Free CompTIA Security+ Practice Chapter 3

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 3

1 / 131

What distinguishes FTPS from SFTP according to the provided information?

A. FTPS uses SSL for encryption, while SFTP uses SSH.

B. FTPS transfers files using UDP, while SFTP uses TCP.

C. FTPS uses TLS for encryption, while SFTP uses SSH.

D. FTPS cannot transmit data over TCP port 22, while SFTP can.

2 / 131

What are some elements involved in creating a secure network?

A. Use of various topologies and network appliances

B. Ignoring network traffic

C. Avoiding segmentation of network devices and traffic

D. Network appliances are not used for segmentation and isolation

3 / 131

What functionalities does Spanning Tree Protocol (STP) or Rapid STP (RSTP) provide on a network?

A. Broadcast storm prevention and loop prevention

B. Traffic rerouting and encryption

C. Firewall protection and malware scanning

D. Load balancing and packet filtering

4 / 131

What is the primary purpose of the Domain Name System (DNS)?

A. To provide internet connectivity

B. To resolve hostnames to IP addresses

C. To encrypt data for web browsing

D. To increase processing speed of web browsers

5 / 131

Which of the following protocols is used to transfer smaller amounts of data, such as when communicating with network devices, and uses UDP port 69?

A. FTP

B. SSH

C. TFTP

D. SFTP

6 / 131

What is the key feature of Static NAT?

A. It uses multiple public IP addresses in a one-to-many mapping

B. It uses a single public IP address in a one-to-one mapping

C. It is compatible with IPsec

D. It maps the next request to a less-used public IP address

7 / 131

What is the function of the DDoS mitigator in a unified threat management (UTM) appliance?

A. Detects and blocks malware

B. Regulates access to certain webistes via URL filtering

C. Assesses and blocks incoming data streams for malicious content

D. Attempts to detect and block DDoS attacks

8 / 131

What is the function of proxy servers?

A. To store and retrieve data from the database

B. To forward requests for services from clients and restrict access to inappropriate websites.

C. To handle user authentication and authorization

D. To intercept and block all incoming and outgoing network traffic

9 / 131

Which of the following best defines a unified threat management (UTM)?

A. A single solution that combines multiple security controls and aims to provide better security while also simplifying management requirements.

B. A software program that defends a computer from viruses and malware.

C. A technique used to block access to websites based on their URLs.

D. A method used to detect and block Denial of Service (DoS) attacks.

10 / 131

What is the primary purpose of a network appliance?

A. To fulfill a specific need

B. To provide additional services to a server

C. To replace firewalls

D. To handle the details under the hood

11 / 131

What is a common reason users cannot connect to systems using Remote Desktop Protocol (RDP)?

A. The server does not support RDP

B. The internet connection is not strong enough

C. Port 3389 is blocked on a host-based or network firewall

D. The protocol SSH is being used instead

12 / 131

Which of the following commands should Maggie use to create a public and private key pair?

A. ssh-copy-id

B. ssh-keygen -t rsa

C. ssh gcga

D. ssh root@gcga

13 / 131

What is the key difference between a transparent proxy and a non-transparent proxy?

A. A transparent proxy filters requests while a non-transparent one does not

B. A non-transparent proxy modifies or filters requests, while a transparent proxy forwards them without modification

C. A transparent proxy logs user activity, while a non-transparent proxy does not

D. A non-transparent proxy provides caching, while a transparent proxy does not

14 / 131

What does a firewall’s implicit deny strategy do?

A. It allows all traffic that is not explicitly blocked.

B. It blocks all traffic that is not explicitly allowed.

C. It redirects all traffic that is not explicitly allowed.

D. It duplicates all traffic that is not explicitly blocked.

15 / 131

What is the use of the jump server in a network environment?

A. To provide email services within a network

B. To connect and manage devices in another network with a different security zone

C. To act as a firewall blocking all incoming traffic

D. To act as a DNS server for internal network

16 / 131

Which protocol is commonly blocked at firewalls and routers, disabling a ping response, preventing attackers from discovering devices in a network?

A. TCP

B. HTTP

C. ARP

D. ICMP

17 / 131

Which of the following statements about File Transfer Protocol (FTP) are correct?

A. FTPS uses SSH to encrypt FTP traffic

B. FTP transmits data in encrypted form

C. FTP passive mode uses a random TCP port for data, this random port is often blocked by firewall

D. TFTP is an essential protocol on most networks

18 / 131

What is the purpose of the ’id_rsa’ file in an OpenSSH system?

