CompTIA Security+ Question A-85

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

A. Lessons Learned
B. Eradication
C. Recovery
D. Preparation

Answer: D

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Developing and updating all internal operating and standard operating procedures documentation to handle future incidents is preparation.

CompTIA Security+ Question A-40

The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?

A. Online rainbow table attack
B. Offline brute force attack
C. Offline dictionary attack
D. Online hybrid attack

Answer: D

Explanation:
This is an example of an online hybrid attack. A hybrid attack is a combination of attacks. In this example, we have a combination of a dictionary attack and a brute-force attack. A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. A dictionary attack uses a list of words to use as passwords. The combination or hybrid attack adds characters or numbers or even other words to the beginning or end of the password guesses. In this example we have a password guess of ‘admin’. From the word admin, we have four combinations, ‘admin1, 1admin, admin2, 2admin’.

CompTIA Security+ Question A-32

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management
B. Administrative
C. Technical
D. Operational

Answer: C

Explanation:
controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is a technical control type, the same as Identification and Authentication, Access Control, Audit and Accountability as well as System and Communication Protection.

CompTIA Security+ Question A-4

A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?

A. Create conduct policies prohibiting sharing credentials.
B. Enforce a policy shortening the credential expiration timeframe.
C. Implement biometric readers on laptops and restricted areas.
D. Install security cameras in areas containing sensitive systems.

Answer: C

Explanation:
Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials.

CompTIA Security+ Simulation 14

For each of the given items, select the appropriate authentication category from the drop down choices.

Select the appropriate authentication type for the following items:

Correct Answer:


Biometrics refers to a collection of physical attributes of the human body that can be used as identification or an authentication factor. Fingerprints and retinas are physical attributes of the human body.

Two types of tokens exist, Time-based one-time password (TOTP) tokens and HMAC-based onetime password (HOTP). TOTP tokens generate passwords at fixed time intervals, whereas HOTP tokens generate passwords not based on fixed time intervals but instead based on a nonrepeating one-way function, such as a hash or HMAC operation.

Smart cards can have Multi-factor and proximity authentication embedded into it.

PAP allows for two entities to share a password in advance and use the password as the basis of
authentication. The same goes for PIN numbers.

http://en.wikipedia.org/wiki/Password_authentication_protocol#Working_cycle
http://en.wikipedia.org/wiki/Smart_card#Security

CompTIA Network+ Question B-52

An administrator reassigns a laptop to a different user in the company. Upon delivering the laptop to the new user, the administrator documents the new location, the user of the device and when the device was reassigned. Which of the following BEST describes these actions?

A. Network map
B. Asset management
C. Change management
D. Baselines

Correct Answer: B

Explanation:
Documenting the location, the user of the device and the date of the reassignment would be part of the asset management.
The best way to keep track of your computers and their configurations is to document them yourself. Large enterprise networks typically assign their own identification numbers to their computers and other hardware purchases as part of an asset management process that controls the entire life cycle of each device, from recognition of a need to retirement or disposal.

CompTIA Network+ Question B-42

When troubleshooting a network problem, browsing through the log of a switch, it is discovered that multiple frames contain errors. In which of the following layers does the problem reside? (Select TWO).

A. Layer 2
B. Layer 3
C. Layer 5
D. Transport layer
E. Data link
F. Physical layer

Correct Answer: AE

Explanation:
Layer 2 of the OSI reference model is the data-link layer. Components of the data-link layer include frame-format, Media Access Control (MAC) addressing, protocol identification and error detection.
When data is being sent, it is split into protocol data units (PDUs) as it passes through the layers of the OSI model. The PDUs have different names as they are passed through the layers of the OSI model. In layer 2, the PDU is called a ‘Frame’.
The most common protocol specified in the data-link layer is Ethernet and the most common network component in the data-link layer is a network switch.
In this question, problems are discovered with Ethernet frames by examining the logs in a network switch. Therefore, for this question, we are working in Layer 2, the data-link layer.

CompTIA Network+ Question A-80

Which of the following physical security controls prevents an attacker from gaining access to a network closet?

A. CCTVs
B. Proximity readers
C. Motion sensors
D. IP cameras

Correct Answer: B

Explanation:
A proximity card is a physical card which used to get access to a physical area such as a network closet.
It is a “contactless” smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and “contact” type smart cards. The proximity cards are part of the Contactless card technologies. Held near an electronic reader for a moment they enable the identification of an encoded number.
Note: Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

CompTIA A+ Core 2 Question F-8

Following an authorized person through a door or other security check point without showing proper identification or defeating a security mechanism is known as which of the following?

A. Hacking
B. Emulating
C. Partitioning
D. Tailgating

Correct Answer: D

CompTIA A+ Core 2 Question B-17

A user, Jane, has reported that she lost a laptop. The laptop had sensitive corporate information on it that has been published on the Internet. Which of the following is the FIRST step in implementing a best practice security policy?

A. Require biometric identification to log into the laptop.
B. Require multifactor authentication to log into laptop.
C. Require laptop hard drives to be encrypted.
D. Require users to change their password at frequent intervals.
E. Require users to have strong passwords.

Correct Answer: C