CompTIA Security+ Question L-11

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

A. Deploy a HIDS suite on the users’ computers to prevent application installation.
B. Maintain the baseline posture at the highest OS patch level.
C. Enable the pop-up blockers on the users’ browsers to prevent malware.
D. Create an approved application list and block anything not on it.

Answer: D

Explanation:
You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers. Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. You can use AppLocker as part of your overall security strategy for the following scenarios: Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment. Prevent users from installing and using unauthorized applications. Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.

CompTIA Security+ Question I-5

Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?

A. Implement voice encryption, pop-up blockers, and host-based firewalls.
B. Implement firewalls, network access control, and strong passwords.
C. Implement screen locks, device encryption, and remote wipe capabilities.
D. Implement application patch management, antivirus, and locking cabinets.

Answer: C

Explanation:
Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

CompTIA Security+ Question H-55

Which of the following is a vulnerability associated with disabling pop-up blockers?

A. An alert message from the administrator may not be visible
B. A form submitted by the user may not open
C. The help window may not be displayed
D. Another browser instance may execute malicious code

Answer: D

Explanation:
Explanation: Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.

CompTIA Security+ Question A-48

Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?

A. Buffer overflow
B. Pop-up blockers
C. Cross-site scripting
D. Fuzzing

Answer: A

Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.

CompTIA Security+ Question A-9

A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

A. Antivirus
B. Pop-up blocker
C. Spyware blocker
D. Anti-spam

Answer: B

Explanation:
Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.

CompTIA Security+ Simulation 7

A Security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and Drop the applicable controls to each asset type.

Instructions: Controls can be used multiple times and not all placeholders needs to be filled. When you have completed the simulation, Please select Done to submit.

Correct Answer:


Cable locks are used as a hardware lock mechanism – thus best used on a Data Center Terminal Server.

Network monitors are also known as sniffers – thus best used on a Data Center Terminal Server.

Install antivirus software. Antivirus software should be installed and definitions kept current on all hosts. Antivirus software should run on the server as well as on every workstation. In addition to active monitoring of incoming fi les, scans should be conducted regularly to catch any infections that have slipped through- thus best used on a Data Center Terminal Server.

Proximity readers are used as part of physical barriers which makes it more appropriate to use on a center’s entrance to protect the terminal server.

Mentor app is an Apple application used for personal development and is best used on a mobile device such as a smart phone.

Remote wipe is an application that can be used on devices that are stolen to keep data safe. It is basically a command to a phone that will remotely clear the data on that phone. This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to another user.

Should a device be stolen, GPS (Global Positioning System) tracking can be used to identify its location and allow authorities to find it – thus best used on a smart phone.

Screen Lock is where the display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access the system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called lockout – thus best used on a smart phone.

Strong Password since passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values – thus best use strong passwords on a smartphone as it can be stolen more easily than a terminal server in a data center.

Device Encryption- Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords. It is recommended to you use Trusted Platform Module (TPM) for all mobile devices where possible.

Use pop-up blockers. Not only are pop-ups irritating, but they are also a security threat. Pop-ups (including pop-unders) represent unwanted programs running on the system, and they can jeopardize the system’s well-being. This will be more effective on a mobile device rather than a terminal server.

Use host-based firewalls. A firewall is the first line of defense against attackers and malware. Almost every current operating system includes a firewall, and most are turned on by Default- thus best used on a Data Center Terminal Server.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex,
Indianapolis