A. It is a public key that is copied to the remote server for authentication.

B. It is the private key that must remain private and stays on the client’s machine.

C. It serves as the user’s password in a passwordless login system.

D. It initiates the SSH connection on port 22.

19 / 131

Which of the following is not true about network-based firewalls?

A. It typically has two or more network interface cards (NICs)

B. It is an application running on a system

C. It can be a dedicated server with proprietary software installed

D. It controls traffic going in and out of a network

20 / 131

Which of the following is the primary purpose of HTTPS?

A. Transfer email between clients and SMTP servers

B. Enable the storage of email on an email server

C. Encrypt web traffic to ensure it is secure while in transit

D. Allow users to organize and manage email in folders on the server

21 / 131

What command would Maggie use to initiate an SSH connection to the gcga server using the root account of the remote system?

A. ssh gcga

B. ssh root@gcga

C. ssh-keygen -t rsa

D. ssh-copy-id gcga

22 / 131

What is the primary purpose of DHCP snooping?

A. To allocate the same IP address to multiple clients.

B. To prevent unauthorized DHCP servers from operating on a network.

C. To enable clients to bypass DHCP servers and use static IPs.

D. To facilitate communication between multiple DHCP servers on the network.

23 / 131

What is the purpose of the malware inspection component in a UTM appliance?

A. It allows for the UTM appliance to act as a proxy server

B. It scans incoming data for known malware and blocks it

C. It detects DDoS attacks and blocks them

D. It adjusts the sensitivity of the spam filter to meet the needs of the organization

24 / 131

What does a ’Content inspection’ feature in a Unified Threat Management (UTM) system involve?

A. It completely prevents the attacks from DDoS.

B. It includes a combination of different content filters and monitors incoming data streams to block malicious content.

C. It checks if there are infections on computers within a network.

D. It blocks access to sites based on their URL.

25 / 131

What are the only three IPv4 address ranges that should be allocated within a private network?

A. 10.x.y.z, 172.16.y.z, 192.168.x.y

B. 192.168.0.0, 172.16.0.0, 10.0.0.0

C. 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, 192.168.0.0 through 192.168.255.255

D. 10.x.y.z, 172.x.y.z, 192.x.y.z

26 / 131

What are the TCP ports used by SMTP, POP3, IMAP4, HTTP and HTTPS common protocols?

A. SMTP uses ports 25 and 487; POP3 uses 110 and 995; IMAP4 uses 143 and 993; HTTP and HTTPS 80 and 443.

B. SMTP uses ports 25 and 587; POP3 uses 100 and 995; IMAP4 uses 140 and 993; HTTP and HTTPS 80 and 443.

C. SMTP uses ports 25 and 587; POP3 uses 110 and 990; IMAP4 uses 140 and 990; HTTP and HTTPS 80 and 440.

D. SMTP uses ports 25 and 587; POP3 uses 110 and 995; IMAP4 uses 143 and 993; HTTP and HTTPS 80 and 443.

27 / 131

What is the function of the Address Resolution Protocol (ARP)?

A. It identifies hosts in a TCP/IP network using IP addresses.

B. It provides connectionless sessions without a three-way handshake.

C. It resolves IPv4 addresses to media access control (MAC) addresses.

D. It supports specific traffic types such as HTTP or SMTP.

28 / 131

Which command should Maggie use to create a public/private key pair for passwordless SSH login?

A. ssh-keygen -t rsa

B. ssh gcga

C. ssh root@gcga

D. ssh-copy-id gcga

29 / 131

What is the purpose of the ’ssh-keygen -t rsa’ command in OpenSSH?

A. It copies the public key to the remote server

B. It is used to initiate an SSH connection with an account on the remote server

C. It creates a public/private key pair

D. It stores the private key on the client system

30 / 131

What is the purpose of the ’route add’ command in a system’s routing table?

A. To display the system’s routing table

B. To modify the IP address of the default gateway

C. To add a path to a different network

D. To initiate a man-in-the-middle attack

31 / 131

Which of these common protocols do Google Mail uses for storing email on an email server?

A. SMTP

B. POP3

C. IMAP4

D. HTTP

32 / 131

What is the role of a PTR record in the Domain Name System (DNS)?

A. It identifies the primary mail server.

B. It holds the hostname and the IPv4 address.

C. It enables a DNS client to query DNS with the IP address to get a name.

D. It allows a single system to have multiple names associated with a single IP address.

33 / 131

What is a key difference between SNMPv1/v2 and SNMPv3?

