CompTIA Security+ Question K-80

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports

Answer: D

Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.

CompTIA Security+ Question J-76

Peter, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Peter search for in the log files?

A. Failed authentication attempts
B. Network ping sweeps
C. Host port scans
D. Connections to port 22

Answer: D

Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern. SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP, SExec, and slogin.

CompTIA Security+ Question J-35

Environmental control measures include which of the following?

A. Access list
B. Lighting
C. Motion detection
D. EMI shielding

Answer: D

Environmental controls include HVAC, Fire Suppression, EMI Shielding, Hot and Cold Aisles, Environmental monitoring as well as Temperature and Humidity controls.

CompTIA Security+ Question I-26

Which of the following BEST describes a demilitarized zone?

A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.

Answer: A

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

CompTIA Security+ Question H-44

Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?

A. MAC filter list
B. Recovery agent
C. Baselines
D. Access list

Answer: C

The standard configuration on a server is known as the baseline. In this question, we can see if anything has changed on the file server by comparing its current configuration with the baseline. The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline. A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

CompTIA Security+ Question F-22

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong
B. Clear all access logs from the AP to provide an up-to-date access list of connected users
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap

Answer: C

The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card’s read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64.

CompTIA Security+ Question A-92

Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?

A. Port security
B. Flood guards
C. Loop protection
D. Implicit deny

Answer: D

Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default. The scenario does not state that network printing is allowed in the router access list, therefore, it must be denied by default.

CompTIA Security+ Question A-76

An organization is required to log all user internet activity. Which of the following would accomplish this requirement?

A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server
B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server
C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server
D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server

Answer: C

CompTIA Security+ Question A-16

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list.
B. Configure spanning tree protocol.
C. Configure port security.
D. Configure loop protection.

Answer: C

Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and should) be physically disabled in this manner. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device.

CompTIA A+ 220-902 Question A-46

Peter, a user, has connected a tablet to his personal mobile hotspot device in a public location for Internet access. The device display indicates there are two connections instead of just one. Which of the following actions can he perform to prevent this unauthorized access to the device immediately? (Select TWO).

A. Change the SSID to a different broadcast name
B. Add the intruding device to a blocked access list
C. Access the intruder’s device and shut it down
D. Shut down the device until the intruder is no longer in the area
E. Set up a WiFi analyzer to identify the intruding device

Correct Answer: AB