CompTIA Security Plus Mock Test Q1523

An attacker is attempting to insert malicious code into an installer file that is available on the internet. The attacker is able to gain control of the web server that houses both the installer and the web page which features information about the downloadable file. To implement the attack and delay detection, the attacker should modify both the installer file and the:

A. SSL certificate on the web server
B. The HMAC of the downloadable file available on the website
C. Digital signature on the downloadable file
D. MD5 hash of the file listed on the website

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q850

Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees’ computers?

A. Least privilege accounts
B. Host-based firewalls
C. Intrusion Detection Systems
D. Application white listing

Correct Answer: D
Section: Application, Data and Host Security

Explanation:
Application whitelisting is a security stance that prohibits unauthorized software from being able to execute unless it is on the preapproved exception list: the whitelist. This prevents
any and all software, including malware, from executing unless it is on the whitelist. This can help block zero-day attacks, which are new attacks that exploit flaws or vulnerabilities in
targeted systems and applications that are unknown or undisclosed to the world in general.

Incorrect Answers:
A: Least privilege is a security stance in which users are granted the minimum necessary access, permissions, and privileges that they require to accomplish their work tasks. It does
not mitigate from zero-day exploits
B: A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a
filter is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it.
Log records information about the packet into a log file. Filters can be based on protocol and ports.
C: Intrusion detection systems (IDSs) are designed to detect suspicious activity based on a database of known attacks. It does not detect zero-day exploits that are new attacks that
exploit flaws or vulnerabilities in targeted systems and applications that are unknown or undisclosed to the world in general.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-8, 12, 22, 82, 121, 241
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 26, 221, 236,338

CompTIA Security Plus Mock Test Q803

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS
B. Host software baselining
C. OS hardening
D. Virtualization

Correct Answer: D
Section: Application, Data and Host Security

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same
hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore,
malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.

Incorrect Answers:
A: Trusted OS is an access-control feature that limits resource access to client systems that run operating system that are known to implement specific security features.
B: Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components,
operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the
required level of security is being maintained.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 37, 208, 246

CompTIA Security Plus Mock Test Q799

The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).

A. Device encryption
B. Antivirus
C. Privacy screen
D. Cable locks
E. Remote wipe


Correct Answer: B,D
Section: Application, Data and Host Security

Explanation:
B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
Public systems are particularly prone to viruses.
D: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep devices from being easy to steal.

Incorrect Answers:
A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
C: A privacy screen is a monitor filter that is applied to the display to filter out the light reflected from the smooth glass surface of the display and can also be used in increase privacy
by decreasing the viewing angle of a monitor, preventing it from being viewed from the side.
E: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the
internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 161-162, 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
http://en.wikipedia.org/wiki/Monitor_filter

CompTIA Security Plus Mock Test Q788

Which of the following is a vulnerability associated with disabling pop-up blockers?

A. An alert message from the administrator may not be visible
B. A form submitted by the user may not open
C. The help window may not be displayed
D. Another browser instance may execute malicious code

Correct Answer: D
Section: Application, Data and Host Security

Explanation
Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious
code.

Incorrect Answers:
A, B, C: Pop-up windows are browser windows that are opened without the consent of the user. They are not alert messages, forms or the help window.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 246
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 222

CompTIA Security Plus Mock Test Q787

A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

A. Antivirus
B. Pop-up blocker
C. Spyware blocker
D. Anti-spam

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious
code.

Incorrect Answers:
A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
C: Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge or consent. This is usually accomplished using a tracking
cookie.
D: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM). It does not block random
browser windows, which are pop-up windows, from opening.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 246
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 18-19, 161-162, 300