A. Only SNMPv3 supports UDP ports 161 and 162

B. SNMPv1 and v2 do not have any vulnerabilities

C. SNMPv3 encrypts credentials before sending them over the network

D. SNMPv1/v2 can modify the devices’ configuration but SNMPv3 cannot

34 / 131

Which protocol and port number are used by SSH for encrypting traffic in transit?

A. SSH, TCP port 21

B. SSH, TCP port 22

C. SSH, UDP port 69

D. SSH, UDP port 500

35 / 131

What is the purpose of executing the command ’ssh-copy-id gcga’ in the context of a Linux system using OpenSSH?

A. To initiate an SSH connection to the remote server

B. To copy the public key to the remote server

C. To create a public/private key pair

D. To store the private key on the client

36 / 131

Which of the following best describes port security as described in the passage?

A. Allowing only one or two MAC addresses to connect per port and blocking all others

B. Disabling unused ports to prevent unauthorized connections

C. Restricting each physical port to only a single specific MAC address as an advanced method

D. All of the above

37 / 131

Which protocol is the designated replacement for SSL and should be used instead of SSL for browsers using HTTPS?

A. SSH

B. FTPS

C. IPsec

D. TLS

38 / 131

What is the purpose of caching content in a proxy server for performance enhancement?

A. To increase the Internet requests

B. To provide temporary storage

C. To reduce Internet bandwidth usage

D. To request the same page from the server again

39 / 131

What does the ’Permission’ element in ACLs for firewalls typically indicate?

A. It indicates the subnet mask being used.

B. It identifies whether the traffic should be permitted or denied.

C. It specifies the range of IP addresses.

D. It helps enforce an implicit deny strategy by blocking any traffic that wasn’t previously allowed.

40 / 131

What happens when the DHCP sends an ’Acknowledge’ packet?

A. The DHCP server offers the same IP address to other clients

B. It ends the communication between the DHCP server and client

C. The DHCP allocates the offered IP address to the client and won’t offer the same IP to other clients

D. It triggers a new discovery process

41 / 131

What is the primary purpose of physical isolation and air gaps in a network security context?

A. To improve the speed of the network

B. To decrease dependency on external networks

C. To reduce risks by completely separating one network from another

D. To increase the network’s storage capacity

42 / 131

Why is TLS recommended over SSL?

A. SSL has more functionalities than TLS

B. SSL has been compromised and is not maintained or patched

C. Both SSL and TLS are the same

D. TLS is less secure compared to SSL

43 / 131

What is the primary function of a Zero Trust Network?

A. It trusts all devices by default.

B. It trusts no devices by default.

C. It only trusts devices that haven’t been previously compromised.

D. It only trusts devices after a multifactor authentication is performed.

44 / 131

Which protocol can be used to transfer encrypted files over a network and uses TCP port 22?

A. FTP

B. TLS

C. SSH

D. HTTPS

45 / 131

In the context of Stateless Firewall Rules, what does the term ’implicit deny strategy’ refer to?

A. The rule that blocks any keyword used in communication.

B. The rule that allows specific types of traffic.

C. The strategy that automatically permits all traffic not explicitly denied.

D. The strategy that blocks all traffic not explicitly permitted.

46 / 131

What is one of the benefits of using Network Address Translation (NAT)?

A. It remains compatible with IPsec

B. It requires all internal clients to have public IP addresses

C. It allows multiple computers to access the Internet through one router running NAT

D. It makes internal computers easily exploitable from the Internet

47 / 131

What function does a firewall serve in a network?

A. It boosts the network’s speed

B. It filters incoming and outgoing traffic for a single host or between networks

C. It helps in storage and retrieval of data

D. It helps to connect various devices on the network

48 / 131

How can Access Control Lists (ACLs) be utilized within a router for security?

A. To block traffic based on IP addresses and networks

B. To encourage traffic from all sources indiscriminately

C. To automatically detect and repair faults in the network

D. To increase the speed and efficiency of data transfer

49 / 131

What is the function of a Bridge Protocol Data Unit (BPDU) Guard feature in a network?

A. It enables a port to send BPDU messages.

B. It monitors edge ports for BPDU messages and disables the port if any are detected.

C. It has no function and is used for redundant traffic.

D. It generates BPDU messages from edge ports.

50 / 131

Secure Shell (SSH) is used for which of the following?

