CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 511:

  A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

  A. Procedure and policy management

  B. Chain of custody management

  C. Change management

  D. Incident management

  Correct Answer: D

  incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.

  Incorrect Answers:

  A: Procedure and Policy management is in essence methods that need to be followed to ensure business continuity.

  B: When working with incident then chain of custody management , i.e. how evidence is secured, where it is stored and who has access to it, is observed, but this is but a step in incident management.

  C: Change management refers to the structured approach that is followed to secure a company's assets.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 448

• Question 512:

  Which of the following is BEST carried out immediately after a security breach is discovered?

  A. Risk transference

  B. Access control revalidation

  C. Change management

  D. Incident management

  Correct Answer: D

  Incident management is the steps followed when security incident occurs.

  Incorrect Answers:

  A: Risk transference involves sharing some of the risk burden with someone else, such as an insurance company.

  B: Revalidating access control is a technical control type and is done mainly to test the existing access control measures in place.

  C: Change management is the structured approach that is followed to secure a company's assets.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 10

• Question 513:

  A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?

  A. Contact their manager and request guidance on how to best move forward

  B. Contact the help desk and/or incident response team to determine next steps

  C. Provide the requestor with the email information since it will be released soon anyway

  D. Reply back to the requestor to gain their contact information and call them

  Correct Answer: B

  This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It's important that an incident response policy establish at least the following items: Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident

  Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team.

  Incorrect Answers:

  A: The manager may or may not be part of the incident response team.

  C: The information has been marked Internal Proprietary Information and providing the information to the requestor would be in violation to the company.

  D: You should have the incident response team handle the situation rather than addressing the issue yourself.

  References:

  Du Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 444-447

• Question 514:

  A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

  A. Patch Audit Policy

  B. Change Control Policy

  C. Incident Management Policy

  D. Regression Testing Policy

  E. Escalation Policy

  F. Application Audit Policy

  Correct Answer: BD

  A backout (regression testing) is a reversion from a change that had negative consequences. It could be, for example, that everything was working fi ne until you installed a service pack on a production machine, and then services that were normally available were no longer accessible. The backout, in this instance, would revert the system to the state that it was in before the service pack was applied. Backout plans can include uninstalling service packs, hotfi xes, and patches, but they can also include reversing a migration and using previous firmware. A key component to creating such a plan is identifying what events will trigger your implementing the backout. A change control policy refers to the structured approach that is followed to secure a company's assets in the event of changes occurring.

  Incorrect Answers:

  A: Patch Audit Policy refers to proper patch management and more the specific the evaluation thereof that should be in place to keep your systems up to date.

  C: Incident management policies outline the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).

  E: Escalation Policy is used to make sure that the right ppeol are alerted at the right time. If an incident is not acknowledged or resolved within an escalation time- out period, it is passed on, or escalated to the next user/s in line.

  F: Application Audit Policy refers to the process of evaluation regarding applications used on your network.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 443

• Question 515:

  Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

  A. Risk transference

  B. Change management

  C. Configuration management

  D. Access control revalidation

  Correct Answer: B

  Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company's assets. In this case `scheduled system patching'.

  Incorrect Answers:

  A: Risk transference is when you offload risk to another party akin to risk sharing.

  C: Configuration management is an operational control type that is put into action after a risk assessment has been done.

  D: Access control revalidation referrers to server-side and client-side validation that has to be repeated.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 14-17

• Question 516:

  The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?

  A. Application hardening

  B. Application firewall review

  C. Application change management

  D. Application patch management

  Correct Answer: C

  Change management is the structured approach that is followed to secure a company's assets. Promoting code to application on a SMZ web server would be change management.

  Incorrect Answers:

  A: Application Hardening is a strategy to make servers and workstations less vulnerable to exploitation and attack.

  B: Application firewall review is a strategy used to look for risk, threat, and vulnerability.

  D: Application patch management is used to support ownership in that it will keep your software up to date. In most cases the software would be the operating system rather than applications.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 215-218, 345

• Question 517:

  Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?

  A. Incident management

  B. Server clustering

  C. Change management

  D. Forensic analysis

  Correct Answer: C

  Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company's assets. In this case `performing updates to business critical systems.

  Incorrect Answers:

  A: Incident management is the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).

  B: Server clustering is used to provide failover capabilities / redundancy in addition to scalability as demand increases.

  D: Forensics refers to the process of identifying past events using a data trail and the analysis of evidence found in computers and on digital storage media.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 10

• Question 518:

  Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

  A. Incident management

  B. Clean desk policy

  C. Routine audits

  D. Change management

  Correct Answer: D

  Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company's assets. This structured approach involves policies that should be in place and technological controls that should be enforced.

  Incorrect Answers:

  A: Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). These are usually set in a policy that has been approved.

  B: Clean Desk Policy refers to information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like that can be easily seen by prying eyes and taken by thieving hands. The strategy should be to encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

  C: Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 402

• Question 519:

  A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

  A. The request needs to be sent to the incident management team.

  B. The request needs to be approved through the incident management process.

  C. The request needs to be approved through the change management process.

  D. The request needs to be sent to the change management team.

  Correct Answer: C

  Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company's assets. Thus the actual switch configuration should first be subject to the change management approval.

  Incorrect Answers:

  A: Incident management refers to the steps followed WHEN events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The scenario want to know what must be done prior to the incident.

  B: Incident management refers to the process that has to be followed WHEN an event occurred not prior to the event.

  D: Immediately prior to the actual switch configuration the request should be approved through the change management process.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 10

• Question 520:

  An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.

  Which of the following strategies would the administrator MOST likely implement?

  A. Full backups on the weekend and incremental during the week

  B. Full backups on the weekend and full backups every day

  C. Incremental backups on the weekend and differential backups every day

  D. Differential backups on the weekend and full backups every day

  Correct Answer: A

  A full backup is a complete, comprehensive backup of all fi les on a disk or server. The full backup is current only at the time it's performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn't be in use while it undergoes a full backup because some fi les may not get backed up. Once the system goes back into operation, the backup is no longer current. A full backup can be a time-consuming process on a large system. An incremental backup is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. If a full backup were performed on a Sunday night, an incremental backup done on Monday night would contain only the information that changed since Sunday night. Such a backup is typically considerably smaller than a full backup. Each incremental backup must be retained until a full backup can be performed. Incremental backups are usually the fastest backups to perform on most systems, and each incremental backup tape is relatively small.

  Incorrect Answers:

  B: Full backups on a daily base would be too time consuming and impractical.

  C: A differential backup is similar in function to an incremental backup, but it backs up any files that have been altered since the last full backup; it makes duplicate copies of fi les that haven't changed since the last differential backup.

  However this together with incremental backups on the weekend will not provide a complete backup since the administrator want to minimize time required to perform backups during the week.

  D: Full backups on a daily basis is exactly the opposite of what is required when you want to minimize the time required to make the backups during the week.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 436-437