CompTIA Security+ Question D-40

The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening?

A. Access control lists
B. Loop protection
C. Firewall rule
D. Port security

Answer: D

CompTIA Security+ Question D-39

Which of the following uses both a public and private key?

A. RSA
B. AES
C. MD5
D. SHA

Answer: A

Explanation:
The RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process. RSA uses both a public key and a secret. RSA key generation process:

1.

Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth). Let n = pq Let m = (p-1)(q-1)

2.

Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors).

3.

Find d, such that de % m = 1

4.

Publish e and n as the public key. Keep d and n as the secret key.

CompTIA Security+ Question D-38

Key elements of a business impact analysis should include which of the following tasks?

A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Answer: D

Explanation:
The key components of a Business impact analysis (BIA) include: Identifying Critical Functions Prioritizing Critical Business Functions Calculating a Timeframe for Critical Systems Loss Estimating the Tangible and Intangible Impact on the Organization

CompTIA Security+ Question D-37

A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

A. Enforce Kerberos
B. Deploy smart cards
C. Time of day restrictions
D. Access control lists

Answer: C

Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours.

CompTIA Security+ Question D-36

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

A. Command shell restrictions
B. Restricted interface
C. Warning banners
D. Session output pipe to /dev/null

Answer: C

Explanation:
Within Microsoft Windows, you have the ability to put signs (in the form of onscreen pop-up banners) that appear before the login telling similar information—authorized access only, violators will be prosecuted, and so forth. Such banners convey warnings or regulatory information to the user that they must “accept” in order to use the machine or network. You need to make staff aware that they may legally be prosecuted and a message is best given via a banner so that all staff using workstation will get notification.

CompTIA Security+ Question D-35

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A. Remove the staff group from the payroll folder
B. Implicit deny on the payroll folder for the staff group
C. Implicit deny on the payroll folder for the managers group
D. Remove inheritance from the payroll folder

Answer: B

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

CompTIA Security+ Question D-34

Peter is the accounts payable agent for ABC Company. Peter has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

A. Mandatory vacation
B. Job rotation
C. Separation of duties
D. Replacement

Answer: A

Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can allow the company to review all the new accounts.

CompTIA Security+ Question D-33

Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

A. Wireless jamming
B. Evil twin
C. Rogue AP
D. Packet sniffing

Answer: A

Explanation:
When most people think of frequency jamming, what comes to mind are radio, radar and cell phone jamming. However, any communication that uses radio frequencies can be jammed by a strong radio signal in the same frequency. In this manner, Wi-Fi may be attacked with a network jamming attack, reducing signal quality until it becomes unusable or disconnects occur. With very similar methods, a focused and aimed signal can actually break access point hardware, as with equipment destruction attacks.

CompTIA Security+ Question D-32

Which of the following is a security risk regarding the use of public P2P as a method of collaboration?

A. Data integrity is susceptible to being compromised.
B. Monitoring data changes induces a higher cost.
C. Users are not responsible for data usage tracking.
D. Limiting the amount of necessary space for data storage.

Answer: A

Explanation:
Peer-to-peer (P2P) networking is commonly used to share files such as movies and music, but you must not allow users to bring in devices and create their own little networks. All networking must be done through administrators and not on a P2P basis. Data integrity can easily be compromised when using public P2P networking.

CompTIA Security+ Question D-31

An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

A. Packet
B. Active
C. Port
D. Passive

Answer: D

Explanation:
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote machine’s operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.

Certain parameters within the TCP protocol definition are left up to the implementation. Different operating systems and different versions of the same operating system set different defaults for these values. By collecting and examining these values, one may differentiate among various operating systems, and implementations of TCP/IP. Just inspecting the Initial TTL and window size TCP/IP fields is often enough in order to successfully identify an operating system, which eases the task of performing manual OS fingerprinting.

Passive OS fingerprinting is the examination of a passively collected sample of packets from a host in order to determine its operating system platform. It is called passive because it doesn’t involve communicating with the host being examined. In this question, the proxy will use passive fingerprinting because the proxy is a ‘transparent proxy’. It isn’t seen by the computer.