A. Transferring files in cleartext

B. Encrypting traffic over TCP port 23

C. Protecting virtual private network (VPN) traffic

D. Encrypting traffic in transit, including other protocols such as FTP

51 / 131

What does the ’Protocol’ element in an Access Control List (ACL) rule typically refer to on a firewall?

A. The specification of the subnet mask for an IP address targeted by the rule

B. The determination of SMTP traffic that should be allowed or blocked

C. The type of traffic that is dealt with, such as TCP, UDP, ICMP or IP

D. The destination IP address that the rule applies to

52 / 131

What does DHCP snooping prevent on a network?

A. Unwanted broadcasting of all network traffic

B. Operation of unauthorized DHCP servers

C. DHCP client from making lease requests

D. DHCP server from sending acknowledge packets

53 / 131

What is the purpose of the SOA (start of authority) record in DNS?

A. It holds the hostname and IPv4 address

B. It identifies a mail server used for email

C. It includes information about the DNS zone and some of its settings

D. It allows a single system to have multiple names associated with a single IP address

54 / 131

What does the term ’East-West traffic’ refer to within a network?

A. Traffic between servers.

B. Traffic between a client and server.

C. Traffic between network switches.

D. Traffic from different network regions.

55 / 131

What is the main difference between Network Time Protocol (NTP) and Simple NTP (SNTP) in terms of time synchronization?

A. NTP requires one domain controller, while SNTP requires multiple domain controllers.

B. SNTP uses complex algorithms to identify the most accurate time, while NTP does not.

C. NTP uses complex algorithms and queries multiple time servers to identify the most accurate time, while SNTP does not.

D. SNTP only synchronizes the time within tens of millisecond, while NTP can synchronize time down to microseconds.

56 / 131

What does the ’-J’ switch in the ’ssh -J maggie@jump maggie@ca1’ command represent?

A. It is used to specify the user authentication

B. It instructs ssh to connect to the jump server and then use TCP forwarding to connect to the CA server

C. It connects to the internal network directly

D. It runs additional services on the server

57 / 131

What is the fundamental difference between a physical and a logical port in network devices?

A. A physical port refers to the location where a device is located, while a logical port refers to the security settings for that device

B. A physical port is used for turning off devices, while a logical port is used for turning on devices

C. A physical port is where the cable is plugged in a network device, while a logical port is a number in a packet that identifies services and protocols

D. A physical port refers to the password used to secure a device, while a logical port refers to the username for that device

58 / 131

What is one of the key features that distinguishes a next-generation firewall (NGFW) from first and second generation firewalls?

A. NGFW uses stateless firewall rules

B. NGFW only allows or blocks traffic

C. NGFW uses deep-packet inspection

D. NGFW cannot identify common application protocols used on the Internet

59 / 131

Which encryption protocol is designated as the replacement for SSL and should be used instead of SSL for browsers using HTTPS?

A. IPsec

B. SSH

C. TLS

D. SFTP

60 / 131

What is the main difference between an Intranet and an Extranet?

A. Intranet requires web servers while Extranet does not

B. Extranet is an internal network while Intranet is not

C. Intranet is restricted to internal users while Extranet can be accessed by authorized external entities

D. There is no difference between an Intranet and an Extranet

61 / 131

What is the correct form of a private IP address according to RFC 1918 in the IPv4 protocol?

A. 172.31.0.0 through 172.33.255.255

B. 192.160.0.0 through 192.160.255.255

C. 10.0.0.0 through 10.255.255.255

D. fc00

62 / 131

What is the purpose of an ’air gap’ in relation to network security?

A. To allow for faster data transfer between networks

B. To physically isolate one network from another

C. To restrict the use of the network to only authorized users

D. To provide an additional level of encryption for the network

63 / 131

What is the purpose of the DHCP Offer in the DHCP communication process?

A. It blocks rogue DHCP servers from operating on a network.

B. It is a request sent by a DHCP client for a lease.

C. It is the acknowledgment sent back by the DHCP server after allocating an IP address.

D. It is the response of a DHCP server offering a lease to the client including an IP address, subnet mask, default gateway among others.

64 / 131

What is the primary function of the ’route’ command in both Windows and Linux systems?

A. To alter a system’s firewall settings

B. To display or modify a system’s routing table

C. To monitor system storage and usage

D. To enable or disable network interfaces

65 / 131

What does the Real-time Transport Protocol (RTP) particularly deliver over IP networks?

A. Text messages

B. Audio and Video

C. Email

D. Application data

66 / 131

Based on the passage, how can ACLs on a router be used to filter traffic?

