CompTIA Security Plus Mock Test Q1448

A security engineer would like to analyze the effect of deploying a system without patching it to discover potential vulnerabilities. Which of the following practices would best allow for this testing while keeping the corporate network safe?

A. Perform grey box testing of the system to verify the vulnerabilities on the system
B. Utilize virtual machine snapshots to restore from compromises
C. Deploy the system in a sandbox environment on the virtual machine
D. Create network ACLs that restrict all incoming connections to the system

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q805

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

A. Cloud
B. Trusted
C. Sandbox
D. Snapshot


Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being
able to cause harm to production systems.

Incorrect Answers:
A: In a cloud environment, data or applications are stored on the internet rather than on the local network.
B: In a trusted environment communications between systems are permitted and systems are not isolated.
D: Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 203, 204-205
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 208, 250

CompTIA Security Plus Mock Test Q804

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often?

A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems.
Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly
installed applications.

Incorrect Answers:
A, C: Creating a full disk image or an incremental backup to restore after each installation could prove useful but less efficient than using snapshots.
B: Replicating a patched PC to all servers does not test the patch, and does not ensure quick recoverability should the patch cause the PC to crash.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 203, 204-205
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 208, 250