CompTIA Security Plus Mock Test Q1731

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

A. Enforce authentication for network devices
B. Configure the phones on one VLAN, and computers on another
C. Enable and configure port channels
D. Make users sign an Acceptable use Agreement

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1568

A user contacts the help desk after being unable to log in to a corporate website. The user can log into the site from another computer in the next office, but not from the PC. The user’s PC was able to connect earlier in the day. The help desk has user restart the NTP service. Afterwards the user is able to log into the website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms?

A. Secure LDAP
B. RADIUS
C. NTLMv2
D. Kerberos


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1557

An administrator deploys a WPA2 Enterprise wireless network with EAP-PEAP-MSCHAPv2. The deployment is successful and company laptops are able to connect automatically with no user intervention. A year later, the company begins to deploy phones with wireless capabilities. Users report that they are receiving a warning when they attempt to connect to the wireless network from their phones. Which of the following is the MOST likely cause of the warning message?

A. Mutual authentication on the phone is not compatible with the wireless network
B. The phones do not support WPA2 Enterprise wireless networks
C. User certificates were not deployed to the phones
D. The phones’ built in web browser is not compatible with the wireless network
E. Self-signed certificates were used on the RADIUS servers

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1478

A router was shut down as a result of a DoS attack. Upon review of the router logs, it was determined that the attacker was able to connect to the router using a console cable to complete the attack. Which of the following should have been implemented on the router to prevent this attack? (Select two)

A. IP ACLs should have been enabled on the console port on the router
B. Console access to the router should have been disabled
C. Passwords should have been enabled on the virtual terminal interfaces on the router
D. Virtual terminal access to the router should have been disabled
E. Physical access to the router should have been restricted

Correct Answer: B,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1303

While troubleshooting a new wireless 802.11 ac network an administrator discovers that several of the older systems cannot connect. Upon investigation the administrator discovers that the older devices only support 802.11 and RC4. The administrator does not want to affect the performance of the newer 802.11 ac devices on the network. Which of the following should the administrator do to accommodate all devices and provide the MOST security?

A. Disable channel bonding to allow the legacy devices and configure WEP fallback
B. Configure the AP in protected mode to utilize WPA2 with CCMP
C. Create a second SSID on the AP which utilizes WPA and TKIP
D. Configure the AP to utilize the 5Gh band only and enable WEP

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q883

An information bank has been established to store contacts, phone numbers and other records. An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default?

A.
Kerberos
B. TACACS+
C. Radius
D. LDAP

Correct Answer: A
Section: Access Control and Identity Management

Explanation
Kerberos makes use of port 88.

Incorrect Answers:
B: TACACS makes use of TCP port 49 by default.
C: RADIUS makes use of various UDP ports.
D: LDAP makes use of port 389.

References:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security Plus Mock Test Q843

During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?

A. Update anti-virus definitions on SCADA systems
B. Audit accounts on the SCADA systems
C. Install a firewall on the SCADA network
D. Deploy NIPS at the edge of the SCADA network


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial
processes.
A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and
responding to network-based attacks originating from outside the organization.

Incorrect Answers:
A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
B: Auditing accounts on the SCADA system will not likely to protect the SCADA systems as the compromised workstation is being used to connect to the SCADA systems while the
engineer is not logged in.
C: A firewall protects a system from attack by filtering network traffic to and from the system. It can be used to block ports and protocols but this would prevent the administrator from
access the SCADA system.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 117, 157

CompTIA Security Plus Mock Test Q774

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.


Correct Answer: A,C
Section: Application, Data and Host Security

Explanation:
A: The USB root hub can be disabled from within the operating system.
C: USB can also be configured and disabled in the system BIOS.

Incorrect Answers:
B: Anti-virus is installed on a device, not on removable storage. Anti-virus also does not prevent the unauthorized copying of data.
D: The principle of least privilege is used to ensure that users are only provided with the minimum privileges and permissions to resources that allow them to perform their duties.
E: Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge. Detecting spyware does not prevent the unauthorized
copying of data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 153, 247-248, 300
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 82, 204

CompTIA Security Plus Mock Test Q771

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?

A. Data leakage prevention
B. Data exfiltration
C. Data classification
D. Data deduplication

Correct Answer: B
Section: Application, Data and Host Security

Explanation
Data exfiltration is the unauthorized copying, transfer or retrieval of data from a system.

Incorrect Answers:
A: Data leak prevention is designed to detect potential data breach or data exfiltration and prevent them by monitoring, detecting and blocking sensitive data.
C: Data classification is the categorizing of data based on its sensitivity or desired level of confidentiality. This can be high, medium, low.
D: Data deduplication is a specialized data compression technique for identifying and eliminating duplicate copies of data.

References:
http://en.wikipedia.org/wiki/Data_loss_prevention_software
http://www.techopedia.com/definition/14682/data-exfiltration
http://en.wikipedia.org/wiki/Data_deduplication
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 409