Free Security+ Practice Test Check out our Security+ video and lab course here. You can buy our Security+ labs book on Amazon. Back to free exams page. 1. You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution?Enable HTTPS for RDPConfigure each VM with a public IPv6 addressUse PowerShell remoting for remote managementManage the VMs through a jump boxQuestion 1 of 50 2. Say that you work for a cloud service provider. Prior to signing off on a purchase order for a new security cloud service, a prospective customer wants to understand the nature of what you are providing and what levels of service in regard to performance and uptime your service offers. What should you provide the prospective customer?ISAMOUBPASLAQuestion 2 of 50 3. Your organization is looking to move the internally developed and managed HR system to a SaaS vendor. Which of the following should you request from the vendor?SOX reportCOBITSOC 2 reportBenchmark guidesQuestion 3 of 50 4. An organization is increasingly subject to compliance regulations and is making strong efforts to comply with them but is still concerned about issues that might occur. Management decides to buy insurance to help cover the costs of a potential breach. Which of the following risk response techniques is the organization using?AvoidanceTransferenceAcceptanceMitigationQuestion 4 of 50 5. You are planning the secure management of servers and network infrastructure devices on your corporate LAN. Which design will best protect these devices from RDP and SSH attacks? Enabling HTTPSPeriodic vulnerability scanning SSH public key authenticationDedicated network management interfaceQuestion 5 of 50 6. Which of the following are the most compelling reasons that secure configuration baselines have been established? (Select three.)Industry representativesOrganizational requestsGovernment mandatesRegulatory bodiesQuestion 6 of 50 7. Which of the following legally binding controls should you consider in order to protect sensitive information from being improperly disclosed by a third-party vendor you are hiring for consulting work in the organization?DLPSOPSeparation of dutiesNDAQuestion 7 of 50 8. Which one of the following is responsible for implementing the data classification and security controls?Data ownerData custodianData privacy officerData controllerQuestion 8 of 50 9. Your online retail business accepts PayPal and credit card payments. You need to ensure that your company is compliant with the relevant security standards. Which payment security standard should you focus on?GDPR PCI DSSQuestion 9 of 50 10. You have been tasked with creating a corporate security policy regarding smart phone usage for business purposes. What should you do first?Issue smart phones to all employees.Obtain support from management.Get a legal opinion.Create the first draft of the policy.Question 10 of 50 11. Your organization currently runs an operating system for which software developed after the end of last month may no longer work or even be installable. Which of the following best describes this milestone for the operating system?ISAEOLNDAMOUQuestion 11 of 50 12. Which of the following equations best represents the proper assessment of exposure to danger?Risk = Threat × Vulnerability × ImpactImpact = Risk × Threat × Vulnerability Vulnerability = Threat × Risk × ImpactThreat = Risk × Impact × VulnerabilityQuestion 12 of 50 13. Which action will have the largest impact on mitigating against SQL injection attacks? Enable HTTPSChange default web server settingsEnable input validationApply web server host OS updatesQuestion 13 of 50 14. You have been hired to review security controls for a medical practice in rural Tennessee. Which of the following data privacy frameworks must the medical practice be compliant with?GDPRPCI DSSHIPAAPIPEDAQuestion 14 of 50 15. Your manager needs to know, for budgetary purposes, the average life span for each of the firewall appliances. Which of the following should you provide?MTBFRPORTOMTTFQuestion 15 of 50 16. A recent audit revealed that most of the organization is not properly handling sensitive data correctly. To address this shortcoming, your organization is implementing computer security awareness training. What type of control is this?LogicalAdministrativeDetectivePhysicalQuestion 16 of 50 17. Which of the following are examples of PII? (Choose two.)Public IP address of a NAT routerMobile phone numberDigital certificateGenderQuestion 17 of 50 18. Which of the following statements are true? (Choose two.)Security labels are used for data classifications, such as restricted and top secret. PII is applicable only to biometric authentication devices.PII is applicable only to biometric authentication devices.Forcing user password changes