CompTIA Security+ Question E-90

Identifying residual risk is MOST important to which of the following concepts?

A. Risk deterrence
B. Risk acceptance
C. Risk mitigation D. Risk avoidance

Answer: B

Explanation:
Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance)

CompTIA Security+ Question E-89

Which of the following security architecture elements also has sniffer functionality? (Select TWO).

A. HSM
B. IPS
C. SSL accelerator
D. WAP
E. IDS

Answer: B,E

Explanation:
Sniffer functionality means the ability to capture and analyze the content of data packets as they

are transmitted across the network. IDS and IPS systems perform their functions by capturing and analyzing the content of data packets.

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack’s content.

CompTIA Security+ Question E-88

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

A. Backdoor
B. Spyware
C. Logic bomb
D. DDoS
E. Smurf

Answer: B

Explanation:
Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.

CompTIA Security+ Question E-87

A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestricted
Which of the following should the security administrator implement?

A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control

Answer: C

Explanation:
A trusted operating system (TOS) is any operating system that meets the government’s requirements for security. Trusted OS uses a form of Mandatory access control called Multi-Level Security. The Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. MLS is an implementation of MAC that focuses on confidentiality. A Multi-Level Security operating system is able to enforce the separation of multiple classifications of information as well as manage multiple users with varying levels of information clearance. The military and intelligence community must handle and process various hierarchical levels of classified information. At the high-end there is Top Secret, followed in turn by Secret, Confidential, and Unclassified:

CompTIA Security+ Question E-86

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

A. Add reverse encryption
B. Password complexity
C. Increase password length
D. Allow single sign on

Answer: B

Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation, special characters, or numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a password’s length and complexity.

CompTIA Security+ Question E-85

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key.
B. The wireless access point is broadcasting the SSID.
C. The malicious user is able to capture the wired communication.
D. The meeting attendees are using unencrypted hard drives.

Answer: C

Explanation:
In this question, the wireless users are using WPA2-TKIP. While TKIP is a weak encryption protocol, it is still an encryption protocol. Therefore, the wireless communications between the laptops and the wireless access point are encrypted. The question states that user was able to intercept ‘clear text’ HTTP communication between the meeting attendees and the Internet. The HTTP communications are unencrypted as they travel over the wired network. Therefore, the malicious user must have been able to capture the wired communication.

TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It was a stopgap encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated.

CompTIA Security+ Question E-84

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users’ home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

A. Enforcing SELinux in the OS kernel is role-based access control
B. Enforcing SELinux in the OS kernel is rule-based access control
C. The policy added by the root user is mandatory access control
D. Enforcing SELinux in the OS kernel is mandatory access control
E. The policy added by the root user is role-based access control
F. The policy added by the root user is rule-based access control

Answer: D,F

Explanation:
Enforcing SELinux in the OS kernel is mandatory access control. SELinux is Security Enhanced Linux which is a locked down version of the OS kernel.

Mandatory Access Control (MAC) is a relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined. Users can’t share information unless their rights to share it are established by administrators. Consequently, administrators must make any changes that need to be made to such rights. This process enforces a rigid model of security. However, it is also considered the most secure security model.

The policy added by the root user is rule-based access control. The administrator has defined a policy that states that users folders should be served by the web server. Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all decisions.

CompTIA Security+ Question E-83

Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

A. IV attack
B. Evil twin
C. War driving
D. Rogue access point

Answer: B

Explanation:
An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears

as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.

CompTIA Security+ Question E-82

Which of the following types of security services are used to support authentication for remote users and devices?

A. Biometrics
B. HSM
C. RADIUS
D. TACACS

Answer: C

Explanation:
RADIUS authentication phase takes place when a network client connects to a network access server (NAS) and provides authentication credentials. The NAS will then make use of the authentication credentials to issue a RADIUS authentication request to the RADIUS server, which will then exchange RADIUS authentication messages with the NAS.

CompTIA Security+ Question E-81

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter

Answer: C

Explanation:
Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.