CompTIA Security+ Question G-53

After copying a sensitive document from his desktop to a flash drive, Peter, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Peter’s desktop remain encrypted when moved to external media or other network based storage?

A. Whole disk encryption
B. Removable disk encryption
C. Database record level encryption
D. File level encryption

Answer: D

Explanation:
Encryption is used to ensure the confidentiality of information. In this case you should make use of file level encryption. File level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

CompTIA Security+ Question G-49

An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?

A. WEP
B. CCMP
C. TKIP
D. RC4

Answer: B

Explanation:
CCMP is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.

CompTIA Security+ Question F-85

Which of the following helps to apply the proper security controls to information?

A. Data classification
B. Deduplication
C. Clean desk policy
D. Encryption

Answer: A

Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. These categories make applying the appropriate policies and security controls practical.

CompTIA Security+ Question F-54

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

A. Business continuity planning
B. Quantitative assessment
C. Data classification
D. Qualitative assessment

Answer: C

Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. Knowing how to apply these categories and matching it up with the appropriate data handling will address the situation of the data ‘unknown sensitivity’

CompTIA Security+ Question E-87

A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestricted
Which of the following should the security administrator implement?

A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control

Answer: C

Explanation:
A trusted operating system (TOS) is any operating system that meets the government’s requirements for security. Trusted OS uses a form of Mandatory access control called Multi-Level Security. The Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. MLS is an implementation of MAC that focuses on confidentiality. A Multi-Level Security operating system is able to enforce the separation of multiple classifications of information as well as manage multiple users with varying levels of information clearance. The military and intelligence community must handle and process various hierarchical levels of classified information. At the high-end there is Top Secret, followed in turn by Secret, Confidential, and Unclassified:

CompTIA Security+ Question E-80

Peter must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Peter need to use to BEST accomplish the objective?

A. A pre-shared private key
B. His private key
C. Ann’s public key
D. His public key

Answer: B

Explanation:
To achieve both authentication and confidentiality, Peter should include Ann’s name in the message, sign it using his private key, and then encrypt both the message and the signature using Ann’s public key.

CompTIA Security+ Question E-77

Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?

A. Hardware integrity
B. Data confidentiality
C. Availability of servers
D. Integrity of data

Answer: B

Explanation:
Data that is not kept separate or segregated will impact on that data’s confidentiality maybe being compromised. Be aware of the fact that your data is only as safe as the data with which it is integrated. For example, assume that your client database is hosted on a server that another company is also using to test an application that they are creating. If their application obtains root-level access at some point (such as to change passwords) and crashes at that point, then the user running the application could be left with root permissions and conceivably be to access data on the server for which they are not authorized, such as your client database. Data segregation is crucial; keep your data on secure servers.

CompTIA Security+ Question E-7

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

A. Data encryption
B. Patching the system
C. Digital signatures
D. File hashing

Answer: A

Explanation:
Data encryption makes data unreadable to anyone who does not have the required key to decrypt the data. The question states that the sensitive data is stored on a central storage system. Group based access control is used to control who can access the sensitive data. However, this offers no physical security for the data. Someone could steal the central storage system or remove the hard disks from it with the plan of placing the hard disks into another system to read the data on the disks. With the data encrypted, the data would be unreadable.

CompTIA Security+ Question D-89

The fundamental information security principals include confidentiality, availability and which of the following?

A. The ability to secure data against unauthorized disclosure to external sources
B. The capacity of a system to resist unauthorized changes to stored information
C. The confidence with which a system can attest to the identity of a user
D. The characteristic of a system to provide uninterrupted service to authorized users

Answer: B

Explanation:
Confidentiality, integrity, and availability, which make up the CIA triad, are the three most important concepts in security. In this instance, the answer describes the Integrity part of the CIA triad.

CompTIA Security+ Question D-86

Which of the following concepts are included on the three sides of the “security triangle”? (Select THREE).

A. Confidentiality
B. Availability
C. Integrity
D. Authorization
E. Authentication
F. Continuity

Answer: A,B,C

Explanation:
Confidentiality, integrity, and availability are the three most important concepts in security. Thus they form the security triangle.