CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 491:

  Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

  A. Email scanning

  B. Content discovery

  C. Database fingerprinting

  D. Endpoint protection

  Correct Answer: D

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonality with network intrusion prevention systems. Endpoint protection provides security and management over both physical and virtual environments.

  Incorrect Answers:

  A: Email scanning would only be providing security over one aspect of data protection.

  B: Content discovery is mainly useful for social marketing campaigns to drive more traffic to your websites.

  C: Database fingerprinting refers mainly to classifying data.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 10 http://www.websense.com/content/support/library/data/v76/help/Fingerprinting%20DB.aspx

• Question 492:

  The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

  A. HPM technology

  B. Full disk encryption

  C. DLP policy

  D. TPM technology

  Correct Answer: C

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. The Software as a Service (SaaS) applications are remotely run over the Web and as such requires DLP monitoring.

  Incorrect Answers:

  A: HPM is an acronym for home protection methods.

  B: Full Disk encryption is hardware-based not software based as is the case with the SaaS cloud provider.

  D: TPM is hardware technology not software-based as is the case with the SaaS cloud provider.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 17

• Question 493:

  Which of the following assets is MOST likely considered for DLP?

  A. Application server content

  B. USB mass storage devices

  C. Reverse proxy

  D. Print server

  Correct Answer: B

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. A USB presents the most likely device to be used to steal data because of its physical size.

  Incorrect Answers:

  A: Application server content would be hosting the software required by users to completet their tasks. Not likely to be DLP monitored.

  C: Reverse proxy firewalls can be set to perform proxy servers, and this can thus also be reversed this is not likely to be DLP monitored.

  D: A print server will most likely be used to make a printout of the data and this poses a paper trail and a physical, big piece or several pages of paper that must be used to steal data. Too obvious to be monitored using DLP.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 237

• Question 494:

  Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

  A. Scanning printing of documents.

  B. Scanning of outbound IM (Instance Messaging).

  C. Scanning copying of documents to USB.

  D. Scanning of SharePoint document library.

  E. Scanning of shared drives.

  F. Scanning of HTTP user traffic.

  Correct Answer: BF

  DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy.

  Incorrect Answers:

  A: Printing of documents will not necessarily result in data loss since it is a hard copy of the soft copy that is already there.

  C: Copying documents to USB amounts to duplicating data.

  D: A SharePoint document Library is a list of the documents and not the data itself. This is not a data in transit issue

  E: Shared drive scanning is not data in transit.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 236-237, 364

• Question 495:

  Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

  A. DLP

  B. CRL

  C. TPM

  D. HSM

  Correct Answer: A

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

  Incorrect Answers:

  B: A certificate revocation list is used to revoke a certificate or key. This means that a specific CA state should no longer be used.

  C: TPM is used to assist with hash key generation. This will enhance security, but a DLP control would better serve the needs of the company in this instance.

  D: HSM is also a crypto-processor which is used with PKI systems.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 262, 290

• Question 496:

  An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

  A. DLP

  B. Asset tracking

  C. HSM

  D. Access control

  Correct Answer: A

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

  Incorrect Answers:

  B: Asset tracking can be as simple as a serial number etched in the device or as complex as a GPS locator. Related to this is inventory control. A complete and accurate list of all devices is an integral part of mobile device management.

  However in this case the USB drive is already lost.

  C: HSM is a backup type it provides continuous online backup using optical or tape jukeboxes.

  D: Access Control refers to who has access to resources and clearly users should be granted access if they require it to perform their duties.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 419, 437

• Question 497:

  Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?

  A. Matt should implement access control lists and turn on EFS.

  B. Matt should implement DLP and encrypt the company database.

  C. Matt should install Truecrypt and encrypt the company server.

  D. Matt should install TPMs and encrypt the company database.

  Correct Answer: B

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Encryption is used to protect data.

  Incorrect Answers:

  A: ACLs will enable devices in your network to ignore requests from specified users or to grant them access to certain network capabilities and EFS can also be used to help in risk mitigation. However Matt is supposed to employ encryption and prevent theft of company data.

  C: TrueCrypt is used to encrypt hard drives and partitions. Data is software and Truecrypt is used for hardware encryption.

  D: TPM can be used to assist with hash key generation, bu that is just it, it is hardware encryption, not data encryption per se.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 14-18, 156, 238, 290

• Question 498:

  Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

  A. Restoration and recovery strategies

  B. Deterrent strategies

  C. Containment strategies

  D. Detection strategies

  Correct Answer: C

  Containment strategies is used to limit damages, contain a loss so that it may be controlled, much like quarantine, and loss incident isolation.

  Incorrect Answers:

  A: Restorative and recovery strategies are used to replace the lost and damaged systems to ensure business continuity.

  B: A deterrent control is anything intended to warn a would-be attacker that they should not attack. This could be a posted warning notice that they will be prosecuted to the fullest extent of the law, locks on doors, barricades, lighting, or anything can delay or discourage an attack. A deterrent strategy is preventative and not limitation to damage.

  D: Detection strategies would be used to uncover a violation/damage.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 384, 444

• Question 499:

  Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.

  Which of the following would be the BEST control to implement?

  A. File encryption

  B. Printer hardening

  C. Clean desk policies

  D. Data loss prevention

  Correct Answer: D

  Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. This would address the concerns of the auditors.

  Incorrect Answers:

  A: File encryption is used to protect data not to prevent legitimate users from accessing the data and working with it.

  B: Printer hardening does not mean that the staff members may not print the files. Rather it is the files that are already printed that raised the concern.

  C: Clean Desk Policy Information on a desk refers to the printouts, pads of note paper, sticky notes, and the like; can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. However in this case the actual printed files and its destruction is of concern.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 369

• Question 500:

  A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?

  A. Content filtering

  B. IDS

  C. Audit logs

  D. DLP

  Correct Answer: D

  Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

  Incorrect Answers:

  A: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn't comply with the company's web policy. Content- control software determines what content will be

  available or perhaps more often what content will be blocked. Content filtering will not prevent documents being copied to a USB device.

  B: An IDS (Intrusion Detection System) is used to detect attempts to access a computer system or network. An IDS will not prevent documents being copied to a USB device.

  C: Audit logs are used to record events such as account logons, file access etc. An audit log may record when a file is accessed (if auditing is enabled for the file) but it will not prevent a file being copied to a USB device.

  References:

  http://whatis.techtarget.com/definition/data-loss-prevention-DLP