CompTIA Security + Mock

Question 1

Which of the answers listed below refers to a protocol used to set up secure connections and exchange of cryptographic keys in IPsec VPNs?

SSL, IKE, ESP or DHE ?

Answer 1

IKE (Internet Key Exchange)

A protocol used to set up a secure VPN connection by negotiating and managing encryption keys.

Think of it as a digital handshake that agrees on how to lock and unlock data between two devices.

Question 2

Which part of the IPsec protocol suite provides data integrity and authentication but not encryption?

CRC, AH, IKE or AES ?

Answer 2

AH (Authentication Header)

A protocol used in IPsec to provide data integrity, authentication, and anti-replay protection for network packets.

It ensures the data wasn’t tampered with in transit—like a tamper-proof seal on a package.

Question 3

Which of the IPsec modes provides entire packet encryption?

A. Tunnel
B. Payload
C. Transport
D. Default

Answer 3

Tunnel (IPsec)

A secure, encrypted connection between two endpoints that protects data in transit by encapsulating it within IPsec protocols (AH/ESP).

Functions like a private underground passage for network traffic.

Question 4

Which of the answers listed below refers to any type of information pertaining to an individual that can be used to uniquely identify that person?

PHI, Biometrics, ID or PII ?

Answer 4

PII (Personally Identifiable Information)

Any data that can identify an individual, either alone or combined with other information (e.g., name, SSN, biometrics, or even device IDs when linked to a person).

Question 5

Encryption methods used to protect data at rest:

FDE SED and EFS

Answer 5

FDE (Full Disk Encryption)

Encrypts all data on a storage device (including OS/files). Protects against physical theft. Requires pre-boot authentication (e.g., BitLocker).

SED (Self-Encrypting Drive)

A hardware-based FDE solution where the drive itself handles encryption/decryption automatically. No performance overhead (e.g., TCG Opal drives).

EFS (Encrypting File System)

File/folder-level encryption built into NTFS (Windows). Uses user certificates for access control. Doesn’t encrypt system files.

Question 6

Encryption methods used to protect data in transit:

VPN, TLS and IPsec

Answer 6

VPN (Virtual Private Network)

Creates a secure, encrypted tunnel between your device and a private network over the internet, hiding your data and location from outsiders.

TLS (Transport Layer Security)

A cryptographic protocol that ensures secure communication over a network by encrypting data between web browsers and servers (used in HTTPS).

IPsec (Internet Protocol Security)

A suite of protocols that secures internet communication by authenticating and encrypting each IP packet in a network connection (often used in VPNs).

Question 7

Which of the following answers refer to data masking? (Select 2 answers)

Answer 7

Replaces sensitive data with fictitious or modified data while retaining its original format.

Allows for data manipulation in environments where the actual values are not needed.

Data Masking

A technique that obscures sensitive data (e.g., PII, financial info) in non-production environments to protect privacy while maintaining usability.

Question 8

Which of the following modifies data or code to make it difficult to understand or reverse-engineer, but without necessarily encrypting or hiding the data?

A. Tokenisation
B. Encryption
C. Obfuscation
D. Hashing

Answer 8

Obfuscation

The deliberate act of making code, data, or communications difficult to understand or analyse, often used to hide malicious activity or protect intellectual property.

Question 9

Hardware RAID Level 5 features:

A. Requires at least 2 drives to implement.

B. Continues to operate in case of failure of more than 1 drive.

C. Is also known as disk striping with double parity.

D. Requires at least 3 drives to implement.

E. Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives).

F. Requires at least 4 drives to implement

G. Is also known as disk striping with parity.

Answer 9

D. Requires at least 3 drives to implement.

E. Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives).

G. Is also known as disk striping with parity.

RAID (Redundant Array of Independent Disks)

A storage technology that combines multiple physical disks into a single logical unit for improved performance, redundancy, or both.

Question 10

Hardware RAID Level 6 features:

A. Is also known as disk striping with parity.

B. Requires at least 4 drives to implement.

C. Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives).

