Start off by answering the questions that you have the knowledge base to answer, then on a separate list write down the questions that you do not know the answers to, because you need to revise those areas before testing:

1. The ACL for a firewall has an allow rule for HTTP, HTTPS, and LDAP. What will happen when a user tries to download a file from an external FTP server?

2. A network administrator is configuring a switch and is unsure whether to enable port security or 802.1x. What can you advise on both of these technologies?

3. A security administrator is enabling IPSec on the file server that hosts the financial server. They are then going to enable IPSec between the server and all of the desktops being the financial users. What mode of IPSec will be adopted?

4. What type of firewall is best suited to deal with an incoming SYN flood attack?

5. A security administrator is enabling an L2TP/IPSec on a virtual private network. What will be the role of a VPN concentrator?

6. Your company is experiencing a very high volume of web traffic coming to their internet web servers. What is the best way to ensure that the people coming to your website get the web pages in a timely manner?

7. Your company is experiencing a high volume of DDoS traffic heading for your company's network. What is the best way to deal with this traffic?

8. What is the purpose of DNS round-robin, and what are the pitfalls of using it?

9. How can I capture the commands going to a network-based gaming application?

10. Your company provides internet access to films. What type of port should we use to ensure that the films run smoothly?

11. What type of tool can we use to determine the patch level version of a web server? Name three tools that can be used for this technique.

12. The security administrator has noticed a rise in the number of unauthorized hosts appearing on your network. What two tools can be implemented so that they are notified when someone attaches a new host?

13. The security administrator has noticed that there has been an increase in the number of failed logins attempts on network-based computers. The account lockout policy allows three failed login attempts. What type of tool can they use for real-time monitoring of these events?

14. The CEO has written a new policy stating that all of the security logs on domain controllers are to be copied to a central location daily. These log files need to be secured to ensure that they have not been tampered with after collection. What action should the security administrator take to fulfill this policy?

15. When an attack on a host is made, a connection is established. Which two tools can capture the established connection so that the attacker can be identified?

16. What data format cannot be analyzed by any of the company's monitoring tools?

17. What are the three main components of a proxy server?

18. What is the purpose of a reverse proxy?

19. What technique does an iPhone use to send software updates to the phone?

20. What is the danger of someone taking an unauthorized smartphone into a research and development laboratory?

21. If I am using my personal phone as a BYOD device, what can be done to keep business data separate from my personal data?

22. What would be a safe, restricted, and contained environment that an IT team could provide to contractors to use?

23. What would I need to use in conjunction with a mobile device to limit the bandwidth being used when I download applications to the device?

24. If I want to use a third-party application on my carrier-locked iOS phone, what two stages should I perform to enable the application to run?

25. If I want to use a third-party application on my carrier-locked Android phone, what two stages should I perform to enable the application to run?

26. In what circumstances would I remote-wipe a device using the mobile device management system; (name two)?

27. The network administrator has been receiving support calls relating to the wireless access point. What tool should they use to diagnose the problem?

28. When the SSID of a wireless access point has been disabled, what two types of devices can be used to discover the SSID?

29. When I was on holiday in Las Vegas, all of the pictures I submitted to Facebook had the location where the picture was taken. Which tool carried out the labeling of photographs?

30. Which tools can I use to see if the DLL files of an application have been altered or tampered with?

31. When setting up certificates on a mobile device, the administrator is receiving certificate trust errors. What two actions should the administrator carry out first?

32. A new employee was given a company laptop with the correct certificates installed. Two weeks later, they report to the IT team that they are getting trust errors with the certificates. What has the new employee done to cause this error?

33. A salesperson cannot get internet access on their laptop, so they connect their 4G phone to the laptop to provide internet access. What technique have they just used?

34. A security administrator has found that many company devices have been tampered with over the past week. When they have looked into the security log files, they found that nothing out of the ordinary had been recorded. What has been tampering with the equipment?

35. A retailer wants to allow its customers to use a wireless payment method to pay for small transactions. What payment method must the customer adopt?

36. An audit has been carried out against the assets held by the IT team and the auditor has found that the company owns 300 Windows 10 licenses, but the software has been installed on 302 laptops. What is this violation known as?

37. A small company is going to purchase a firewall and needs to ensure that the firewall is an all-in-one device providing more protection than just simply being a firewall. What type of firewall would you recommend that they purchase?

38. A security administrator has found that remote users have been infecting the company network with viruses. What tool do they need to implement to mitigate this risk?

