CompTIA Security+ Question I-20

A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?

A. Fencing
B. Mantrap
C. A guard
D. Video surveillance

Answer: B

Explanation:
Mantraps make use of electronic locks and are designed to allow you to limit the amount of individual allowed access to an area at any one time.

CompTIA Security+ Question I-19

A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Peter and Ann were hired 16 days ago. When Peter logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

A. Ann’s user account has administrator privileges.
B. Peter’s user account was not added to the group policy.
C. Ann’s user account was not added to the group policy.
D. Peter’s user account was inadvertently disabled and must be re-created.

Answer: C

Explanation:
Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.

CompTIA Security+ Question I-18

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

A. 1
B. 2
C. 3
D. 4

Answer: C

Explanation:
Three different types of authentication factors have been used in this question: Something you know – username and password. Something you have – client side certificate. Somewhere you are – authentication to the VPN is only allowed from the U.S. territory.

CompTIA Security+ Question I-17

Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?

A. USB
B. HSM
C. RAID
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question I-16

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

A. WAF
B. NIDS
C. Routers
D. Switches

Answer: A

Explanation:
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

CompTIA Security+ Question I-15

Which of the following is being tested when a company’s payroll server is powered off for eight hours?

A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan

Answer: C

Explanation:
Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies.

CompTIA Security+ Question I-14

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing

Answer: C

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. Asymmetric algorithms do not require a secure channel for the initial exchange of secret keys between the parties.

CompTIA Security+ Question I-13

Which of the following protocols provides for mutual authentication of the client and server?

A. Two-factor authentication
B. Radius
C. Secure LDAP
D. Biometrics

Answer: C

Explanation:
C: The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory. Because it is a client-server model it makes provision for mutual authentication between the two parties.

CompTIA Security+ Question I-12

Which of the following provides the BEST application availability and is easily expanded as demand grows?

A. Server virtualization
B. Load balancing
C. Active-Passive Cluster
D. RAID 6

Answer: B

Explanation:
Load balancing is a way of providing high availability by splitting the workload across multiple computers.

CompTIA Security+ Question I-11

Which of the following are examples of network segmentation? (Select TWO).

A. IDS
B. IaaS
C. DMZ
D. Subnet
E. IPS

Answer: C,D

Explanation:
C:

A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted public Internet and the trusted local area network (LAN).

D.

IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.