Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
A. badlog
B. faillog
C. wronglog
D. killlog
Correct Answer: B
var/log/faillog - This Linux log fi le contains failed user logins. You'll find this log useful when tracking attempts to crack into your system. /var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to
compromise the system or the presence of a virus or spyware.
Incorrect Answers:
A, C, D: These are not files that can be found under the /var/log Directory as used in Linux.
References:
http://www.thegeekstuff.com/2011/08/linux-var-log-files/ Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 47
Question 392:
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
A. To allow load balancing for cloud support
B. To allow for business continuity if one provider goes out of business
C. To eliminate a single point of failure
D. To allow for a hot site in case of disaster
E. To improve intranet communication speeds
Correct Answer: BC
A high-speed internet connection to a second data provider could be used to keep an up-to-date replicate of the main site. In case of problem on the first site, operation can quickly switch to the second site. This eliminates the single point of failure and allows the business to continue uninterrupted on the second site. Note: Recovery Time Objective The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during BIA creation.
Incorrect Answers:
A: Load balancing is done on the local intranet, not over the internet.
D: An alternate data site could be used as a hot site. But a high-speed internet connection is not needed for a hot site. A hot site is a location that can provide operations within hours of a failure. This type of site would have servers, networks, and telecommunications equipment in place to reestablish service in a short time.
E: An additional internet site would not improve local communication speed on the intranet.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 32-33, 33
Question 393:
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
A. switches can redistribute routes across the network.
B. environmental monitoring can be performed.
C. single points of failure are removed.
D. hot and cold aisles are functioning.
Correct Answer: C
Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction. The best way to remove an SPOF from your environment is to add redundancy.
Incorrect Answers:
A: Redistribution of routes is not the purpose of redundancy.
B: Environmental monitoring is concerned with water and flood damage as well as fire suppression and redundancy is concerned with availability of resources.
D: Hot and cold aisles in server rooms are concerned with cooling the servers and equipment in the server room.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 30, 32, 382-383
Question 394:
A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
A. Succession plan
B. Continuity of operation plan
C. Disaster recovery plan
D. Business impact analysis
Correct Answer: D
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn't concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Incorrect Answers:
A: Succession planning outlines those internal to the organization who have the ability to step into positions when they open.
B: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components needed for operations.
C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster, or service outage.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 432
Question 395:
Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).
A. DAC
B. ALE
C. SLE
D. ARO
E. ROI
Correct Answer: BC
ALE (Annual Loss Expectancy) is equal to the SLE (Single Loss Expectancy) times the annualized rate of occurrence. SLE (Single Loss Expectancy) is equal to asset value (AV) times exposure factor (EF).
Incorrect Answers:
A: DAC is short for Discretionary Access Control which allows some information sharing flexibility capabilities within the network.
D: ARO (annualized rate of occurrence) is the frequency (in number of years) that an event can be expected to happen.
E: ROI (Rate Of Investment) is the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6
Question 396:
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?
A. Business Impact Analysis
B. IT Contingency Plan
C. Disaster Recovery Plan
D. Continuity of Operations
Correct Answer: A
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn't concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Incorrect Answers:
B: IT Contingency plan is usually part of the disaster recovery plan.
C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster, or service outage.
D: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components needed for operations.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 432
Question 397:
A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?
A. $7,000
B. $10,000
C. $17,500
D. $35,000
Correct Answer: C
SLE ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. SLE =($4000 + $3000) x 5 = $35000 ARO = 2 years Thus per year it would be 50% = 0,5 The ALE is thus $35000 x 0.5 = $17500
Incorrect Answers:
A: $7000 would be the SLE if there was only one server to consider.
B: A $10000 amount is ignoring the downtime costs that will be incurred.
D: A $35000 amount assumes that the servers must be replaced every year, and not every second year.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6
Question 398:
Key elements of a business impact analysis should include which of the following tasks?
A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
Correct Answer: D
The key components of a Business impact analysis (BIA) include: Identifying Critical Functions Prioritizing Critical Business Functions Calculating a Timeframe for Critical Systems Loss Estimating the Tangible and Intangible Impact on the Organization
Incorrect Answers:
A: Recovery strategy development is not part of the Business impact analysis.
B: Identifying institutional and regulatory reporting requirements are not part of the Business impact analysis.
C: Employing regular preventive measures is not part of the Business impact analysis.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 4, 29-30, 431
Question 399:
An advantage of virtualizing servers, databases, and office applications is:
A. Centralized management.
B. Providing greater resources to users.
C. Stronger access control.
D. Decentralized management.
Correct Answer: A
Virtualization consists of allowing one set of hardware to host multiple virtual Machines and in the case of software and applications; one host is all that is required. This makes centralized management a better prospect.
Incorrect Answers:
B: Virtualization does not necessarily mean providing greater resources to users, rather it makes it possible for the company to use fewer resources and spread it over more users.
C: Stronger access control is one aspect of the centralized management dilemma as virtualization may result in privilege escalation.
D: Decentralized management is the exact opposite of what virtualization accomplishes.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 19
Question 400:
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
A. $1,500
B. $3,750
C. $15,000
D. $75,000
Correct Answer: B
SLE ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence.
SLE = 250 x $300; ARO = 5%
$75000 x 0.05 = $3750
Incorrect Answers:
A: A $1500 amount assumes a breach likelihood of 2%.
C: A $15000 amount assumes that the likelihood of a breach is 20%.
D: $75000 would be the single loss expectancy.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.