CompTIA Security+ Question L-20

Peter, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?

A. NIPS
B. HIDS
C. HIPS
D. NIDS

Answer: A

Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

CompTIA Security+ Question L-19

Privilege creep among long-term employees can be mitigated by which of the following procedures?

A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation

Answer: A

Explanation:
Privilege creep is the steady build-up of access rights beyond what a user requires to perform his/her task. Privilege creep can be decreased by conducting sporadic access rights reviews, which will confirm each user’s need to access specific roles and rights in an effort to find and rescind excess privileges.

CompTIA Security+ Question L-18

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

A. Error and exception handling
B. Application hardening
C. Application patch management
D. Cross-site script prevention

Answer: B

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

CompTIA Security+ Question L-17

A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?

A. Contact their manager and request guidance on how to best move forward
B. Contact the help desk and/or incident response team to determine next steps
C. Provide the requestor with the email information since it will be released soon anyway
D. Reply back to the requestor to gain their contact information and call them

Answer: B

Explanation:
This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It’s important that an incident response policy establish at least the following items: Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team.

CompTIA Security+ Question L-16

A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?

A. Spam filter
B. Digital signatures
C. Antivirus software
D. Digital certificates

Answer: B

Explanation:
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer. Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.

CompTIA Security+ Question L-15

Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?

A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.
B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.
C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
D. MOUs between two companies working together cannot be held to the same legal standards as SLAs.

Answer: C

Explanation:
The Memorandum of Understanding This document is used in many settings in the information industry. It is a brief summary of which party is responsible for what portion of the work. For example, Company A may be responsible for maintaining the database server and Company B may be responsible for telecommunications. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen’s agreement. Often, MOUs are the first steps towards a legal contract.

CompTIA Security+ Question L-14

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?

A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots

Answer: D

Explanation:
Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems. Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

CompTIA Security+ Question L-13

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

A. Check the referrer field in the HTTP header
B. Disable Flash content
C. Use only cookies for authentication
D. Use only HTTPS URLs

Answer: A

Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is accomplished by changing values in the HTTP header and even in the user’s cookie to falsify access. It can be prevented by embedding additional authentication data into requests that allows the web application to detect requests from unauthorized locations. Examples are synchronizer token patterns, cookie-to-header tokens, and checking the HTTP Referrer header and the HTTP Origin header.

CompTIA Security+ Question L-12

The Chief Security Officer (CSO) for a datacenter in a hostile environment is concerned about protecting the facility from car bomb attacks. Which of the following BEST would protect the building from this threat? (Select two.)

A. Dogs
B. Fencing
C. CCTV
D. Guards
E. Bollards
F. Lighting

Answer: B,E

CompTIA Security+ Question L-11

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

A. Deploy a HIDS suite on the users’ computers to prevent application installation.
B. Maintain the baseline posture at the highest OS patch level.
C. Enable the pop-up blockers on the users’ browsers to prevent malware.
D. Create an approved application list and block anything not on it.

Answer: D

Explanation:
You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers. Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. You can use AppLocker as part of your overall security strategy for the following scenarios: Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment. Prevent users from installing and using unauthorized applications. Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.