A. By blocking specific IP addresses

B. By blocking traffic on specific ports

C. By allowing or blocking traffic based on protocol number

D. All of the above

67 / 131

How does the Spanning Tree Protocol (STP) or the Rapid STP (RSTP) protect a network?

A. By sending an alert when a new device connects to the network

B. By boosting the bandwidth of the network

C. By providing broadcast storm prevention and loop prevention for switches

D. By detecting and eliminating malware in the network

68 / 131

What are some common protocols used for Subscription Services Use Cases?

A. HTTP and SSH

B. POP3 and IMAP

C. HTTPS and TLS

D. SNMP and ICMP

69 / 131

What is the primary purpose of an A-record in the Domain Name System (DNS)?

A. It holds the hostname and IPv6 address.

B. It identifies a mail server used for email.

C. It allows a single system to have multiple names associated with a single IP address.

D. It holds the hostname and IPv4 address and is the most commonly used record in a DNS server.

70 / 131

Which protocol is an implementation of FTP that uses SSH to transmit files in an encrypted format?

A. IPsec

B. SSL

C. SFTP

D. TLS

71 / 131

What does a DHCP client do to start getting a lease from a DHCP server?

A. Sends a DHCP Acknowledge packet

B. Sends a DHCP Discover message

C. Sends a DHCP Offer packet

D. Sends a DHCP Request message

72 / 131

What is the function of the AAAA-record in a Domain Name System (DNS)?

A. It identifies a mail server used for email.

B. It allows a DNS client to query DNS with the name and DNS to respond with an IP address.

C. It holds the hostname and IPv6 address.

D. It provides the TTL settings for DNS records.

73 / 131

What is the function of the broadcast method in IPv4 addressing of TCP/IP traffic?

A. Broadcasting allows one host to send data to all other hosts on the same subnet.

B. Broadcasting allows one host to send data only to another single host.

C. Broadcasting prevents the host from sending data on the network.

D. Broadcasting allows a host to connect to multiple networks.

74 / 131

What is the primary function of a router in a network?

A. To connect hosts together within a network

B. To pass broadcast traffic between ports

C. To connect multiple networks together to create larger networks

D. To assign IP addresses to each device in the network

75 / 131

What is the main purpose of Domain Name System Security Extensions (DNSSEC)?

A. To prevent DDoS attacks

B. To provide validation for DNS responses using digitally signed records

C. To encrypt all DNS traffic

D. To provide DNS query rate limiting

76 / 131

Why is physical isolation such as an air gap important in a supervisory control and data acquisition (SCADA) system?

A. It allows the SCADA system to connect to the Internet for updates

B. It ensures communication between different networks

C. It reduces risks to the SCADA system by minimizing the reach of potential attackers

D. It facilitates the sharing of resources between networks

77 / 131

In computing, which TCP port does IMAP4 use for unencrypted connections, and which port for encrypted connections?

A. Port 143 for unencrypted, port 993 for encrypted

B. Port 110 for unencrypted, port 995 for encrypted

C. Port 80 for unencrypted, port 443 for encrypted

D. Port 25 for unencrypted, port 587 for encrypted

78 / 131

What does the STARTTLS command allow in relation to SMTP?

A. It opens a new port for encrypted data.

B. It helps SMTP to transfer email to external clients.

C. It enables protocol to use the same port for cleartext and ciphertext.

D. It reassigns port 465 for emails encrypted with SSL.

79 / 131

What determines which protocols are enabled in a network?

A. The preferences of the IT professionals

B. The availability of the protocols

C. Organizational goals and needs

D. The decisions of the network users

80 / 131

What is the main function of a host-based firewall?

A. Monitor traffic in a network of computers

B. Monitor traffic going in and out of a single host

C. Protect against viruses

D. Prevent intrusion into a network

81 / 131

What are the three primary factors used to filter packets by router ACLs?

A. IP addresses, ports, and protocol numbers

B. Subnet IDs, protocol numbers, and ports

C. IP addresses, DNS names, and protocol numbers

D. Ports, protocol names, and IP addresses

82 / 131

What is the primary function of the Session Initiation Protocol (SIP) in relation to voice, video, and messaging sessions?

A. It transports the audio or video

B. It provides encryption, message authentication, and integrity for RTP

C. It initiates, maintains, and terminates the sessions

D. It records all voice, video, and messaging traffic

83 / 131

Which of the following protocols is NOT recommended for use when remotely administering systems, due to its lack of security?