D. Requires at least 3 drives to implement.

E. Is also known as disk striping with double parity .

F. Continues to operate in case of failure of more than 2 drives.

G. Requires at least 5 drives to implement.

Answer 10

B. Requires at least 4 drives to implement.

C. Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives).

E. Is also known as disk striping with double parity.

RAID (Redundant Array of Independent Disks)

A storage technology that combines multiple physical disks into a single logical unit for improved performance, redundancy, or both.

Question 11

Which of the answers listed below refers to the primary function of load balancing?

A. Maintains identical copies of data across multiple servers to enhance data availability and reliability.

B. Distributes workload across multiple servers for improved performance.

C. Groups servers together to provide high availability and fault tolerance.

D. Distributes content geographically across multiple servers to improve performance, reduce latency, and handle high volumes of traffic.

Answer 11

B. Distributes workload across multiple servers for improved performance.

Load Balancing

The distribution of network traffic across multiple servers or resources to optimise efficiency, reliability, and performance.

Question 12

Which alternate site allows for the fastest disaster recovery?

A. Cold site
B. Hot site
C. Mobile site
D. Warm site

Answer 12

Hot Site

A fully operational, ready-to-use disaster recovery facility with all necessary hardware, software, and data to immediately resume business operations after a failure.

Question 13

Which of the solutions listed below provides redundancy and fault tolerance by dividing tasks into smaller subtasks and distributing them across multiple systems to be executed simultaneously?

A. Load balancing
B. Multitasking
C. Clustering
D. Parallel processing

Answer 13

Parallel Processing

A computing method where multiple tasks are executed simultaneously across multiple processors or cores to speed up performance.

Question 14

A file-based representation of the state of a virtual machine at a given point in time is referred to as:

A. Restore point
B. Shadow copy
C. Snapshot
D. System image

Answer 14

Snapshot

A point-in-time copy of a system, file, or dataset, preserving its state for backup, recovery, or analysis.

Key Traits:

• Static Backup: Captures exact state at a specific moment.
• Quick Restoration: Enables rollback to the snapshot’s state.
• Use Cases: VM backups, database versioning, forensic analysis.

Question 15

What type of backups are commonly used with virtual machines?

A. Incremental backups
B. Snapshot backups
C. Tape backups
D. Differential backups

Answer 15

Snapshot Backups

A backup method that captures the exact state of a system, file, or dataset at a specific point in time, allowing for quick restoration if needed.

Question 16

Which of the terms listed below is used to describe a foundational level of security configurations and settings required to safeguard a system?

A. Logical segmentation
B. Secure baseline
C. Access control levels
D. Principle of least privilege

Answer 16

Secure Baseline

A predefined set of security configurations applied to systems or software to ensure they meet minimum protection standards.

Key Traits:

1. Standardisation: Uniform settings across all devices (e.g., firewalls, password policies).
2. Hardening: Disables risky defaults (guest accounts, unused ports).
3. Compliance: Aligns with frameworks like CIS Benchmarks or NIST guidelines.

Question 17

Which of the following answers refers to a mobile security solution that enables separate controls over the user and enterprise data?

A. Resource provisioning
B. Content management
C. Storage segmentation
D. Just-in-time permissions

Answer 17

Storage Segmentation

The practice of dividing storage systems into isolated sections to limit access and reduce risk of unauthorised data exposure.

Key Traits:

1. Isolation: Separates data by type, sensitivity, or user (e.g., HR vs. public files).
2. Access Control: Enforces strict permissions per segment (role-based rules).
3. Use Cases: PCI DSS (payment data), HIPAA (medical records), multi-tenant clouds.

Question 18

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

A. Containerisation
B. Storage segmentation
C. Virtualisation
D. Content management

Answer 18

Containerisation
A lightweight virtualisation method that packages applications and their dependencies into isolated, portable units (containers) running on a shared OS kernel.

Key Traits:

1. Efficiency: Uses fewer resources than VMs (no full OS per instance).
2. Portability: Runs consistently across environments (dev, test, prod).

