in:
a) Key escrow
b) Digital signature
c) Cookie
d) Firmware
Correct answer: c
Practice test 3:
1) The term "URL hijacking" (a.k.a. "Typosquatting")
refers to a practice of registering misspelled domain
name closely resembling other well established and
popular domain name in hopes of getting Internet traffic
from users who would make errors while typing in the
URL in their web browsers.
a) True
b) False
Correct answer: True

2) A modification introduced to a computer code that

changes its external behavior (e.g. to maintain
compatibility between a newer OS and an older version
of application software) is called:
a) Shimming
b) DLL injection
c) Refactoring
d) Backdoor

Correct answer: a

3) The practice of optimizing existing computer code

without changing its external behavior is known as:
a) DLL injection
b) Shimming
c) Data Execution Prevention (DEP)
d) Refactoring

Correct answer: d
4) Which of the terms listed below refer(s) to
software/hardware driver manipulation technique(s) that
might be used to enable malware injection? (Select all
that apply)
 a) Refactoring
b) Sandboxing
c) Fuzz testing
d) Shimming
e) Sideloading
Correct answer: a, d
5) IP spoofing and MAC spoofing rely on falsifying what
type of address?
a) Broadcast address
b) Source address
c) Loopback address
d) Destination address

Correct answer: b
6) Which of the following security protocols is the least
susceptible to wireless replay attacks?
a) WPA2-CCMP
b) WPA-TKIP
c) WPA2-PSK
d) WPA-CCMP
e) WPA2-TKIP

Correct answer: a

7) A type of wireless attack designed to exploit

vulnerabilities of WEP is known as:
 a) MITM attack
b) Smurf attack
c) IV attack
d) Xmas attack
Correct answer: c
8) The term "Evil twin" refers to a rogue Wireless Access
Point (WAP) set up for eavesdropping or stealing
sensitive user data. Evil twin replaces the legitimate
access point and by advertising its own presence with the
same Service Set Identifier (SSID, a.k.a. network name)
appears as a legitimate access point to connecting hosts.
a) True
b) False
Correct answer: True
9) A wireless jamming attack is a type of:
a) Cryptographic attack
b) Denial of Service (Dos) attack
c) Brute-force attack
d) Downgrade attack

Correct answer: b
10) A solution that simplifies configuration of new
wireless networks by allowing non-technical users to
easily configure network security settings and add new
devices to an existing network is known as:
a) WPA
 b) WPS
c) WEP
d) WAP
Correct answer: b
11) Which of the wireless technologies listed below are
deprecated and should not be used due to their known
vulnerabilities? (Select 2 answers)
a) WPS
b) WAP
c) WPA2
d) WAF
e) WEP

Correct answer: a,e

12) The practice of sending unsolicited messages over
Bluetooth is called:
a) SPIM
b) Bluejacking
c) Vishing
d) Bluesnarfing

Correct answer: b

13) Gaining unauthorized access to a Bluetooth device is

referred to as:
a) Phishing
 b) Bluejacking
c) Tailgating
d) Bluesnarfing
Correct answer: d

14) Which of the following wireless technologies enables

identification and tracking of tags attached to objects?
a) WTLS
b) GPS
c) RFID
d) WAF
Correct answer: c
15) What is the name of a technology used for
contactless payment transactions?
a) NFC
b) SDN
c) PED
d) WAP
Correct answer: a

16) A wireless disassociation attack is a type of:

a) Downgrade attack
b) Brute-force attack
c) Denial of Service (Dos) attack
d) Cryptographic attack
Correct answer: c

17) Which cryptographic attack relies on the concepts of

probability theory?
a) KPA
b) Brute-force
c) Dictionary
d) Birthday

Correct answer: d
18) Which of the acronyms listed below refers to a
cryptographic attack where the attacker has access to
both the plaintext and its encrypted version?
a) KEK
b) POODLE
c) KPA
d) CSRF

Correct answer: c

19) Rainbow tables are lookup tables used to speed up

the process of password guessing.
a) True
b) False
Correct answer: True

20) Which of the following answers refers to the contents

of a rainbow table entry?
a) Hash/Password
b) IP address/Domain name
c) Username/Password
d) Account name/Hash
Correct answer: a
21) Which password attack takes advantage of a
predefined list of words?
a) Birthday attack
b) Replay attack
c) Dictionary attack
d) Brute-force attack
Correct answer: c

22) An attack against encrypted data that relies heavily

on computing power to check all possible keys and
passwords until the correct one is found is known as:
a) Replay attack
b) Brute-force attack
c) Dictionary attack
d) Birthday attack
Correct answer: b
23) One of the measures for bypassing the failed logon
attempt account lockout policy is to capture any relevant
data that might contain the password and brute force it
offline.
a) True
b) False

Correct answer: True

24) A situation where cryptographic hash function
produces two different digests for the same data input is
referred to as hash collision.
a) True
b) False
Correct answer: False

25) Which of the following answers lists an example of a

cryptographic downgrade attack?
a) MITM
b) KPA
c) POODLE
d) XSRF
Correct answer: c
Practice test 4:
1) Which of the following authentication protocols
offer(s) countermeasures against replay attacks? (Select
all that apply)
a) IPsec
b) MPLS
c) PAP
d) Kerberos
e) CHAP
Correct answer: a,d,e

2) Which of the cryptographic algorithms listed below is

the least vulnerable to attacks?
a) AES
b) DES
c) RC4
d) 3DES
Correct answer: a
3) Which of the following cryptographic hash functions is
the least vulnerable to attacks?
a) SHA-1
b) RIPEMD
c) SHA-512
d) MD5
Correct answer: c
4) Which statements best describe the attributes of a
script kiddie? (Select 2 answers)
a) Motivated by money
b) Low level of technical sophistication ( Missed)
c) Motivated by ideology
d) High level of technical sophistication
e) Lack of extensive resources/funding ( Missed)
Correct answer: b,e

5) A person who breaks into a computer network or

system for a politically or socially motivated purpose is
typically described as:
a) Insider
b) Competitor
c) Hacktivist
d) Script kiddie
Correct answer: c
6) Which of the following terms best describes a threat
actor type whose sole intent behind breaking into a
computer system or network is monetary gain?
a) Hacktivist
b) Script kiddie
c) Organized crime ( Missed)
d) Competition
Correct answer: c
7) Which statements best describe the attributes of an
APT? (Select 3 answers)
a) Lack of extensive resources/funding
b) High level of technical sophistication
c) Extensive amount of resources/funding
d) Threat actors are individuals
e) Low level of technical sophistication
f) Threat actors are governments/nation states

Correct answer: b,c,f

8) Which term best describes a disgruntled employee
abusing legitimate access to company's internal
resources?
a) Script kiddie
b) Insider threat
c) Hacktivist
d) Organized crime
Correct answer: b
9) Which of the following terms best describes a type of
threat actor that engages in illegal activities to get the
know-how and gain market advantage?
a) Insiders
b) Nation states/APT
c) Organized crime
d) Competitors

Correct answer: d
10) Which of the statements listed below describe the
purpose behind collecting OSINT? (Select 3 answers)
a) Gaining advantage over competitors
b) Passive reconnaissance in penetration testing

c) Application whitelisting/blacklisting
d) Preparation before launching a cyberattack
e) Disabling unnecessary ports and services
f) Active reconnaissance in penetration testing
Correct answer: a,b,d
11) In penetration testing, active reconnaissance involves
gathering any type of publicly available information that
can be used later for exploiting vulnerabilities found in
the targeted system.
a) True
b) False
Correct answer: False
12) In penetration testing, passive reconnaissance relies
on gathering information on the targeted system with
the use of various non-invasive software tools and
techniques, such as pinging, port scanning, or OS
fingerprinting.
a) True
b) False

Correct answer: False

13) In penetration testing, the practice of using one
compromised system as a platform for further attacks on
other systems on the same network is known as:
a) Initial exploitation
b) Pivoting
c) Escalation of privilege
d) Gray-box testing
Correct answer: b

14) Penetration test of a computer system without the

prior knowledge on how the system that is to be tested
works is commonly referred to as black-box testing.
a) True
b) False
Correct answer: True
15) Penetration test performed by an authorized
professional with the full prior knowledge on how the
system that is to be tested works is called:
a) Black-hat hacking
b) White-box testing
c) Black-box testing
d) White-hat hacking

Correct answer: b
16) Which of the following terms is used to describe a
type of penetration test in which the person conducting
the test has a limited access to information on the
internal workings of the targeted system?
a) Black-box testing
b) Fuzz testing
c) Gray-box testing
d) White-box testing
Correct answer: c

17) Penetration testing: (Select all that apply)

a) Bypasses security controls
b) Only identifies lack of security controls
c) Actively tests security controls
d) Exploits vulnerabilities
e) Passively tests security controls
Correct answer: a,c,d
18) Vulnerability scanning: (Select all that apply)
a) Identifies lack of security controls
b) Actively tests security controls
c) Identifies common misconfigurations
d) Exploits vulnerabilities
e) Passively tests security controls
Correct answer: a,c,e
19) A malfunction in preprogrammed sequential access to
a shared resource is described as:
a) Race condition
b) Buffer overflow
c) Memory leak
d) Pointer dereference
Correct answer: a

20) Which of the terms listed below refers to a software

that no longer receives continuing support?
a) OEM
b) SDLC
c) EOL
d) SPoF
Correct answer: c
21) Which of the following factors pose the greatest risk
for embedded systems? (Select 2 answers)
a) Lack of user training
b) Inadequate vendor support
c) System sprawl
d) Default configurations
e) Improper input handling

Correct answer: b,d

22) A situation in which a web form field accepts data
other than expected (e.g. server commands) is an
example of:
a) Zero-day vulnerability
b) Improper input validation
c) Default configuration
d) Improper error handling
Correct answer: b
23) After feeding an input form field with incorrect data,
a hacker gets access to debugger info providing extensive
description of the error. This situation is an example of:
a) Fuzz testing
b) Improper input handling
c) Brute-force attack
d) Improper error handling
Correct answer: d
24) A predefined username/password on a brand new
wireless router is an example of:
a) Default configuration
b) Misconfiguration
c) Zero-day vulnerability
d) Architecture/design weakness

Correct answer: a

25) Which of the answers listed below describes the

result of a successful DoS attack?
a) Code injection
b) Resource exhaustion
c) Identity theft
d) Privilege escalation

Correct answer: b
Practice test 5:

1) What is the best countermeasure against social

engineering?
a) AAA protocols
b) User authentication
c) Strong passwords
d) User education
Correct answer: d
2) Which of the following violates the principle of least
privilege?
a) Onboarding process
b) Improperly configured accounts
c) Shared accounts for privileged users
d) Time-of-day restrictions
Correct answer: b
3) An e-commerce store app running on an unpatched
web server is an example of:
a) Architecture/design weakness
b) Risk acceptance
c) Vulnerable business process ( Missed)
d) Security through obscurity

Correct answer: c
4) The purpose of a downgrade attack is to make a
computer system fall back to a weaker security mode
which makes the system more vulnerable to attacks.
a) True
b) False
Correct answer: True
5) A situation in which an application fails to properly
release memory allocated to it or continually requests
more memory than it needs is called:
a) Memory leak
b) Buffer overflow
c) DLL injection
d) Integer overflow
Correct answer: a
6) Which of the terms listed below describes a
programming error where an application tries to store a
numeric value in a variable that is too small to hold it?
a) Buffer overflow
 b) Pointer dereference
c) Memory leak
d) Integer overflow

