CompTIA Security+ Question D-72

Emily, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Emily using?

A. Confidentiality
B. Compliance
C. Integrity
D. Availability

Answer: C

Explanation:
Integrity means the message can’t be altered without detection.

CompTIA Security+ Question D-23

An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

A. Integrity
B. Availability
C. Confidentiality
D. Remediation

Answer: A

Explanation:
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Digital Signatures is used to validate the integrity of the message and the sender. Integrity means the message can’t be altered without detection.

CompTIA Security+ Question D-8

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.
B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.
C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access.
D. Laptops that are placed in a sleep mode allow full data access when powered back on.

Answer: D

Explanation:
Hardware-based encryption when built into the drive is transparent to the user. The drive except for bootup authentication operates just like any drive with no degradation in performance. When the computer is started up, the user is prompted to enter a password to allow the system to boot and allow access to the encrypted drive. When a laptop is placed into sleep mode (also known as standby mode), the computer is placed into a low power mode. In sleep mode, the computer is not fully shut down. The screen is turned off, the hard disks are turned off and the CPU is throttled down to its lowest power state. However, the computer state is maintained in memory (RAM). Most computers can be ‘woken’ from sleep mode by pressing any key on the keyboard or pressing the power button. The computer can be configured to require a password on wake up, but if a password is not required, the computer will wake up and be logged in as it was at the time of going into sleep mode. This would enable full access to the data stored on the disks.

CompTIA Security+ Question C-88

A program displays:
ERROR: this program has caught an exception and will now terminate.
Which of the following is MOST likely accomplished by the program’s behavior?

A. Operating system’s integrity is maintained
B. Program’s availability is maintained
C. Operating system’s scalability is maintained
D. User’s confidentiality is maintained

Answer: A

Explanation:
The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs.

CompTIA Security+ Question C-45

A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?

A. Authentication
B. Integrity
C. Confidentiality
D. Availability

Answer: D

Explanation:
Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. In the case of a network, this means processing switches to another network path in the event of a network failure in the primary path. This means availability.

CompTIA Security+ Question C-36

Digital signatures are used for ensuring which of the following items? (Select TWO).

A. Confidentiality
B. Integrity
C. Non-Repudiation
D. Availability
E. Algorithm strength

Answer: B,C

Explanation:
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party ‘vouches’ for the individuals in the two-key system. Thus non-repudiation also impacts on integrity.

CompTIA Security+ Question C-2

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

A. SSL 1.0
B. RC4
C. SSL 3.0
D. AES
E. DES
F. TLS 1.0

Answer: A,E

Explanation:
TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions. Any systems running these ciphers should have them disabled. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication Netscape developed the original SSL protocol. Version 1.0 was never publicly released because of serious security flaws in the protocol; version 2.0, released in February 1995, “contained a number of security flaws which ultimately led to the design of SSL version 3.0”. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, “the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0”. TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security. TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0.

CompTIA Security+ Question B-83

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

A. Availability
B. Integrity
C. Confidentiality
D. Fire suppression

Answer: A

Explanation:
Availability means simply to make sure that the data and systems are available for authorized users. Data backups, redundant systems, and disaster recovery plans all support availability; as does environmental support by means of HVAC.

CompTIA Security+ Question A-84

Digital certificates can be used to ensure which of the following? (Select TWO).

A. Availability
B. Confidentiality
C. Verification
D. Authorization
E. Non-repudiation

Answer: B,E

Explanation:
Digital Signatures is used to validate the integrity of the message and the sender. Digital certificates refer to cryptography which is mainly concerned with Confidentiality, Integrity, Authentication, Nonrepudiation and Access Control. Nonrepudiation prevents one party from denying actions they carried out.

CompTIA Security+ Question A-58

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?

A. Confidentiality
B. Availability
C. Succession planning
D. Integrity

Answer: B

Explanation:
Simply making sure that the data and systems are available for authorized users is what availability is all about. Data backups, redundant systems, and disaster recovery plans all support availability. And creating a hot site is about providing availability.