Isolation: Processes are segregated, though less secure than VMs.

Question 19

Which of the answers listed below refer to workstation hardening techniques? (Select 3 answers)

1. Hiding administrator accounts.
2. Regularly applying security patches and updates to the OS and installed software.
3. Disabling all internet access.
4. Removing or disabling unnecessary drivers, services, software, and network protocols.
5. Limiting unauthorised or unauthenticated user access.

Answer 19

Regularly applying security patches and updates to the OS and installed software.

Removing or disabling unnecessary drivers, services, software, and network protocols.

Limiting unauthorised or unauthenticated user access.

Workstation Hardening

The process of securing a computer (desktop/laptop) by reducing vulnerabilities through configuration changes, patches, and access controls.

Question 20

Which type of software enables centralised administration of mobile devices?

MFA, MMC, MDM or MFD ?

Answer 20

MDM (Mobile Device Management)
A centralised system for managing and securing mobile devices (smartphones, tablets) used within an organisation.

Key Traits:

Remote Control: Enforces policies (passcodes, encryption), wipes lost devices.

App Management: Approves/blocks apps, pushes updates.

BYOD Support: Separates work/personal data on employee-owned devices.

Question 21

Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode?

SAE, IKE, PSK, or AES ?

Answer 21

SAE (Simultaneous Authentication of Equals)
A secure key exchange protocol used in WPA3 to replace the older PSK (Pre-Shared Key) method, providing stronger protection against brute-force attacks.

Key Traits:

1. Forward Secrecy: Generates unique session keys per connection.
2. Resilience: Resists offline dictionary attacks.
3. Usage: Mandatory in WPA3 for Wi-Fi security.

Question 22

What are the characteristics of TACACS+? (Select 3 answers)

A. Encrypts only the password in the access-request packet.

B. Combines authentication and authorisation.

C. Encrypts the entire payload of the access-request packet.

D. Primarily used for device administration.

E. Separates authentication and authorisation.

F. Primarily used for network access.

Answer 22

C. Encrypts the entire payload of the access-request packet.

D. Primarily used for device administration.

E. Separates authentication and authorisation.

TACACS+ (Terminal Access Controller Access Control System Plus)

A Cisco-developed AAA protocol for granular device administration (e.g., routers, switches).

Question 23

What are the characteristic features of RADIUS? (Select 3 answers)

A. Primarily used for network access.

B. Encrypts the entire payload of the access-request packet.

C. Combines authentication and authorisation.

D. Encrypts only the password in the access-request packet.

E. Primarily used for device administration.

F. Separates authentication and authorisation.

Answer 23

A. Primarily used for network access.

C. Combines authentication and authorisation.

D. Encrypts only the password in the access-request packet.

RADIUS (Remote Authentication Dial-In User Service)

A centralised AAA (Authentication, Authorisation, Accounting) protocol for managing network access, often used for VPNs, Wi-Fi, and ISP logins.

Question 24

Dynamic code analysis:

Answer 24

1. Typically used later in the software development lifecycle.
2. Analyses runtime properties like memory usage, performance, and error handling to identify issues such as memory leaks, performance bottlenecks, and runtime errors.
3. Involves executing the code and analysing its behaviour at runtime.

Dynamic Code Analysis

The process of testing software by executing it in real-time to identify vulnerabilities, runtime errors, or malicious behaviour.

Key Traits:
1. Runtime Testing: Analyses code while it runs (vs. static analysis).

2. Finds Live Issues: Detects memory leaks, zero-day exploits, or insecure dependencies.
3. Tools: Fuzzers, debuggers, or sandboxed environments.

Question 25

Which of the terms listed below refers to tracking and managing software application components, such as third-party libraries and other dependencies? A. Version control B. Package monitoring C. Configuration enforcement D. Application hardening

Answer 25

Package Monitoring The continuous tracking and analysis of software packages (libraries, dependencies) to detect vulnerabilities, outdated versions, or malicious code. Key Traits: 1. Dependency Checks: Flags insecure or deprecated packages (e.g., via npm, pip). 2. Automated Alerts: Notifies developers of CVEs or license risks. 3. Tools: Snyk, Dependabot, OWASP Dependency-Track.

