CompTIA Security+ Question E-100

Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory, The help desk is only able to replace the hard drives after they fail because there is no centralized records of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring?

A. Data backups
B. Asset tracking
C. Support ownership
D. BYOD policies

Answer: A

CompTIA Security+ Question E-85

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key.
B. The wireless access point is broadcasting the SSID.
C. The malicious user is able to capture the wired communication.
D. The meeting attendees are using unencrypted hard drives.

Answer: C

Explanation:
In this question, the wireless users are using WPA2-TKIP. While TKIP is a weak encryption protocol, it is still an encryption protocol. Therefore, the wireless communications between the laptops and the wireless access point are encrypted. The question states that user was able to intercept ‘clear text’ HTTP communication between the meeting attendees and the Internet. The HTTP communications are unencrypted as they travel over the wired network. Therefore, the malicious user must have been able to capture the wired communication.

TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It was a stopgap encryption protocol introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now deprecated.

CompTIA Security+ Question E-43

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive’s laptop they notice several pictures of the employee’s pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match.
Which of the following describes how the employee is leaking these secrets?

A. Social engineering
B. Steganography
C. Hashing
D. Digital signatures

Answer: B

Explanation:
Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

CompTIA Security+ Question E-39

Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?

A. Degaussing
B. Physical Destruction
C. Lock up hard drives in a secure safe
D. Wipe

Answer: B

Explanation:
The physical description of hard drives is the only secure means of disposing hard drives. This can include incineration, an acid bath, and crushing.

CompTIA Security+ Question D-66

Which of the following technologies can store multi-tenant data with different security requirements?

A. Data loss prevention
B. Trusted platform module
C. Hard drive encryption
D. Cloud computing

Answer: D

Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

CompTIA Security+ Question D-56

Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO).

A. Steganography images
B. Internal memory
C. Master boot records
D. Removable memory cards
E. Public keys

Answer: B,D

Explanation:
All useable data on the device should be encrypted. This data can be located on the hard drive, or removable drives, such as USB devices and memory cards, and on internal memory.

CompTIA Security+ Question D-54

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).

A. Take hashes
B. Begin the chain of custody paperwork
C. Take screen shots
D. Capture the system image
E. Decompile suspicious files

Answer: A,D

Explanation:
A: Take Hashes. NIST (the National Institute of Standards and Technology) maintains a National Software Reference Library (NSRL). One of the purposes of the NSRL is to collect “known, traceable software applications” through their hash values and store them in a Reference Data Set (RDS). The RDS can then be used by law enforcement, government agencies, and businesses to determine which fi les are important as evidence in criminal investigations.

D: A system image is a snapshot of what exists. Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it.

CompTIA Security+ Question B-82

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption
B. Infrastructure as a service
C. Software based encryption
D. Data loss prevention

Answer: A

Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It should be implemented using a hardware-based solution for greater speed.

CompTIA Security+ Question B-80

After a security incident involving a physical asset, which of the following should be done at the beginning?

A. Record every person who was in possession of assets, continuing post-incident.
B. Create working images of data in the following order: hard drive then RAM.
C. Back up storage devices so work can be performed on the devices immediately.
D. Write a report detailing the incident and mitigation suggestions.

Answer: A

Explanation:
Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user.

CompTIA Security+ Question B-61

Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?

A. Identify user habits
B. Disconnect system from network
C. Capture system image
D. Interview witnesses

Answer: C

Explanation:
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. Very much as helpful in same way that a virus sample is kept in laboratories to study later after a breakout. Also you should act in the order of volatility which states that the system image capture is first on the list of a forensic analysis.