CompTIA Security+ Question F-80

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

A. True negatives
B. True positives
C. False positives
D. False negatives

Answer: C

Explanation:
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.

CompTIA Security+ Question F-79

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits

Answer: A

Explanation:
Testing controls come in three types: Technical, Management and Operational. In this question, the CCTV system has not been recording for three months and no one noticed. Improved testing controls (regular testing to verify the CCTV system is recording) would ensure that the CCTV is recording as expected. The CCTV recordings could have aided the investigation into the missing tapes.

Topic 4, Application, Data and Host Security

CompTIA Security+ Question F-78

The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?

A. Two-factor authentication
B. Single sign-on
C. Multifactor authentication
D. Single factor authentication

Answer: D

Explanation:
Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know.

CompTIA Security+ Question F-77

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents
B. Reduce attack surface of systems
C. Implement monitoring controls
D. Hardening network devices
E. Prevent unauthorized access

Answer: A,C

Explanation:
By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls. With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect security incidents.

CompTIA Security+ Question F-76

The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?

A. EMI emanations
B. Static electricity
C. Condensation
D. Dry-pipe fire suppression

Answer: B

Explanation:
Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock.

CompTIA Security+ Question F-75

A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?

A. Typo squatting
B. Session hijacking
C. Cross-site scripting
D. Spear phishing

Answer: A

Explanation:
Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).

The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address: (In the following, the intended website is “example.com”) A common misspelling, or foreign language spelling, of the intended site: exemple.com A misspelling based on typing errors: xample.com or examlpe.com A differently phrased domain name: examples.com A different top-level domain: example.org

Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.

CompTIA Security+ Question F-74

A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange?

A. Symmetric
B. Session-based
C. Hashing
D. Asymmetric

Answer: A

Explanation:
PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key.

CompTIA Security+ Question F-73

Which of the following would be used when a higher level of security is desired for encryption key storage?

A. TACACS+
B. L2TP
C. LDAP
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question F-72

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

A. Virtual switch
B. NAT
C. System partitioning
D. Access-list
E. Disable spanning tree
F. VLAN

Answer: A,F

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question.

CompTIA Security+ Question F-71

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

A. Attach cable locks to each laptop
B. Require each customer to sign an AUP
C. Install a GPS tracking device onto each laptop
D. Install security cameras within the perimeter of the café

Answer: A

Explanation:
All laptop cases include a built-in security slot in which a cable lock can be inserted to prevent it from easily being removed from the premises.