CompTIA Security+ Question C-20

Which of the following can be used to mitigate risk if a mobile device is lost?

A. Cable lock
B. Transport encryption
C. Voice encryption D. Strong passwords

Answer: D

Explanation:
Passwords are the most likely mechanism that can be used to mitigate risk when a mobile device is lost. A strong password would be more difficult to crack.

CompTIA Security+ Question C-19

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

A. SQL injection
B. Cross-site scripting
C. Command injection
D. LDAP injection

Answer: D

Explanation:
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection. In a page with a user search form, the following code is responsible to catch input value and generate a LDAP query that will be used in LDAP database. Insert the username The LDAP query is narrowed down for performance and the underlying code for this function might be the following: String ldapSearchQuery = “(cn=” + $userName + “)”; System.out.println(ldapSearchQuery);

If the variable $userName is not validated, it could be possible accomplish LDAP injection, as follows: If a user puts “*” on box search, the system may return all the usernames on the LDAP base If a user puts “jonys) (| (password = * ) )”, it will generate the code bellow revealing jonys’ password ( cn = jonys ) ( | (password = * ) )

CompTIA Security+ Question C-18

Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

A. Database encryption
B. USB encryption
C. Whole disk encryption
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question C-17

After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?

A. 25
B. 68
C. 80
D. 443

Answer: B

Explanation:
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for distributing IP addresses for interfaces and services. DHCP makes use of port 68.

CompTIA Security+ Question C-16

Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter?

A. Fire suppression
B. Raised floor implementation
C. EMI shielding
D. Hot or cool aisle containment

Answer: D

Explanation:
There are often multiple rows of servers located in racks in server rooms. The rows of servers are known as aisles, and they can be cooled as hot aisles and cold aisles. With a hot aisle, hot air outlets are used to cool the equipment, whereas with cold aisles, cold air intake is used to cool the equipment. Combining the two, you have cold air intake from below the aisle and hot air outtake above it, providing constant circulation. This is a more effective way of controlling temperature to safeguard your equipment in a data center.

CompTIA Security+ Question C-15

A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled?

A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated.
B. The supervisor should be removed from the human resources group and added to the accounting group.
C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group.
D. The supervisor should only maintain membership in the human resources group.

Answer: C

Explanation:
You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the human resources supervisor’s user account to the group means the supervisor will inherit the permissions of that group, and allow him to carry out the new duties. Because the new duties are being added to his normal duties, maintaining membership in the human resources group will allow the supervisor to continue performing his normal duties.

CompTIA Security+ Question C-14

A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).

A. IPv6
B. SFTP
C. IPSec
D. SSH
E. IPv4

Answer: A,C

Explanation:
Telnet supports IPv6 connections. IPv6 is the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec is a compulsory component for IPv6.

IPsec operates at Layer 3 of the OSI model, whereas Telnet operates at Layer 7.

CompTIA Security+ Question C-13

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

A. Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys

Answer: D

Explanation:
Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key. In more detail:

*

Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.

*

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

CompTIA Security+ Question C-12

When performing the daily review of the system vulnerability scans of the network Peter, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Peter researches the assigned vulnerability identification number from the vendor website. Peter proceeds with applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?

A. Network based
B. IDS
C. Signature based
D. Host based

Answer: C

Explanation:
A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.

CompTIA Security+ Question C-11

Peter Has read and write access to his own home directory. Peter and Ann are collaborating on a project, and Peter would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

A. Role-based access control
B. Rule-based access control
C. Mandatory access control
D. Discretionary access control

Answer: D

Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.