Correct answer: d

7) A situation in which an application writes to or reads

from an area of memory that it is not supposed to access
is referred to as:
a) DLL injection
b) Buffer overflow
c) Memory leak
d) Integer overflow
Correct answer: b
8) Which of the following terms describes an attempt to
read a variable that stores a null value?
a) Integer overflow
b) Pointer dereference
c) Buffer overflow
d) Memory leak
Correct answer: b

9) A collection of precompiled functions designed to be

used by more than one Microsoft Windows application
simultaneously to save system resources is known as:
 a) DLL
b) ISO
c) EXE
d) INI

Correct answer: a
10) Which of the terms listed below describes a type of
attack that relies on executing a library of code?
a) Memory leak
b) DLL injection
c) Pointer dereference
d) Buffer overflow
Correct answer: b
11) In the IT industry, the term "System sprawl" is used
to describe poor hardware resource utilization.
a) True
b) False
Correct answer: True
12) An effective asset management process provides
countermeasures against: (Select all that apply)
a) System sprawl ( Missed)
b) Race conditions
c) Undocumented assets
d) Architecture and design weaknesses
e) User errors
Correct answer: c,d
13) Zero-day attack exploits:
a) New accounts
b) Patched software
c) Vulnerability that is present in already released
software but unknown to the software developer

d) Well known vulnerability

Correct answer: c
14) A software or hardware that checks information
coming from the Internet and depending on the applied
configuration settings either blocks it or allows it to pass
through is called:
a) Antivirus
b) Firewall
c) Antispyware
d) Malware
Correct answer: b
15) Which of the following applies to a request that
doesn't match the criteria defined in an ACL?
a) Group policy
b) Implicit deny rule
c) Transitive trust
d) Context-aware authentication
Correct answer: b
16) Stateless inspection is a firewall technology that
keeps track of network connections and based on the
collected data determines which network packets should
be allowed through the firewall.
a) True
b) False

Correct answer: False

17) Which of the answers listed below refers to a
dedicated device for managing encrypted connections
established over an untrusted network, such as the
Internet?
a) VPN concentrator
b) Load balancer
c) Managed switch
d) Multilayer switch
Correct answer: a

18) VPNs can be either remote-access (used for

connecting networks) or site-to-site (used for connecting
a computer to a network).
a) True
b) False
Correct answer: False

19) Which of the IPsec modes provides entire packet

encryption?
 a) Tunnel
b) Payload
c) Transport
d) Default

Correct answer: a
20) An IPsec mode providing encryption only for the
payload (the data part of the packet) is known as:
a) Protected mode
b) Tunnel mode
c) Transport mode
d) Safe mode
Correct answer: c

21) Which part of the IPsec protocol suite provides

authentication and integrity?
a) CRC
b) AH
c) SIEM
d) AES
Correct answer: b

22) Which of the IPsec protocols provides authentication,

integrity, and confidentiality?
 a) AES
b) SHA
c) AH
d) ESP
Correct answer: d
23) Which of the terms listed below describes a type of
VPN that alleviates bottlenecks and conserves bandwidth
by allowing users simultaneously make use of both the
VPN and public network links?
a) Tethering
b) Split tunnel
c) Load balancing
d) Full tunnel
Correct answer: b
24) Examples of secure VPN tunneling protocols include:
(Select 2 answers)
a) bcrypt
b) SCP
c) IPsec
d) WEP
e) TLS
Correct answer: c,e
25) The term "Always-on VPN" refers to a type of
persistent VPN connection the starts automatically as
soon as the computer detects a network link.
a) True
b) False
Correct answer: True

Practice test 6:
1) Which of the answers listed below illustrates the
difference between passive and active security breach
response?
a) HIPS vs. NIPS
b) UTM vs. Firewall
c) NIPS vs UTM
d) IDS vs. IPS
Correct answer: d
2) Which of the following network security solutions
inspects network traffic in real-time and has the
capability to stop the ongoing attack?
a) NIPS
b) HIDS
c) NIDS
d) NIST
Correct answer: a
3) Which of the actions listed below can be taken by an
IDS? (Select 2 answers)
a) Firewall reconfiguration
b) Closing down connection
 c) Logging
d) Terminating process
e) Sending an alert
Correct answer: c,e
4) A type of IDS that relies on predetermined attack
patterns to detect intrusions is referred to as a signature-
based IDS.
a) True
b) False
Correct answer: True
5) An IDS that detects intrusions by comparing network
traffic against the previously established baseline can be
classified as: (Select all that apply)
a) Heuristic
b) Anomaly-based
c) Behavioral
d) Signature-based
Correct answer: a,b,c

6) A security administrator configured an IDS to receive

traffic from a network switch via port mirroring. Which of
the following terms can be used to describe the
operation mode of the IDS? (Select 2 answers)
a) In-band
b) Passive
c) Inline
 d) Out-of-band

Correct answer: b,d

7) An antivirus software identifying non-malicious file as
a virus due to faulty virus signature file is an example of:
a) Fault tolerance
b) False positive error
c) Quarantine function
d) False negative error
Correct answer: b
8) Which of the following terms refers to a situation
where no alarm is raised when an attack has taken place?
a) False negative
b) True positive
c) False positive
d) True negative
Correct answer: a
9) A device designed to filter and transfer IP packets
between dissimilar types of computer networks is called:
a) Hub
b) Switch
c) Load balancer
d) Router ( Missed)
Correct answer: d
10) Routers operate at: (Select 2 answers)
 a) Physical layer of the OSI model
b) Application layer of the OSI model
c) Layer 3 of the OSI model
d) Network layer of the OSI model
e) Layer 5 of the OSI model
Correct answer: c,d
11) Which of the acronyms listed below refers to a set of
rules that specify which users or system processes are
granted access to objects as well as what operations are
allowed on a given object?
a) CRL
b) NAT
c) BCP
d) ACL
Correct answer: d
12) Which of the following answers applies to a Rule-
Based Access Control (RBAC) mechanism implemented on
routers, switches, and firewalls?
a) ACL
b) CSR
c) DLP
d) AUP
Correct answer: a
13) What type of network traffic filtering criteria can be
set on a router?
a) Filtering by IP address
b) Filtering by network protocol
 c) Filtering by subnet
d) Filtering by logical port number
e) All of the above
Correct answer: e
14) A properly configured antispoofing mechanism on a
router should block Internet traffic from IP addresses in
the range of:
a) 10.0.0.0/8
b) 172.16.0.0/12
c) 192.168.0.0/16
d) All of the above
Correct answer: d
15) Which of the answers listed below refers to a data
link layer (layer 2) device designed to forward data
packets between Local Area Network (LAN) segments?
a) Router
b) Hub
c) Switch
d) Repeater
Correct answer: c
16) Which of the following answers applies to a situation
where an Ethernet switch acts as an authenticator for
devices that intend to connect to a network through one
of its ports?
a) IEEE 802.1X
b) IEEE 802.11ac
c) IEEE 802.1D
 d) IEEE 802.11x
Correct answer: a
17) The process of securing networking devices should
include the practice of disabling unused physical ports.
a) True
b) False
Correct answer: True
18) A network switch equipped with the routing
capability is sometimes referred to as a layer 3 switch.
a) True
b) False
Correct answer: True
19) Which of the following protocols provide protection
against switching loops? (Select 2 answers)
a) RTP
b) SRTP
c) RDP
d) STP
e) RSTP
Correct answer: d,e
20) What is the name of a security mechanism that
protects a network switch against populating its MAC
table with invalid source addresses?
a) Honeypot
b) Firewall
 c) Flood guard
d) Antivirus
Correct answer: c
21) In computer networking, a computer system or an
application that acts as an intermediary between another
computer and the Internet is commonly referred to as:
a) Bridge
b) Active hub
c) Server
d) Proxy
Correct answer: d

22) Which of the following statements describe the

function of a forward proxy? (Select 2 answers)
a) Acts on behalf of a client
b) Hides the identity of a client
c) Acts on behalf of a server
d) Hides the identity of a server
Correct answer: a,b

23) Which of the statements listed below describe the

function of a reverse proxy? (Select 2 answers)
a) Acts on behalf of a client
b) Hides the identity of a server
c) Acts on behalf of a server
d) Hides the identity of a client
Correct answer: b,c
24) What are the characteristic features of a transparent
proxy? (Select all that apply)
a) Doesn't require client-side configuration
b) Modifies client's requests and responses
c) Redirects client's requests and responses without
modifying them
d) Clients might be unaware of the proxy service

e) Requires client-side configuration

Correct answer: a,c,d

25) A nontransparent proxy: (Select 2 answers)

a) Modifies client's requests and responses
b) Doesn't require client-side configuration
c) Requires client-side configuration
d) Redirects client's requests and responses without
modifying them

Correct answer: a,c

Practice test 7:
1) A network device designed for managing the optimal
distribution of workloads across multiple computing
resources is known as:
a) Layer 3 switch
b) Access Point (AP)
c) Load balancer
d) Domain controller
Correct answer: c
2) Which of the terms listed below refers to a method
that ignores the load balancing algorithm by consistently
passing requests from a given client to the same server?
a) Round-robin method
b) Active-active configuration
c) Session affinity
d) Least connection method
Correct answer: c
3) In a round-robin method, each consecutive request is
handled by: (Select best answer)
a) First server in a cluster
b) Next server in a cluster
c) Least utilized server in a cluster
d) Last server in a cluster
Correct answer: b
4) In a weighted round-robin method, each consecutive
request is handled in a rotational fashion, but servers
with higher specs are designated to process more
workload.
a) True
b) False
Correct answer: True
5) In active-passive mode, load balancers distribute
network traffic across:
a) All servers
b) Servers marked as active
c) Least utilized servers
d) Servers marked as passive
Correct answer: b
6) In active-active mode, load balancers distribute
network traffic across:
a) Least utilized servers
b) None of the servers
c) All servers
d) Most utilized servers
Correct answer: c
7) An IP address that doesn't correspond to any actual
physical network interface is called a virtual IP address
(VIP/VIPA).
a) True
 b) False
Correct answer: True
8) What type of IP address would be assigned to a
software-based load balancer to handle an Internet site
hosted on several web servers, each with its own private
IP address?
a) IPv4 address
b) Virtual IP address
c) Non-routable IP address
d) IPv6 address
Correct answer: b
9) An infrastructure device designed for connecting
wireless/wired client devices to a network is commonly
referred to as:
a) Captive portal
b) Access Point (AP)
c) Intermediate Distribution Frame (IDF)
d) Active hub
Correct answer: b