39. The security team has discovered that an attacker has been logging in twice to each machine but a security alert has not been logged as the company has an account lockout threshold of three attempts. What type of system should the company implement to alert them of any re-occurrence of this event?

40. What type of system does the security administrator need to implement to prevent anyone from emailing out credit card information?

41. What type of security technology can prevent a hacker from accessing a computer's registry remotely?

42. What common security issue reduces the amount of bandwidth available to the company coupled with reducing the amount of disk space available on a computer?

43. What security technology can be implemented on a virtual machine to protect it against attacks?

44. What security technology only allows approved applications to run on a system? How does it work?

45. Why would a security administrator archive security logs onto a WORM drive?

46. What type of security technology would an administrator implement to protect a web server's applications and data?

47. What is the purpose of push notification services?

48. A security administrator wants to implement a Bluetooth type of technology that uses low power. What technology should he implement?

49. A company has suffered from an increase in the theft of its high-end laptops. What technology can be implemented to prevent such laptops from being stolen?

50. A security administrator has discovered that the incorrect authentication information has been used to access the network. What type of technology is the attacker using?

Fill-the-gaps questions really test your knowledge, and can be quite vague at times. In the CompTIA Security+ examination, some of the test questions can also be quite vague, hence the value of this section.

Complete the answers that you can, then make a list of those topics that you are getting wrong, as you need to revise these areas before you take the test. Best of luck.

In the following questions, fill in the gaps to make the statement. Each underlined section of the sentence represents one word—for example, ___________ means that one word is missing; ________ ___________ means that two words are missing:

1. Both the _______ and _________ use ACLs to block traffic by port, protocol, or IP address.

2. Where the router or firewall has no allow rule for a particular type of traffic, the traffic is blocked by a technique called ________ ____.

3. When setting up IPSec across the internet, it is used in _________ mode but when it is used in the LAN between client and server or server to server, it is known as ___________ mode.

4. I have installed a _________ ________ is my DMZ so that it will decrypt incoming traffic so that my firewall or inline NIPS can __________ the traffic.

5. If I disable the SSID on my wireless access point, it can be discovered by a ___________ _________ _________ as the SSID is included in the packet or an SSID _______ device.

6. The role of the VPN concentrator is to set up the _________ ________ before the exchange of data.

7. _____ ___________ is used to prevent someone plugging a laptop into my network; however, ________ is used to prevent a rogue access point being plugged into my network as it authenticates the user or device itself.

8. A __________ is a device that is used by cybersecurity administrators so that they can observe the attack method used by hackers. This will then enable them to prevent these types of attacks in the future.

9. A security administrator has noticed in the SIEM system log files that an attack was detected on Server 1 but when they manually inspected the server, the attack was not shown; this is known as a ______ ___________.

10. One of the reasons why a SIEM system records a false positive is because the wrong ______ _________ were being used, therefore it was monitoring the wrong type of attack.

11. An ________ NIPS has traffic flowing through it; however, the NIDS is known as ________ and relies on sensors and collectors to discover new attacks.

12. _________ __________ inspects traffic going to a website, whereas a _______ ________ inspects traffic across the network.

13. Banner grabbing uses tools such as Dimitri, _____, ________, and ________.

14. __________ shows established connections in a Windows environment, whereas _________ shows established connections in a Linux/Unix environment.

15. A _____ system correlates security logs from various devices such as servers and firewalls. The security administrator has decided to store the logs into a _______ drive so that they can be read but not tampered with as they may be needed as evidence at a later date.

16. A company could use a ____-__-____ VPN instead of an expensive lease line or even more expensive dark fiber, but it must be set to _______ - ___ mode.

17. A _____ ________ could be used as a spam filter and a ____ solution to prevent PII and sensitive information from leaving the company.

18. Both ____ and a ______ can detect when new hosts have been added to your internal network.

19. A __________-______ NIDS/NIPS uses a known database and is reliant on regular updates where _______- _____ NIDS/NIPS start with a known database but can identify new variants.

20. A security administrator changes the default _________ and _________, disables the SSID, and enables ______ filtering to make a wireless access point more secure.

21. A security administrator sets up a wireless access point by inserting a password that will be used by ____. The user can now access the WAP by simply pushing a button; however, this could be subject to a ______-______ password attack.

22. An auditor reports to a security administrator that the company's wireless network could be detected on the footpath outside of the premises. The security administrator then uses ___ ______ __________ antenna to mitigate the risk of being attacked by an external threat actor.

