CompTIA Security+ Question I-28

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.

Answer: C

Explanation:
A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.

CompTIA Security+ Question F-40

A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?

A. Require different account passwords through a policy
B. Require shorter password expiration for non-privileged accounts
C. Require shorter password expiration for privileged accounts
D. Require a greater password length for privileged accounts

Answer: A

Explanation:
A password policy aka account policy enforcement can be configured in such a way so as to make sure that system administrators make use of different passwords for different accounts.

CompTIA Security+ Question D-75

The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?

A. User permissions
B. Policy enforcement
C. Routine audits
D. Change management

Answer: C

Explanation:
After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives.