CompTIA Security+ Question J-92

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management
B. Chain of custody management
C. Change management
D. Incident management

Answer: D

Explanation:
incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.

CompTIA Security+ Question J-12

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Answer: C

Explanation:
The basic purpose of a firewall is to isolate one network from another.

CompTIA Security+ Question I-61

Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?

A. Registration
B. CA
C. CRL
D. Recovery agent

Answer: C

Explanation:
Certificates or keys for the terminated employee should be put in the CRL.

A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. By checking the CRL you can check if a particular certificate has been revoked.

CompTIA Security+ Question G-55

Which of the following is a penetration testing method?

A. Searching the WHOIS database for administrator contact information
B. Running a port scanner against the target’s network
C. War driving from a target’s parking lot to footprint the wireless network
D. Calling the target’s helpdesk, requesting a password reset

Answer: D

Explanation:
A penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-users’ adherence to security policies. Penetration testing evaluates an organization’s ability to protect its networks, applications,

endpoints and users from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets. Test results validate the risk posed by specific security vulnerabilities or flawed processes, enabling IT management and security professionals to prioritize remediation efforts. By embracing more frequent and comprehensive penetration testing, organizations can more effectively anticipate emerging security risks and prevent unauthorized access to critical systems and valuable information. Penetration tests are not always technically clever attempts to access a network. By calling the target’s helpdesk and requesting a password reset, if they reset the password without requiring proof that you are authorized to request a password change, you can easily gain access to the network.

CompTIA Security+ Question F-77

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents
B. Reduce attack surface of systems
C. Implement monitoring controls
D. Hardening network devices
E. Prevent unauthorized access

Answer: A,C

Explanation:
By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls. With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect security incidents.

CompTIA Security+ Question B-2

Requiring technicians to report spyware infections is a step in which of the following?

A. Routine audits
B. Change management
C. Incident management
D. Clean desk policy

Answer: C

Explanation:
Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).

CompTIA Security+ Question A-32

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management
B. Administrative
C. Technical
D. Operational

Answer: C

Explanation:
controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is a technical control type, the same as Identification and Authentication, Access Control, Audit and Accountability as well as System and Communication Protection.

CompTIA Security+ Simulation 1

DRAG DROP
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.

Instructions:All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Correct Answer:


1) Unsecured computer lab – Cable lock, proximity badges, biometric, CCTV, safe, cabinet lock
2) Office work place – safe, proximity, cable lock
3) Datacenter – biometric, proximity, mantrap, cipher lock
4) Offsite computer – cable lock, mantrap, CCTV

Cable locks – Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader

Safe is a hardware/physical security measure

Mantrap can be used to control access to sensitive areas.

CCTV can be used as video surveillance.

Biometric reader can be used to control and prevent unauthorized access.

Locking cabinets can be used to protect backup media, documentation and other physical
artefacts.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,

CompTIA A+ Core 2 Question I-6

An administrator sets up a wireless device that they will need to manage across the Internet. Which of the following security measures would BEST prevent unauthorized access to the device from the Internet?

A. Set the channels to wireless 802.11n only
B. Change the default username and password
C. Enable the wireless APs MAC filtering
D. Enable the wireless APs WPA2 security

Correct Answer: B

CompTIA A+ Core 2 Question G-40

A technician is configuring a PC that will have confidential information stored on it. To ensure that only authorized users can access this PC, which of the following should the technician do? (Select TWO).

A. Disable the guest account
B. Install antivirus applications
C. Disable DHCP
D. Change the SSID
E. Change the default username

Correct Answer: AE

Explanation:
To prevent unauthorized access to the PC, disable guest accounts and change default usernames for maximum security.