A. SSH

B. RDP

C. VPN

D. Telnet

84 / 131

What is the purpose of the ’Destination’ in rules within Access Control Lists (ACLs) used by firewalls?

A. To identify IP addresses to allow or block traffic

B. To check if the traffic is ICMP or not

C. To decide whether or not to use an implicit deny strategy

D. To specify a protocol like TCP or UDP

85 / 131

Which of the following statements about nslookup and dig command-line tools is correct?

A. The dig tool has replaced nslookup on Microsoft systems

B. The nslookup and dig tools can only query for IP addresses

C. When a system has multiple mail servers, the highest number preference identifies the primary mail server

D. The dig and nslookup tools can be used to query specific records such as mail servers and the lowest number preference identifies the primary mail server when there are multiple ones

86 / 131

Which protocol is commonly used for transporting voice and video over a network and provides encryption, message authentication, and integrity for RTP?

A. SIP

B. SRTP

C. TCP

D. RTP

87 / 131

Which protocol provides connection-oriented traffic with guaranteed delivery?

A. UDP

B. ICMP

C. TCP

D. HTTP

88 / 131

Which protocol provides both broadcast storm prevention and loop prevention for switches?

A. HTTP

B. STP or RSTP

C. FTP

D. SNMP

89 / 131

What is the purpose of a poisoning attack?

A. Corrupt cache with different data

B. Disrupt services from another system

C. Capture data sent over a network

D. Exploit vulnerabilities in MAC addressing and ARP

90 / 131

What does the ’implicit deny’ rule accomplish in an ACL?

A. It allows all traffic that has not been explicitly blocked.

B. It permits only HTTP traffic to a web server.

C. It blocks all traffic that isn’t explicitly allowed.

D. It denies traffic only to specific networks, subnets, or IP addresses.

91 / 131

What does the ’route print’ command display on a computer system?

A. The computer’s firewall settings

B. The path to the default gateway

C. All the paths known by the computer to other networks

D. The computer’s antivirus settings

92 / 131

Which of the following use cases is NOT supported by switches?

A. Preventing switching loops

B. Preventing BPDU attacks

C. Providing secure management of network devices

D. Increasing segmentation of user computers

93 / 131

Which of these protocols is used for connectionless sessions without a three-way handshake?

A. TCP

B. ICMP

C. UDP

D. ARP

94 / 131

Which of the following best describes how IPv6 addresses are expressed?

A. They use 32-bit addresses expressed in binary form

B. They use 32-bit addresses expressed in dotted decimal format

C. They use 128-bit addresses expressed in hexadecimal format

D. They use 128-bit addresses expressed in dotted decimal format

95 / 131

What is the role of the Data Link layer in the Open Systems Interconnection (OSI) model?

A. It assists in the identification of DoS and DDoS attacks.

B. It is responsible for ensuring that data is transmitted to specific devices on the network by formatting the data into frames and adding media access control (MAC) addresses for the source and destination devices.

C. It works with protocol analyzers to capture data sent over a network.

D. It stores data in cache for temporary access and deals with Poisoning attacks.

96 / 131

What is an intranet in terms of networking?

A. A part of internet used for sharing personal information

B. A part of network accessed by authorized entities from outside

C. An internal network used for communication and content sharing

D. A specialized software used for internet connectivity

97 / 131

What is the primary use case of Unicast in an IPv4 network?

A. One-to-all traffic. One host sends traffic to all other hosts on the subnet

B. A common usecase for a router to connect multiple networks together

C. One-to-one traffic. One host sends traffic to other host using a IP address

D. A host sends traffic to several other selected hosts on a network

98 / 131

Which of the following best describes Dynamic NAT?

A. A protocol that maps a private IP address with a single public IP address

B. A form of NAT that translates public IP addresses to private IP addresses, using multiple public IP addresses based on load

C. A form of NAT incompatible with IPsec

D. A system that hides internal computers from the Internet by mapping them to public IP addresses

99 / 131

What happens if a network has too many computers on a single segment?

A. The network performance remains the same

B. The network performance becomes excessive

C. Broadcasts can result in excessive collisions and reduce network performance

D. The network becomes inoperable

100 / 131

What is the function of an MX record in a DNS server?

A. It identifies a mail server used for email.

B. It holds the hostname and IPv4 address.

C. It is related to the TTL settings for DNS records.

D. It holds the hostname and IPv6 address.

101 / 131

What does the term ’Extranet’ refer to in network security?

