Security+
The CompTIA Security+ (SY0-601) course is a comprehensive program designed for IT professionals to learn the fundamental principles of information security. It covers a wide range of topics, from basic security concepts to advanced subjects like identity management and vulnerability management. This course provides a solid foundation in essential security knowledge and skills, enabling individuals to develop and maintain effective security programs. Overall, it offers a valuable opportunity to enhance expertise in the field of information security.
Take this assessment to know how good you are in this exciting domain.
Click the Rewards tab for eligibility requirements.
Read the FAQs tab carefully for Instructions before beginning the assessment.
NYXPoints are used to generate the Leaderboard (coming soon). They are awarded for achieving a certain score.
- 200 nyxpoints for a passing score of 80% or more
- 300 nyxpoints for a perfect score of 100%
- Didn’t pass? You still get 30 nyxpoints for attempting the assesment
IMPORTANT instructions for taking the Assessment
- The timer starts when you click Start Assessment
- DO NOT refresh/reload the page or use the back button to navigate away from the page.
- Navigating away from the assessment page DOES NOT stop/pause the timer and the will restart the assessment when you come back to it. The answers are NOT saved.
General
- There are NO pre-requisites to take this assessment. Take this assessment even if you are completely new to Linux.
- The assessment is completely FREE.
- Preferably take it in a closed book mode.
- DO NOT copy/paste, share or upload questions elsewhere.
Eligible Rewards
300 NyxCoins*
* NyxCoins vary on score
Assessment Summary
0 of 30 Questions completed
Questions:
Information
You have already completed the assessment before. Hence you can not start it again.
Assessment is loading…
You must sign in or sign up to start the assessment.
You must first complete the following:
Results
Results
0 of 30 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 30
1. Question
The process of dividing larger network address spaces into smaller networks is called:
CorrectIncorrect -
Question 2 of 30
2. Question
Which of the following ports MUST be permitted by firewalls to allow active FTP connections? (Select TWO).
CorrectIncorrect -
Question 3 of 30
3. Question
Our security team identifies some critical files being transferred from a desktop in an internal network to an unauthorized IP address. Further investigations conclude that the firewall policies and settings have not been changed, and antivirus has the latest update installed as well .Which of the following is the MOST likely cause for the incident?
CorrectIncorrect -
Question 4 of 30
4. Question
A user receives a message that seems to be from a trusted source, however, in reality, it redirects the recipient to a malicious site. The message is created in such a way so that it is effective on only a small number of targeted victims. What kind of attack is this called?
CorrectIncorrect -
Question 5 of 30
5. Question
A security professional is assigned the task of securing applications against various attacks. While the underlying operating system is updated regularly, there is no process to update the software. Which of the following is the MOST effective way of mitigating these specific risks?
CorrectIncorrect -
Question 6 of 30
6. Question
Which of the following is recovered by recovery agent?
CorrectIncorrect -
Question 7 of 30
7. Question
An organization has hired a software developer for writing the software code and to deploy it to the production network. The network administrator is also part of the team who is responsible for deploying code to the application servers. Which of the following practices are they following to ensure application integrity?
CorrectIncorrect -
Question 8 of 30
8. Question
A security audit has concluded that a high percentage of users have passwords that can be easily cracked. The BEST technical control that could be implemented to minimize the amount of easily “crackable” passwords is to?
CorrectIncorrect -
Question 9 of 30
9. Question
Someone in your organization included a piece of code in an application that causes the program to stop functioning at 11:00 AM on Monday when the application is used at its peak efficiency. Which of the following categories of malware does this belong to?
CorrectIncorrect -
Question 10 of 30
10. Question
The cyber security team of our organization receives a list of IP addresses that have been reported as attempting to access the network. For us to check any possible successful attempts across the organization, which of the following should be implemented?
CorrectIncorrect -
Question 11 of 30
11. Question
Our security team is auditing the web server logs and notice multiple attempts by users to access: http://www.cisco.com/ldapsearch?user-* The attack has been detected. Which of the following measures will prevent this type of attack on the webserver?
CorrectIncorrect -
Question 12 of 30
12. Question
Which of the following technologies should an organization use to stop the execution of different types of malicious code?
CorrectIncorrect -
Question 13 of 30
13. Question
Which of the following TCP flags, set on a stream of multiple packets, can launch a common Denial of Service (DoS) attack?
CorrectIncorrect -
Question 14 of 30
14. Question
A security administrator notices the following log entry in IDS appliance : (where email=amit@amit.com and passwd= ‘or 1==1’) What kind of attack is indicated by this log?
CorrectIncorrect -
Question 15 of 30
15. Question
By deploying heuristics to detect an anomaly in a computer’s baseline, a security administrator was able to detect an attack, although the signature based IDS and antivirus did not detect it. Further analysis concluded that the attacker had downloaded a portable executable file onto the desktop from the USB port, and executed it to trigger privilege escalation. Which of the following attacks has MOST likely occurred?
CorrectIncorrect -
Question 16 of 30
16. Question
The project manager has complained that many employees have been playing preinstalled games on the PCs. Which of the following would be the MOST effective way for preventing the users from doing so?
CorrectIncorrect -
Question 17 of 30
17. Question
Tony, our security intern, manually calculates hashes all network device configuration files daily and compares them to the hashes calculated on the previous days. Which of the following security concepts is Tony implementing?
CorrectIncorrect -
Question 18 of 30
18. Question
You have downloaded an ISO image for a security appliance and want to verify its integrity. What should you do?
CorrectIncorrect -
Question 19 of 30
19. Question
When using DAC or Discretionary Access Control, who will have the control or rights over access to the resources?
CorrectIncorrect -
Question 20 of 30
20. Question
What are the two valid key-size specifications for WEP defined for 802.11 networks?
CorrectIncorrect -
Question 21 of 30
21. Question
Which of the following are the correct steps to find out an exact timeline for a network intrusion attempt?
CorrectIncorrect -
Question 22 of 30
22. Question
According to cyber security experts, which statement is the correct definition of a computer virus?
CorrectIncorrect -
Question 23 of 30
23. Question
Which of the following is the generic name for a fix or solution for a known software issue?
CorrectIncorrect -
Question 24 of 30
24. Question
Regarding the Intrusion Detection System or IDS, which of the following components is responsible for collecting data?
CorrectIncorrect -
Question 25 of 30
25. Question
What will you implement to ensure that data at-rest is secure even in the case of loss or theft?
CorrectIncorrect -
Question 26 of 30
26. Question
Which of the following aspects/concepts of security are a part of the “security triad”? (Select THREE).
CorrectIncorrect -
Question 27 of 30
27. Question
Our IT Manager concluded that our application is not able to handle the large volume of traffic received on a daily basis.There are a number of issues regarding packet drops and server not accessible during peak hours. Which of the following would be a possible solution to solve these issues and ensure that the application remains secure and available?
CorrectIncorrect -
Question 28 of 30
28. Question
Which of the following backup options/solutions will provide the backup in quickest time?
CorrectIncorrect -
Question 29 of 30
29. Question
Which mechanism does PKI use to allow immediate verification of validity of a certificate?
CorrectIncorrect -
Question 30 of 30
30. Question
What is the name of the process for verifying the steps taken to make sure that the evidence related to cyber-crime has not been tampered with?
CorrectIncorrect