CompTIA Security+ Question H-54

Which of the following provides the LEAST availability?

A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5

Answer: A

Explanation:
RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID 0 is disk striping. It uses multiple drives and maps them together as a single physical drive. This is done primarily for performance, not for fault tolerance. If any drive in a RAID 0 array fails, the entire logical drive becomes unusable.

CompTIA Security+ Question H-46

Peter, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO).

A. Multi-pass encryption
B. Transport encryption
C. Plausible deniability
D. Steganography
E. Transitive encryption
F. Trust models

Answer: C,D

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. In this case, it is a hidden volume within the encrypted hard drive. In cryptography, deniable encryption may be used to describe steganographic techniques, where the very existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that an encrypted message exists. This then provides you with plausible deniability.

CompTIA Security+ Question H-12

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

A. Hostile takeovers
B. Large scale natural disasters
C. Malware and viruses
D. Corporate espionage

Answer: C

Explanation:
The most common threat to an organization is computer viruses or malware. A computer can become infected with a virus through day-to-day activities such as browsing web sites or emails. As browsing and opening emails are the most common activities performed by all users, computer viruses represent the most likely risk to a business. Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for example, can cause havoc on a computer’s hard drive by deleting files or directory information. Spyware can gather data from a user’s system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.

CompTIA Security+ Question G-84

A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees.
Which of the following is the BEST approach for implementation of the new application on the virtual server?

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.
B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.
C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.
D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

Answer: C

Explanation:
Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed.

CompTIA Security+ Question G-69

The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?

A. Chain of custody
B. System image
C. Take hashes
D. Order of volatility

Answer: A

Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been.

CompTIA Security+ Question G-44

Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?

A. VLAN
B. Protocol security
C. Port security
D. VSAN

Answer: D

Explanation:
A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.

CompTIA Security+ Question F-48

One of the senior managers at a company called the help desk to report to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop?

A. Public key
B. Recovery agent
C. Registration details
D. Trust Model

Answer: B

CompTIA Security+ Question F-28

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?

A. Clustering
B. Mirrored server
C. RAID
D. Tape backup

Answer: C

Explanation:
RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID can achieve fault tolerance using software which can be done using the existing hardware and software.

CompTIA Security+ Question F-25

Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?

A. Folder encryption
B. File encryption
C. Whole disk encryption
D. Steganography

Answer: C

Explanation:
Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen. Furthermore, full-disk encryption is not dependant on knowledge of the file structure.

CompTIA Security+ Question F-15

After working on his doctoral dissertation for two years, Peter, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?

A. Ransomware
B. Trojan
C. Backdoor
D. Armored virus

Answer: A

Explanation:
Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive), while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan like a conventional computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload: such as one that will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim’s plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to restrict interaction with the system, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table (which prevents the operating system from booting at all until it is repaired) Ransomware payloads utilize elements of scareware to extort money from the system’s user. The payload may, for example, display notices purportedly issued by companies or law enforcement agencies which falsely claim that the system had been used for illegal activities, or contains illegal content such as pornography and pirated software or media. Some ransomware payloads imitate Windows’ product activation notices, falsely claiming that their computer’s Windows installation is counterfeit or requires re-activation. These tactics coax the user into paying the malware’s author to remove the ransomware, either by supplying a program which can decrypt the files, or by sending an unlock code that undoes the changes the payload has made.