CompTIA Security+ Question J-100

Which of the following BEST describes part of the PKI process?

A. User1 decrypts data with User2’s private key
B. User1 hashes data with User2’s public key
C. User1 hashes data with User2’s private key
D. User1 encrypts data with User2’s public key

Answer: D

Explanation:
In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key. PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are encrypted with a public key and decrypted with a private key. A PKI example: You want to send an encrypted message to Jordan, so you request his public key. Jordan responds by sending you that key. You use the public key he sends you to encrypt the message. You send the message to him.

Jordan uses his private key to decrypt the message.

CompTIA Security+ Question J-99

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”?

A. CRL
B. PKI
C. OCSP
D. RA

Answer: C

Explanation:
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is ‘good’, ‘revoked’, or ‘unknown’. If it cannot process the request, it may return an error code.

CompTIA Security+ Question J-98

Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner’s data
B. Enables remote wipe capabilities
C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls

Answer: A

Explanation:
A password lock on a mobile device is used to prevent an unauthorized user from accessing owner’s data. When a device is turned off either by being manually switched off or by automatically turning off after a timeout, the device will automatically lock. When you turn the device on, you are prompted to enter a password or numeric code to gain access to the device.

CompTIA Security+ Question J-97

Users can authenticate to a company’s web applications using their credentials form a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials
B. Changes to passwords on the social media site can be delayed from replicating to the company
C. Data loss from the corporate servers can create legal liabilities with the social media site
D. Password breaches to the social media affect the company application as well

Answer: D

CompTIA Security+ Question J-96

Which of the following is the BEST concept to maintain required but non-critical server availability?

A. SaaS site
B. Cold site
C. Hot site
D. Warm site

Answer: D

Explanation:
Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Another term for a warm site/reciprocal site is active/active model.

CompTIA Security+ Question J-95

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

A. cd ../../../../bin/bash
B. whoami
C. ls /root
D. sudo -u root

Answer: A

Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess basis. The chroot utility allows you to run a process with a root directory other than /. The root directory appears at the top of the directory hierarchy and has no parent: A process cannot access any files above the root directory (because they do not exist). If, for example, you run a program (process) and specify its root directory as /home/sam/jail, the program would have no concept of any files in /home/sam or above: jail is the program’s root directory and is labeled / (not jail). By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from accessing or modifying—possibly maliciously—files outside the directory hierarchy starting at its root. You must set up a chroot jail properly to increase security: If you do not set up the chroot jail correctly, you can actually make it easier for a malicious user to gain access to a system than if there were no chroot jail.

The command cd .. takes you up one level in the directory structure. Repeated commands would take you to the top level the root which is represented by a forward slash /. The command /bin/bash is an attempt to run the bash shell from the root level.

CompTIA Security+ Question J-94

Public keys are used for which of the following?

A. Decrypting wireless messages
B. Decrypting the hash of an electronic signature
C. Bulk encryption of IP based email traffic
D. Encrypting web browser traffic

Answer: B

Explanation:
The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

CompTIA Security+ Question J-93

A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines
B. Application hardening
C. Application access controls
D. Application patch management

Answer: D

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

CompTIA Security+ Question J-92

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management
B. Chain of custody management
C. Change management
D. Incident management

Answer: D

Explanation:
incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.

CompTIA Security+ Question J-91

Which of the following is considered a risk management BEST practice of succession planning?

A. Reducing risk of critical information being known to an individual person who may leave the organization
B. Implementing company-wide disaster recovery and business continuity plans
C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats
D. Considering departmental risk management practices in place of company-wide practices

Answer: B