CompTIA Security+ Question G-18

A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?

A. Role-based privileges
B. Credential management
C. User assigned privileges
D. User access

Answer: A

Explanation:
In this question, we have engineers who require different tools and applications according to their specialized job function. We can therefore use the Role-Based Access Control model. Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. RBAC models implement access by job function or by responsibility. Each employee has one or more roles that allow access to specific information. If a person moves from one role to another, the access for the previous role will no longer be available. Instead of thinking “Denise needs to be able to edit files,” RBAC uses the logic “Editors need to be able to edit files” and “Denise is a member of the Editors group.” This model is always good for use in an environment in which there is high employee turnover.

CompTIA Security+ Question G-8

Which of the following is the primary security concern when deploying a mobile device on a network?

A. Strong authentication
B. Interoperability
C. Data security
D. Cloud storage technique

Answer: C

Explanation:
Mobile devices, such as laptops, tablet computers, and smartphones, provide security challenges above those of desktop workstations, servers, and such in that they leave the office and this increases the odds of their theft which makes data security a real concern. At a bare minimum, the following security measures should be in place on mobile devices: Screen lock, Strong password, Device encryption, Remote Wipe or Sanitation, voice encryption, GPS tracking, Application control, storage segmentation, asses tracking and device access control.

CompTIA Security+ Question F-79

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits

Answer: A

Explanation:
Testing controls come in three types: Technical, Management and Operational. In this question, the CCTV system has not been recording for three months and no one noticed. Improved testing controls (regular testing to verify the CCTV system is recording) would ensure that the CCTV is recording as expected. The CCTV recordings could have aided the investigation into the missing tapes.

Topic 4, Application, Data and Host Security

CompTIA Security+ Question F-55

Which of the following would prevent a user from installing a program on a company-owned mobile device?

A. White-listing
B. Access control lists
C. Geotagging
D. Remote wipe

Answer: A

Explanation:
Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.

CompTIA Security+ Question F-39

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor’s server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

A. URL filtering
B. Role-based access controls
C. MAC filtering
D. Port Security
E. Firewall rules

Answer: A,E

Explanation:
A URL filter is used to block URLs (websites) to prevent users accessing the website. Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria: Block the connection Allow the connection Allow the connection only if it is secured

Incorrect Options:

B: Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role. Since the sales team needs to save and print reports, they would not be restricted if restrictions were role-based.

C: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

D: Port security works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port.

Reference:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 19, 61, 276

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 157

CompTIA Security+ Question F-32

A company hired Peter, an accountant. The IT administrator will need to create a new account for
Peter. The company uses groups for ease of management and administration of user accounts.
Peter will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?

A. Create a user account and assign the user account to the accounting group.
B. Create an account with role-based access control for accounting.
C. Create a user account with password reset and notify Peter of the account creation.
D. Create two accounts: a user account and an account with full network administration rights.

Answer: B

Explanation:
Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role-based access control for accounting for Peter.

CompTIA Security+ Question F-22

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong
B. Clear all access logs from the AP to provide an up-to-date access list of connected users
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap

Answer: C

Explanation:
The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card’s read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64.

CompTIA Security+ Question F-1

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system

Answer: D

Explanation:
A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability.