Security + test questions, pdf

Your project for them consists of configuring a wireless router at their coffee shop area. The wireless connection will be used by waiting customers to connect to the Internet. Where will you plug in the wireless router? The ports do not address the separation of functional requirements. A demilitarized zone DMZ is a network that allows external unsecure access to resources while preventing direct access to internal resources.

If the wireless access point is plugged into the DMZ, this will provide Internet access to customers while not allowing them access to internal business computers. The correct choice is therefore d. Main exam objective: 3. Exam sub-objective: 3. According to the policy, passwords must contain characters from how many of these different groups? Password complexity policy must contain characters from three of the following four categories— English uppercase characters A through Z , English lowercase characters a through z , digits 0 through 9 , and non-alphabetic characters!

The correct choice is b. Main exam objective: 4. Exam sub-objective: 4. You are an IT consultant for a business located in a coastal area that is susceptible to storms and occasional flooding. Which of the following plans focus on ensuring that personnel, customers, and IT systems are minimally affected after a disaster? Business continuity is considered the key goal in which disaster recovery plays a part.

Disaster recovery involves implementing steps to get a business operational. Business continuity ensures business operation after the implementation of the DRP. The correct choice is d. Exam sub-objective: 5. You are a computer security consultant, and your latest client is a military contractor who requires the utmost in security for transmitting messages during wartime. Which of the following provides the best security?

One-time pads are used to combine completely random keys with plain text resulting in ciphertext, after which one-time pads are not used again. A randomized initialization vector IV , or salt, is used to derive keys. An item used only once is referred to as a nonce. Both communicating parties must have the same one-time pads, which presents a problem if communicating with many entities. No amount of computing power or time can increase the likelihood of breaking this type of ciphertext.

The correct choice is c. Main exam objective: 6. Exam sub-objective: 6. The questions above are all multiple choice. Below is a screenshot of one of the performance-based questions available in the interactive CertBlaster exam simulation software. Below is a screengrab of a PBQ. Which of the following types of malware delivery, usually through a Trojan, includes demands for payment? Explanation: Ransomware software takes control of a system by encrypting the hard drive or changing a password and requires the user to pay extortion to revert their system back to normal.

Review the malware-related compromises listed. Which type of malware can make its presence and that of its accompanying payload invisible to the system? Explanation: The primary function of a rootkit is to become undetectable and mask its functions from the operating system. Crypto malware encrypts files, drives, and even networks quite visibly. Ransomware cripples user interaction until a fee is paid. Explanation: Spoofing is pretending to be someone else by imitating that person or system. Which type of network penetration attack model requires an attacker to have the highest skill level?

The PDF provides an overview of the following unarmed test question subject matter as it is likely to be found on most state unarmed security tests. Officers are prepped for questions dealing with site directives and post orders, patrol, access control, radio use, maintenance, first aid and fire suppression. Subject matter includes report writing, going to court and knowing the vital difference between a "fact" and a "conclusion. Test takers must show knowledge of the importance of tactical communications, understand interview posture and articulate the arrest powers of the security officer.

As the official representative of the property owner, the officer can deny access and evict people from the property. This is true, the school is a public building. A taxpayer cannot be denied access. This is why many schools do not use metal detectors; they are pointless. This is false, law allows the school to set an access policy and security may enforce that policy.

Failure to clear a metal detector allows the school security officer to deny access. This is true, but the person must provide a copy of his identity before proceeding. He must also pledge to not use any weapons on his person to cause harm once he is allowed access.

This is false, the security officer can deny access but only after checking with the local police. A group of hotel guests create a loud disturbance in the hotel parking area and the bordering public sidewalk while drinking alcohol. The winning bidder at a public car auction refuses to pay for the vehicle he just agreed to purchase at auction. Because Miranda notices are normally provided by a police officer, the arrestee might accuse the security officer of impersonating a police officer.

It minimizes the civil liability of the security agency. Also, the unarmed officer does not have the tools or training to make an arrest. One of the best ways to prepare for this exam is to gain experience in the IT workforce beforehand.

Once you pass this exam, it will be much easier to land higher-paying and full-time jobs. In fact, taking this test is a great first step to increasing your knowledge as well as job opportunities in the security industry. Even though the lowest possible score is , to pass, you must get at least a Any score below a is considered a failing grade. Home Career Comptia. Take Me There.