CompTIA Security+ Question K-68

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?

A. Username and password
B. Retina scan and fingerprint scan
C. USB token and PIN
D. Proximity badge and token

Answer: C

Explanation:
Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors (“things only the user knows”), such as passwords possession factors (“things only the user has”), such as ATM cards inherence factors (“things only the user is”), such as biometrics

In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).

CompTIA Security+ Question J-70

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?

A. Proper error handling
B. Proper input validation
C. Improper input validation
D. Improper error handling

Answer: B

Explanation:
Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

CompTIA Security+ Question I-18

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

A. 1
B. 2
C. 3
D. 4

Answer: C

Explanation:
Three different types of authentication factors have been used in this question: Something you know – username and password. Something you have – client side certificate. Somewhere you are – authentication to the VPN is only allowed from the U.S. territory.

CompTIA Security+ Question G-75

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?

A. Multifactor authentication
B. Single factor authentication
C. Separation of duties
D. Identification

Answer: B

Explanation:
Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server.

CompTIA Security+ Question F-52

How must user accounts for exiting employees be handled?

A. Disabled, regardless of the circumstances
B. Disabled if the employee has been terminated
C. Deleted, regardless of the circumstances
D. Deleted if the employee has been terminated

Answer: A

Explanation:
You should always disable an employee’s account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account.

CompTIA Security+ Question D-17

Peter, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

A. PAP, MSCHAPv2
B. CHAP, PAP
C. MSCHAPv2, NTLMv2
D. NTLM, NTLMv2

Answer: A

Explanation:
PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol.

CompTIA Security+ Question C-84

Which of the following is an example of multifactor authentication?

A. Credit card and PIN
B. Username and password
C. Password and PIN
D. Fingerprint and retina scan

Answer: A

Explanation:
A credit card is a memory card that functions a type of two-factor authentication. The card is something you have, and its PIN is something you know. Multifactor authentication requires a user to provide two or more different types of authentication factors to prove their identity.

CompTIA Security+ Question C-24

Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?

A. TACACS+
B. Smartcards
C. Biometrics
D. Kerberos

Answer: A

Explanation:
ACACS allows a client to accept a username and password and send a query to a TACACS authentication server. It would determine whether to accept or deny the authentication request and send a response back. The TIP would then allow access or not based upon the response, not tokens.

CompTIA Security+ Question B-62

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.
Which of the following should the administrator implement?

A. WPA2 over EAP-TTLS
B. WPA-PSK
C. WPA2 with WPS
D. WEP over EAP-PEAP

Answer: D

Explanation:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAP­MD5, as well as LEAP and PEAP. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

CompTIA Network+ Question C-85

A network technician has set up an FTP server for the company to distribute software updates for their products. Each vendor is provided with a unique username and password for security. Several vendors have discovered a virus in one of the security updates. The company tested all files before uploading them but retested the file and found the virus. Which of the following could the technician do for vendors to validate the proper security patch?

A. Use TFTP for tested and secure downloads
B. Require biometric authentication for patch updates
C. Provide an MD5 hash for each file
D. Implement a RADIUS authentication

Correct Answer: C

Explanation:
If we put an MD5 has for each file we can see if the file has been changed or not.
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.