CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 41:

  Identifying a list of all approved software on a system is a step in which of the following practices?

  A. Passively testing security controls

  B. Application hardening

  C. Host software baselining

  D. Client-side targeting

  Correct Answer: C

  Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained.

  Incorrect Answers:

  A: Passive testing of security controls is performed by automated vulnerability scanners. The scanners detect the security control as it attempts a test. These tests are performed against targets but not specifically directed toward the security measures themselves.

  B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  D: Client-side targeting is an aspect Windows Group Policy that allows security configurations to be applied to specific types of devices or device groups.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217, 219 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 208, https://

  technet.microsoft.com/en-us/library/dd252762.aspx

• Question 42:

  A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:

  A. MAC filtering.

  B. System hardening.

  C. Rogue machine detection.

  D. Baselining.

  Correct Answer: D

  Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained.

  Incorrect Answers:

  A: MAC Filtering is used to secure access to wireless network access points. It is used to explicitly allow MAC addresses on a whitelist, blocking all other MAC addresses.

  B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  C: Rogue machine detection attempt to identify the presence of unauthorized systems on a network.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 178, 215-217, 219 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 206, 207, 208

• Question 43:

  The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).

  A. Device encryption

  B. Antivirus

  C. Privacy screen

  D. Cable locks

  E. Remote wipe

  Correct Answer: BD

  B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Public systems are particularly prone to viruses.

  D: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep devices from being easy to steal.

  Incorrect Answers:

  A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

  C: A privacy screen is a monitor filter that is applied to the display to filter out the light reflected from the smooth glass surface of the display and can also be used in increase privacy by decreasing the viewing angle of a monitor, preventing it from being viewed from the side.

  E: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 161-162, 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236, http://

  en.wikipedia.org/wiki/Monitor_filter

• Question 44:

  Which of the following can be used as an equipment theft deterrent?

  A. Screen locks

  B. GPS tracking

  C. Cable locks

  D. Whole disk encryption

  Correct Answer: C

  Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

  Incorrect Answers:

  A: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. However, this does not deter theft.

  B: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information.

  D: Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. However, this does not deter theft.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 369, 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,

• Question 45:

  Which of the following devices will help prevent a laptop from being removed from a certain location?

  A. Device encryption

  B. Cable locks

  C. GPS tracking

  D. Remote data wipes

  Correct Answer: B

  Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

  Incorrect Answers:

  A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

  C: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information.

  D: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 369, 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,

• Question 46:

  Joe, a network security engineer, has visibility to network traffic through network monitoring tools.

  However, he's concerned that a disgruntled employee may be targeting a server containing the company's financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe's suspicion?

  A. HIDS

  B. HIPS

  C. NIPS

  D. NIDS

  Correct Answer: A

  A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system.

  Incorrect Answers:

  B: A host-based IPS (HIPS) is an intrusion detection and prevention system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion.

  C: A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and responding to network-based attacks originating from outside the organization.

  D: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the organization.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 111-112, 116-117 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 13-16

• Question 47:

  Which of the following MOST interferes with network-based detection techniques?

  A. Mime-encoding

  B. SSL

  C. FTP

  D. Anonymous email accounts

  Correct Answer: B

  Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be inspected for anomalies by network-based intrusion detection systems (NIDS).

  Incorrect Answers:

  A: Multi-Purpose Internet Mail Extensions (MIME) encoding is used in email messages to allow messages to be sent in formats other than ASCII text. Email messages are handles by host based intrusion detection systems (HIDS).

  C: File Transfer Protocol (FTP) is an inherently insecure protocol that does not use any form of encryption making it easy to inspect for anomalies.

  D: Email messages are handles by host based intrusion detection systems (HIDS).

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 268 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 8, 12

• Question 48:

  Which of the following is an important step in the initial stages of deploying a host-based firewall?

  A. Selecting identification versus authentication

  B. Determining the list of exceptions

  C. Choosing an encryption algorithm

  D. Setting time of day restrictions

  Correct Answer: B

  A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

  Incorrect Answers:

  A: A host-based firewall is used to filter network traffic; it does not perform identification or authentication.

  C: A host-based firewall is used to filter network traffic; it does not provide encryption functions.

  D: A host-based firewall is used to filter and restrict network traffic based on ports and protocols, not on time of day.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 246

• Question 49:

  Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation?

  A. Host-based firewalls

  B. Network firewalls

  C. Network proxy

  D. Host intrusion prevention

  Correct Answer: A

  A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

  Incorrect Answers:

  B: A network firewall protects the entire network from an untrusted public network, such as the Internet by filtering network traffic. It does not filter network traffic on the internal network.

  C: A network proxy is used to protect the local network from external attacks by hiding the IP configuration of the internal clients. It does not filter network traffic.

  D: A host-based IPS (HIPS) is an intrusion detection and prevention system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 111-112, 116-117 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 11, 13-16

• Question 50:

  Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?

  A. A host-based intrusion prevention system

  B. A host-based firewall

  C. Antivirus update system

  D. A network-based intrusion detection system

  Correct Answer: B

  A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

  Incorrect Answers:

  A: A host-based IPS (HIPS) is an intrusion detection and prevention system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. A HIPS is not used to block ports.

  C: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.

  D: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the organization. However, a NIDS is not used to block ports.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 111-112, 116-117, 161-162 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 1316, 246