CompTIA Security Plus Certification Exam Version 2
Practice exam for CompTIA under IT Certification Exams (Licensing Exams). 5 sample questions.
Sample Questions
You're viewing a limited preview. Log in and subscribe to access all questions.
Log InExam Questions
Question 1
Which of the following would best ensure a controlled version release of a new software application?
Correct Answer: D
Rationale: Change management procedures provide a structured, systematic approach to managing all changes to an IT environment. This includes processes for planning, reviewing, approving, testing, and documenting software releases, thereby ensuring a controlled and predictable version release.
Rationale: Change management procedures provide a structured, systematic approach to managing all changes to an IT environment. This includes processes for planning, reviewing, approving, testing, and documenting software releases, thereby ensuring a controlled and predictable version release.
Question 2
Which of the following would best prepare a security team for a specific incident response scenario?
Correct Answer: D
Rationale: A tabletop exercise simulates a specific incident response scenario in a discussion-based format. It allows the security team to walk through their roles, responsibilities, and decision-making processes in a low-stress environment, effectively preparing them for real-world incidents without actual system impact.
Rationale: A tabletop exercise simulates a specific incident response scenario in a discussion-based format. It allows the security team to walk through their roles, responsibilities, and decision-making processes in a low-stress environment, effectively preparing them for real-world incidents without actual system impact.
Question 3
A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
Correct Answer: A
Rationale: Posting the hash (e.g., MD5, SHA-256) of the original application files allows users to compute the hash of their downloaded files. If the computed hash matches the posted hash, it confirms the integrity of the downloaded files, assuring users that the files have not been corrupted or tampered with during transit.
Rationale: Posting the hash (e.g., MD5, SHA-256) of the original application files allows users to compute the hash of their downloaded files. If the computed hash matches the posted hash, it confirms the integrity of the downloaded files, assuring users that the files have not been corrupted or tampered with during transit.
Question 4
A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?
Correct Answer: C
Rationale: For regulated industries like banking, merely disposing of data is not enough; the method of destruction often needs to be certified. Certification means that the data destruction process meets specific regulatory standards and that there is documented proof (a certificate) that the data was securely and irretrievably destroyed according to those requirements.
Rationale: For regulated industries like banking, merely disposing of data is not enough; the method of destruction often needs to be certified. Certification means that the data destruction process meets specific regulatory standards and that there is documented proof (a certificate) that the data was securely and irretrievably destroyed according to those requirements.
Question 5
Which of the following allows for the attribution of messages to individuals?
Correct Answer: B
Rationale: Non-repudiation ensures that a party cannot deny having made a statement or committed an action. In the context of messages, it provides undeniable proof of origin and integrity, allowing specific messages to be reliably attributed to specific individuals, often achieved through digital signatures or cryptographic hashes.
Rationale: Non-repudiation ensures that a party cannot deny having made a statement or committed an action. In the context of messages, it provides undeniable proof of origin and integrity, allowing specific messages to be reliably attributed to specific individuals, often achieved through digital signatures or cryptographic hashes.