CompTIA Security Plus Mock Test Q1477

A company has had several security incidents in the past six months. It appears that the majority of the incidents occurred on systems with older software on development workstations. Which of the following should be implemented to help prevent similar incidents in the future?

A. Peer code review
B. Application whitelisting
C. Patch management
D. Host-based firewall

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q629

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents
B. Reduce attack surface of systems
C. Implement monitoring controls
D. Hardening network devices
E. Prevent unauthorized access


Correct Answer: A,C
Section: Threats and Vulnerabilities

Explanation:
By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls.
With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect security incidents.

Incorrect Answers:
B: By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is not reducing the attack surface of systems. The security analyst is not making any changes to the systems; he is just monitoring activities on the systems.
D: By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is not hardening the network devices. The security analyst is not making any changes to the network devices; he is just monitoring activities on the systems.
E: By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is not preventing unauthorized access. The security analyst is not making any changes to the systems and so cannot prevent unauthorized access; he is just monitoring activities on the systems.

CompTIA Security Plus Mock Test Q183

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes

Correct Answer: D
Section: Network Security

Explanation:
Continuous monitoring may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. It also points toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats.

Incorrect Options:
A: An initial baseline configuration snapshot would allow for the standardized minimal level of security that all systems in an organization must comply with to be enforced. This will not
cover the non-technical security incidents.
B: A Firewall, IPS and network segmentation will offer technical protection, but not non-technical security protection.
C: Event log analysis and incident response will not cover the non-technical security incidents.

Reference:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 154.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 207, 208