CompTIA Security Plus Mock Test Q858

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

A. Output sanitization
B. Input validation
C. Application hardening
D. Fuzzing


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Incorrect Answers:
A: Output sanitization, which is an example of secure output handling is primarily associated with preventing Cross-site Scripting (XSS) vulnerabilities in web sites.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230
https://en.wikipedia.org/wiki/Secure_input_and_output_handling
http://en.wikipedia.org/wiki/Fuzz_testing

CompTIA Security Plus Mock Test Q843

During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?

A. Update anti-virus definitions on SCADA systems
B. Audit accounts on the SCADA systems
C. Install a firewall on the SCADA network
D. Deploy NIPS at the edge of the SCADA network


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial
processes.
A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and
responding to network-based attacks originating from outside the organization.

Incorrect Answers:
A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
B: Auditing accounts on the SCADA system will not likely to protect the SCADA systems as the compromised workstation is being used to connect to the SCADA systems while the
engineer is not logged in.
C: A firewall protects a system from attack by filtering network traffic to and from the system. It can be used to block ports and protocols but this would prevent the administrator from
access the SCADA system.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 117, 157

CompTIA Security Plus Mock Test Q859

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.
B. NoSQL databases are not vulnerable to SQL injection attacks.
C. NoSQL databases encrypt sensitive information by default.
D. NoSQL databases perform faster than SQL databases on the same hardware.

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
NoSQL is a nonrelational database and does not use SQL. It is therefore not vulnerable to SQL injection attacks but is vulnerable to similar injection-type attacks.

Incorrect Answers:
A: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge.
C: NoSQL databases do not offer default encryption.
D: NoSQL databases do not offer greater performance on the same hardware but it does offer an advantage for extremely large data structures.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 217, 335
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 230, 232-233

CompTIA Security Plus Mock Test Q857

It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?

A. Device encryption
B. Application control
C. Content filtering
D. Screen-locks

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Application control is the process of controlling what applications are installed on a device. This may reduce exposure to malicious software by limiting the user’s ability to install
applications that come from unknown sources or have no work-related features.

Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
C: Content filtering usually refers to web site content. It entails inspecting the data on a web page against a blacklist of unwanted terms and preventing access to that web page.
D: Screen-lock is a security feature that requires the user to enter a PIN or a password after a short period of inactivity before they can access the system again. This feature ensures
that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 121, 418

CompTIA Security Plus Mock Test Q856

Which of the following would be MOST appropriate if an organization’s requirements mandate complete control over the data and applications stored in the cloud?

A. Hybrid cloud
B. Community cloud
C. Private cloud
D. Public cloud

Correct Answer: C
Section: Application, Data and Host Security

Explanation:
A private cloud is a cloud service for internal use only and is located within a corporate network rather than on the Internet. It is usually owned, managed, and operated by the
company, which gives the company full control over the data and applications stored in the cloud.

Incorrect Answers:
A: A hybrid cloud is a mixture of private and public cloud components. In a private cloud the company would have control over the data and applications in the cloud but not on the
private cloud where they will only have control over their own data.
B: A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange.
This may allow for some cost savings versus accessing private or public clouds independently.
D: A public cloud is a cloud service that is accessible to the general public, typically over an Internet connection. It services usually requires some form of subscription or payment.
Consumers only have control over their own data on the cloud.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 36, 37
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 200-201

CompTIA Security Plus Mock Test Q855

Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

A. NIPS
B. Content filter
C. NIDS
D. Host-based firewalls

Correct Answer: D
Section: Application, Data and Host Security

Explanation:
A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a filter
is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it. Log
records information about the packet into a log file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required, other potentially compromised
application services would be prevented from being exploited across the network.

Incorrect Answers:
A: A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting
and responding to network-based attacks originating from outside the organization. However, other potentially compromised application services would run on the host, rather than
across the network.
B: Content filtering usually refers to web site content. It entails inspecting the data on a web page against a blacklist of unwanted terms and preventing access to that web page.
C: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the
organization. However, other potentially compromised application services would run on the host, rather than across the network.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 111-112, 116-117
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-8, 13-16

CompTIA Security Plus Mock Test Q854

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.

Incorrect Answers:
A: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge.
C: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
D: SQL injection attacks use unexpected input to a web application to gain access to the database used by web application. You can protect a web application against SQL injection by
implementing input validation and by limiting database account privileges for the account used by the web server and the web application.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 195, 229, 230, 230-231
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 335, 340-341
http://en.wikipedia.org/wiki/Fuzz_testing

CompTIA Security Plus Mock Test Q853

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

A. Data in transit
B. Data at rest
C. Data in use
D. Data in motion


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
A computer hard disk is divided into small segments called clusters. A file stored on a hard disk usually spans several clusters but rarely fills the last cluster, which is called cluster tip.
This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted. Data stored on the hard drive is called
data at rest.

Incorrect Answers:
A: Data in transit is data that is being transferred over a network. However, cluster tips are used on hard disks where data is stored. Data storage is referred to as data a rest.
C: Data in use is data being actively processed by an application. However, cluster tips are used on hard disks where data is stored. Data storage is referred to as data a rest.
D: Data in motion is not a valid terms. The correct term is data in transit, which refers to data that is being transferred over a network. However, cluster tips are used on hard disks
where data is stored. Data storage is referred to as data a rest.

References:
CCleaner – How to configure CCleaner to wipe cluster tips on drive
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 255

CompTIA Security Plus Mock Test Q852

Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

A. OS hardening
B. Application control
C. Virtualization
D. Sandboxing

Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same
hardware, reducing costs. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur.
Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.

Incorrect Answers:
A: Operating System (OS) hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. It is a process for securing the system rather than an
environment that can be used for testing patches and updates.
B: Application control is used to specify which applications can be installed on a device, or to specify the settings the applications on a device use. It is often implemented to support a
security baseline or maintain other forms of compliance. It can also be used to reduce exposure to malicious applications by limiting the user’s ability to install apps that come from
unknown sources or that offer non-work-related features.
D: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from
being able to cause harm to production systems. It does not ensure that the latest kernel version with all current security fixes is installed on the system

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 201-203, 204-205, 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 37, 237, 250

CompTIA Security Plus Mock Test Q851

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

A. Co-hosted application
B. Transitive trust
C. Mutually exclusive access
D. Dual authentication


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Transitive trust is a form of trust that flows from one entity to another so that if A trusts B and B trusts C, A automatically trusts C.

Incorrect Answers:
A: Co-hosted application refers to installing the application on remote networks and accessing it from the device. However, in this scenario, the application is running on the mobile
device.
C: Mutually exclusive access would not allow concurrent access. In other words, if one application has access, the other application cannot have access.
D: Dual authentication or two-factor authentication provides identification of users by means of the combination of two different components. These components may be something
that the user knows, something that the user possesses or something that is inseparable from the user.

References:
https://technet.microsoft.com/en-us/library/cc739693%28v=ws.10%29.aspx
https://en.wikipedia.org/wiki/Application_service_provider
https://en.wikipedia.org/wiki/Two-factor_authentication
http://www.thefreedictionary.com/mutually+exclusive