CompTIA Security Plus Mock Test Q1477

A company has had several security incidents in the past six months. It appears that the majority of the incidents occurred on systems with older software on development workstations. Which of the following should be implemented to help prevent similar incidents in the future?

A. Peer code review
B. Application whitelisting
C. Patch management
D. Host-based firewall

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q791

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management
B. Application hardening
C. White box testing
D. Black box testing

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production
system, and scheduling updates.

Incorrect Answers:
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
C: White box testing is a form of penetration testing in which the tester has significant knowledge of the system and how it functions. This simulates an attack from an insider.
D: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of the system or it how it functions. This simulates an attack from an outsider.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 221, 231-232
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217, 220, 459

CompTIA Security Plus Mock Test Q789

Which of the following encompasses application patch management?

A. Configuration management
B. Policy management
C. Cross-site request forgery
D. Fuzzing


Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have
detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying
the updates on a production system.

Incorrect Answers:
B: Policy management is the use of policies to form guidelines for the management of entities within an organization. These policies need to be enforced.
C: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge. XSRF is not related to patch management.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 231-232

CompTIA Security Plus Mock Test Q758

Which of the following practices is used to mitigate a known security vulnerability?

A. Application fuzzing
B. Patch management
C. Password cracking
D. Auditing security logs

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from new attacks and vulnerabilities that have recently become known.

Incorrect Answers:
A: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
C: Password cracking is an attempt to find weakness in users’ passwords. However, password strength and complexity would be used to mitigate against weakness in users’
passwords.
D: Security logs record information about security related events, such as user access to resource objects, users performing privileged operations, or events detected by sentry
devices such as firewalls, IDS/IPS, and routers and switches.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202, 229, 231-232

CompTIA Security Plus Mock Test Q757

Which of the following is the term for a fix for a known software problem?

A. Skiff
B. Patch
C. Slipstream
D. Upgrade


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Patch is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities.

Incorrect Answers:
A: A skiff is a small boat.
C: Slipstreaming is the process of making an installation image of an operating system that includes the latest service packs and required applications. This is used to install new
systems rather than fix software problems.
D: Upgrades are replacement of the existing software with newer and better versions of the oftware.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 231-232

CompTIA Security Plus Mock Test Q756

An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement?


A.
Snapshots
B. Sandboxing
C. Patch management
D. Intrusion detection system


Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities.

Incorrect Answers:
A: Snapshots are backups of virtual machines that can be used to quickly recover from errors or poor updates. It does not ensure that the latest kernel version with all current security
fixes is installed on the system.
B: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from
being able to cause harm to production systems. It does not ensure that the latest kernel version with all current security fixes is installed on the system.
D: An intrusion detection system (IDS) is an automated system that detects intrusions or security policy violations on networks or host systems. It does not ensure that the latest kernel
version with all current security fixes is installed on the system.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 204-205, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 21, 231-232, 249, 250

CompTIA Security Plus Mock Test Q755

A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines
B. Application hardening
C. Application access controls
D. Application patch management


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have
detrimental effects on the system, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a
production system.

Incorrect Answers:
A: Application configuration baselining is the process of tuning the settings of an application to ensure it operates at its optimal value while providing security and vulnerability
protection.
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. Hardening also involves
tuning and configuring the native security features of the installed software, performing patch management.
C: Access control or permissions determines a user’s access to an object, such as a file or folder, application, and system. It does not prevent system crashed due to application
updates.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 231-232, 235
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217, 219, 220

CompTIA Security Plus Mock Test Q754

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks?

A. Application hardening
B. Application change management
C. Application patch management
D. Application firewall review

Correct Answer: C
Section: Application, Data and Host Security

Explanation:
The question states that operating system updates are applied but not other software updates. The ‘other software’ in this case would be applications. Software updates includes
functionality updates and more importantly security updates. The process of applying software updates or ‘patches’ to applications is known as ‘application patch management’.
Application patch management is an effective way of mitigating security risks associated with software applications.

Incorrect Answers:
A: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
B: Application change management is the processing of managing any changes to an application. It can include updating an application by applying patches but it also commonly
includes making any configuration change in the application.
D: Application firewall review is the process of reviewing the configuration of a software based firewall. The configuration under review is typically who can access the system and from
where the system can be accessed. It does not include the installation of application patches.

References:
http://www.techopedia.com/definition/24833/hardening
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217

CompTIA Security Plus Mock Test Q459

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability.

Incorrect Answers:
A: A host-based firewall can be used to guard against attacks and malware, and in the question you are required to mitigate a server-vulnerability after the OS has been standardized on all servers.
B: Initial baseline configurations are concerned with security posturing which means the representation of a secure state.
C: Discretionary Access Control is as a flexible access method regarding access to information.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 57, 151, 221, 222
http://www.computerweekly.com/feature/Microsoft-patch-management-tools