CompTIA Security Plus Mock Test Q852

Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

A. OS hardening
B. Application control
C. Virtualization
D. Sandboxing

Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same
hardware, reducing costs. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur.
Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.

Incorrect Answers:
A: Operating System (OS) hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. It is a process for securing the system rather than an
environment that can be used for testing patches and updates.
B: Application control is used to specify which applications can be installed on a device, or to specify the settings the applications on a device use. It is often implemented to support a
security baseline or maintain other forms of compliance. It can also be used to reduce exposure to malicious applications by limiting the user’s ability to install apps that come from
unknown sources or that offer non-work-related features.
D: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from
being able to cause harm to production systems. It does not ensure that the latest kernel version with all current security fixes is installed on the system

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 201-203, 204-205, 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 37, 237, 250