CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 31:

  Full disk encryption is MOST effective against which of the following threats?

  A. Denial of service by data destruction

  B. Eavesdropping emanations

  C. Malicious code

  D. Theft of hardware

  Correct Answer: D

  Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. However, it does not prevent the theft of hardware it only protects data should the device be stolen.

  Incorrect Answers:

  A: Denial of Service (DoS) attacks web-based attacks that exploit flaws in the operating system, applications, services, or protocols. These attacks can be mitigated by means of firewalls, routers, and intrusion detection systems (IDSs) that detect DoS traffic, disabling echo replies on external systems, disabling broadcast features on border systems, blocking spoofed packets on the network, and proper patch management.

  B: Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It does not prevent eavesdropping.

  C: Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. IT does not mitigate against malicious code.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 170- 172, 252

• Question 32:

  Which of the following does full disk encryption prevent?

  A. Client side attacks

  B. Clear text access

  C. Database theft

  D. Network-based attacks

  Correct Answer: B

  Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

  Incorrect Answers:

  A, D: Full-disk encryption encrypts the data on the device itself and ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It does not prevent client-side or network-based attacks.

  C: Full-disk encryption encrypts the data on the device itself. It may help prevent access to database data but database encryption would be the preferred method of protecting database data.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 251

• Question 33:

  A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).

  A. SSH

  B. TFTP

  C. NTLM

  D. TKIP

  E. SMTP

  F. PGP/GPG

  Correct Answer: AF

  We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk).

  A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network.

  F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

  Incorrect Answers:

  B: TFTP (Trivial File Transfer Protocol) is used for transferring files. However, it offers no encryption capability.

  C: NTLM (NT Lan Manager) is a Microsoft authentication mechanism used in older Windows operating systems. It is now superseded by Kerberos authentication. NTLM does provide hashing but it does not provide encryption capability.

  D: TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). TKIP is used with WPA to secure wireless connection. However, TKIP on its own cannot encrypt the data or network connection.

  E: SMTP (Simple Mail Transfer Protocol) is used to sending email. However, it offers no encryption capability.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 76, 145, 171, 256, 271, 272 http://en.wikipedia.org/wiki/Secure_Shell http://en.wikipedia.org/wiki/Pretty_Good_Privacy

• Question 34:

  Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?

  A. VLAN

  B. Protocol security

  C. Port security

  D. VSAN

  Correct Answer: D

  A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.

  Incorrect Answers:

  A: A Virtual area network (VLAN) is segmented network in which switches are used to perform the segmentation. The switches also perform routing functions, controlling and filtering traffic between VLANS.

  B, C: Protocol and Port security is provided by firewalls. Firewalls control or filter traffic between systems based on protocols and the ports used by those protocols. Firewalls could be used to isolate the SAN but it is unlikely to isolate mis-

  configurations or faults.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 89-91 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 5-6, http://en.wikipedia.org/

  wiki/VSAN

• Question 35:

  Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

  A. Least privilege

  B. Sandboxing

  C. Black box

  D. Application hardening

  Correct Answer: B

  Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.

  Incorrect Answers:

  A: The principle of least privilege is used to ensure that users are only provided with the minimum privileges and permissions that allow them to perform their duties.

  C: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of the system or it how it functions. This simulates an attack from an outsider. It does not involve application isolation.

  D: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 153, 203, 204-205, 215-217, 459 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 82, 208, 221, 250

• Question 36:

  An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

  A. Cloud

  B. Trusted

  C. Sandbox

  D. Snapshot

  Correct Answer: C

  Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.

  Incorrect Answers:

  A: In a cloud environment, data or applications are stored on the internet rather than on the local network.

  B: In a trusted environment communications between systems are permitted and systems are not isolated.

  D: Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 203, 204-205 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 208,

• Question 37:

  A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.

  Which of the following should the administrator use to test the patching process quickly and often?

  A. Create an incremental backup of an unpatched PC

  B. Create an image of a patched PC and replicate it to servers

  C. Create a full disk image to restore after each installation

  D. Create a virtualized sandbox and utilize snapshots

  Correct Answer: D

  Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems. Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

  Incorrect Answers:

  A, C: Creating a full disk image or an incremental backup to restore after each installation could prove useful but less efficient than using snapshots.

  B: Replicating a patched PC to all servers does not test the patch, and does not ensure quick recoverability should the patch cause the PC to crash.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 203, 204-205 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 208,

• Question 38:

  Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

  A. Trusted OS

  B. Host software baselining

  C. OS hardening

  D. Virtualization

  Correct Answer: D

  Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.

  Incorrect Answers:

  A: Trusted OS is an access-control feature that limits resource access to client systems that run operating system that are known to implement specific security features.

  B: Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained.

  C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 37, 208, 246

• Question 39:

  The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

  A. Log audits

  B. System hardening

  C. Use IPS/IDS

  D. Continuous security monitoring

  Correct Answer: D

  A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be maintained or improved. Maintaining the security baseline requires continuous monitoring.

  Incorrect Answers:

  A: Auditing logs is good practice. However, it is only one aspect of maintaining security posture. This question asks for the MOST appropriate answer. Continuous security monitoring covers all aspects of maintaining security posture so it is a more appropriate answer.

  B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  C: An IPS/IDS (intrusion prevention system/intrusion detection system) is used to detect and prevent malicious activity on a network or a host. However, there is more to maintaining security posture that this one aspect and should be a part of continuous security monitoring.

  References:

  Stewart, James Michael, Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, Sybex, Indianapolis, 2014, p 12, 61, 130 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition,

  Sybex, Indianapolis, 2014, pp 208, 215-217, 222

• Question 40:

  A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees.

  Which of the following is the BEST approach for implementation of the new application on the virtual server?

  A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.

  B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.

  C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.

  D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

  Correct Answer: C

  Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed.

  Incorrect Answers:

  A: Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before, not after, the application or update is installed.

  B: A baseline report detailing all installed applications on the virtualized server after the new application is installed would not mitigate risk should the new application cause the system to crash.

  D: An exact backup of virtual machine can be used to recover from poor updates, and errors arising from newly installed applications. However, snapshot would allow for faster recover. Furthermore, the backup should be taken before, not after, the application or update is installed.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 203 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 208