10) Which of the following acronyms is used as a unique

identifier for a WLAN (a wireless network name)?
a) BSS
b) SSID
c) ESS
d) IBSS
Correct answer: b
11) Disabling SSID broadcast:
a) Is one of the measures used in securing wireless
networks
b) Makes a WLAN harder to discover
c) Blocks access to a WAP
d) Prevents wireless clients from accessing the
network
Correct answer: b
12) A network security access control method whereby
the 48-bit physical address assigned to each network card
is used to determine access to the network is known as:
a) MAC filtering
b) Network Address Translation (NAT)
c) Static IP addressing
d) Network Access Control (NAC)
Correct answer: a
13) Which of the tools listed below would be of help in
troubleshooting signal loss and low wireless network
signal coverage?
a) Logical network diagram
b) Protocol analyzer
c) WAP power level controls
d) Physical network diagram
Correct answer: c
14) Frequency bands for IEEE 802.11 networks include:
(Select 2 answers)
a) 5.0 GHz ( Missed)
b) 2.4 GHz ( Missed)
c) 5.4 GHz
d) 2.0 GHz
Correct answer: a,b
15) A common example of channel overlapping in
wireless networking could be the 2.4 GHz band used in
802.11 networks, where the 2.401 - 2.473 GHz frequency
range is used for allocating 11 channels, each taking up a
22-MHz portion of the available spectrum. Setting up a
wireless network to operate on a non-overlapping
channel (1, 6, and 11 in this case) allows multiple
networks to coexist in the same area without causing
interference.
a) True
b) False
Correct answer: True
16) Which of the following answers refers to a common
antenna type used as a standard equipment on most
Access Points (APs) for indoor Wireless Local Area
Network (WLAN) deployments?
a) Dipole antenna
b) Dish antenna
c) Unidirectional antenna
 d) Yagi antenna
Correct answer: a
17) Which of the antenna types listed below provide a
360-degree horizontal signal coverage? (Select 2 answers)
a) Unidirectional antenna
b) Dipole antenna ( Missed)
c) Dish antenna
d) Omnidirectional antenna ( Missed)
e) Yagi antenna
Correct answer: b,d
18) Which of the following answers refer to highly
directional antenna types used for long-range point-to-
point bridging links? (Select 2 answers)
a) Dipole antenna
b) Omnidirectional antenna
c) Dish antenna
d) Non-directional antenna
e) Unidirectional antenna
Correct answer: c,e
19) An optimal Wireless Access Point (WAP) antenna
placement provides a countermeasure against:
a) War chalking
b) Tailgating
c) War driving
d) Shoulder surfing
Correct answer: c
20) A type of architecture in which most of the network
configuration settings of an Access Point (AP) are set and
managed with the use of a central switch or controller is
called:
a) Thin AP
b) Infrastructure mode
c) Fat AP
d) Ad hoc mode
Correct answer: a
21) The term "Fat AP" refers to a stand-alone Access
Point (AP) device type offering extended network
configuration options that can be set and managed after
logging in to the device.
a) True ( Missed)
b) False
Correct answer: True
22) A technology that allows for real-time analysis of
security alerts generated by network hardware and
applications is known as:
a) LACP
b) DSCP
c) SIEM
d) LWAPP

Correct answer: c
23) Which of the following statements describing the
functionality of SIEM is not true?
a) Data can be collected from many different sources
b) Collected data can be processed into actionable
information
c) Automated alerting and triggers
d) Time synchronization
e) Event deduplication
f) Use of rewritable storage media
Correct answer: f
24) Which of the terms listed below refers to computer
data storage systems, data storage devices, and data
storage media that can be written to once, but read from
multiple times?
a) DVD-RW
b) Tape library
c) Floppy disk
d) WORM( Missed)
Correct answer: d
25) Which of the following acronyms refers to software
or hardware-based security solutions designed to detect
and prevent unauthorized use and transmission of
confidential information outside of the corporate
network?
a) DRP
b) DHE
c) DLP
d) DEP
Correct answer: c
Practice test 8:
1) Which functionality allows a DLP system to fulfill its
role?
a) Motion detection
b) Environmental monitoring
c) Content inspection
d) Loop protection
Correct answer: c
2) Which of the answers listed below refer(s) to security
solution(s) that can be implemented as a function of a
DLP system? (Select all that apply)
a) USB blocking
b) Virtualization
c) Email monitoring
d) Directory services
e) Cloud-based security
Correct answer: a,c,e
3) A type of computer security solution that allows to
define and enforce network access policies is known as:
a) NAC
b) NIDS
c) NFC
d) NAT
Correct answer: a
4) Which of the following answers refer to the
implementations of NAC? (Select 2 answers)
a) IPsec
b) MAC filter ( Missed)
c) BYOD
d) 802.1X ( Missed)
e) HIDS/HIPS
Correct answer: b,d
5) A company's security policy requires all employee
devices to have a software installed that would run as a
background service on each device and perform host
security health checks before granting/denying it access
to the corporate intranet. Based on the given description,
which of the answers listed below can be used to
describe the software's features? (Select 2 answers)
a) Agentless
b) Dissolvable
c) Agent-based
d) Permanent
Correct answer: c,d
6) What type of security measures can be implemented
on an MX gateway? (Select all that apply)
a) Encryption
b) Security guards
c) DLP
d) Motion detection
e) Spam filter
Correct answer: a,d,e
7) What type of device would be the most convenient for
interconnecting two or more physically separated
network segments?
a) Wireless bridge
b) Layer 3 switch
c) Wireless Access Point (WAP)
d) Cable modem
Correct answer: a
8) SSL/TLS accelerators are used to decode secure
communication links for the purpose of content
inspection.
a) True
b) False
Correct answer: False

9) An SSL decrypted card is a type of dedicated hardware

device that improves performance of a server by taking
over computational tasks related to handling of
encrypted network traffic.
a) True
b) False

Correct answer: False

10) A type of device that translates data between
different communication formats is called:
a) Multilayer switch
b) Media gateway
c) Protocol analyzer
d) Media converter
Correct answer: b

11) Which of the answers listed below refers to a piece of

hardware and associated software/firmware designed to
provide cryptographic functions?
a) HSM
b) EFS
c) STP
d) WAF
Correct answer: a

12) A software tool used for capturing and examining

contents of the network traffic is known as:
a) Port scanner
b) Honeypot
c) Protocol analyzer
d) Vulnerability scanner

Correct answer: c
13) Which of the following is a GUI packet sniffer?
a) pfSense
b) Nmap
c) tcpdump
d) Wireshark
Correct answer: d
14) Which of the following is a CLI packet sniffer?
a) Nmap
b) tcpdump
c) OpenVAS
d) Wireshark
Correct answer: b
15) What is Nmap?
a) Network scanner
b) Exploitation framework
c) Protocol analyzer
d) Password cracker
Correct answer: a
16) Which of the tools listed below would be used to
detect a rogue AP?
a) HIDS
b) Vulnerability scanner
c) Packet sniffer
d) Wireless scanner
Correct answer: d
17) Which of the following tools would be used to
perform a site survey?
a) pfSense
b) Wireless scanner
c) OpenVAS
d) Nmap
Correct answer: b

18) Examples of password cracking software include:

(Select 2 answers)
a) Security Onion
b) John the Ripper
c) Cain & Abel
d) Back Orifice
e) tcpdump
Correct answer: b,c

19) Which of the tools listed below offers the

functionality of a vulnerability scanner?
a) Roo
b) OpenVAS
c) Wireshark
d) pfSense

Correct answer: b
20) Which of the following tools offers the functionality
of a configuration compliance scanner?
a) Zenmap
b) Roo
c) Nessus
d) DBAN
Correct answer: c
21) Which of the answers listed below is an example of
exploitation framework?
a) tcpdump
b) Metasploit
c) Security Onion
d) OpenVAS
Correct answer: b

22) What is the name of a Linux distribution commonly

used as a target system for practicing penetration testing
techniques?
a) Kali Linux
b) Debian
c) Metasploitable
d) Red Hat
e) SELinux

Correct answer: c
23) Which of the terms listed below refers to a method
for permanent and irreversible removal of data stored on
a memory device?
a) Sanitization
b) High-level formatting
c) Recycle Bin (MS Windows)
d) Partitioning
Correct answer: a
24) What is the purpose of steganography?
a) Checking data integrity
b) Calculating hash values
c) Hiding data within another piece of data
d) Data encryption
Correct answer: c
25) A monitored host containing no valuable data
specifically designed to detect unauthorized access
attempts is known as:
a) UTM appliance
b) Trojan horse
c) Captive portal
d) Honeypot
Correct answer: d
Practice Test 9:
1) Which of the following terms is used to describe a text
message containing system information details displayed
after connecting to a service on a server?
a) Log
b) Trap
c) Signature
d) Banner
Correct answer: d
2) The practice of connecting to an open port on a remote
host to gather more information about its configuration
is known as:
a) Phishing
b) Bluesnarfing
c) Banner grabbing
d) eDiscovery
Correct answer: c

3) A command-line utility used for checking the

reachability of a remote network host is called:
a) ping
b) tracert
c) dig
d) netstat
Correct answer: a
4) A security technician was asked to configure a firewall
so that the protected system would not send echo reply
packets. What type of traffic should be blocked on the
firewall to accomplish this task?
a) SRTP
b) ICMP
c) CCMP
d) SNMP
Correct answer: b
5) What is the name of a command-line utility that allows
for displaying protocol statistics and current TCP/IP
network connections?
a) ipconfig
b) tracert
c) netstat
d) traceroute
Correct answer: c

6) Netstat is a command-line utility which can be used

for:
a) Displaying active TCP/IP connections
b) Testing the reachability of a remote host
c) Displaying intermediary points on the packet route
d) Viewing the TCP/IP configuration details

Correct answer: a
7) Which netstat parameter allows to display all
connections and listening ports?
a) -a
b) -p
c) -e
d) -r
Correct answer: a
8) Which net stat parameter displays addresses and port
numbers in numerical form?
a) -b
b) -n
c) -q
d) -r
Correct answer: b

9) A network command-line utility in MS Windows that

tracks and displays the route taken by an IP packet on its
way to another host is called:
a) ping
b) traceroute
c) dig
d) tracert

Correct answer: d
10) A Linux command-line utility for displaying
intermediary points (routers) an IP packet is passed
through on its way to another network node is known as:
a) nbtstat
b) traceroute
c) netstat
d) tracert
Correct answer: b
11) Which of the following CLI tools is used to
troubleshoot DNS-related problems?
a) arp
b) nslookup
c) tracert
d) pathping
Correct answer: b

12) Domain information groper (dig) and nslookup are

command-line tools used for DNS queries. Both utilities
are available on Windows and Linux. Of the two,
nslookup is the preferred tool on UNIX-like systems; dig
is the default DNS query tool for MS Windows.
a) True
b) False

Correct answer: False

13) ARP is used to perform what kind of resolution?
a) IP to FQDN
b) MAC to IP
c) IP to MAC
d) FQDN to IP
Correct answer: c

14) Which command in MS Windows displays a table

consisting of IP addresses and their resolved physical
addresses?
a) arp -e
b) netstat -n
c) nslookup
d) arp -a
Correct answer: d

15) What is the name of a Windows command-line utility

that can be used to display TCP/IP configuration settings?
a) ifconfig
b) nslookup
c) ipconfig
d) netstat

Correct answer: c
16) Used without any parameters, ipconfig displays the IP
address, subnet mask, and default gateway for all
adapters.
a) True
b) False
Correct answer: True

17) Which of the following answers lists an ipconfig

command parameter used for displaying the full TCP/IP
configuration information for all adapters?
a) -a
b) /?
c) /all
d) /-a
Correct answer: c

18) Which ipconfig parameter allows to view the physical

address of a Network Interface Card (NIC)?
a) -S srcaddr
b) /all
c) -i address
d) eth_addr

Correct answer: b
19) Which of the following command-line commands in
MS Windows are used for resetting the DHCP
configuration settings for all adapters? (Select 2 answers)
a) ifconfig eth0 down
b) ipconfig /release
c) ifconfig eth0 up
d) ipconfig /renew
Correct answer: b,d

20) What is the name of a Linux command-line utility that

can be used to display TCP/IP configuration settings?
a) ifconfig
b) netstat
c) nslookup
d) ipconfig
Correct answer: a

21) The ip command in Linux is the preferred

replacement for:
a) netstat
b) ifconfig
c) nslookup
d) ipconfig

Correct answer: b
22) Which of the answers listed below refers to a
command-line packet capturing utility?
a) netcat
b) Zenmap
c) tcpdump
d) Nmap
Correct answer: c

