CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 51:

  A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

  A. Patch management

  B. Application hardening

  C. White box testing

  D. Black box testing

  Correct Answer: A

  Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production system, and scheduling updates.

  Incorrect Answers:

  B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  C: White box testing is a form of penetration testing in which the tester has significant knowledge of the system and how it functions. This simulates an attack from an insider.

  D: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of the system or it how it functions. This simulates an attack from an outsider.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 221, 231-232 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217, 220, 459

• Question 52:

  A periodic update that corrects problems in one version of a product is called a

  A. Hotfix

  B. Overhaul

  C. Service pack

  D. Security update

  Correct Answer: C

  A service pack is a collection of updates and hotfixes that address a number of software issues, as well as new software features. It is released periodically by the vendor.

  Incorrect Answers:

  A: A hotfix is a single-issue update that addresses a single software problem. It is released immediately in response to a newly discovered vulnerability.

  B: A system overhaul is not an update. It is the creation of a new version of the system.

  D: A security update is similar to a hotfix in that it addresses a single problem and is released immediately in response to a newly discovered vulnerability

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 220 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 231

• Question 53:

  Which of the following encompasses application patch management?

  A. Configuration management

  B. Policy management

  C. Cross-site request forgery

  D. Fuzzing

  Correct Answer: A

  Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

  Incorrect Answers:

  B: Policy management is the use of policies to form guidelines for the management of entities within an organization. These policies need to be enforced.

  C: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application's trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user's

  knowledge. XSRF is not related to patch management.

  D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

  References:

  http://en.wikipedia.org/wiki/Fuzz_testing

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 220 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 231-232

• Question 54:

  Which of the following is a vulnerability associated with disabling pop-up blockers?

  A. An alert message from the administrator may not be visible

  B. A form submitted by the user may not open

  C. The help window may not be displayed

  D. Another browser instance may execute malicious code

  Correct Answer: D

  Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.

  Incorrect Answers:

  A, B, C: Pop-up windows are browser windows that are opened without the consent of the user.

  They are not alert messages, forms or the help window.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 246 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 222

• Question 55:

  A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

  A. Antivirus

  B. Pop-up blocker

  C. Spyware blocker

  D. Anti-spam

  Correct Answer: B

  Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.

  Incorrect Answers:

  A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.

  C: Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge or consent. This is usually accomplished using a tracking cookie.

  D: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM). It does not block random browser windows, which are pop-up windows, from opening.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 246 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 18-19, 161-162, 300

• Question 56:

  A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose?

  A. Anti-spyware

  B. Antivirus

  C. Host-based firewall

  D. Web content filter

  Correct Answer: A

  Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge. This is usually accomplished using a tracking cookie.

  Incorrect Answers:

  B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Computer viruses do not capture user information.

  C: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

  D: Web content filtering is a form of content inspection in which the content of a web page is inspected against a blacklist of unwanted terms. This would not prevent user information being captured online.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 161-162, 300 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 19,

• Question 57:

  Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?

  A. Network based firewall

  B. Anti-spam software

  C. Host based firewall

  D. Anti-spyware software

  Correct Answer: D

  Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge. This is usually accomplished using a tracking cookie.

  Incorrect Answers:

  A: A firewall protects a system from possible attack over a network by restricting or filtering the types of communications that are allowed to pass into the system. It does not detect tracking cookies.

  B: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM). It does not block tracking cookies.

  C: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6, 18-19, 300 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 246

• Question 58:

  A network administrator noticed various chain messages have been received by the company.

  Which of the following security controls would need to be implemented to mitigate this issue?

  A. Anti-spam

  B. Antivirus

  C. Host-based firewalls

  D. Anti-spyware

  Correct Answer: A

  A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM).

  Incorrect Answers:

  B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another.

  C: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. It does not block email messages or instant messaging (IM) messages.

  D: Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge. This is usually accomplished using a tracking cookie.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 18-19, 161-162, 300 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 246

• Question 59:

  Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

  A. Application patch management

  B. Cross-site scripting prevention

  C. Creating a security baseline

  D. System hardening

  Correct Answer: D

  Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

  Incorrect Answers:

  A: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.

  B: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.

  C: A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be maintained or improved. Maintaining the security baseline requires continuous monitoring.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 61, 215-217, 220 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 195, 207-208,

• Question 60:

  An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

  A. Implement IIS hardening by restricting service accounts.

  B. Implement database hardening by applying vendor guidelines.

  C. Implement perimeter firewall rules to restrict access.

  D. Implement OS hardening by applying GPOs.

  Correct Answer: D

  Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user

  accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented using the native security features of an operating system, such as Group Policy Objects (GPOs).

  Incorrect Answers:

  A: Internet Information Services (IIS) is a Windows service that allows a computer to function as a Web Server. This is usually installed on a server rather than a workstation.

  B: Database hardening will improve security for a database; it does not improve security for workstations.

  C: Perimeter firewall rules can be used to restrict network access to host machines but this is a network-based, and not a host-based, security mechanism.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215, 227 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 202- 206, 211