CompTIA Security+ Question B-100

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?

A. System image capture
B. Record time offset
C. Order of volatility
D. Chain of custody

Answer: D

Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been.

CompTIA Security+ Question B-99

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?

A. Twofish
B. Diffie-Hellman
C. ECC
D. RSA

Answer: C

Explanation:
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size.

CompTIA Security+ Question B-98

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?

A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.

Answer: D

Explanation:
Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated “private” IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a “public” address (10.2.2.1) assigned by an Internet service provider.

CompTIA Security+ Question B-97

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

A. CCTV system access
B. Dial-up access
C. Changing environmental controls
D. Ping of death

Answer: C

Explanation:
Environmental systems include heating, air conditioning, humidity control, fire suppression, and power systems. All of these functions are critical to a well-designed physical plant. A computer room will typically require full-time environmental control. Changing any of these controls (when it was set to its optimum values) will result in damage.

CompTIA Security+ Question B-96

The security administrator runs an rpm verify command which records the MD5 sum, permissions, and timestamp of each file on the system. The administrator saves this information to a separate server. Which of the following describes the procedure the administrator has performed?

A. Host software base-lining
B. File snapshot collection
C. TPM
D. ROMDB verification

Answer: D

CompTIA Security+ Question B-95

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?

A. Symmetric encryption
B. Non-repudiation
C. Steganography
D. Hashing

Answer: C

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

CompTIA Security+ Question B-94

In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?

A. An authentication factor
B. Discretionary access
C. Time of day restrictions
D. Least privilege restrictions

Answer: A

CompTIA Security+ Question B-93

The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?

A. Application hardening
B. Application firewall review
C. Application change management
D. Application patch management

Answer: C

Explanation:
Change management is the structured approach that is followed to secure a company’s assets. Promoting code to application on a SMZ web server would be change management.

CompTIA Security+ Question B-92

A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are:
1. reduce the number of public IP addresses in use by the web servers
2. drive all the web traffic through a central point of control
3. mitigate automated attacks that are based on IP address scanning

Which of the following would meet all three goals?

A. Firewall
B. Load balancer
C. URL filter
D. Reverse proxy

Answer: D

Explanation:
The purpose of a proxy server is to serve as a proxy or middle man between clients and servers. Using a reverse proxy you will be able to meet the three stated goals.

CompTIA Security+ Question B-91

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS
B. Host software baselining
C. OS hardening
D. Virtualization

Answer: D

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.