CompTIA Security Plus Mock Test Q1717

After a merger between two companies a security analyst has been asked to ensure that the organization’s systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

A. Monitor VPN client access
B. Reduce failed login out settings
C. Develop and implement updated access control policies
D. Review and address invalid login attempts
E. Increase password complexity requirements
F. Assess and eliminate inactive accounts


Correct Answer: E,F
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1234

A password audit has revealed that a significant percentage if end-users have passwords that are easily cracked. Which of the following is the BEST technical control that could be implemented to reduce the amount of easily “crackable” passwords in use?

A. Credential management
B. Password history
C. Password complexity
D. Security awareness training


Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q965

Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

A. Increase password complexity
B. Deploy an IDS to capture suspicious logins
C. Implement password history
D. Implement monitoring of logins
E. Implement password expiration
F. Increase password length

Correct Answer: A,F
Section: Access Control and Identity Management

Explanation:
The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing the password complexity you make it more difficult.
Passwords that are too short can easily be cracked. The more characters used in a password, combined with the increased complexity will mitigate password cracking attacks.

Incorrect Answers:
B: IDS (intrusion detection systems) can be implemented to capture suspicious logins, but that assumes that the passwords are already cracked.
C: Password history implementation is used to prevent users changing their password to the same value as the old one, or to one that they used the last time around, this might also
be used by some crackers to hack passwords and thus is not mitigating password attacks.
D: Monitoring the logins is part of auditing and does not mitigate the password cracking attacks.
E: Password expiration refers to the period of validity of passwords. Some crackers will even make use of these expiry periods to crack passwords.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139-140

CompTIA Security Plus Mock Test Q946

A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

A. Increase the password length requirements
B. Increase the password history
C. Shorten the password expiration period
D. Decrease the account lockout time



Correct Answer: C

Section: Access Control and Identity Management

Explanation:
Reducing the password expiration period will require passwords to be changed at the end of that period. A password needs to be changed if it doesn’t meet the compliance
requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system
intrusion. This will give online password attackers less time to crack the weak passwords.

Incorrect Answers:
A: Increasing the password length will not make the new passwords less susceptible to online password attackers.
B: Password history tracks previous passwords to prevent password reuse. It will not make the new passwords less susceptible to online password attackers.
D: Account lockout automatically disables an account due to repeated failed log on attempts. When the account is unlocked it will still have the same weak password, and still
susceptible to online password attacks.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294

CompTIA Security Plus Mock Test Q943

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

A. Add reverse encryption
B. Password complexity
C. Increase password length
D. Allow single sign on

Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation, special characters, or
numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a password’s length and complexity.

Incorrect Answers:
A: Typical protocol components, like encryption and hash functions, can be reverse-engineered automatically by tracing the execution of protocol implementations and trying to identify
buffers in memory holding unencrypted packets. It will not strengthen the password policy to support special characters.
C: Increasing the password length will not necessarily support special characters.
D: Single sign-on means that once a user (or other subject) is authenticated into a realm, they need not re-authenticate to access resources on any realm entity. It will not strengthen
the password policy to support special characters.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 284, 292, 293
http://en.wikipedia.org/wiki/Reverse_engineering

CompTIA Security Plus Mock Test Q942

After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

A. Recovery
B. User assigned privileges
C. Lockout
D. Disablement
E. Group based privileges
F. Password expiration
G. Password complexity


Correct Answer: F,G
Section: Access Control and Identity Management

Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some
character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.

Incorrect Answers:
A: Recovery of a password requires that the password storage mechanism be reversible or that passwords be stored in multiple ways. Requiring passwords to be changed is more
secure than recovering them.
B: User assigned privileges can be assigned by the user. It will not ensure that all credentials must be changed within 90 days.
C: Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. The question states: “All
credentials will remain enabled regardless of the number of attempts made.”
D: Disablement automatically disables a user account or causes the account to expire at a specific time and on a specific day. It will not ensure that all credentials must be changed
within 90 days.
E: Group-based privileges grants each group member the same level of access to a certain object. It will not ensure that all credentials must be changed within 90 days.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294

CompTIA Security Plus Mock Test Q938

An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).

A. Password Complexity
B. Password Expiration
C. Password Age
D. Password Length
E. Password History

Correct Answer: A,D
Section: Access Control and Identity Management

Explanation:
Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password
combined are vital factors in defining a password’s strength.

Incorrect Answers:
B, C: It is common practice for passwords to automatically expire after a specified period so as to compel users to change passwords. However, if it is a strong password, it can remain
static.
E: Password History tracks previous passwords so as to prevent password reuse.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 293