CompTIA Security Plus Mock Test Q1319

Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents?

A. Recovery procedures
B. Escalation and notification
C. Reporting
D. Lessons learned

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1207

A security manager installed a standalone fingerprint reader at the data center. All employees that need to access the data center have been enrolled to the reader and local reader database is always kept updates. When an employee who has been enrolled uses the fingerprint reader the door to the data center opens. Which of the following does this demonstrate? (Select THREE)

A. Two-factor authentication
B. Single sign-on
C. Something you have
D. Identification
E. Authentication
F. Authorization

Correct Answer: A,D,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q978

A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

A. Identification
B. Authorization
C. Access control
D. Authentication


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
Identification is defined as the claiming of an identity and only has to take place once per authentication or access process. A login process typically consists of an identification such
as a username or email address and an authentication which proves you are who you say you are.

Incorrect Answers:
B: Authorization occurs after authentication, and ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity.
Authorization indicates who is trusted to perform specific operations. An email address is not an example of authorization. Therefore, this answer is incorrect.
C: Access Control is defined as the control and management of users and their privileges and activities in a secure environment. An email address is not an example of Access
Control. Therefore, this answer is incorrect.
D: Authentication is a mechanism to prove an identity. There are many authentication methods such as passwords or biometrics. An email address alone (without the password) is not
an example of Authentication. Therefore, this answer is incorrect.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284.

CompTIA Security Plus Mock Test Q890

Which of the following is the difference between identification and authentication of a user?

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.
B. Identification tells who the user is and authentication proves it.
C. Identification proves who the user is and authentication is used to keep the users data secure.
D. Identification proves who the user is and authentication tells the user what they are allowed to do.


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Identification is described as the claiming of an identity, and authentication is described as the act of verifying or proving the claimed identity.

Incorrect Answers:
A, D: Permissions enforce whether a user can logon to a system, and what a user is allowed to do.
C: Confidentiality keeps the user’s data secure.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 276

CompTIA Security Plus Mock Test Q303

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?

A. Recovery
B. Follow-up
C. Validation
D. Identification
E. Eradication
F. Containment

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
To be able to respond to the incident of malware infection you need to know what type of malware was used since there are many types of malware around. This makes identification critical in this case.

Incorrect Answers:
A: Recovering from the malware incident can only happen after you identified the type of malware involved.
B: Follow-up is exactly that – following the incident and not a first response.
C: Validation is not an appropriate first response when dealing with a malware infection. Validation only comes into effect as a prevention measure to LDAP Injection attacks.
E: Eradication of malware infections can only be done successfully after the malware involved has been identified. Thus the best first response would be identification and not
eradication.
F: Containment if akin to quarantine and is usually a last resort when one cannot eradicate the malware from the systems.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 301-309, 338, 429
http://www.certiguide.com/secplus/cg_sp_SixStepIncidentResponseProcess.htm