CompTIA Security+ Question B-72

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

A. User Awareness
B. Acceptable Use Policy
C. Personal Identifiable Information
D. Information Sharing

Answer: C

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training.

CompTIA Security+ Question B-40

A user ID and password together provide which of the following?

A. Authorization
B. Auditing
C. Authentication
D. Identification

Answer: C

Explanation:
Authentication generally requires one or more of the following: Something you know: a password, code, PIN, combination, or secret phrase. Something you have: a smart card, token device, or key. Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter. Somewhere you are: a physical or logical location. Something you do: typing rhythm, a secret handshake, or a private knock.

CompTIA Security+ Question A-95

Used in conjunction, which of the following are PII? (Select TWO).

A. Marital status
B. Favorite movie
C. Pet’s name
D. Birthday
E. Full name

Answer: D,E

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. A birthday together with a full name makes it personally identifiable information.

CompTIA Security+ Question A-6

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

A. Dual-factor authentication
B. Multifactor authentication
C. Single factor authentication
D. Biometric authentication

Answer: C

Explanation:
Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors (“things only the user knows”), such as passwords possession factors (“things only the user has”), such as ATM cards inherence factors (“things only the user is”), such as biometrics

In this question a username, password, and a four-digit security pin knowledge are all knowledge factors (something the user knows). Therefore, this is single-factor authentication.

CompTIA Security+ Question A-4

A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?

A. Create conduct policies prohibiting sharing credentials.
B. Enforce a policy shortening the credential expiration timeframe.
C. Implement biometric readers on laptops and restricted areas.
D. Install security cameras in areas containing sensitive systems.

Answer: C

Explanation:
Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials.

CompTIA Security+ Simulation 14

For each of the given items, select the appropriate authentication category from the drop down choices.

Select the appropriate authentication type for the following items:

Correct Answer:


Biometrics refers to a collection of physical attributes of the human body that can be used as identification or an authentication factor. Fingerprints and retinas are physical attributes of the human body.

Two types of tokens exist, Time-based one-time password (TOTP) tokens and HMAC-based onetime password (HOTP). TOTP tokens generate passwords at fixed time intervals, whereas HOTP tokens generate passwords not based on fixed time intervals but instead based on a nonrepeating one-way function, such as a hash or HMAC operation.

Smart cards can have Multi-factor and proximity authentication embedded into it.

PAP allows for two entities to share a password in advance and use the password as the basis of
authentication. The same goes for PIN numbers.

http://en.wikipedia.org/wiki/Password_authentication_protocol#Working_cycle
http://en.wikipedia.org/wiki/Smart_card#Security

CompTIA Security+ Simulation 10

Drag the items on the left to show the different types of security for the shown devices. Not all fields need to be filled. Not all items need to be used.

Correct Answer:

Mobile Device Security
GPS tracking
Remote wipe
Device Encryption
Strong password

Server in Data Center Security
FM-200
Biometrics
Proximity Badges
Mantrap

CompTIA Network+ Question A-4

During a check of the security control measures of the company network assets, a network administrator is explaining the difference between the security controls at the company. Which of the following would be identified as physical security controls? (Select THREE).

A. RSA
B. Passwords
C. Man traps
D. Biometrics
E. Cipher locks
F. VLANs
G. 3DES

Correct Answer: CDE

Explanation:
Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.
C: A mantrap is a mechanical physical security devices for catching poachers and trespassers. They have taken many forms, the most usual being like a large foothold trap, the steel springs being armed with teeth which met in the victim’s leg.
D: Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. Biometric authentication is a physical security device.
E: Cipher locks are used to control access to areas such as airport control towers, computer rooms, corporate offices, embassies, areas within financial institutions, research and development laboratories, and storage areas holding weapons, controlled substances, etc. Cipher locks are physical security devices.

CompTIA A+ Core 2 Question I-27

A company has decided that all remote users need to use two-factor authentication to increase security. Several remote users have reported losing the RSA token and have replaced it several times. Which of the following is the solution for these users?

A. Use biometrics instead of the RSA token.
B. Remove the RSA token requirement for any user that has lost an RSA token.
C. Give the users with lost RSA tokens RFID badges instead.
D. Attach the RSA token to the lid of the laptop.

Correct Answer: A

CompTIA A+ Core 2 Question H-54

A technician has developed training material to ensure employees physically secure company laptops from being stolen. Which of the following is a preventative directive that MUST be included in the training material?

A. RFID tags must be attached to all laptops and receivers to all doors to alert when a laptop leaves the designated area.
B. Biometrics devices must be installed on all laptops.
C. All computers must be equipped with privacy filters.
D. Employees must remember to lock their office doors when leaving even for a short period of time.

Correct Answer: D