CompTIA Security+ Question J-10

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?

A. SNMPv3
B. TFTP
C. SSH
D. TLS

Answer: A

Explanation:
SNMPv3 provides the following security features: Message integrity–Ensures that a packet has not been tampered with in transit. Authentication–Determines that the message is from a valid source. Encryption–Scrambles the content of a packet to prevent it from being learned by an unauthorized source.

CompTIA Security+ Question J-9

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

A. Penetration test
B. Code review
C. Baseline review
D. Design review

Answer: C

Explanation:
The standard configuration on a server is known as the baseline. The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline. A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

CompTIA Security+ Question J-8

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties

Answer: B

Explanation:
A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job.

CompTIA Security+ Question J-7

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.

Answer: B

Explanation:
CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many operating system providers allow their systems to be configured as CA systems.

These CA systems can be used to generate internal certificates that are used within a business or in large external settings. The process provides certificates to the users. Since the user in question has been re-issued a smart card, the user must receive a new certificate by the CA to allow the user to send digitally signed email. This is achieved by publishing the new certificates to the global address list.

CompTIA Security+ Question J-6

Which of the following is an application security coding problem?

A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing

Answer: A

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.

CompTIA Security+ Question J-5

A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?

A. Adding a heat deflector
B. Redundant HVAC systems
C. Shielding
D. Add a wireless network

Answer: C

Explanation:
EMI can cause circuit overload, spikes, or even electrical component failure. In the question it is mentioned that switch degradation occurs when the building’s roof air-conditioning system is also running. All electromechanical systems emanate EMI. Thus you could alleviate the problem using EMI shielding.

CompTIA Security+ Question J-4

In PKI, a key pair consists of: (Select TWO).

A. A key ring
B. A public key
C. A private key
D. Key escrow
E. A passphrase

Answer: B,C

Explanation:
In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key. The key pair consists of these two keys.

CompTIA Security+ Question J-3

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.

Answer: A,C

Explanation:
A: The USB root hub can be disabled from within the operating system.

C: USB can also be configured and disabled in the system BIOS.

CompTIA Security+ Question J-2

After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

A. Fencing
B. Proximity readers
C. Video surveillance
D. Bollards

Answer: D

Explanation:
To stop someone from entering a facility, barricades or gauntlets can be used. These are often used in conjunction with guards, fencing, and other physical security measures. Bollards are physical barriers that are strong enough to withstand impact with a vehicle.

CompTIA Security+ Question J-1

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

A. Penetration testing
B. WAF testing
C. Vulnerability scanning
D. White box testing

Answer: C

Explanation:
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning. A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security.