CompTIA Security+ Question C-89

The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

A. Log audits
B. System hardening
C. Use IPS/IDS
D. Continuous security monitoring

Answer: D

Explanation:
A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be maintained or improved. Maintaining the security baseline requires continuous monitoring.

CompTIA Security+ Question C-82

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

A. Continuous security monitoring
B. Baseline configuration and host hardening
C. Service Level Agreement (SLA) monitoring
D. Security alerting and trending

Answer: A

Explanation:
The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously.

Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.” Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.

CompTIA Security+ Question A-79

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes

Answer: D

Explanation:
Continuous monitoring may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. It also points toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats.

Incorrect Options:

A: An initial baseline configuration snapshot would allow for the standardized minimal level of security that all systems in an organization must comply with to be enforced. This will not cover the non-technical security incidents.

B: A Firewall, IPS and network segmentation will offer technical protection, but not non-technical security protection.

C: Event log analysis and incident response will not cover the non-technical security incidents.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 154.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 207, 208