CompTIA Security+ Question H-90

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4
B. 3DES
C. AES
D. MD5
E. PGP
F. Blowfish

Answer: B,C,F

Explanation:
B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies.

F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64­bit block cipher at very fast speeds.

CompTIA Security+ Question H-89

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A. Develop a set of standards
B. Separation of duties
C. Develop a privacy policy
D. User training

Answer: D

Explanation:
User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means.

CompTIA Security+ Question H-88

Which of the following devices will help prevent a laptop from being removed from a certain location?

A. Device encryption
B. Cable locks
C. GPS tracking
D. Remote data wipes

Answer: B

Explanation:
Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

CompTIA Security+ Question H-87

A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?

A. ACL
B. IDS
C. UTM
D. Firewall

Answer: C

Explanation:
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.

Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.

CompTIA Security+ Question H-86

A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

A. Data confidentiality
B. High availability
C. Data integrity
D. Business continuity

Answer: C

Explanation:
Integrity is the process of ensuring that the information has not been altered during transmission. This can be accomplished by means of hashing.

CompTIA Security+ Question H-84

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

A. Acceptable use of social media
B. Data handling and disposal
C. Zero day exploits and viruses
D. Phishing threats and attacks
E. Clean desk and BYOD
F. Information security awareness

Answer: D,F

Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.

CompTIA Security+ Question H-83

A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?

A. CHAP
B. TOTP
C. HOTP
D. PAP

Answer: B

Explanation:
Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. Therefore, the password will only be valid for a predefined time interval.

CompTIA Security+ Question H-82

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?

A. Signature based IPS
B. Signature based IDS
C. Application based IPS
D. Anomaly based IDS

Answer: D

Explanation:
Most intrusion detection systems (IDS) are what is known as signature-based. This means that they operate in much the same way as a virus scanner, by searching for a known identity – or signature – for each specific intrusion event. And, while signature-based IDS is very efficient at sniffing out known s of attack, it does, like anti-virus software, depend on receiving regular signature updates, to keep in touch with variations in hacker technique. In other words, signature-based IDS is only as good as its database of stored signatures. Any organization wanting to implement a more thorough – and hence safer – solution, should consider what we call anomaly-based IDS. By its nature, anomaly-based IDS is a rather more complex creature. In network traffic terms, it captures all the headers of the IP packets running towards the network. From this, it filters out all known and legal traffic, including web traffic to the organization’s web server, mail traffic to and from its mail server, outgoing web traffic from company employees and DNS traffic to and from its DNS server.

There are other equally obvious advantages to using anomaly-based IDS. For example, because it detects any traffic that is new or unusual, the anomaly method is particularly good at identifying sweeps and probes towards network hardware. It can, therefore, give early warnings of potential intrusions, because probes and scans are the predecessors of all attacks. And this applies equally to any new service installed on any item of hardware – for example, Telnet deployed on a network router for maintenance purposes and forgotten about when the maintenance was finished. This makes anomaly-based IDS perfect for detecting anything from port anomalies and web anomalies to mis-formed attacks, where the URL is deliberately mis-typed.

CompTIA Security+ Question H-81

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?

A. Data leakage prevention
B. Data exfiltration
C. Data classification
D. Data deduplication

Answer: B

Explanation:
Data exfiltration is the unauthorized copying, transfer or retrieval of data from a system.