23. A new company has an increasing amount of people coming to its website; therefore, it can use a ______ _________ or ___ ______ _____ to ensure that incoming web requests were dealt in a timely manner.

24. A company installed a _________ firewall to deal with DDoS traffic trying to attack their company's website.

25. A company has set up account lockout with three attempts. An attacker tries to log in once to three separate hosts but finds himself locked out. This is because a ______ system has a ______ engine.

26. If a company was to use weak passwords, they would set them with a low minimum _________ _____ to mitigate the risk of being attacked or could use a _____ _____ ____-_______ ___________ as a compensating control.

27. There have been attacks on the company's virtual machine network, therefore, the security administrator has installed a _____ on each machine to protect them.

28. A company has set a policy of using mobile device management (MDM) to _______ ______ lost or stolen machine to mitigate the risk of data falling into the wrong hands.

29. _______ can be used to stop PII and sensitive information from leaving the company via email or being exported onto a USB drive.

30. The security team in a company are now using ___________ to ensure that company laptops can remain within the company's premises. Another method would be RFID.

31. One of the company's employees uses ________/_____________ so that they can unlock a mobile phone. They now want to install a third-party application. This is known as ___________.

32. _____ is a secure protocol that can be used to run remote commands securely on routers or directory services. It can also use a graphical user interface.

33. If an application cannot run on a desktop, it could well be that the application is just not on the _________. It does not necessarily need to be on the blacklist. It may not be on any list.

34. If I want to restrict a user's ability to log in to ensure that they can only authenticate when they are in the United States of America and ensure that they cannot authenticate from any other location. This form of authentication is known as ________-
_______ _______________.

35. _____ is first and foremost a firewall, but it can also carry out the functions of URL and content inspection and _________ ___________.

36. An organization was suffering from DNS poisoning and decided to use _________ to encrypt the DNS traffic with TLS. This produced both DNSKEY and ________ records.

37. When two people wish to send digitally signed and encrypted emails, they could use _________ for email integrity and PGP for ___________.

38. When people decide to leave the company for a highly paid job, we should carry out ___ __________ to ensure that the company CYOD equipment has been returned, followed by an _____ ____________ by the human resources department.

39. A company has decided that instead of the sales staff traveling to the head office for weekly meetings, they will use videoconferencing. The videoconferencing should be secure, therefore they will use the _________ protocol.

40. The company has decided to keep the employees' personal data separate from the business data by using either __________________ or storage _______________.

41. When the bandwidth coming into your company is being reduced and the space on one of your company servers is being aggressively reduced, this is a sign of downloading ____________ ____________.

42. You are a directory services administrator and use LDAP to create, search for, and find objects. The CISO has now written a policy requiring you to secure your session with the directory services. Therefore, you will use the ______ protocol and TCP port ____.

43. Security administrators can use ______ _________ to prevent anyone using a CD ROM or any other form of removable media to mitigate the risk of spreading a virus or stealing data.

44. Recently, data has been compromised from a mobile phone, and the CEO has asked the security team to come up with a solution to protect data at rest. The security team are going to use _____ _____ ____________ to protect the data at rest and ________ ______ to prevent access to the mobile phones.

45. There have been certificate trust errors for the company website. The security team is going to check that the certificate is _______ and has been added to the _________ ______ certification authorities store on the web server.

46. Over the past year, a hospital has lost about 25 laptops from the consultant's offices when they were visiting the patients during ward rounds. The security team has now rolled out ____________ to prevent the theft of these laptops.

47. A network team has rolled out ______ __________ to prevent unauthorized rogue DHCP servers from operating on the company network.

48. The CEO of a publishing company has told the IT team that they can no longer use FTP to download books as they need to adopt a protocol that can download large books securely. The chosen protocol was ______ as it is encrypted and uses two ports to download data.

49. A company has recently started using _______ to check the health of the remote user's laptop to ensure that they cannot spread a virus to the company's network.

50. The best method for sanitizing a hard drive is by ___________ it. However, the best way of disposing of paper documents containing PII information is to ________ them.

I suggest using two different-colored pens: blue or black or answers that are easy for you to identify and a red or different-colored pen for answers that you are unsure of. This way, you can identify your strong and weak areas.

Place the answers into the relevant answer boxes in the following table, starting with the answers that you can easily identify. Make a list of those that you cannot answer on your first time through, as you need to revise those areas. Then use logic to answer the remaining questions.

Insert the phrases at the end of this section into the appropriate answer boxes in the following table. Each phrase can only be used once:

Use the following options to answer the preceding questions: