Blog | Exam Premium CompTIA

CompTIA Security+ Question H-40

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control

Answer: A

Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels Public Sensitive Private Confidential

MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.

CompTIA Security+ Question H-39

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?

A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
C. Format the storage and reinstall both the OS and the data from the most current backup.
D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.

Answer: A

Explanation:
Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.

CompTIA Security+ Question H-38

Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?

A. Botnet
B. Rootkit
C. Adware
D. Virus

Answer: C

Explanation:
Adware is free software that is supported by advertisements. Common adware programs are toolbars, games and utilities. They are free to use, but require you to watch advertisements as long as the programs are open. Adware typically requires an active Internet connection to run.

CompTIA Security+ Question H-37

Which of the following fire suppression systems is MOST likely used in a datacenter?

A. FM-200
B. Dry-pipe
C. Wet-pipe
D. Vacuum

Answer: A

Explanation:
FM200 is a gas and the principle of a gas system is that it displaces the oxygen in the room, thereby removing this essential component of a fi re. in a data center is is the preferred choice of fire suppressant.

CompTIA Security+ Question H-36

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely.
Which of the following is the MOST likely reason the PC technician is unable to ping those devices?

A. ICMP is being blocked
B. SSH is not enabled
C. DNS settings are wrong
D. SNMP is not configured properly

Answer: A

Explanation:
ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.

CompTIA Security+ Question H-35

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen?

A. Hashing
B. Screen locks
C. Device password
D. Encryption

Answer: D

Explanation:
Encryption is used to ensure the confidentiality of information.

CompTIA Security+ Question H-34

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?

A. Routine audits
B. Account expirations
C. Risk assessments
D. Change management

Answer: A

Explanation:
Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.

CompTIA Security+ Question H-33

Emily, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?

A. Warm site
B. Load balancing
C. Clustering
D. RAID

Answer: C

Explanation:
Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy. Server clustering is used to provide failover capabilities / redundancy in addition to scalability as demand increases.

CompTIA Security+ Question H-32

Which of the following types of encryption will help in protecting files on a PED?

A. Mobile device encryption
B. Transport layer encryption
C. Encrypted hidden container
D. Database encryption

Answer: A

Explanation:
Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question H-31

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

A. RADIUS
B. SAML
C. TACACS+
D. LDAP

Answer: D

Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol): dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1232 mail: john@example.com manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top

“dn” is the distinguished name of the entry; it is neither an attribute nor a part of the entry. “cn=John Doe” is the entry’s RDN (Relative Distinguished Name), and “dc=example,dc=com” is the DN of the parent entry, where “dc” denotes ‘Domain Component’. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like “cn” for common name, “dc” for domain component, “mail” for e-mail address, and “sn” for surname.