Question 26

Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat indicators? A. AIS B. STIX C. TTP D. CVSS

Answer 26

AIS (Automated Indicator Sharing) A system that enables real-time exchange of cybersecurity threat data (e.g., malware signatures, malicious IPs) between organisations and government entities. Key Traits: 1. Standardised Formats: Uses STIX/TAXII for machine-readable data. 2. Collaborative Defence: Speeds up threat response across sectors. 3. Managed by: DHS CISA in the U.S. (e.g., US-CERT).

Question 27

Which of the following provides insights into the methods and tools used by cybercriminals to carry out attacks? A. CVE B. IoC C. AIS D. TTP

Answer 27

TTP (Tactics, Techniques, and Procedures) A framework used to describe the behavioUr of cyber attackers, including their methods (techniques), strategies (tactics), and specific tools/processes (procedures). Key Traits: Threat Analysis: Helps identify and defend against attack patterns (e.g., MITRE ATT&CK framework). Defensive Use: Guides security teams in detecting and mitigating threats. Examples: Phishing (technique), lateral movement (tactic), custom malware (procedure).

Question 28

A responsible disclosure program is a formal process established by an organisation to encourage security researchers and ethical hackers to report vulnerabilities they discover in the organisation's systems or software. A bug bounty program is a specific type of responsible disclosure program that offers financial rewards to security researchers for reporting valid vulnerabilities. True or False?

Answer 28

True! Responsible Disclosure Program A formal process that allows security researchers to report vulnerabilities to an organisation privately, giving them time to fix the issue before public disclosure. Key Traits: Safe Reporting: Provides a secure channel (e.g., encrypted email, bug bounty platforms). Timeframe: Sets a deadline for fixes (e.g., 90 days) before public release. Benefits: Avoids exploitation while crediting researchers.

Question 29

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of: A. Fault tolerance B. False positive error C. Quarantine feature D. False negative error

Answer 29

False positive error A false positive error occurs when a test or experiment incorrectly indicates the presence of a condition when it is actually absent.

Question 30

Which of the answers listed below refers to a situation where no alarm is raised when an attack has taken place? A. False negative B. True positive C. False positive D. True negative

Answer 30

False negative A false negative error occurs when a test or experiment fails to detect a condition that is actually present.

Question 31

What is Exposure Factor (EF) in vulnerability analysis?

Answer 31

The degree of loss that a realised threat would have on a specific asset. The Exposure Factor (EF) Represents the percentage of loss or damage to an asset if a specific threat or vulnerability is exploited. It is a key component in risk assessment, helping quantify potential impact.

Question 32

Which of the statements listed below does not refer to a vulnerability response and remediation technique? A. Applying updates or fixes provided by software vendors to address the vulnerability (patching). B. Ensuring financial recovery from the costs associated with a successful cyberattack (insurance). C. Dividing a network into smaller, isolated zones to limit the potential impact of a vulnerability (segmentation). D. Mitigating the risk associated with a vulnerability that cannot be immediately patched by implementing alternative security measures (compensating controls). E. Delaying or forgoing a patch for a specific system, e.g., when applying a patch may not be feasible due to compatibility issues or potential disruptions to critical systems (exceptions and exemptions). F. All of the above answers are examples of vulnerability response and remediation techniques.

Answer 32

F. All of the above answers are examples of vulnerability response and remediation techniques. Vulnerability Remediation The process of identifying, prioritising, and mitigating security weaknesses to reduce risk.

Question 33

The practice of isolating potentially malicious or suspicious entities to prevent them from causing harm to the rest of the network or system is known as: A. Sandboxing B. Containerisation C. Quarantine D. Segmentation

Answer 33

C. Quarantine Quarantine is an isolation technique used to separate and restrict potentially malicious files, devices, or network segments from the rest of the system to prevent further damage while investigation and remediation occur.