A. A part of the network that provides internal communication and sharing.

B. A part of the network that can be accessed by authorized entities from outside of the network.

C. A server that connects the network directly to the Internet.

D. The boundary that protects the network from unauthorized access.

102 / 131

Which statement correctly describes the User Datagram Protocol (UDP)?

A. UDP provides connection-oriented traffic and uses a three-way handshake for delivery.

B. UDP provides basic connectivity and an identification for hosts in a network.

C. UDP uses IP addresses to get a packet to a destination network and then uses MAC addresses to get it to the correct host.

D. UDP provides connectionless sessions and makes a best effort basis for delivery with no guarantee.

103 / 131

What can help to prevent switching loop problems and broadcast storms in a network?

A. Disabling cable connections

B. Installing additional switches

C. Implementing Spanning Tree Protocol (STP) or Rapid STP (RSTP)

D. Disconnecting all RJ-45 wall jacks

104 / 131

What is one of the primary functions of the Rapid Spanning Tree Protocol (RSTP)?

A. It controls the routing tables in a network.

B. It provides broadcast storm prevention and loop prevention for switches.

C. It actively identifies and blocks malicious traffic.

D. It enhances speed of network transmissions.

105 / 131

What are the primary functions of the Secure Real-time Transport Protocol (SRTP)?

A. It provides encryption, message authentication, and integrity for RTP.

B. It is used to initiate, maintain, and terminate voice, video, and messaging sessions.

C. It shows timestamps, caller phone numbers, recipient phone numbers, extensions, and missed calls.

D. It is a protocol used for transporting voice and video over a network.

106 / 131

What does the Quality of Service refer to in relation to network management?

A. The measure and control of different traffic types on a network

B. The prioritization of VoIP phones over streaming video

C. The amount of video being streamed over a network

D. The degree of packet loss experienced on a network

107 / 131

What does MAC filtering in port security do?

A. Allows the connection of any device to the switch ports

B. Prevents the connection of specific MAC addresses

C. Limits each port’s connectivity to a specific device using a certain MAC address

D. Enables all unused ports on a switch

108 / 131

What is true about network address allocation using Dynamic Host Configuration Protocol (DHCP)?

A. It can assign private IP addresses that are usable on the Internet.

B. It cannot assign subnet masks, default gateways, or DNS server addresses.

C. It dynamically assigns IP addresses to hosts within a network.

D. It requires manual configuration for each host in a network.

109 / 131

What’s one disadvantage of Network Address Translation (NAT)?

A. It makes it more difficult to attack and exploit private computers from the Internet.

B. It requires a lot of bandwidth.

C. It is not compatible with IPsec.

D. It needs to be enabled on an Internet-facing firewall.

110 / 131

Which of the following protocols is used for testing basic connectivity and includes tools such as ping, pathping, and tracert?

A. ARP

B. ICMP

C. TCP

D. UDP

111 / 131

What are the methods for achieving logical separation and segmentation in networking?

A. Using routers and ACLs

B. Dividing IP address ranges with subnetting

C. Implementing firewalls and packet-filtering rules

D. All of the above

112 / 131

What is the role of a Web Application Firewall (WAF)?

A. To replace a network-based firewall

B. To block traffic using an ACL

C. To protect a web server from various web application attacks

D. To host the web application

113 / 131

Which of the following best describes a DoS and a DDoS attack?

A. A DoS attack is from multiple sources trying to interrupt services of a system and a DDoS is from a single source.

B. Both a DoS and DDoS attack tries to corrupt the cache with different data.

C. A DoS attack is a service attack from a single source that attempts to disrupt the services provided by another system. A DDoS attack includes multiple computers attacking a single target.

D. A DoS attack and DDoS are an attempt to exploit vulnerabilities in MAC addressing and ARP.

114 / 131

What is the purpose of LDAPS (LDAP Secure) in directory services?

A. LDAPS provides extra storage capacity for directory services.

B. LDAPS is used to increase the speed of query responses.

C. LDAPS uses encryption to protect LDAP transmissions.

D. LDAPS is used to provide cross-platform compatibility between Microsoft Active Directory Domain Services and Unix environments.

115 / 131

How is the ’Source’ defined within rules implemented in ACLs by stateless firewalls?

A. The protocol used for the traffic

B. Destination IP address the traffic is addressed to

C. The source IP address traffic comes from

D. The well-known port like 443 for HTTPS

116 / 131

What is the primary purpose of a screened subnet or DMZ?

