CompTIA Security+ Question H-40

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control

Answer: A

Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels Public Sensitive Private Confidential

MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.

CompTIA Security+ Question H-20

Emily, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Emily runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

A. SQL injection
B. XML injection
C. Packet sniffer
D. Proxy

Answer: B

Explanation:
When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return more data than it should.

CompTIA Security+ Question G-96

An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

A. DLP
B. Asset tracking
C. HSM
D. Access control

Answer: A

Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

CompTIA Security+ Question G-71

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use

Answer: A

Explanation:
Issues of limiting potential legal concerns regarding company rules where users are allowed to bring their own devices is the premise of data ownership. When a third party (in this case the user’s own device) is involves in a data exchange when clear rules and restrictions should be applied regarding data ownership.

CompTIA Security+ Question G-66

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to establishing the link?

A. Baseline reporting
B. Design review
C. Code review
D. SLA reporting

Answer: B

Explanation:
This question is asking about a new private network link (a VPN) with a business partner. This will provide access to the local network from the business partner. When implementing a VPN, an important step is the design of the VPN. The VPN should be designed to ensure that the security of the network and local systems is not compromised. The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the systems or applications. A design review is basically a check to ensure that the design of the system meets the security requirements.

CompTIA Security+ Question G-51

A way to assure data at-rest is secure even in the event of loss or theft is to use:

A. Full device encryption.
B. Special permissions on the file system.
C. Trusted Platform Module integration.
D. Access Control Lists.

Answer: A

Explanation:
Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question G-48

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

A. Disable SSID broadcast
B. Install a RADIUS server
C. Enable MAC filtering
D. Lowering power levels on the AP

Answer: C

Explanation:
MAC filtering is commonly used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

CompTIA Security+ Question G-34

Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY

A. Firewall
B. NIPS
C. Load balancer
D. URL filter

Answer: A

Explanation:
Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception.

CompTIA Security+ Question G-32

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.

Answer: B

Explanation:
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.

CompTIA Security+ Question G-21

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating

Answer: A

Explanation:
A zero day vulnerability is an unknown vulnerability so there is no fix or patch for it. One way to attempt to work around a zero day vulnerability would be to restrict the permissions by using an ACL (Access Control List) A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.