Question 34

The following refer to SCAP

Answer 34

A collection of standards developed by NIST. Provides a common language for communicating security information. Allows different security tools to share data and work together more effectively. SCAP (Security Content Automation Protocol) A standardised framework for automating vulnerability management, compliance checking, and security configuration. Key Traits: Components: Includes CVE (vulnerabilities), CCE (configurations), and CVSS (scoring). Automation: Enables tools to scan/compare systems against benchmarks (e.g., NIST baselines). Use Cases: Government (FISMA), enterprises (continuous monitoring).

Question 35

The listed below refer to SIEM

Answer 35

Designed to provide a centralised user interface for accessing collected data. Enables real-time threat detection, incident response, and compliance monitoring. A type of security system designed to collect logs and events from various sources. SIEM (Security Information and Event Management) A system that collects, analyses, and correlates security event data from across an organisation’s network to detect and respond to threats.

Question 36

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorised use and transmission of confidential information? A. PS B. DLP C. IDS D. DEP

Answer 36

DLP (Data Loss Prevention) A set of tools and policies designed to prevent unauthorised access, leakage, or theft of sensitive data.

Question 37

An SNMP-compliant device includes a virtual database containing information about configuration and state of the device that can be queried by an SNMP management station. This type of data repository is referred to as: A. MIB B. DCS C. NMS D. SIEM

Answer 37

A. MIB (Management Information Base) A hierarchical database used by network management protocols (like SNMP) to store and organise information about network devices (e.g., routers, switches). SNMP (Simple Network Management Protocol) A protocol used to monitor and manage network devices (routers, servers, printers) by collecting and organising their performance data.

Question 38

Which of the answers listed below refers to a network protocol developed by Cisco for collecting information about IP traffic flowing across network devices like routers, switches, and firewalls? A. OpenVAS B. iPerf C. pfSense D. NetFlow

Answer 38

NetFlow A network protocol developed by Cisco for collecting and monitoring traffic flow data, helping analyse bandwidth usage, detect anomalies, and troubleshoot issues.

Question 39

Which of the following refers to a set of rules defining how a firewall manages network traffic? A. MAC B. ACL C. NAC D. DLP

Answer 39

ACL (Access Control List) A set of rules that defines permissions for network traffic or file system access, specifying which users or systems are allowed or denied access to resources.

Question 40

A lightly protected subnet (a.k.a. DMZ) consisting of publicly available servers placed on the outside of the company's firewall is known as: A. Captive portal B. Quarantine network C. Extranet D. Screened subnet

Answer 40

Screened Subnet (DMZ 2.0) A secured network segment sandwiched between two firewalls, isolating publicly accessible services (e.g., web servers) from internal networks.

Question 41

A type of IDS/IPS that compares current network traffic against a database of known attack patterns is called: A. Heuristic B. Anomaly-based C. Behavioural D. Signature-based

Answer 41

D. Signature-based detection A method used by Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to identify known threats by comparing network traffic, files, or system activity against a database of predefined attack patterns (signatures).

Question 42

Agent-based web filtering:

Answer 42

Requires installing software on each device that needs to be monitored. Provides flexibility and granular control over web activity at the device level. Involves increased management overhead and system resource consumption. Agent-based web filtering A security approach where a local software agent (installed on endpoints) monitors and controls web traffic, enforcing access policies regardless of network location (unlike network-based filtering).

Question 43

Web filtering via centralised proxy:

Answer 43

Does not require software to be installed on each individual device. Simplifies administration and ensures consistent enforcement of web filtering policies across the network. Requires a functioning central server for web filtering to operate. Centralised proxy-based web filtering uses a dedicated server (proxy) as an intermediary between users and the internet. All web traffic is routed through the proxy, which enforces security policies, blocks malicious sites, and logs activity.

