CompTIA Security Plus Mock Test Q239

A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).

A. Fault tolerance
B. Encryption
C. Availability
D. Integrity
E. Safety
F. Confidentiality


Correct Answer: D,E
Section: Compliance and Operational Security

Explanation:
Aspects such as fencing, proper lighting, locks, CCTV, Escape plans Drills, escape routes and testing controls form part of safety controls. Integrity refers to aspects such as hashing, digital signatures, certificates and non-repudiation – all of which has to do with data integrity.

Incorrect Answers:
A: Fault tolerance refers to the availability of resources to the users in the company in the event of a failure of any of those resources.
B: Encryption is a method of ensuring the confidentiality of data.
C: Availability is all about making sure that the data and systems are available for authorized users.
F: Confidentiality means preventing unauthorized users from accessing data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 401, 414