CompTIA Security+ Question L-18

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

A. Error and exception handling
B. Application hardening
C. Application patch management
D. Cross-site script prevention

Answer: B

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

CompTIA Security+ Question J-93

A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines
B. Application hardening
C. Application access controls
D. Application patch management

Answer: D

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

CompTIA Security+ Question I-91

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?

A. Application hardening
B. Application change management
C. Application patch management
D. Application firewall review

Answer: C

Explanation:
The question states that operating system updates are applied but not other software updates. The ‘other software’ in this case would be applications. Software updates includes functionality updates and more importantly security updates. The process of applying software updates or ‘patches’ to applications is known as ‘application patch management’. Application patch management is an effective way of mitigating security risks associated with software applications.

CompTIA Security+ Question I-5

Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?

A. Implement voice encryption, pop-up blockers, and host-based firewalls.
B. Implement firewalls, network access control, and strong passwords.
C. Implement screen locks, device encryption, and remote wipe capabilities.
D. Implement application patch management, antivirus, and locking cabinets.

Answer: C

Explanation:
Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

CompTIA Security+ Question F-64

Which of the following encompasses application patch management?

A. Configuration management
B. Policy management
C. Cross-site request forgery
D. Fuzzing

Answer: A

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

CompTIA Security+ Question B-93

The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?

A. Application hardening
B. Application firewall review
C. Application change management
D. Application patch management

Answer: C

Explanation:
Change management is the structured approach that is followed to secure a company’s assets. Promoting code to application on a SMZ web server would be change management.

CompTIA Security+ Question A-64

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

A. Application patch management
B. Cross-site scripting prevention
C. Creating a security baseline
D. System hardening

Answer: D

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.