Question 44

Filtering techniques that can allow or block access to a site based on its web address:

Answer 44

URL Scanning The process of analysing web links in real-time to detect malicious or suspicious content before users access them. DNS Filtering A security technique that blocks access to malicious or unwanted websites by intercepting DNS queries and preventing resolution of harmful domains.

Question 45

In Windows Active Directory environment, this feature enables centralised management and configuration of operating systems, applications, and user account settings. A. Local Users and Groups B. Resource Monitor C. Group Policy D. User Account Control

Answer 45

Group Policy A centralised management feature in Windows Active Directory that allows administrators to enforce security settings, software deployments, and system configurations across multiple domain-joined computers and users.

Question 46

Which of the following protocols allow(s) for secure file transfer? (Select all that apply) A. FTPS B. TFTP C. FTP D. SFTP

Answer 46

A. FTPS (File Transfer Protocol Secure) An extension of FTP that adds support for encryption (SSL/TLS) to protect data during file transfers. D. SFTP (SSH File Transfer Protocol) A secure file transfer protocol that encrypts both commands and data over a single SSH connection (port 22).

Question 47

FTPS is an extension to the SSH protocol and runs by default on TCP port 22. True or False ?

Answer 47

False!! FTPS (File Transfer Protocol Secure) A secure version of FTP that adds SSL/TLS encryption to protect data in transit, Negotiates encryption via AUTH TLS on port 21.

Question 48

Which of the answers listed below refers to a secure replacement for Telnet? A. RSH B. IPsec C. SSH D. RTPS

Answer 48

C. SSH (Secure Shell) A cryptographic network protocol that securely replaces Telnet by providing encrypted remote access, command execution, and file transfers over untrusted networks.

Question 49

Which of the following answers refers to a deprecated protocol designed as a secure way to send emails from a client to a mail server and between mail servers? A. IMAPS B. SFTP C. POP3S D. SMTPS

Answer 49

D. SMTPS (Simple Mail Transfer Protocol Secure) A secure version of SMTP that encrypts email transmissions using SSL/TLS to prevent eavesdropping or tampering.

Question 50

Which of the protocols listed below enable secure retrieval of emails from a mail server to an email client? (Select 2 answers) A. FTPS B. IMAPS C. POP3S D. STARTTLS E. SMTPS

Answer 50

IMAPS (Internet Message Access Protocol Secure) This is the secure version of IMAP, which retrieves emails over an encrypted connection (typically port 993). POP3S (Post Office Protocol 3 Secure) A secure version of POP3 that encrypts email retrieval using SSL/TLS, protecting login credentials and message content.

Question 51

Which of the following protocols enables secure access and management of emails on a mail server from an email client? A. POP3S B. SMTPS C. IMAPS D. S/MIME

Answer 51

IMAPS (Internet Message Access Protocol Secure) A secure version of IMAP that encrypts email synchronisation between clients and servers using SSL/TLS.

Question 52

Which of the answers listed below refers to a secure network protocol used to provide encryption, authentication, and integrity for real-time multimedia communication? A. IPsec B. SIP C. VoIP D. SRTP

Answer 52

D. SRTP (Secure Real-time Transport Protocol) An encrypted version of RTP that secures voice/video streaming (e.g., VoIP calls) with AES encryption and authentication.

Question 53

UDP is a connection-oriented protocol using a three-way handshake which is a set of initial steps required for establishing network connection. UDP supports retransmission of lost packets, flow control (managing the amount of data that is being sent), and sequencing (rearranging packets that arrived out of order). Example applications of UDP include transmission of text and image data. True or False ?

Answer 53

False! UDP (User Datagram Protocol) A connectionless transport-layer protocol that prioritises speed over reliability, used for time-sensitive applications.

Question 54

TCP is an example of a connectionless protocol. Because TCP does not support three-way handshake while establishing a network connection, it is referred to as unreliable or best-effort protocol. Example applications of TCP include transmission of video and audio streaming data. True or False ?

Answer 54

False! TCP (Transmission Control Protocol) A connection-oriented transport-layer protocol that ensures reliable, ordered, and error-checked data delivery between applications.