23) Which of the following command-line tools is used

for discovering hosts and services on a network?
a) Nmap
b) netcat
c) Zenmap
d) tcpdump
Correct answer: a

24) Which of the command-line utilities listed below can

be used to perform a port scan? (Select 2 answers)
a) Zenmap
b) Nmap ( Missed)
c) tcpdump
d) netcat ( Missed)
e) nslookup

Correct answer: b,d

25) A command-line tool that can be used for banner
grabbing is called:
a) tcpdump
b) netcat
c) Nmap
d) Wireshark

Correct answer: b
Practice test 10:
1) Which of the following authentication protocols
transmits passwords over the network in an unencrypted
form and is therefore considered insecure?
a) RADIUS
b) PAP
c) TACACS+
d) CHAP
Correct answer: b

2) FTP, HTTP, IMAP4, LDAP, POP3, SNMPv1, SNMPv2, and

Telnet are all examples of network protocols that send
data in clear text.
a) True
b) False
Correct answer: True

3) A security solution designed to detect anomalies in the

log and event data collected from multiple network
devices is known as:
a) HIDS
b) PCAP
c) HIPS
d) SIEM
Correct answer: d
4) Which of the following security measures would be of
help in troubleshooting user permission issues? (Select 2
answers)
a) Password complexity
b) Principle of least privilege
c) Password history
d) Permissions auditing and review
e) Multifactor authentication
Correct answer: b,d
5) The term "Segmentation fault" refers to: (Select 2
answers)
a) Error handling technique
b) Access violation
c) Zero-day vulnerability
d) Memory management
e) Input validation technique
Correct answer: b,d
6) Which of the tools listed below can be used for
troubleshooting problems related to digital certificates?
(Select 2 answers)
a) CIRT
b) CRC
c) OCSP
d) CRL
e) OSPF

Correct answer: c,d

7) A software or hardware-based security solution
designed to detect and prevent unauthorized use and
transmission of confidential information outside of the
corporate network (data exfiltration) is known as:
a) DEP
b) RADIUS
c) DLP
d) PGP
Correct answer: c
8) The importance of changing default user names and
passwords can be illustrated on the example of certain
network devices (e.g. routers) which are often shipped
with default and well-known admin credentials that can
be looked up on the web.
a) True
b) False
Correct answer: True
9) Which of the following answers list(s) example(s) of
weak security configuration(s)? (Select all that apply)
a) DES
b) WPA2
c) SHA-1
d) WEP
e) SHA-512
f) WPS
Correct answer: a,c,d,f
10) A set of rules enforced in a network that restricts the
use to which the network may be put is known as:
a) SLA
b) AUP
c) MOU
d) SOW
Correct answer: b
11) Which of the security measures listed below would
be effective against the malicious insider threat? (Select 3
answers)
a) DLP system
b) Principle of least privilege
c) Time-of-day restrictions
d) Strong authentication
e) Usage auditing and review
Correct answer: a,b,e

12) What is the best countermeasure against social

engineering?
a) Strong authentication
b) Permission auditing and review
c) User awareness training
d) Password complexity requirement

Correct answer: c
13) What are the drawbacks of running an unauthorized
software in a corporate environment?
a) Potential malware propagation problem
b) Inadequate support from the in-house IT
department
c) Violation of software licensing agreements
d) All of the above
Correct answer: d
14) Usage auditing and application whitelisting are the
countermeasures against:
a) Unauthorized software
b) Social engineering
c) Weak security configurations
d) Misconfigured software
Correct answer: a
15) One of the best practices for malware removal
involves the process of isolation of files and applications
suspected of containing malware to prevent further
execution and potential harm to the user's system. This
process is referred to as:
a) Quarantine
b) Content filtering
c) Protected mode
d) Blacklisting

Correct answer: a
16) The SFC utility in MS Windows:
a) Encrypts files and folders
b) Checks file integrity and restores corrupted system
files
c) Displays information about system hardware and
software configuration
d) Starts Windows programs from command-line
interface

Correct answer: b

17) Hash functions allow for mapping large amounts of

data content to a small string of characters. The result of
hash function provides the exact "content in a nutshell"
(in the form of a string of characters) derived from the
main content. In case there's any change to the data after
the original hash was taken, the next time when hash
function is applied, the resulting hash value calculated
after content modification will be different from the
original hash. In computer forensics procedures,
comparing hashes taken at different stages of evidence
handling process ensures that the evidence hasn't been
tampered with and stays intact.
a) True
b) False

Correct answer: True

18) Which of the following acronyms refers to a network
security solution combining the functionality of a firewall
with additional safeguards such as URL filtering, content
inspection, or malware inspection?
a) MTU
b) WPA
c) UTM
d) WAP
Correct answer: c

19) An OS security feature designed to ensure safe

memory usage by applications is known as:
a) DEP
b) DLP
c) DSU
d) DRP
Correct answer: a

20) Which of the acronyms listed below refers to a

firewall controlling access to a web server?
a) WEP
b) WAP
c) WPS
d) WAF
Correct answer: d
21) Which of the following mobile connectivity methods
provides the best coverage?
a) Cellular
b) Wi-FI
c) SATCOM
d) ANT
e) Infrared
Correct answer: c
22) The process of establishing connection between
Bluetooth devices (for example between a Bluetooth
enabled headset and a Bluetooth enabled mobile phone)
is commonly referred to as:
a) Linking
b) Three-way handshake
c) Crosstalk
d) Pairing ( Missed)
Correct answer: d
23) Which of the answers listed below refers to a
technology that enables carrying out mobile payment
transactions with the use of the physical phone device?
a) WAP
b) NFC
c) IR
d) RFC
Correct answer: b
24) A wireless connectivity technology primarily used in
low-powered sports and fitness mobile devices is known
as:
a) USB
b) WTLS
c) UAV
d) ANT
Correct answer: d
25) Which of the answers listed below refers to a security
countermeasure that allows to erase data on a lost or
stolen mobile device?
a) Remote lock
b) Degaussing
c) Low-level formatting
d) Remote wipe
Correct answer: d
 CompTIA Security+
Exam SY0-501 Malware
Quiz
1) Harmful programs designed to disrupt computer operation,
gather sensitive information, or gain unauthorized access to
computer systems are commonly referred to as:

a) Adware
b) Malware
c) Ransom ware
d) Spyware

Correct answer: b
2) Which of the following answers refers to an undocumented
(and often legitimate) way of gaining access to a program,
online service, or an entire computer system?

a) Logic bomb
b) Trojan horse
c) Rootkit
d) Backdoor

Correct answer: d
3) Malicious code activated by a specific event is called:

a) Backdoor
b) Logic bomb
c) Dropper
d) Retrovirus

Correct answer: b
4) Which type of Trojan enables unauthorized remote access
to a compromised system?

a) pcap
b) RAT
c) MaaS
d) pfSense

Correct answer: b
5) Which of the terms listed below applies to a collection of
intermediary compromised systems that are used as a
platform for a DDoS attack?

a) Honeynet
b) Botnet
c) Quarantine network
d) Malware

Correct answer: b
6) A malware-infected networked host under remote control
of a hacker is commonly referred to as:

a) Trojan
b) Worm
c) Bot
d) Honeypot

Correct answer: c
7) Malicious software collecting information about users
without their knowledge/consent is known as:

a) Crypto-malware
b) Adware
c) Ransomware
d) Spyware
Correct answer: d
8) What is adware?

a) Unsolicited or undesired electronic messages

b) Malicious program that sends copies of itself to other
computers on the network
c) Software that displays advertisements
d) Malicious software that collects information about
users without their knowledge

Correct answer: c
9) Which of the following answers lists an example of
spyware?

a) Keylogger
b) Vulnerability scanner
c) Computer worm
d) Packet sniffer

Correct answer: a
10) A collection of software tools used by a hacker to mask
intrusion and obtain administrator-level access to a computer
or computer network is known as:

a) Rootkit
b) Spyware
c) Backdoor
d) Trojan

Correct answer: a
11) A type of software that performs unwanted and harmful
actions in disguise of a legitimate and useful program is known
as a Trojan horse. This type of malware may act like a
legitimate program and have all the expected functionalities,
but apart from that it will also contain a portion of malicious
code that the user is unaware of.

a) True
b) False

Correct answer: True

12) A standalone malicious computer program that typically
propagates itself over a computer network to adversely affect
system resources and network bandwidth is called:

a) Spyware
b) Worm
c) Trojan
d) Spam

Correct answer: b
13) Malware that restricts access to a computer system by
encrypting files or locking the entire system down until the
user performs requested action is known as:

a) Grayware
b) Adware
c) Ransomware
d) Spyware

Correct answer: c
14) Which of the terms listed below refers to an example of a
crypto-malware?

a) Backdoor
b) Ransomware
c) Keylogger
d) Rootkit

Correct answer: b
15) Which of the following statements apply to the definition
of a computer virus? (Select 3 answers)

a) A self-replicating computer program containing

malicious segment
b) Requires its host application to be run to make the virus
active
c) A standalone malicious computer program that
replicates itself over a computer network
d) Can run by itself without any interaction
e) Attaches itself to an application program or other
executable component
f) A self-contained malicious program or code that does
need a host to propagate itself

Correct answer: a,b,e

 CompTIA Security+
Exam SY0-501 Social
Engineering Quiz
1) An email message containing warning related to a non-
existent computer security threat, asking a user to delete
system files falsely identified as malware, and/or
prompting them to share the message with others is an
example of:
a) Vishing
b) Impersonation
c) Virus hoax
d) Phishing

Correct answer: c

2) Privacy filter (a.k.a. privacy screen) is a protective

overlay placed on the computer screen that narrows the
viewing angle, so the screen content is only visible
directly in front of the monitor and cannot be seen by
others nearby. Privacy filter is one of the
countermeasures against shoulder surfing.
a) True
b) False

Correct answer: True

3) A situation in which an unauthorized person can view
another user's display or keyboard to learn their
password or other confidential information is referred to
as:
a) Spear phishing
b) Tailgating
c) Shoulder surfing
d) Spoofing

Correct answer: c

4) In computer security, the term "Dumpster diving" is

used to describe a practice of sifting through trash for
discarded documents containing sensitive data. Found
documents containing names and surnames of the
employees along with the information about positions
held in the company and other data can be used to
facilitate social engineering attacks. Having the
documents shredded or incinerated before disposal
makes dumpster diving less effective and mitigates the
risk of social engineering attacks.
a) True
b) False

Correct answer: True

5) Which social engineering attack relies on identity

theft?
a) Impersonation
b) Dumpster diving
c) Watering hole attack
d) Shoulder surfing
Correct answer: a

6) What is tailgating?
a) Acquiring unauthorized access to confidential data
b) Looking over someone's shoulder to get
information
c) Gaining unauthorized access to restricted areas by
following another person
d) Manipulating a user into disclosing confidential
information

Correct answer: c

7) The practice of using a telephone system to

manipulate user into disclosing confidential information
is called:
a) Whaling
b) Spear phishing
c) Vishing
d) Pharming

Correct answer: c

8) Phishing scams targeting people holding high positions

in an organization or business are known as:
a) Vishing
b) Bluesnarfing
c) Whaling
d) Bluejacking
e) Pharming
Correct answer: c

9) Phishing scams targeting a specific group of people are

referred to as:
a) Vishing
b) Spear phishing
c) Spoofing
d) Whaling

Correct answer: b

10) A social engineering technique whereby attackers

under disguise of legitimate request attempt to gain
access to confidential information they shouldn't have
access to is commonly referred to as:
a) Phishing
b) Privilege escalation
c) Backdoor access
d) Shoulder surfing

