CompTIA Security+ Question B-32

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

A. Logical token
B. Performance monitor
C. Public key infrastructure
D. Trusted platform module

Answer: B

Explanation:
Performance Monitor in a Windows system can monitor many different ‘counters’. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive Connections Reset Segments Received/sec Segments Retransmitted/sec Segments Sent/sec Total Segments/sec

By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies.

CompTIA Security+ Question B-17

An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

A. Vulnerability scan
B. Risk assessment
C. Virus scan
D. Network sniffer

Answer: A

Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

CompTIA Security+ Question A-83

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

A. Penetration test
B. Vulnerability scan
C. Load testing
D. Port scanner

Answer: B

Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security.

CompTIA Security+ Question A-75

Which of the following is required to allow multiple servers to exist on one physical server?

A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Virtualization
D. Infrastructure as a Service (IaaS)

Answer: C

Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.

CompTIA Security+ Question A-35

A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

A. Software as a Service
B. DMZ
C. Remote access support
D. Infrastructure as a Service

Answer: A

Explanation:
Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services.

CompTIA Network+ Question C-93

Company policies require that all network infrastructure devices send system level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?

A. TACACS+ server
B. Single sign-on
C. SYSLOG server
D. Wi-Fi analyzer

Correct Answer: C

Explanation:
Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.

CompTIA Network+ Question B-80

Which of the following cloud infrastructure designs includes on premise servers utilizing a centralized syslog server that is hosted at a third party organization for review?

A. Hybrid
B. Public
C. Community
D. Private

Correct Answer: A

CompTIA Network+ Question B-46

A technician would like to track the improvement of the network infrastructure after upgrades. Which of the following should the technician implement to have an accurate comparison?

A. Regression test
B. Speed test
C. Baseline
D. Statement of work

Correct Answer: C

Explanation:
In networking, baseline can refer to the standard level of performance of a certain device or to the normal operating capacity for your whole network. High-quality documentation should include a baseline for network performance, because you and your client need to know what “normal” looks like in order to detect problems before they develop into disasters.
A network baseline delimits the amount of available bandwidth available and when. For networks and networked devices, baselines include information about four key components:
Processor Memory
Hard-disk (or other storage) subsystem Network adapter or subsystem