A system administrator must configure the company’s authentication system to ensure that users will be unable to reuse the last ten passwords within a six months period. Which of the following settings must be configured? (Select Two)
A. Minimum password age B. Password complexity C. Password history D. Minimum password length E. Multi-factor authentication F. Do not store passwords with reversible encryption
Joe the system administrator has noticed an increase in network activity from outside sources. He wishes to direct traffic to avoid possible penetration while heavily monitoring the traffic with little to no impact on the current server load. Which of the following would be BEST course of action?
A. Apply an additional firewall ruleset on the user PCs. B. Configure several servers into a honeynet C. Implement an IDS to protect against intrusion D. Enable DNS logging to capture abnormal traffic
A system administrator wants to configure a setting that will make offline password cracking more challenging. Currently the password policy allows upper and lower case characters a minimum length of 5 and a lockout after 10 invalid attempts. Which of the following has the GREATEST impact on the time it takes to crack the passwords?
A. Increase the minimum password length to 8 while keeping the same character set B. Implement an additional password history and reuse policy C. Allow numbers and special characters in the password while keeping the minimum length at 5 D. Implement an account lockout policy after three unsuccessful logon attempts
A network technician is configuring clients for VLAN access. The network address for the sales department is 192.168.0.64 with a broadcast address of 192.168.0.71. Which of the following IP address/subnet mask combinations could be used to correctly configure a client machine in the sales department?
A. 192.168.0.64/29 B. 192.168.0.66/27 C. 192.168.0.67/29 D. 192.168.0.70/28
An organization is required to log all user internet activity. Which of the following would accomplish this requirement?
A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to
a syslog server C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server
A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator’s concerns?
A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled.
Correct Answer: D Section: Application, Data and Host Security
Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users
to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices.
A: A mobile application that tracks read and write functions on the device (if such an application exists) would only monitor the activity. It wouldn’t stop data being written to the device.
B: Policies provide guidelines. A policy prohibiting the use of mobile devices for personal use would not stop data being written to the device as the policy would still need to be
C: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work,
the device must have an Internet connection or a wireless phone service over which to send its location information. This would not prevent data being written to the device.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
A. Install a proxy server between the users’ computers and the switch to filter inbound network traffic. B. Block commonly used ports and forward them to higher and unused port numbers. C. Configure the switch to allow only traffic from computers based upon their physical address. D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.
Correct Answer: C Section: Threats and Vulnerabilities
Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter.
You can configure the ports of a switch to allow connections from computers with specific MAC addresses only and block all other MAC addresses.
MAC filtering is commonly used in wireless networks but is considered insecure because a MAC address can be spoofed. However, in a wired network, it is more secure because it would be more difficult for a rogue computer to sniff a MAC address.
A: A proxy server is often used to filter web traffic. It is not used in port security or to restrict which computers can connect to a network.
B: You should not block commonly used ports. This would just stop common applications and protocols working. It would not restrict which computers can connect to a network.
D: DHCP Discover requests are part of the DHCP process. A DHCP client will send out a DHCP Discover request to locate a DHCP server. All computers on the network receive the DHCP Discover request because it is a broadcast packet but all computers (except the DHCP server) will just drop the packet. Blocking DHCP Discover requests will not restrict which computers can connect to a network.
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete’s BEST option?
A. Use hardware already at an offsite location and configure it to be quickly utilized. B. Move the servers and data to another part of the company’s main campus from the server room. C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment. D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy.
Correct Answer: A Section: Compliance and Operational Security
A warm site provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Warm sites may be for your exclusive use, but they don’t have to be. A warm site requires more advanced planning, testing, and access to media for system recovery. Warm sites represent a compromise between a hot site, which is very expensive, and a cold site, which isn’t preconfigured.
B: Moving the servers from the server room is not a viable option.
C: The data backups should also be available away from the main campus.
D: This will result in just having the data backups and no hardware on which to work – not 99.9% availability.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 36
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?
A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. B. Configure a proxy server to log all traffic destined for ports 80 and 443. C. Configure a switch to log all traffic destined for ports 80 and 443. D. Configure a NIDS to log all traffic destined for ports 80 and 443.
Correct Answer: B Section: Compliance and Operational Security
A proxy server is in essence a device that acts on behalf of others and in security terms all internal user interaction with the Internet should be controlled through a proxy server. This makes a proxy server the best tool to gather the required data.
A: The VPN concentrator creates an encrypted tunnel session between hosts, and many use two-factor authentication for additional security. A proxy server would still be the best tool
to gather the required information.
C: A switch can provide a monitoring port for troubleshooting and diagnostic purposes in addition to the virtual circuit that they can create between systems in a network. This helps to
reduce network trafffic, but a proxy server would be a better tool to gather the required data.
D: A network-based IDS (NIDS) approach to IDS attaches the system to a point in the network where it can monitor and report on all network traffic. However a proxy server would be
the best tool to gather the required data.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 105, 111