Correct answer: a

11) A fraudulent email requesting its recipient to reveal

sensitive information (e.g. user name and password)
used later by an attacker for the purpose of identity theft
is an example of: (Select all that apply)
a) Phishing
b) Watering hole attack
c) Social engineering
d) Bluejacking
e) Vishing
Correct answer: a,c
12) An unauthorized practice of obtaining confidential
information by manipulating people into disclosing
sensitive data is referred to as:
a) Shoulder surfing
b) Privilege escalation
c) Social engineering
d) Penetration testing

Correct answer: c

13) Which of the terms listed below refers to a platform

used for watering hole attacks?
a) Mail gateways
b) Websites
c) PBX systems
d) Web browsers

Correct answer: b

14) While conducting a web research that would help in

making a better purchasing decision, a user visits series
of Facebook pages and blogs containing fake reviews and
testimonials in favor of a paid app intentionally infected
with malware. Which social engineering principle applies
to this attack scenario?
a) Scarcity
b) Authority
c) Consensus
d) Intimidation
e) Urgency
Correct answer: c
15) An attacker impersonating a software beta tester
replies to a victim's post in a forum thread discussing the
best options for affordable productivity software. A while
later, he/she follows up by sending the victim private
message mentioning the discussion thread and offering
free access to a closed beta version of a fake office app.
Which social engineering principles apply to this attack
scenario? (Select 3 answers)
a) Authority
b) Intimidation
c) Consensus
d) Scarcity
e) Familiarity
f) Trust
g) Urgency
Correct answer: d,e,f

16) An attacker impersonates a company's managing staff

member to manipulate a lower rank employee into
disclosing confidential data. The attacker informs the
victim that the information is essential for a task that
needs to be completed within the business hours on the
same day and mentions potential financial losses for the
company in case the victim refuses to comply. Which
social engineering principles apply to this attack
scenario? (Select 3 answers)
a) Urgency
b) Familiarity
c) Authority
d) Consensus
e) Intimidation
Correct answer: a,c,e
 CompTIA Security+
Exam SY0-501 Common
Vulnerabilities Quiz

1) A situation in which an application writes to or reads

from an area of memory that it is not supposed to access

is referred to as:

a) DLL injection

b) Buffer overflow

c) Memory leak

d) Integer overflow

Correct answer: b
2) Which of the terms listed below describes a

programming error where an application tries to store a

numeric value in a variable that is too small to hold it?

a) Buffer overflow

b) Pointer dereference

c) Memory leak

d) Integer overflow

Correct answer: d

3) A situation in which an application fails to properly

release memory allocated to it or continually requests

more memory than it needs is called:

a) Memory leak

b) Buffer overflow

c) DLL injection

d) Integer overflow

Correct answer: a
4) The purpose of a downgrade attack is to make a

computer system fall back to a weaker security mode

which makes the system more vulnerable to attacks.

a) True

b) False

Correct answer: True

5) A collection of precompiled functions designed to be

used by more than one Microsoft Windows application

simultaneously to save system resources is known as:

a) DLL

b) ISO

c) EXE

d) INI

Correct answer: a
6) Which of the following terms describes an attempt to

read a variable that stores a null value?

a) Integer overflow

b) Pointer dereference

c) Buffer overflow

d) Memory leak

Correct answer: b

7) A predefined username/password on a brand new

wireless router is an example of:

a) Default configuration

b) Misconfiguration

c) Zero-day vulnerability

d) Architecture/design weakness

Correct answer: a
8) A situation in which a web form field accepts data

other than expected (e.g. server commands) is an

example of:

a) Zero-day vulnerability

b) Improper input validation

c) Default configuration

d) Improper error handling

Correct answer: b

9) Which of the terms listed below describes a type of

attack that relies on executing a library of code?

a) Memory leak

b) DLL injection

c) Pointer dereference

d) Buffer overflow

Correct answer: b
10) In the IT industry, the term "System sprawl" is used

to describe poor hardware resource utilization.

a) True

b) False

Correct answer: True

11) An e-commerce store app running on an unpatched

web server is an example of:

a) Architecture/design weakness

b) Risk acceptance

c) Vulnerable business process

d) Security through obscurity

Correct answer: c
12) Which of the following violates the principle of least

privilege?

a) Onboarding process

b) Improperly configured accounts

c) Shared accounts for privileged users

d) Time-of-day restrictions

Correct answer: b

13) What is the best countermeasure against social

engineering?

a) AAA protocols

b) User authentication

c) Strong passwords

d) User education

Correct answer: d
14) Which of the answers listed below describes the

result of a successful DoS attack?

a) Code injection

b) Resource exhaustion

c) Identity theft

d) Privilege escalation

Correct answer: b

15) Zero-day attack exploits:

a) New accounts

b) Patched software

c) Vulnerability that is present in already released

software but unknown to the software developer

d) Well known vulnerability

Correct answer: c
16) After feeding an input form field with incorrect data,

a hacker gets access to debugger info providing extensive

description of the error. This situation is an example of:

a) Fuzz testing

b) Improper input handling

c) Brute-force attack

d) Improper error handling

Correct answer: d

17) An effective asset management process provides

countermeasures against: (Select all that apply)

a) System sprawl

b) Race conditions

c) Undocumented assets

d) Architecture and design weaknesses

e) User errors

Correct answer: a,c,d

18) Which of the following factors pose the greatest risk

for embedded systems? (Select 2 answers)

a) Lack of user training

b) Inadequate vendor support

c) System sprawl

d) Default configurations

e) Improper input handling

Correct answer: b,d

19) Which of the terms listed below refers to a software

that no longer receives continuing support?

a) OEM

b) SDLC

c) EOL

d) SPoF

Correct answer: c
20) A malfunction in preprogrammed sequential access to

a shared resource is described as:

a) Race condition

b) Buffer overflow

c) Memory leak
d) Pointer dereference

Correct answer: a
 CompTIA Security+
Exam SY0-501
Command-Line Utilities
Quiz
1) A command-line tool that can be used for banner

grabbing is called:

a) tcpdump

b) netcat

c) Nmap

d) Wireshark

Correct answer: b

2) Which of the command-line utilities listed below can

be used to perform a port scan? (Select 2 answers)

a) Zenmap

b) Nmap

c) tcpdump

d) netcat
 e) nslookup

Correct answer: b,d

3) Which of the following command-line tools is used for

discovering hosts and services on a network?

a) Nmap

b) netcat

c) Zenmap

d) tcpdump

Correct answer: a

4) Which of the answers listed below refers to a

command-line packet capturing utility?

a) netcat

b) Zenmap

c) tcpdump

d) Nmap

Correct answer: c
5) The ip command in Linux is the preferred replacement

for:

a) netstat

b) ifconfig

c) nslookup

d) ipconfig

Correct answer: b

6) What is the name of a Linux command-line utility that

can be used to display TCP/IP configuration settings?

a) ifconfig

b) netstat

c) nslookup

d) ipconfig

Correct answer: a
7) Which of the following command-line commands in

MS Windows are used for resetting the DHCP

configuration settings for all adapters? (Select 2 answers)

a) ifconfig eth0 down

b) ipconfig /release

c) ifconfig eth0 up

d) ipconfig /renew

Correct answer: b,d

8) Which ipconfig parameter allows to view the physical

address of a Network Interface Card (NIC)?

a) -S srcaddr

b) /all

c) -i address

d) eth_addr

Correct answer: b
9) Which of the following answers lists an ipconfig

command parameter used for displaying the full TCP/IP

configuration information for all adapters?

a) -a

b) /?

c) /all

d) /-a

Correct answer: c

10) Used without any parameters, ipconfig displays the IP

address, subnet mask, and default gateway for all

adapters.

a) True

b) False

Correct answer: True

11) What is the name of a Windows command-line utility

that can be used to display TCP/IP configuration settings?

a) ifconfig

b) nslookup

c) ipconfig

d) netstat

Correct answer: c

12) The arp command can be used to perform what kind

of resolution?

a) IP to FQDN

b) MAC to IP

c) IP to MAC

d) FQDN to IP

Correct answer: c
 13) Which command in MS Windows displays a table

consisting of IP addresses and their resolved physical

addresses?

a) arp -e

b) netstat -n

c) nslookup

d) arp -a

Correct answer: d

14) Domain information groper (dig) and nslookup are

command-line tools used for DNS queries. Both utilities

are available on Windows and Linux. Of the two,

nslookup is the preferred tool on UNIX-like systems; dig

is the default DNS query tool for MS Windows.

a) True

b) False

Correct answer: False

15) Which of the following CLI tools is used to

troubleshoot DNS-related problems?

a) arp

b) nslookup

c) tracert

d) pathping

Correct answer: b

16) A Linux command-line utility for displaying

intermediary points (routers) an IP packet is passed

through on its way to another network node is known as:

a) nbtstat

b) traceroute

c) netstat

d) tracert

Correct answer: b
17) A network command-line utility in MS Windows that

tracks and displays the route taken by an IP packet on its

way to another host is called:

a) ping

b) traceroute

c) dig

d) tracert

Correct answer: d

18) Netstat is a command-line utility which can be used

for:

a) Displaying active TCP/IP connections

b) Testing the reachability of a remote host

c) Displaying intermediary points on the packet route

d) Viewing the TCP/IP configuration details

Correct answer: a
19) A security technician was asked to configure a

firewall so that the protected system would not send

echo reply packets. What type of traffic should be

blocked on the firewall to accomplish this task?

a) SRTP

b) ICMP

c) CCMP

d) SNMP

Correct answer: b

20) A command-line utility used for checking the

reachability of a remote network host is called:

a) ping

b) tracert

c) dig
d) netstat
Correct answer: a
 CompTIA Security+
Exam SY0-501 Secure
Network Protocols Quiz
1) Which of the answers listed below refers to a

deprecated TLS-based method for securing SMTP?

a) PPTP

b) STARTTLS

c) L2TP

d) SMTPS

Correct answer: d

2) Which of the following answers refers to a secure

implementation of a protocol used for synchronizing

clocks over a computer network?

a) NTPsec

b) SNMPv3

c) SRTP

d) IPsec
Correct answer: a

3) What are the characteristic features of the secure

version of IMAP? (Select all that apply)

a) TCP port 143

b) Secure Sockets Layer (SSL)

c) TCP port 993

d) Transport Layer Security (TLS)

e) TCP port 995

Correct answer: b,c,d

4) Which of the answers listed below refer(s) to POP3S

encrypted communication? (Select all that apply)

a) TCP port 993

b) Secure Sockets Layer (SSL)

c) TCP port 995

d) Transport Layer Security (TLS)

e) TCP port 110

Correct answer: b,c,d

5) Which of the following protocols are used for securing

HTTP connections? (Select 2 answers)

a) SCP

b) EFS

c) SSL

d) TLS

e) STP

Correct answer: c,d

6) A secure version of the HTTP protocol offering traffic

encryption is known as: (Select all that apply)

a) HSPA

b) HTTP over SSL

c) HSRP

d) HTTP over TLS

e) HTTPS

Correct answer: b,d,e

7) Which version(s) of the SNMP protocol offer(s)

authentication based on community strings sent in an

unencrypted form? (Select all that apply)

a) SNMPv1

b) SNMPv2

c) SNMPv3

d) SNMPv4

Correct answer: a,b

8) Of the three existing versions of the Simple Network

Management Protocol (SNMP), versions 1 and 2 (SNMPv1

and SNMPv2) offer authentication based on community

strings sent in an unencrypted form (in cleartext).