is considered change management.Question 18 of 50 19. When determining how best to mitigate risk, which items should you consider? (Choose two.) Insurance coverageNumber of server hard disks How fast CPUs in new computers will beNetwork bandwidthQuestion 19 of 50 20. Which data classification type contains data that would have a severe impact to the organization were it exposed, that should not be broadly shared internally or externally, and that should be tightly controlled?PublicProprietaryConfidentialSensitiveQuestion 20 of 50 21. During customer support calls, customer service representatives periodically pull up customer details on their screens, including credit card numbers. What should be enabled to prevent the disclosure of credit card numbers?TokenizationAnonymization Data minimization Data maskingQuestion 21 of 50 22. Which of the following is the monetary loss that can be expected for an asset from risk over a year?ALESLEAROBIAQuestion 22 of 50 23. The Accounts Payable department notices large out-of-country purchases made using a corporate credit card. After discussing the matter with Juan, the employee whose name is on the credit card, they realize that somebody has illegally obtained the credit card details. You also learn that Juan recently received an e-mail from what appeared to be the credit card company asking him to sign in to their web site to validate his account, which he did. How could this have been avoided?Provide credit card holders with smartcards. Tell users to increase the strength of online passwords. Install a workstation-based firewall.Provide security awareness training to employees.Question 23 of 50 24. Your organization uses the private and public labels to classify data, as the internal security policy details how data should be protected based on the classification label. The decision was made to add an additional “proprietary” label. Which is the most likely reason this was done?To create more searchable dataTo provide better data classification To clarify data that should not be shared outside the organizationTo reduce costsQuestion 24 of 50 25. Which of the following are functional control types? (Select three.)DeterrentPreventiveCompensatingDetectiveQuestion 25 of 50 26. Christine is the server administrator for your organization. Her manager provided step-by-step security policies outlining how servers should be configured to maximize security. Which type of security policy will Christine be implementing?Mail server acceptable use policyVPN server acceptable use policyProcedural policyFile server acceptable use policyQuestion 26 of 50 27. Which of the following is an example of PHI? Education recordsEmployment recordsFingerprintsCredit historyQuestion 27 of 50 28. Your company has decided to adopt a public cloud device management solution whereby all devices are centrally managed from a web site hosted on servers in a data center. Management has instructed you to ensure that the solution is reliable and always available. Which type of document should you focus on?Password policyService level agreementRemote access acceptable use policyMobile device acceptable use policyQuestion 28 of 50 29. Your legal consulting services company is headquartered in Berlin with a branch office in Paris. You are determining how to comply with applicable data privacy regulations. Which of the following security standards must your company comply with?GDPRPCI DSS HIPAAPIPEDAQuestion 29 of 50 30. You are a file server administrator for a health organization. Management has asked you to configure your servers appropriately to classify files containing unique manufacturing processes. What is an appropriate data classification for these types of files? ProprietaryPIIPHIPublicQuestion 30 of 50 31. Which of the following best illustrates potential security problems related to social media sites?Other users can easily see your IP address. Talkative employees can expose a company’s intellectual property. Malicious users can use your pictures for steganography.Your credit card number is easily stolen.Question 31 of 50 32. You are configuring a password policy for users in the Berlin office. Passwords must be changed every 60 days. You must ensure that user passwords cannot be changed more than once within the 60-day interval. What should you configure?Minimum password ageMaximum password agePassword complexityPassword historyQuestion 32 of 50 33. After a lengthy background check and interviewing process, your company hired a new payroll clerk named Tammy. Tammy will be using a web browser on a company computer at the office to access the payroll application on a public cloud provider web site over the Internet. Which type of document should Tammy read and sign?Internet