CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 401:

  Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

  A. $500

  B. $5,000

  C. $25,000

  D. $50,000

  Correct Answer: B

  SLE ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence.

  (5000 x 10) x 0.1 = 5000

  Incorrect Answers:

  A: 500 is the sum of a single failure only and the question mentions that the failure occurs 10 times per year.

  C: 25000 would be the ALE if the server itself costs 10 times more than is stated or the system can be recovered with a 25% loss of data or function.

  D: 50000 would be the sum if the server cannot be recovered or the failure occurs 100 times per year.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6 http://www.ciscopress.com/articles/article.asp?p=1998559andseqNum=2

• Question 402:

  Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

  A. Installing anti-malware

  B. Implementing an IDS

  C. Taking a baseline configuration

  D. Disabling unnecessary services

  Correct Answer: D

  Preventive controls are to stop something from happening. These can include locked doors that keep intruders out, user training on potential harm (to keep them vigilant and alert), or even biometric devices and guards that deny access until authentication has occurred. By disabling all unnecessary services you would be reducing the attack surface because then there is less opportunity for risk incidents to happen. There are many risks with having many services enabled since a service can provide an attack vector that someone could exploit against your system. It is thus best practice to enable only those services that are absolutely required.

  Incorrect Answers:

  A: Installing anti-malware is actually increasing the attack surface because it will enable more services.

  B: Implementing IDS will also add an extra service to increase the attack surface of a specific host.

  C: Taking the baseline configuration is a representation of a secure state and is not necessarily reducing the attack surface.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 384 Gregg, Michael, CompTIA Security+ Rapid Review (Exam SY0-301), Pearson Education, Sebastopol, CA, 2012, p 107

• Question 403:

  A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern?

  A. Create conduct policies prohibiting sharing credentials.

  B. Enforce a policy shortening the credential expiration timeframe.

  C. Implement biometric readers on laptops and restricted areas.

  D. Install security cameras in areas containing sensitive systems.

  Correct Answer: C

  Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials.

  Incorrect Answers:

  A: Policies need to be implemented and making use of biometrics would be to a way to prohibit sharing credentials.

  B: This is still granting the same type of access that is already being abused with a time limit the only difference.

  D: Security cameras are used to surveil and record; not to prevent access.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 375

• Question 404:

  After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

  A. Fencing

  B. Proximity readers

  C. Video surveillance

  D. Bollards

  Correct Answer: D

  To stop someone from entering a facility, barricades or gauntlets can be used. These are often used in conjunction with guards, fencing, and other physical security measures. Bollards are physical barriers that are strong enough to withstand impact with a vehicle.

  Incorrect Answers:

  A: Fencing, although also a physical barrier is not as strong as bollards and will not keep a vehicle out on impact.

  B: Proximity readers are not designed to withstand impact from vehicles.

  C: Video surveillance will not stop a vehicle impact.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 372, 375

• Question 405:

  A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented?

  A. Guards

  B. CCTV

  C. Bollards

  D. Spike strip

  Correct Answer: A

  A guard can be intimidating and respond to a situation and in a case where you want to limit an individual's access to a sensitive area a guard would be the most effective.

  Incorrect Answers:

  B: CCTV will only serve to record the perimeter breach and is not as intimidating as placing a guard to limit the individual's access.

  C: Bollards are designed to keep big objects from breaching a perimeter and not individuals who can still slip through between the bollards.

  D: A spike strip will only immobilize vehicles trying to breach a perimeter and will not keep individuals out. Individuals can just step over the spike strips and still gain access.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 372-373

• Question 406:

  Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?

  A. Set up mantraps to avoid tailgating of approved users.

  B. Place a guard at the entrance to approve access.

  C. Install a fingerprint scanner at the entrance.

  D. Implement proximity readers to scan users' badges.

  Correct Answer: B

  A guard can be instructed to deny access until authentication has occurred will address the situation adequately.

  Incorrect Answers:

  A: Although mantraps require visual identification, as well as authentication, to gain access, setting up a mantrap will not keep those with keys out.

  C: Fingerprint scanner is not facial recognition.

  D: User badges and proximity readers will not necessarily make use of facial recognition.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 367, 374

• Question 407:

  Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

  A. Password reuse

  B. Phishing

  C. Social engineering

  D. Tailgating

  Correct Answer: D

  Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. This should be prevented in this case.

  Incorrect Answers:

  A: Password reuse will not impact on the effectiveness of proximity badges.

  B: Phishing is a form of social engineering in which you simply ask someone for a piece of information that you want by making it look like a legitimate request. This is not addressed in this question.

  C: Social engineering is the process by which intruders gain access to any facility by exploiting the generally trusting nature of people. It is a very broad term and includes attacks such as shoulder surfing, passwords entered on Apple products, dumpster diving, tailgating, impersonation, hoaxes, etc. these are not impacting on the effectiveness of proximity badges.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 405

• Question 408:

  A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?

  A. CCTV

  B. Environmental monitoring

  C. RFID

  D. EMI shielding

  Correct Answer: C

  RFID is radio frequency identification that works with readers that work with 13.56 MHz smart cards and 125 kHz proximity cards and can open turnstiles, gates, and any other physical security safeguards once the signal is read. Fitting out the equipment with RFID will allow you to provide automated notification of item removal in the event of any of the equipped items is taken off the premises.

  Incorrect Answers:

  A: CCTV will record events, but will not automatically notify you of item removal.

  B: Environmental monitoring concerns events such as water, flood, humidity, fire, etc. types of threats and not theft as in the case of item removal.

  D: EMI shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting you information-processing abilities. It is not designed to automatically notify you of events when items are removed.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 368 http://en.wikipedia.org/wiki/Radio-frequency_identification

• Question 409:

  Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?

  A. Bollards

  B. Video surveillance

  C. Proximity readers

  D. Fencing

  Correct Answer: B

  Video surveillance is making use of a camera, or CCTV that is able to record everything it sees and is always running. This way you will be able to check exactly who enters secure areas.

  Incorrect Answers:

  A: Bollards are physical barriers designed to keep large items, such as vehicles from breaching a perimeter and individuals will still be able to enter through the bollards.

  C: Proximity readers works with cards/identity cards, but in this case a new key card system is to be implemented and is at the present moment not an option.

  D: Fencing is used as a perimeter security measure and in this case the problem is on the inside of the bank. You also cannot keep out clients with a fence.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 371-372

• Question 410:

  A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?

  A. Fencing

  B. Mantrap

  C. A guard

  D. Video surveillance

  Correct Answer: B

  Mantraps make use of electronic locks and are designed to allow you to limit the amount of individual allowed access to an area at any one time.

  Incorrect Answers:

  A: Fencing is a physical perimeter security measure that is designed to prevent unauthorized access to your premises.

  C: A guard will act as a deterrent to keep any intruders out, but involves human interaction.

  D: Video surveillance is best accomplished when the camera is recording and being monitored by a person which in turn means human interaction.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 372