SNMPv3 provides packet encryption, authentication, and

hashing mechanisms that allow for checking whether

data has changed in transit (i.e. data integrity).

a) True

b) False
Correct answer: True

9) FTPS is an extension to the Secure Shell protocol (SSH)

and runs by default on port number 22.

a) True

b) False

Correct answer: False

10) A network protocol for secure file transfer over

Secure Shell (SSH) is called:

a) TFTP

b) SFTP

c) Telnet

d) FTPS

Correct answer: b
11) Secure File Transfer Protocol (SFTP) is an extension to

the FTP that adds support for the Transport Layer

Security (TLS) and the Secure Sockets Layer (SSL)

cryptographic protocols.

a) True

b) False

Correct answer: False

12) Which of the following protocols allow(s) for secure

file transfer? (Select all that apply)

a) FTPS

b) TFTP

c) FTP

d) SFTP

e) SCP

Correct answer: a,d,e

13) LDAPS is an example of:

a) Authentication protocol

b) Secure directory access protocol

c) Address resolution protocol

d) File exchange protocol

Correct answer: b

14) Which protocol enables secure, real-time delivery of

audio and video over an IP network?

a) S/MIME

b) RTP

c) SIP

d) SRTP

Correct answer: d
15) Multipurpose Internet Mail Extensions (MIME)

specification extends the email message format beyond

simple text, enabling the transfer of graphics, audio, and

video files over the Internet mail system. Secure MIME

(S/MIME) is an enhanced version of the MIME protocol

that enables email security features by providing

encryption, authentication, message integrity, and other

related services.

a) True

b) False

Correct answer: True

16) Which of the protocols listed below was designed as a

secure replacement for Telnet?

a) CHAP

b) FTP

c) SNMP

d) SSH
Correct answer: d

17) Which of the following answers refers to a

cryptographic network protocol for secure data

communication, remote command-line login, remote

command execution, and other secure network services?

a) Telnet

b) SSH

c) Bcrypt

d) TFTP

Correct answer: b

18) A suite of security extensions for Internet service

that translates domain names into IP addresses is known

as:

a) EDNS

b) DNSSEC

c) Split DNS
d) DDNS
Correct answer: b
 CompTIA Security+
Exam SY0-501 TCP and
UDP Ports Quiz
1) Which of the following answers refers to a TCP port

used by FTP for session control?

a) 20

b) 22

c) 21

d) 25

Correct answer: c

2) An FTP data transfer connection is established through

a TCP port number:

a) 23

b) 25

c) 20

d) 21
Correct answer: c

3) Which of the port numbers listed below are used by

FTP over TLS/SSL (FTPS)? (Select 2 answers)

a) 20

b) 989

c) 5060

d) 21

e) 990

f) 5061

Correct answer: b,e

4) Which of the following statements are true? (Select all

that apply)

a) Secure File Transfer Protocol (SFTP) runs by default

on port 22

b) Secure Copy (SCP) runs by default on port 22

c) Secure Shell (SSH) runs by default on port 22

 d) File Transfer Protocol over TLS/SSL (FTPS) runs by

default on port 22

e) Trivial File Transfer Protocol (TFTP) runs by default

on port 22

Correct answer: a,b,c

5) Dynamic Host Configuration Protocol (DHCP) runs on:

(Select 2 answers)

a) UDP port 65

b) UDP port 66

c) UDP port 67

d) UDP port 68

e) UDP port 69

Correct answer: c,d

6) Which UDP port number is used by DNS?

a) 53

b) 67

c) 110
 d) 389

Correct answer: a

7) TCP port 80 is assigned to:

a) Hypertext Transfer Protocol (HTTP)

b) Hypertext Transfer Protocol over TLS/SSL (HTTPS)

c) Internet Message Access Protocol (IMAP)

d) Lightweight Directory Access Protocol (LDAP)

Correct answer: a

8) HTTPS runs on:

a) TCP port 80

b) TCP port 443

c) UDP port 53

d) TCP port 143

Correct answer: b

9) Which of the TCP port numbers listed below is

assigned to the Internet Message Access Protocol

(IMAP)?

a) 143

b) 389

c) 443

d) 636

Correct answer: a

10) What are the characteristic features of IMAPS?

(Select all that apply)

a) TCP port 143

b) Secure Sockets Layer (SSL)

c) TCP port 993

d) Transport Layer Security (TLS)

e) TCP port 995

Correct answer: b,c,d

11) Which protocols use port 500? (Select 2 answers)

a) L2TP

b) IKE

c) POP3S

d) SIP

e) ISAKMP

Correct answer: b,e

12) Which of the following answers refers to a port

number assigned to the Kerberos authentication system?

a) 49

b) 88

c) 1645

d) 1723
Correct answer: b

13) Port 1701 is used by:

a) L2TP

b) RADIUS

c) PPTP

d) SMTPS

Correct answer: a

14) TCP port 389 is the default network port for:

a) RDP

b) LDAP

c) SMB

d) LDAPS

Correct answer: b
15) A network administrator has been asked to secure

directory service access with an SSL/TLS encryption.

Which of the following TCP ports needs to be opened to

implement this change?

a) 636

b) 389

c) 443

d) 1720

Correct answer: a

16) TCP port 119 is assigned to:

a) Internet Message Access Protocol (IMAP)

b) Post Office Protocol v3 (POP3)

c) Network Time Protocol (NTP)

d) Network News Transfer Protocol (NNTP)

Correct answer: d
17) Network Time Protocol (NTP) runs on UDP port:

a) 123

b) 110

c) 161

d) 137

Correct answer: a

18) Post Office Protocol version 3 (POP3) uses:

a) TCP port 110

b) UDP port 123

c) TCP port 143

d) UDP port 161

Correct answer: a
19) Which of the answers listed below refer(s) to POP3S

encrypted communication? (Select all that apply)

a) TCP port 993

b) Secure Sockets Layer (SSL)

c) TCP port 995

d) Transport Layer Security (TLS)

e) TCP port 110

Correct answer: b,c,d

20) Which of the following statements are true? (Select

all that apply)

a) Point-to-Point Tunneling Protocol (PPTP) runs on

TCP port 1723

b) Port 1701 is used by Layer 2 Forwarding Protocol

(L2F) and Layer 2 Tunneling Protocol (L2TP)

c) Port number 88 is used by Kerberos authentication

system
 d) Hypertext Transfer Protocol over TLS/SSL runs on

TCP port 143

e) Port number 443 is used by Internet Message

Access Protocol (IMAP)

Correct answer: a,b,c

21) Which of the ports listed below are used by RADIUS?

(Select 2 answers)

a) 989

b) 1812

c) 5060

d) 990

e) 1813

f) 5061

Correct answer: b,e

22) A network technician uses Remote Desktop Protocol

(RDP) client on their Windows OS to remotely

troubleshoot a problem on another Windows machine.

Which of the following ports needs to be opened for the

built-in Windows RDP server to allow this type of

network connection?

a) TCP port 389

b) TCP port 636

c) TCP port 3389

d) TCP port 993

Correct answer: c

23) Unblocking port number 22 enables what type of

traffic? (Select all that apply)

a) SSH

b) SFTP

c) FTP

d) TFTP
 e) SCP

f) FTPS

Correct answer: a,b,e

24) Which of the following ports are assigned to the

Session Initiation Protocol (SIP)? (Select 2 answers)

a) 989

b) 1812

c) 5060

d) 990

e) 1813

f) 5061

Correct answer: c,f

25) Secure File Transfer Protocol (SFTP) is an extension to

the Secure Shell protocol (SSH) and runs on TCP port

number 22.

a) True

b) False

Correct answer: True

26) TCP port 25 is used by:

a) SNMP

b) Telnet

c) FTP

d) SMTP

Correct answer: d
27) What are the characteristic features of SMTPS?

(Select all that apply)

a) TCP port 143

b) Secure Sockets Layer (SSL)

c) TCP port 443

d) Transport Layer Security (TLS)

e) TCP port 465

Correct answer: b,d,e

28) An SNMP management station receives SNMP

notifications from Agents on UDP port:

a) 161

b) 137

c) 162

d) 138

Correct answer: c
29) An SNMP Agent receives requests on UDP port:

a) 161

b) 137

c) 162

d) 138

Correct answer: a

30) The Secure Shell (SSH) protocol uses TCP port:

a) 23

b) 25

c) 21

d) 22

Correct answer: d
31) A network administrator has been asked to set up a

VPN link on a connecting host with no dedicated VPN

client application installed. Which of the following ports

needs to be opened to enable this type of connection?

a) 443

b) 22

c) 143

d) 3389

Correct answer: a

32) Which of the answers listed below refer to ports used

by syslog servers? (Select 2 answers)

a) UDP port 514

b) TCP port 465

c) TCP port 6514

d) UDP port 500

e) TCP port 1723

Correct answer: a,c

33) TACACS+ runs on TCP port:

a) 389

b) 49

c) 636

d) 88

Correct answer: b

34) Port number 23 is assigned to:

a) Secure Shell (SSH)

b) File Transfer Protocol (FTP)

c) Telnet

d) Simple Mail Transfer Protocol (SMTP)

Correct answer: c
35) Trivial File Transfer Protocol (TFTP) uses:

a) UDP port 66

b) UDP port 67

c) UDP port 68
d) UDP port 69

Correct answer: d
 CompTIA Security+
Exam SY0-501
Cryptography Quiz
1) Which of the following terms illustrate(s) the security

through obscurity concept? (Select all that apply)

a) Code obfuscation

b) Steganography

c) SSID broadcast suppression

d) Encryption

e) Substitution ciphers

Correct answer: a,b,c,e

2) Which of the answers listed below refers to a solution

designed to strengthen the security of session keys?

a) ECB

b) PFS

c) EFS

d) PFX
Correct answer: b

3) In cryptography, the term "Key stretching" refers to a

mechanism for extending the length of a cryptographic

key to make it more secure against brute-force attacks.

a) True

b) False

Correct answer: True

4) Which of the three states of digital data requires data

to be processed in an unencrypted form?

a) Data-in-transit

b) Data-at-rest

c) Data-in-use

Correct answer: c
5) In cryptography, the term "Secret algorithm" refers to

an algorithm designed in a way that prevents the

examination of its inner workings.

a) True

b) False

Correct answer: True

6) The term "Ephemeral key" refers to an asymmetric

encryption key designed to be used only for the duration

of a single session or transaction.

a) True

b) False

Correct answer: True

7) What are the characteristic features of a session key?