A. To provide an area for untrusted servers

B. To directly expose servers to the Internet

C. To shield Internet-facing servers from direct attacks

D. To prevent clients from connecting to servers

117 / 131

What is a sniffing attack in the context of network security?

A. An attack where data is corrupted in a protocol’s cache.

B. An attack that disrupts the services provided by another system.

C. An attack where a protocol analyzer is used to capture and easily read data sent over a network if it’s in cleartext.

D. An attack exploiting vulnerabilities in media access control addressing and Address Resolution Protocol.

118 / 131

Which TCP port does the Post Office Protocol v3 (POP3) use for encrypted connections?

A. Port 25

B. Port 587

C. Port 110

D. Port 995

119 / 131

What is one major benefit of Network Address Translation (NAT)?

A. It allows multiple users to connect to the Internet using a single public IP address

B. It is compatible with IPsec

C. It makes internal computers more vulnerable to Internet attacks

D. It requires each client to have its own public IP address

120 / 131

What does a switch do when it turns on with no prior knowledge?

A. Instantly recognizes all connected computers

B. Waits for traffic to determine computer connections

C. Scans the network for viruses

D. Randomly assigns IP addresses

121 / 131

Why do organizations replace hubs with switches, according to the given passage?

A. Switches are cheaper than hubs

B. Switches increase the efficiency of a network and reduce the risk of data capture by protocol analyzers

C. Switches require less maintenance than hubs

D. Switches can handle higher network traffic than hubs

122 / 131

What function does URL filtering perform within a unified threat management (UTM) security appliance?

A. It screen incoming data for known malware and blocks it

B. It attempts to detect DDoS attacks and block them

C. It blocks access to certain sites based on their URL

D. It allows all websites without filtering

123 / 131

What is the purpose of a CNAME record in a DNS server?

A. Points a host name to an IPv4 address

B. Points a host name to an IPv6 address

C. Allows a single system to have multiple names associated with a single IP address

D. Identifies a mail server used for email

124 / 131

What protocol is the most commonly used for time synchronization?

A. HTTP

B. HTTPS

C. NTP

D. SNMP

125 / 131

What is the main role of a ’reverse proxy’ in a network?

A. It serves as a secondary firewall for the network

B. It acts like a web server for clients but forwards requests to the actual web server

C. It relays the request to other servers in the network

D. It retrieves data from the main server to send to the client

126 / 131

What is the primary advantage of using VLANs in a network?

A. They allow for the separation of traffic based on physical location

B. They allow the logical grouping and separation of computers regardless of physical location

C. They reduce the bandwidth required for VoIP streaming traffic

D. They automatically handle the administrative needs of different departments

127 / 131

In the example provided, what command could Maggie use to connect to a server named ’gcga’ in the network while also initiating SSH connection using the root account of the remote system?

A. ssh gcga@root

B. ssh root@gcga

C. ssh-keygen -t rsa

D. ssh-copy-id gcga

128 / 131

What is the major difference between a stateful and a stateless firewall?

A. A stateful firewall cannot block any traffic, while a stateless one can.

B. A stateful firewall makes decisions based on traffic context or state, while a stateless firewall does not.

C. A stateless firewall keeps track of established sessions, while a stateful one doesn’t.

D. A stateless firewall can recognize suspicious traffic based on a three-way handshake, while a stateful one cannot.

129 / 131

What is layer 2 of the Open Systems Interconnection (OSI) model responsible for?

A. Resolving IP addresses to MAC addresses

B. Disrupting the services provided by other systems

C. Transmitting data to specific devices on the network

D. Poisoning attacks

130 / 131

What is the protocol number for ICMP?

A. 50

B. 1

C. 443

D. 47

131 / 131

Based on the information in RFC 7123 about the security implications of using IPv6 on an internal network, which of the following statements is true?

A. All devices in the internal network need to support IPv6 natively to ensure complete security.

B. Having IPv6 is a mandatory requirement for all internal networks.

C. IPv4 firewalls can automatically apply rules to IPv6 traffic.

D. Internal networks can continue to use IPv4 without issue.

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 03: Exploring Network Technologies and Tools. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement: Covers essential network technologies and tools crucial for the CompTIA Exam.
Career Advancement: Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.
Vulnerability Management: Master the art of using network tools and technologies, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.Also, check out our other free practice tests: CompTIA A+, CompTIA Network+, CompTIA CySA+, and CompTIA Security+.

Chapter 03 – Exploring Network Technologies and Tools

Dowload the FREE OFFLINE Version of this Test Bank

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER