CompTIA Security+ Question J-41

A company that has a mandatory vacation policy has implemented which of the following controls?

A. Risk control
B. Privacy control
C. Technical control
D. Physical control

Answer: A

Explanation:
Risk mitigation is done anytime you take steps to reduce risks. Thus mandatory vacation implementation is done as a risk control measure because it is a step that is taken as risk mitigation.

CompTIA Security+ Question F-21

Which of the following can only be mitigated through the use of technical controls rather that user security training?

A. Shoulder surfing
B. Zero-day
C. Vishing
D. Trojans

Answer: B

Explanation:
A zero day vulnerability is an unknown vulnerability in a software application. This cannot be prevented by user security training. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

CompTIA Security+ Question E-64

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

A. Disk encryption
B. Encryption policy
C. Solid state drive
D. Mobile device policy

Answer: A

Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question D-84

Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

A. Application white listing
B. Remote wiping
C. Acceptable use policy
D. Mobile device management

Answer: D

Explanation:
Mobile device management (MDM) is allows for managing the mobile devices that employees use to access company resources. MDM is intended to improve security, provide monitoring, enable remote management, and support troubleshooting. It can be used to push or remove applications, manage data, and enforce configuration settings on these devices.

CompTIA Security+ Question D-4

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?

A. Authentication
B. Blacklisting
C. Whitelisting
D. Acceptable use policy

Answer: C

Explanation:
White lists are closely related to ACLs and essentially, a white list is a list of items that are allowed.

CompTIA Security+ Question A-59

Emily, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following?

A. Acceptable Use Policy
B. Physical security controls
C. Technical controls
D. Security awareness training

Answer: D

Explanation:
Security awareness and training include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. A good security awareness training program for the entire organization should cover the following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures; Usage policies; Account and password-selection criteria as well as Social engineering prevention.

CompTIA Security+ Question A-32

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management
B. Administrative
C. Technical
D. Operational

Answer: C

Explanation:
controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is a technical control type, the same as Identification and Authentication, Access Control, Audit and Accountability as well as System and Communication Protection.