(Select 2 answers)

a) Used during a single session

b) Asymmetric key

c) Reused during multiple sessions

d) Symmetric key

Correct answer: a,d

8) In cryptography, the number of bits in a key used by a

cryptographic algorithm is referred to as a key size or key

length. The key size determines the maximum number of

combinations required to break the encryption

algorithm, therefore typically a longer key means

stronger cryptographic security.

a) True

b) False

Correct answer: True

9) Unlike stream ciphers which process data by

encrypting individual bits, block ciphers divide data into

separate fragments and encrypt each fragment

separately.

a) True

b) False

Correct answer: True

10) Which of the following terms is used in conjunction

with the assumption that the output of a cryptographic

function should be considerably different from the

corresponding plaintext input?

a) Confusion

b) Obfuscation

c) Collision

d) Diffusion

Correct answer: a
11) Which of the terms listed below is used to describe a

situation where a small change introduced to the input

data before encryption causes large changes in its

encrypted version?

a) Diffusion

b) Confusion

c) Obfuscation

d) Collision

Correct answer: a

12) Digital signatures provide: (Select 3 answers)

a) Integrity

b) Authentication

c) Confidentiality

d) Authorization

e) Non-repudiation

f) Accounting

Correct answer: a,b,e

13) What are the examples of weak/deprecated

cryptographic solutions? (Select 3 answers)

a) WEP

b) AES

c) SSL

d) DES

e) PGP

Correct answer: a,c,d

14) What are the characteristic features of Elliptic Curve

Cryptography (ECC)? (Select 3 answers)

a) Asymmetric encryption

b) Low processing power requirements

c) Suitable for small wireless devices

d) High processing power requirements

e) Symmetric encryption

f) Not suitable for small wireless devices

Correct answer: a,b,c

15) Examples of means that provide randomization

during the encryption process include: (Select 3 answers)

a) Cryptographic nonce

b) Obfuscation

c) Salting

d) Initialization Vector (IV)

e) Shimming

Correct answer: a,c,d

16) Pseudo-random data used in combination with a

secret key in WEP and SSL encryption schemes is known

as:

a) Salt

b) Shim

c) IV

d) Seed

Correct answer: c
17) Which of the following answers refers to a type of

additional input that increases password complexity and

provides better protection against brute-force,

dictionary, and rainbow table attacks?

a) Seed

b) IV

c) Salt

d) Shim

Correct answer: c

18) Pseudo-random data added to a password before

hashing is called:

a) Shim

b) Salt

c) Seed

d) IV

Correct answer: b
19) In asymmetric encryption, any message encrypted

with the use of a public key can only be decrypted by

applying the same algorithm and a matching private key.

a) True

b) False

Correct answer: True

20) A type of encryption scheme that uses a paired public

and private key is known as: (Select 2 answers)

a) Secret-key encryption

b) Asymmetric encryption

c) Symmetric encryption

d) Public-key encryption

e) Session-key encryption

Correct answer: b,d

21) Which of the block cipher modes listed below

provides both data integrity and confidentiality?

a) CBC

b) GCM

c) ECB

d) CTR

Correct answer: b

22) Which of the following block cipher modes is the

simplest/weakest and therefore not recommended for

use?

a) CBC

b) GCM

c) ECB

d) CTR

Correct answer: c
23) Symmetric encryption algorithms require large

amounts of processing power for both encryption and

decryption of data which makes them much slower in

comparison to asymmetric encryption ciphers.

a) True

b) False

Correct answer: False

24) A type of encryption scheme where the same key is

used to encrypt and decrypt data is referred to as: (Select

3 answers)

a) Session-key encryption

b) Public-key encryption

c) Symmetric encryption

d) Asymmetric encryption

e) Secret-key encryption

Correct answer: a,c,e

25) Examples of techniques used for encrypting

information include symmetric encryption (also called

public-key encryption) and asymmetric encryption (also

called secret-key encryption, or session-key encryption.)

a) True

b) False

Correct answer: False

26) Which of the answers listed below refer to

obfuscation methods? (Select 3 answers)

a) Encryption

b) Steganography

c) XOR cipher

d) Password salting

e) ROT13

Correct answer: b,c,e

27) What are the examples of key stretching algorithms?

(Select 2 answers)

a) ROT13

b) Twofish

c) Bcrypt

d) DSA

e) PBKDF2

Correct answer: c,e

28) Which of the following are hashing algorithms?

(Select all that apply)

a) MD5

b) RIPEMD

c) Bcrypt

d) HMAC

e) SHA

Correct answer: a,b,d,e

29) Which of the algorithms listed below does not fall

into the category of asymmetric encryption?

a) RSA

b) GPG

c) DSA

d) AES

e) DHE

f) ECDHE

g) PGP

Correct answer: d

30) Which of the following answers refers to a commonly

used asymmetric algorithm for secure exchange of

symmetric keys?

a) RC4

b) Bcrypt

c) Diffie-Hellman

d) RIPEMD
Correct answer: c

31) A cryptographic standard for digital signatures is

known as:

a) DSA

b) PFS

c) DES

d) RSA

Correct answer: a

32) Which of the algorithms listed below does not

belong to the category of symmetric ciphers?

a) RC4

b) DES

c) RSA

d) AES

e) Blowfish

f) 3DES

g) Twofish
Correct answer: c

33) Which of the answers listed below refer to the

Advanced Encryption Standard (AES)? (Select 3 answers)

a) Symmetric-key algorithm

b) 128-, 192-, and 256-bit keys

c) Asymmetric-key algorithm

d) Stream cipher algorithm

e) 56-, 112-, and 168-bit keys

f) Block cipher algorithm

Correct answer: a,b,f

34) Which of the following cryptographic hash functions

is the least vulnerable to attacks?

a) SHA-1

b) RIPEMD

c) SHA-512

d) MD5

Correct answer: c
35) Which of the cryptographic algorithms listed below is

the least vulnerable to attacks?

a) AES

b) DES

c) RC4

d) 3DES

Correct answer: a

36) Protocols offer(s) countermeasures against replay

attacks? (Select all that apply)

a) IPsec

b) MPLS

c) PAP

d) Kerberos

e) CHAP

Correct answer: a,d,e

37) Which of the following answers lists an example of a

cryptographic downgrade attack?

a) MITM

b) KPA

c) POODLE

d) XSRF

Correct answer: c

38) A situation where cryptographic hash function

produces two different digests for the same data input is

referred to as hash collision.

a) True

b) False

Correct answer: False

39) One of the measures for bypassing the failed logon

attempt account lockout policy is to capture any relevant

data that might contain the password and brute force it

offline.

a) True

b) False

Correct answer: True

40) An attack against encrypted data that relies heavily

on computing power to check all possible keys and

passwords until the correct one is found is known as:

a) Replay attack

b) Brute-force attack

c) Dictionary attack

d) Birthday attack

Correct answer: b
41) Which password attack takes advantage of a

predefined list of words?

a) Birthday attack

b) Replay attack

c) Dictionary attack

d) Brute-force attack

Correct answer: c

42) Rainbow tables are lookup tables used to speed up

the process of password guessing.

a) True

b) False

Correct answer: True

43) Which of the following answers refers to the contents

of a rainbow table entry?

a) Hash/Password

b) IP address/Domain name

c) Username/Password

d) Account name/Hash

Correct answer: a

44) Which of the acronyms listed below refers to a

cryptographic attack where the attacker has access to

both the plaintext and its encrypted version?

a) KEK

b) POODLE

c) KPA

d) CSRF

Correct answer: c
45) Which cryptographic attack relies on the concepts of

probability theory?

a) KPA

b) Brute-force

c) Dictionary
d) Birthday

Correct answer: d
 CompTIA Security+
Exam SY0-501 Wireless
Security Quiz

1) Which of the answers listed below refers to a solution

allowing administrators to block Internet access for users

until they perform required action?

a) Honeypot

b) Quarantine network

c) Captive portal

d) Firewall

Correct answer: c

2) Wi-Fi Protected Setup (WPS) is a network security

standard which simplifies configuration of new wireless

networks by providing non-technical users with a

capability to easily configure network security settings

and add new devices to an existing network. WPS has

known vulnerabilities and disabling this functionality is

one of the recommended ways of securing wireless

networks.

a) True

b) False

Correct answer: True

3) What are the characteristic features of WPA/WPA2

Enterprise mode? (Select 2 answers)

a) Suitable for large corporate networks

b) Does not require an authentication server

c) Suitable for all types of wireless LANs

d) Requires RADIUS authentication server

Correct answer: a,d

4) Which of the following would be the best solution for

securing a small network lacking an authentication

server?

a) WPA-PSK

b) WPA2-Enterprise

c) WPA2-PSK

d) WPA-Enterprise

Correct answer: c

5) Extensible Authentication Protocol (EAP) is an

authentication framework frequently used in wireless

networks and point-to-point connections. EAP provides

an authentication framework, not a specific

authentication mechanism. There are many

authentication mechanisms (referred to as EAP methods)

that can be used with EAP. Wireless networks take

advantage of several EAP methods, including PEAP, EAP-

FAST, EAP-TLS, and EAP-TTLS.

a) True

b) False

Correct answer: True

6) Which of the EAP methods listed below relies on

client-side and server-side certificates to perform

authentication?

a) EAP-TLS

b) PEAP

c) EAP-TTLS

d) EAP-FAST

Correct answer: a

7) Which of the following EAP methods offers the highest

level of security?

a) PEAP
 b) EAP-FAST

c) EAP-TLS

d) EAP-TTLS

Correct answer: c

8) A security protocol designed to strengthen existing

WEP implementations without requiring the replacement

of legacy hardware is known as:

a) PEAP

b) TKIP

c) CCMP

d) WPA2

Correct answer: b

9) AES-based encryption mode implemented in WPA2 is

known as:

a) CCMP

b) ECB

c) CBC
 d) TKIP

Correct answer: a

10) Wired Equivalent Privacy (WEP) and Wi-Fi Protected

Access (WPA) are encryption standards designed for

securing wireless networks. WEP is an older standard and

due to its vulnerabilities is not recommended. WPA was

designed as an interim replacement for WEP, and WPA2

was introduced as the official standard offering the

strongest security of the three.

a) True

b) False

Correct answer: true

11) A wireless disassociation attack is a type of:

a) Downgrade attack

b) Brute-force attack

c) Denial of Service (Dos) attack

d) Cryptographic attack
Correct answer: c

12) What is the name of a technology used for

contactless payment transactions?

a) NFC

b) SDN

c) PED

d) WAP

Correct answer: a

13) Which of the following wireless technologies enables

identification and tracking of tags attached to objects?

a) WTLS

b) GPS

c) RFID

d) WAF

Correct answer: c
14) Gaining unauthorized access to a Bluetooth device is

referred to as:

a) Phishing

b) Bluejacking

c) Tailgating

d) Bluesnarfing

Correct answer: d

15) The practice of sending unsolicited messages over

Bluetooth is called:

a) SPIM

b) Bluejacking

c) Vishing

d) Bluesnarfing

Correct answer: b
16) Which of the wireless technologies listed below are

deprecated and should not be used due to their known

vulnerabilities? (Select 2 answers)

a) WPS

b) WAP

c) WPA2

d) WAF

e) WEP

Correct answer: a,e

17) A wireless jamming attack is a type of:

a) Cryptographic attack

b) Denial of Service (Dos) attack

c) Brute-force attack

d) Downgrade attack

Correct answer: b
18) The term "Evil twin" refers to a rogue Wireless Access

Point (WAP) set up for eavesdropping or stealing

sensitive user data. Evil twin replaces the legitimate

access point and by advertising its own presence with the

same Service Set Identifier (SSID, a.k.a. network name)

appears as a legitimate access point to connecting hosts.

a) True

b) False

Correct answer: True

19) A type of wireless attack designed to exploit

vulnerabilities of WEP is known as:

a) MITM attack

b) Smurf attack

c) IV attack

d) Xmas attack

Correct answer: c
20) Which of the following security protocols is the least

susceptible to wireless replay attacks?

a) WPA2-CCMP

b) WPA-TKIP

c) WPA2-PSK

d) WPA-CCMP
e) WPA2-TKIP

Correct answer: a
 CompTIA Security+
Exam SY0-501 Public
Key Infrastructure
(PKI) Quiz
1) Which of the following answers refers to a hierarchical
system for the creation, management, storage,
distribution, and revocation of digital certificates?
a) Web of trust
b) PKI
c) IaaS
d) CA

Correct answer: b

2) A type of trusted third party that issues digital

certificates used for creating digital signatures and public-
private key pairs is known as:
a) IKE
b) CA
c) PKI
d) CSP

