Encryption of data at rest is important for sensitive information because of which of the following?
A. Facilitates tier 2 support, by preventing users from changing the OS
B. Renders the recovery of data harder in the event of user password loss
C. Allows the remote removal of data following eDiscovery requests
D. Prevents data from being accessed following theft of physical equipment
Correct Answer: D
Data encryption allows data that has been stolen to remain out of the eyes of the intruders who took it as long as they do not have the proper passwords.
Incorrect Answers:
A: Data at rest means just that that user cannot use it at the moment, let alone change the OS.
B: Data Recovery capabilities are taken into account when backup plans are made/ part of disaster recovery plan.
C: Remote removal of data would not be a concern; rather the main concern should be the risk of theft.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 290
Question 502:
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
A. Internal account audits
B. Account disablement
C. Time of day restriction
D. Password complexity
Correct Answer: A
Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed.
Incorrect Answers:
B: Account disablement will prevent staff from being able to log on in any capacity which means that they will not be able to perform their duties.
C: Almost every operating system--server and workstation--allows you to configure WHEN an account can have access to the system. `When' is a time restraint and not switching roles. These will only make accounts valid for certain times as per the policy.
D: Password complexity will make passwords more secure and more difficult for miscreants to break it and log in to that user's account.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 140, 154
Question 503:
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?
A. User permissions
B. Policy enforcement
C. Routine audits
D. Change management
Correct Answer: C
After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives.
Incorrect Answers:
A: User permissions are part of the routine checks that should be followed.
B: Policy enforcement usually refers to account policies and these determine the security parameters regarding who may and may not access the system. These are already in place and should be routine checked in this scenario.
D: Change management is the structured approach that is followed to secure a company's assets.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 28
Question 504:
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
A. User permissions reviews
B. Incident response team
C. Change management
D. Routine auditing
Correct Answer: D
Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.
Incorrect Answers:
A: User permissions reviews should form part of routine auditing and refers to specific type of incident. In this case the security administrator wants to be notified of any type of incident in a timeous manner in future.
B: AN incident response team that can be tossed together to respond to an incident and this happens after the incident happened to that they may deal with the situation. In this case the administrator wants to be notified in a timeous manner in future.
C: Change management is the structured approach that should be in place to secure the company's assets.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 28, 446
Question 505:
After an audit, it was discovered that the security group memberships were not properly adjusted for employees' accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).
A. Mandatory access control enforcement.
B. User rights and permission reviews.
C. Technical controls over account management.
D. Account termination procedures.
E. Management controls over account management.
F. Incident management and response plan.
Correct Answer: BE
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions since they were all moved to different roles. Control over account management would have taken into account the different roles that employees have and adjusted the rights and permissions of these roles accordingly.
Incorrect Answers:
A: Mandatory access control enforcement just means that all access would be pre-defined. Thus it will not take into account the different roles now occupied by different employees.
C: Technical controls include things such as firewalls, IDS, IPS, etc. and as such are preventative, detective and even compensating and not administrative control.
D: Account termination procedures are carried out in the event of employees leaving the company and not when they are being moved within the company.
F: Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). And the Incidence Response PLan outlines what steps are needed and who is responsible for deciding how to handle a situation. In this case an audit was conducted.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 26-27
Question 506:
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?
A. User rights and permissions review
B. Configuration management
C. Incident management
D. Implement security controls on Layer 3 devices
Correct Answer: A
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy Incorrect Answers:
B: Configuration management is an operational control type that is put into action after a risk assessment has been done.
C: Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).
D: IPSec can be implemented on Layer 3 devices, but this will not prevent unauthorized changes to the network. It is a case of the permissions and user rights that has to be addressed.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 17
Question 507:
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Correct Answer: A
Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.
Incorrect Answers:
B: Reviewing the permissions of the transferred users does not address the high turnover of staff only the transfers.
C: Employing measures to ease the help desks work load is not reason to review user permission settings.
D: Ensuring all former employee user accounts have no permissions only address the employees that left and not the transfers.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 9-10
Question 508:
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?
A. User rights reviews
B. Least privilege and job rotation
C. Change management
D. Change Control
Correct Answer: A
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their `new' job descriptions , or if there are privilege creep culprits after transfers has occurred.
Incorrect Answers:
B: Least privilege is used when permissions are assigned and job rotation means that people are rotating through jobs, these measures will not detect privilege creep, rather it would present opportunities to commit privilege creep.
C: Change management is the structured approach that is followed to secure a company's assets.
D: Change control does not allow one to detect privilege creep.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 9-10, 20
Question 509:
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.
Correct Answer: B
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may
be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level.
Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.
Incorrect Answers:
A: Conducting a survey and ranking the results are part of assessing risk and not risk mitigation.
C: A vulnerability scanner is a software application that checks your network for any known security holes; it's better to run one on your own network before someone outside the organization runs it against you.
D: Disabling user accounts that have not been used within the last wo weeks may just be the user accounts of employees on mandatory vacations, depending on how long the leave period is.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 9-10, 220-221, 342-343
Question 510:
Requiring technicians to report spyware infections is a step in which of the following?
A. Routine audits
B. Change management
C. Incident management
D. Clean desk policy
Correct Answer: C
Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).
Incorrect Answers:
A: Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.
B: change management refers to the structured approach that is followed to secure a company's assets.
D: Clean Desk Policy - Information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like--can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 28, 369, 402
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.