CompTIA Security+ Question I-30

Which of the following ports is used for SSH, by default?

A. 23
B. 32
C. 12
D. 22

Answer: D

Explanation:
Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

CompTIA Security+ Question I-28

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.

Answer: C

Explanation:
A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.

CompTIA Security+ Question I-27

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.
The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

A. Social media policy
B. Data retention policy
C. CCTV policy
D. Clean desk policy

Answer: D

Explanation:
Clean Desk Policy Information on a desk—in terms of printouts, pads of note paper, sticky notes, and the like—can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

CompTIA Security+ Question I-26

Which of the following BEST describes a demilitarized zone?

A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.

Answer: A

Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

CompTIA Security+ Question I-25

The practice of marking open wireless access points is called which of the following?

A. War dialing
B. War chalking
C. War driving
D. Evil twin

Answer: B

Explanation:
War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot.

CompTIA Security+ Question I-24

Which of the following is a concern when encrypting wireless data with WEP?

A. WEP displays the plain text entire key when wireless packet captures are reassembled
B. WEP implements weak initialization vectors for key transmission
C. WEP uses a very weak encryption algorithm
D. WEP allows for only four pre-shared keys to be configured

Answer: B

Explanation:
The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.

CompTIA Security+ Question I-23

Which of the following security concepts can prevent a user from logging on from home during the weekends?

A. Time of day restrictions
B. Multifactor authentication
C. Implicit deny
D. Common access card

Answer: A

Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion.

CompTIA Security+ Question I-22

A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?

A. Black listing applications
B. Operating System hardening
C. Mandatory Access Control
D. Patch Management

Answer: B

Explanation:
Operating System hardening is the process of securing the operating system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

CompTIA Security+ Question I-21

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

A. Fuzzing
B. Patch management
C. Error handling
D. Strong passwords

Answer: C

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.