admin | Exam Premium CompTIA

CompTIA Security+ Question K-20

Which of the following describes the purpose of an MOU?

A. Define interoperability requirements
B. Define data backup process
C. Define onboard/offboard procedure
D. Define responsibilities of each party

Answer: D

Explanation:
MOU or Memorandum of Understanding is a document outlining which party is responsible for what portion of the work.

CompTIA Security+ Question K-19

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?

A. Intrusion Prevention Systems
B. MAC filtering
C. Flood guards
D. 802.1x

Answer: D

Explanation:
IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.

CompTIA Security+ Question K-18

Which of the following is the term for a fix for a known software problem?

A. Skiff
B. Patch
C. Slipstream
D. Upgrade

Answer: B

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.

CompTIA Security+ Question K-17

The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

A. The certificate used to authenticate users has been compromised and revoked.
B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.
C. An attacker has gained access to the access point and has changed the encryption keys.
D. An unauthorized access point has been configured to operate on the same channel.

Answer: D

Explanation:
Wireless Access Points can be configured to use a channel. If you have multiple access points within range of each other, you should configure the access points to use different channels. Different channels use different frequencies. If you have two access points using the same channel, their Wi-Fi signals will interfere with each other. The question states that that many users are having difficulty connecting to the company’s wireless network. This is probably due to the signal being weakened by interference from another access point using the same channel. When the administrator takes a new laptop and physically goes to the access point and connects with no problems, he is able to connect because he is near the access point and therefore has a strong signal.

CompTIA Security+ Question K-16

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.
B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.
C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.
D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

Answer: D

Explanation:
People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer.

CompTIA Security+ Question K-15

A small company has recently purchased cell phones for managers to use while working outside if the office.
The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements?

A. Screen-lock
B. Disable removable storage
C. Full device encryption
D. Remote wiping

Answer: A

Explanation:
Explanation Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

CompTIA Security+ Question K-14

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna.
B. Change the encryption used so that the encryption protocol is CCMP-based.
C. Disable the network’s SSID and configure the router to only access store devices based on MAC addresses.
D. Increase the access point’s encryption from WEP to WPA TKIP.

Answer: B

Explanation:
CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services: Data confidentiality; ensures only authorized parties can access the information Authentication; provides proof of genuineness of the user Access control in conjunction with layer management

Incorrect Options:

A: The antenna type deals with signal strength and direction. It will not have a bearing on whether technology is older.

C: This option would “cloak” the network, not harden the network.

D: WPA2, which uses CCMP as its standard encryption protocol, more secure than WPA-TKIP.

Reference: http://en.wikipedia.org/wiki/CCMP http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 61, 63

CompTIA Security+ Question K-13

Which of the following results in datacenters with failed humidity controls? (Select TWO).

A. Excessive EMI
B. Electrostatic charge
C. Improper ventilation
D. Condensation
E. Irregular temperature

Answer: B,D

Explanation:
Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock. Most environmental systems also regulate humidity; however, a malfunctioning system can cause the humidity to be almost entirely extracted from a room. Make sure that environmental systems are regularly serviced. Electrostatic damage can occur when humidity levels get too low. Condensation is a direct result from failed humidity levels.

CompTIA Security+ Question K-12

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

A. Restoration and recovery strategies
B. Deterrent strategies
C. Containment strategies
D. Detection strategies

Answer: C

Explanation:
Containment strategies is used to limit damages, contain a loss so that it may be controlled, much like quarantine, and loss incident isolation.

CompTIA Security+ Question K-11

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

A. Phishing
B. Tailgating
C. Pharming
D. Vishing

Answer: D

Explanation:
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to “verify identity” or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller ID spoofing can cause the victim’s set to indicate a legitimate source, such as a bank or a government agency.

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless.

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with.