CompTIA Security Plus Mock Test Q628

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

A. Continuous security monitoring
B. Baseline configuration and host hardening
C. Service Level Agreement (SLA) monitoring
D. Security alerting and trending


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously.
Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.”
Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.

Incorrect Answers:
B: Baseline configuration and host hardening should be performed initially or when new computer systems are implemented. However, after that has been done, you should continue to monitor the security of the system.
C: Service Level Agreement (SLA) monitoring is performed to ensure that the availability of the system meets SLA’s agreed with your customers. It does not affect or ensure the security of the system.
D: Security alerting and trending is important. However, this can only happen with continuous security monitoring.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 61

CompTIA Security Plus Mock Test Q491

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
Issues of limiting potential legal concerns regarding company rules where users are allowed to bring their own devices is the premise of data ownership. When a third party (in this case the user’s own device) is involves in a data exchange when clear rules and restrictions should be applied regarding data ownership.

Incorrect Answers:
B: Device access control is not an issue here since users are allowed to bring their own devices.
C: Support ownership issues is part of BYOD policies that occurs when and how the company will support the user’s mobile device in the event of it becoming damaged, developing a fault or experience a failure.
D: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24, 420
http://en.wikipedia.org/wiki/Acceptable_use_policy

CompTIA Security Plus Mock Test Q490

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk
B. Asset
C. Threat
D. Vulnerability

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Threat is basically anything that can take advantage of any vulnerability that may be found. When the CIO realizes that the company cannot continue to operate after a disaster, the disaster is then the threat to the company.

Incorrect Answers:
A: Risk is two-fold in that it can be risk identification and risk calculation in any case it is part of a company’s security endeavor, not the disaster per se.
B: Asset would be a description of the company and its value not the disaster.
D: Vulnerability is a weakness or an error in a security protection of a system or a company.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 83

CompTIA Security Plus Mock Test Q489

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

A. NIDS
B. CCTV
C. Firewall
D. NIPS

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
CCTV are an excellent way to deter unwanted activity and it records the occurrence of the event, in case it does happen. Cameras can be placed to watch points of entry, to monitor activities around valuable assets as well as provide additional protection in areas such as parking areas and walkways.

Incorrect Answers:
A: NIDS are meant to detect malicious activity that occurs within the network. This is not what is required in this case.
C: Firewall can be a hardware or software component that is designed to protect one network from another network. This is not the objective here.
D: NIPS is a reliable tool for detecting network-focused attacks, but is not what is required in this case.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 12, 127

CompTIA Security Plus Mock Test Q488

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy
B. Security Policy
C. Consent to Monitoring Policy
D. Acceptable Use Policy


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

Incorrect Answers:
A: Privacy policy is meant to specify any measures taken to protect the privacy and confidentiality of personally identifiable information.
B: Security policy is the overall purpose and direction of security in an environment. This includes the detailed procedural documents that indicate how work functions should occur in the workplace so as to comply with security.
C: Consent to Monitoring policy does not involve instructions on how to use company resources when making use of own devices of staff.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 24
http://en.wikipedia.org/wiki/Acceptable_use_policy

CompTIA Security Plus Mock Test Q487

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

A. A comparison should have been created from the original system’s file hashes
B. Witness testimony should have been taken by the administrator
C. The company should have established a chain of custody tracking the laptop
D. A system image should have been created and stored

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
A system image is a snapshot of what it and if a system image of the compromised system was created and stored, it is a useful tool when the authorities want to revisit the issue to investigate the incident.

Incorrect Answers:
A: Taking a hash of the device before and after image duplication is done to verify that the hash of the image copy being used in a forensic investigation has not changed. In this case the laptop was already compromised.
B: Witness testimony is not as useful as a system image that has been created and stored because issues of reliability come into play when people’s memory is relied on. The system image will not change as a person’s memory changes over time.
C: A chain of custody document details all the persons who had controlling authority over and access to the evidence. However, a chain of custody must be created and maintained from the moment evidence is discovered through the presentation of evidence in court. In this case the authorities are still investigating the issue.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 102, 104, 105

CompTIA Security Plus Mock Test Q486

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Removable storage is both a benefit and a risk and since not all mobile devices support removable storage, the company has to has a comprehensive policy which details the controls of the use of removable s to mitigate the range of risks that are associated with the use of these devices.

Incorrect Answers:
A: Remote wiping is the act of deleting data/all data and maybe even configuration settings from a device remotely, but it is not a guarantee of data security.
B: Full-disk encryption is used mainly to provide protection for an operating system and this is only best effective when the system is fully powered off. This is not going to mitigate the risks posed in this case.
C: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. This is not mitigating risk.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 251-252
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 24
http://en.wikipedia.org/wiki/Acceptable_use_policy

CompTIA Security Plus Mock Test Q485

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

A. Write-once drives
B. Database encryption
C. Continuous monitoring
D. Role-based access controls

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
A write-once drive means that the disk cannot be overwritten once data is written to the disk; and thus the integrity of the logs, if they are written to a write-once drives will ensure integrity of those logs.

Incorrect Answers:
B: Database encryption will ensure that the data remains secured until an authorized user makes a valid request to access a data element. It protects against outside attackers, unauthorized users and invalid requests, but it is not meant to ensure the integrity of logs after collection.
C: Continuous monitoring means that all users be monitored equally while on the company premises (i.e. that is until they depart or disconnect from the network) and that all activities of all types are tracked.
D: Role-based access control man purpose is to provide access to systems that a user needs based on that particular user’s position and function in the organization. It is not meant to maintain the integrity of logs after its collection.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 252, 294
http://www.google.com/patents/US6879454

CompTIA Security Plus Mock Test Q484

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager?

A. Impact
B. SLE
C. ALE
D. ARO

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
SLE is a monetary value, and it represents how much you expect to lose at any one time: the single loss expectancy. SLE can be divided into two components: AV (asset value) and the EF (exposure factor). Thus a one-time compromise would resort under the SLE for the security manager.

Incorrect Answers:
A: Impact is what is felt whenever any type of risk occurs.
C: ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year.
D: ARO is the statistical probability that a risk may be realized several times in a year expressed in a number.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 5, 8, 17
http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=2

CompTIA Security Plus Mock Test Q483

A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements?

A. A mirrored striped array with parity
B. A mirrored mirror array
C. A striped array
D. A striped array with parity

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Mirroring means the data written to one drive is exactly duplicated to a second drive in real time. Disk mirroring is also known as RAID 1 and the data is intact in a RAID 1 array if either one of the two drives fails. After the failed drive is replaced with a new drive, you remirror the data from the good drive to the new drive to re-create the array.

Incorrect Answers:
A: A mirrored striped array with parity is not going to meet the stated requirements.
C: Disk striping means making use of multiple drives as a single volume.
D: Disk striping with parity means that three or more drives are used in unison, and one drive’s worth of space is consumed with parity information.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 142
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 34-35