acceptable use policy Password policyService level agreementRemote access acceptable use policyQuestion 33 of 50 34. As the IT security officer, you establish a security policy requiring that users protect all paper documents so that sensitive client, vendor, or company data is not stolen. What type of policy is this?PrivacyAcceptable useClean deskPasswordQuestion 34 of 50 35. Which of the following options best describe the proper use of PII? (Choose two.)Law enforcement tracking an Internet offender using a public IP addressDistributing an e-mail contact list to marketing firmsLogging into a secured laptop using a fingerprint scannerPracticing due diligenceQuestion 35 of 50 36. After identifying internal and external threats, you must determine how these potential risks will affect business operations. Which of the following terms best describes this?Risk analysisFault toleranceAvailabilityImpact analysisQuestion 36 of 50 37. You are listing preventative measures for potential risks. Which of the following would you document? (Choose three.)Larger flat-screen monitors Data backupEmployee trainingComparing reliability of network load balancing appliancesQuestion 37 of 50 38. You are identifying security threats to determine the likelihood of virus infection. Identify potential sources of infection. (Choose two.) USB flash drivesUSB keyboardSmartcardDownloaded documentation from a business partner web siteQuestion 38 of 50 39. You are an IT security consultant. A client conveys her concern to you regarding malicious Internet users gaining access to corporate resources. What type of assessment would you perform to determine this likelihood?Threat assessmentRisk analysisAsset identificationTotal cost of ownershipQuestion 39 of 50 40. You are responsible for ensuring that all company IT-related equipment and data are inventoried and given a value. Which term best describes this activity? Asset identificationRisk assessment Risk mitigation Risk registerQuestion 40 of 50 41. You are an IT consultant performing a risk analysis for a seafood company. The client is concerned with specific cooking and packaging techniques the company uses being disclosed to competitors. What type of security concern is this?IntegrityConfidentialityAvailabilityAuthorizationQuestion 41 of 50 42. Margaret, the head of HR, conducts an exit interview with a departing IT server technician named Irving. The interview encompasses Irving’s view of the organization, such as the benefits of the job he held and suggestions of improvements that could be made. Which of the following issues should also be addressed in the exit interview? (Choose two.)Background checkJob rotationNondisclosure agreement Property return formQuestion 42 of 50 43. You are the network administrator for a legal firm. Users in Vancouver must be able to view trade secrets for patent submission. You have shared a network folder called Trade Secrets and allowed the following NTFS permissions: Vancouver_Staff: Read, List Folder Contents Executives: Write IT_Admins: Full ControlRegarding Vancouver staff, which principle is being adhered to?Job rotationLeast privilegeMandatory vacationsSeparation of dutiesQuestion 43 of 50 44. Which of the following is true regarding qualitative risk analysis?Only numerical data is considered.ALE must be calculated.Threats must be identified.ROI must be calculated.Question 44 of 50 45. What is the primary purpose of enforcing a mandatory vacation policy?To adhere to government regulationTo ensure employees are refreshedTo enable other employees to experience other job rolesTo prevent improper activityQuestion 45 of 50 46. Your company restricts firewall administrators from modifying firewall rules unless they make the modifications with a member of the IT security team. What is this an example of?Due careSeparation of dutiesPrinciple of least privilege Acceptable useQuestion 46 of 50 47. During a risk analysis meeting, you are asked to specify internal threats being considered. Which item is not considered an internal threat?EmbezzlementAttackers breaking in through the firewallEmployees using corporate assets for personal gainUsers plugging in personal USB flash drivesQuestion 47 of 50 48. Which values must be calculated to derive annual loss expectancy? (Choose two.)Single loss expectancyAnnual rate of occurrence Monthly loss expectancyQuarterly loss expectancyQuestion 48 of 50 49. Which term best describes monies spent to minimize the impact that threats and unfavorable conditions have on a business? Risk managementSecurity auditBudgetary constraintsImpact analysisQuestion 49 of 50 50. An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?ALEROITotal cost of ownershipTotal monthly insurance premiumQuestion 50 of 50 Loading...