Correct answer: b
3) Which of the following certificate formats is used to
store a binary representation of a digital certificate?
a) PFX
b) DER
c) P7B
d) PEM
Correct answer: b

4) A digital certificate which allows multiple domains to

be protected by a single certificate is known as:
a) Extended Validation (EV) certificate
b) Wildcard certificate
c) Subject Alternative Name (SAN) certificate
d) Root signing certificate
Correct answer: c

5) Which digital certificate type allows multiple

subdomains to be protected by a single certificate?
a) Root signing certificate
b) Subject Alternative Name (SAN) certificate
c) Extended Validation (EV) certificate
d) Wildcard certificate

Correct answer: d
6) The term "Certificate chaining" refers to a process of
verifying the authenticity of a newly received digital
certificate. Such process involves checking all of the
certificates in the chain of certificates from a trusted root
CA, through any intermediate CAs, down to the
certificate issued to the end user. A new certificate can
only be trusted if each certificate in that certificate's
chain is properly issued and valid.
a) True
b) False
Correct answer: True
7) Copies of lost private encryption keys can be retrieved
from a key escrow by recovery agents. Recovery agent is
an individual with access to key database and permission
level allowing him/her to extract keys from escrow.
a) True
b) False
Correct answer: true
8) A trusted third-party storage solution providing
backup source for cryptographic keys is referred to as:
a) Key escrow
b) TPM
c) Recovery agent
d) CA

Correct answer: a
9) Which of the answers listed below refer to examples of
PKI trust models?
a) Single CA model
b) Hierarchical model (root CA + intermediate CAs)
c) Mesh model (cross-certifying CAs)
d) Web of trust model (all CAs act as root CAs)
e) Client-server mutual authentication model
f) All of the above
Correct answer: f
10) A security mechanism that allows HTTPS websites to
resist impersonation by attackers using fraudulent
certificates is called:
a) Unified Threat Management (UTM)
b) HTTP Public Key Pinning (HPKP)
c) Data Execution Prevention (DEP)
d) Web Application Firewall (WAF)
Correct answer: b

11) Which of the following allows for checking digital

certificate revocation status without contacting
Certificate Authority (CA)?
a) OCSP stapling
b) Certificate Revocation List (CRL)
c) Sideloading
d) Certificate Signing Request (CSR)
Correct answer: a
12) Which of the answers listed below refers to a method
for requesting a digital certificate?
a) CBC
b) CSR
c) CFB
d) CRL
Correct answer: b
13) What is the fastest way for validating a digital
certificate?
a) CRL
b) Key escrow
c) OCSP
d) CSR
Correct answer: c

14) Which of the following solutions allow to check

whether a digital certificate has been revoked? (Select 2
answers)
a) CIRT
b) CRL
c) OCSP
d) CSR
e) Key escrow

Correct answer: b,c

15) Which digital certificate formats are commonly used
to store private keys? (Select 2 answers)
a) P7B
b) PFX
c) CER
d) P12
Correct answer: b,d
16) Which of the answers listed below refers to the most
common format in which Certificate Authorities (CA)
issue certificates?
a) CER
b) PEM
c) DER
d) P7B
Correct answer: b
 Glossary of Malware
Terms
Malware-related terms that appear on the CompTIA
Security+ SY0-501 exam are marked in red.

ActiveX controls
A type of downloadable web browser plug-ins for
Microsoft Internet Explorer providing additional
interactive features to web pages. Malicious ActiveX
controls pose a risk of unintended execution of
malware.
Adware
Software that automatically plays, displays, or
downloads advertisements to a computer.
Armored virus
A type of computer virus that takes advantage of
various mechanisms specifically designed to make
tracing, disassembling and reverse engineering its
code more difficult.
Backdoor
An undocumented (and often legitimate) way of
gaining access to a program, online service or an
entire computer system.
Bot
A malware-infected networked host under remote
control of a hacker
Botnet
A group of computers running malicious software
under control of a hacker.
Buffer overflow
A technique used by certain types of malware to
cause an error in a program and make it easier to run
malicious code.
Companion virus
 An older type of computer virus which doesn't alter
files and works by creating infected companion file
with the exact same name as the legitimate program,
but with different file extension. The virus takes
advantage of the fact that in the old MS-DOS
command-line interface executables can be run by
providing only the file name which facilitates the
execution of infected code by an unaware user.
Cross-site scripting
A computer security vulnerability allowing attackers to
insert malicious code into a trusted website.
Crypto-malware
Malware that restricts access to a computer system
by encrypting data.
Dialer
A rogue application designed to exploit dialup
connections by making unauthorized telephone calls.
Downloader
A type of Trojan designed to transfer other malware
onto a PC via Internet connection.
Drive-by download
An automatic download performed without the user's
consent (and often without any notice) aimed at
installing malware or potentially unwanted programs.
Dropper
A type of Trojan designed to install other malware
files onto a PC without the need for an active Internet
connection.
Executable file
A type of computer file that when opened runs a
program or series of instructions contained in the file.
Exploit
Computer code or command that takes advantage of
software design flaws.
Grayware
 A category of applications which despite of not being
classified as malware can worsen the performance of
a computer and pose security risk.
Heuristics
A method employed by many computer antivirus
programs designed to detect previously unknown
types of malware.
iframe
An HTML tag for embedding another web document
within the current HTML web page. The downside of
utilizing iframes relates to the fact that they can be
used for the purpose of injecting malicious code (often
in the form of JavaScript applet) into an otherwise
trusted page.
Keylogger
An application collecting information about user
keyboard activity. Typically, malicious keyloggers are
installed and run on a system without the user's
knowledge/consent to steal logon credentials, credit
card numbers, and other sensitive data.
Logic bomb
Malicious code activated by a specific event.
Macro virus
A type of computer virus that exploits the capability for
creating and embedding simple scripts in popular
office and cooperative applications.
Malicious app
Mobile application designed to harm user devices or
personal data acting in disguise of a legitimate
program.
Malware
A generic term for various types of malicious software
used to disrupt computer operation, gather sensitive
information, or gain access to private computer
systems. The category of malware encompasses all
sorts of malicious applications, including Trojan
horses, most rootkits and backdoors, computer
 viruses, worms, spyware, keyloggers, more intrusive
forms of adware, and other malicious programs.
Payload
The part of malware performing malicious action.
Phage virus
A type of computer virus that deletes or corrupts
contents of the target host file instead of attaching
itself to the file.
Polymorphic malware
A type of malicious software capable of changing its
underlying code in order to avoid detection.
Pop-under
One of the ways of delivering online advertising
content utilized by adware. Advertising pop-unders
are usually displayed in a new browser window
hidden beneath the current page and are not seen
until the covering window is closed.
Pop-up
One of the ways of delivering online advertising
content utilized by adware. Advertising pop-ups are
usually displayed in a new web browser window and
cover the contents of the current page.
Quarantine
Isolation of files and applications suspected of
containing malware in order to prevent further
execution and potential harm to the user's system.
Ransomware
Malware that restricts access to a computer system
by encrypting files or locking the entire system down
until the user performs requested action.
Remote Access Trojan (RAT)
A type of Trojan that enables unauthorized remote
access to a compromised system.
Replication
The process by which a virus makes copies of itself to
carry out subsequent infections.
Retrovirus
 A computer virus that actively attacks an antivirus
program in an effort to prevent detection.
Rootkit
A collection of software tools used by a hacker in
order to mask intrusion and obtain administrator-level
access to a computer or computer network.
Signature file
A file containing new malicious code patterns used by
the antivirus application as a reference in the process
of malware removal.
Spyware
Malicious software collecting information about users
without their knowledge/consent.
SQL injection
Execution of SQL commands aimed at gaining
unauthorized access to an online database. This type
of attack occurs when for example entry fields of web
forms designed to collect information from users allow
passing unchecked user input to the database. The
countermeasure against this type of code injection is
input validation, which limits the scope of user input
that can be passed through an online form.
Trojan horse
Malicious software performing unwanted and harmful
actions in disguise of a legitimate and useful program.
Virus
A computer program containing malicious segment
that attaches itself to an application program or other
executable component.
Windows Defender
A built-in application tool for Microsoft operating
systems providing protection against viruses,
spyware, and other potentially unwanted programs.
Worm
A standalone malicious computer program that
replicates itself over a computer network.
XSS
 A shorthand term for cross-site scripting.
Zero-day attack
A type of attack exploiting vulnerabilities that are
present in already released software but unknown to
the software developer.
Zombie
A computer that has been compromised by a virus or
Trojan horse that puts it under the remote control of
an online hijacker.
 About the Exam
The CompTIA Security+ certification is a vendor-neutral
credential. The CompTIA Security+ SY0-501 exam is an
internationally recognized validation of foundation-level
security skills and knowledge, and is used by organizations and
security professionals around the globe. The CompTIA Security+
exam will certify the successful candidate has the knowledge
and skills required to:

• Install and configure systems to secure applications, networks

and devices

• Perform threat analysis and respond with appropriate

mitigation techniques

• Participate in risk mitigation activities

• Operate with an awareness of applicable policies, laws and

regulations The successful candidate will perform these tasks to
support the principles of confidentiality, integrity, and
availability. The CompTIA Security+ certification is aimed at an
IT security professional who has:

• A minimum of two years’ experience in IT administration with

a focus on security

• Day-to-day technical information security experience

• Broad knowledge of security concerns and implementation,

including the topics in the domain list These content examples
are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all content in this
examination.
EXAM ACCREDITATION

CompTIA Security+ is accredited by ANSI to show compliance

with the ISO 17024 standard and, as such, the exam objectives
undergo regular reviews and updates.

EXAM DEVELOPMENT

CompTIA exams result from subject-matter expert workshops

and industry-wide survey results regarding the skills and
knowledge required of an IT professional.

CompTIA AUTHORIZED MATERIALS USE POLICY

CompTIA Certifications, LLC is not affiliated with and does not

authorize, endorse or condone utilizing any content provided by
unauthorized third-party training sites (aka “brain dumps”).
Individuals who utilize such materials in preparation for any
CompTIA examination will have their certifications revoked and
be suspended from future testing in accordance with the
CompTIA Candidate Agreement. In an effort to more clearly
communicate CompTIA’s exam policies on use of unauthorized
study materials, CompTIA directs all certification candidates to
the CompTIA Certification Exam Policies. Please review all
CompTIA policies before beginning the study process for any
CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as
to whether study materials are considered unauthorized (aka
“brain dumps”), he/she should contact CompTIA at
[email protected] to confirm.
PLEASE NOTE

The lists of examples provided in bulleted format are not

exhaustive lists. Other examples of technologies, processes or
tasks pertaining to each objective may also be included on the
exam although not listed or covered in this objectives
document. CompTIA is constantly reviewing the content of our
exams and updating test questions to be sure our exams are
current and the security of the questions is protected. When
necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation
materials will still be valid. About the Exam CompTIA Security+
Certification Exam Objectives Version 4.0 (Exam Number: SY0-
501)

TEST DETAILS

Required exam: SY0-501

Number of questions: Maximum of 90

Types of questions: Multiple choice and performance-based

Length of test: 90 minutes

Recommended experience: At least two years of experience in

IT administration with a focus on security Passing score 750 (on
a scale of 100–900)
EXAM OBJECTIVES (DOMAINS) The text below lists the domains
measured by this examination and the extent to which they are
represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Threats, Attacks and Vulnerabilities 21%

2.0 Technologies and Tools 22%

3.0 Architecture and Design 15%

4.0 Identity and Access Management 16%

5.0 Risk Management 14%

6.0 Cryptography and PKI 12% Total 10

Good Luck