CompTIA Security+ Question K-23

A security administrator wants to implement a solution which will allow some applications to run under the user’s home directory and only have access to files stored within the same user’s folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?

A. OS Virtualization
B. Trusted OS
C. Process sandboxing
D. File permission

Answer: C

Explanation:
Sandboxing involves running applications in restricted memory areas. It limits the possibility of an application crash, allowing a user to access another application or the data associated with it.

CompTIA Security+ Question E-87

A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestricted
Which of the following should the security administrator implement?

A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control

Answer: C

Explanation:
A trusted operating system (TOS) is any operating system that meets the government’s requirements for security. Trusted OS uses a form of Mandatory access control called Multi-Level Security. The Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. MLS is an implementation of MAC that focuses on confidentiality. A Multi-Level Security operating system is able to enforce the separation of multiple classifications of information as well as manage multiple users with varying levels of information clearance. The military and intelligence community must handle and process various hierarchical levels of classified information. At the high-end there is Top Secret, followed in turn by Secret, Confidential, and Unclassified:

CompTIA Security+ Question E-6

After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?

A. Trusted OS
B. Mandatory access control
C. Separation of duties
D. Single sign-on

Answer: D

Explanation:
Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. The question states that when Ann logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. This describes an SSO scenario.

CompTIA Security+ Question B-91

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS
B. Host software baselining
C. OS hardening
D. Virtualization

Answer: D

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.