CompTIA Security Plus Mock Test Q612

A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?

A. Monitoring event logs daily
B. Disabling unnecessary services
C. Deploying a content filter on the network
D. Deploy an IDS on the network

Correct Answer: B
Section: Threats and Vulnerabilities

One of the most basic practices for reducing the attack surface of a specific host is to disable unnecessary services. Services running on a host, especially network services provide an avenue through which the system can be attacked. If a service is not being used, disable it.

Incorrect Answers:
A: Monitoring event logs daily is good practice to view events that have happened. However, it does not improve the security posture of the system. The event logs record things that have happened. They don’t prevent things such as an attack from happening.
C: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn’t comply with the company’s web policy.
Content-control software determines what content will be available or perhaps more often what content will be blocked. Content filtering will not improve the overall security posture of a server.
D: An IDS (Intrusion Detection System) is used to detect attempts to access a computer systems on a network. An IDS is a good idea to improve the security posture of the network. However, this question is asking about improving the security posture of a specific computer (the email server). Therefore disabling unnecessary services is a better answer.

Comptia Security Plus Mock Test Q108

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?


Correct Answer: D
Section: Network Security

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Incorrect Answers:
A: HTTPS provides the secure means for web-based transactions by utilizing various other protocols such as SSL and TLS.

B: SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.

C: Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 42, 46, 49