An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?
A. Enable verbose system logging B. Change the permissions on the user’s home directory C. Implement remote syslog D. Set the bash_history log file to “read only”
During a code review a software developer discovers a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risk. Executive management has decided that the code will not be rewritten. This is an example of:
A. Risk avoidance B. Risk transference C. Risk mitigation D. Risk acceptance
A web administrator has just implemented a new web server to be placed in production. As part of the company’s security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data:
21 tcp open FTP
23 tcp open Telnet
22 tcp open SSH
25 UDP open smtp
110 tcp open pop3
443 tcp open https
Which of the following is the BEST recommendation for the web administrator?
A. Implement an IPS B. Disable unnecessary services C. Disable unused accounts D. Implement an IDS E. Wrap TELNET in SSL
In order to enter a high-security data center, users are required to speak the correct password into a voice recognition system. Ann, a member of the sales department, overhears the password and later speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?
A. An authentication factor B. Discretionary Access C. Time of Day Restrictions D. Least Privilege Restrictions
In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?
A. An authentication factor B. Discretionary access C. Time of day restrictions D. Least privilege restrictions
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control
Correct Answer: D Section: Access Control and Identity Management
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.
A: Rule-based access control is used for network devices that filter traffic based on filtering rules.
B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
C: User assigned privilege is when permissions are allowed or refused based on a specific individual user.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284, 294
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement B. Interference C. Use WEP D. Single Sign on E. Disable the SSID F. Power levels
Correct Answer: A,F Section: Network Security
Placing the antenna in the correct position is crucial. You can then adjust the power levels to exclude the parking lot.
B: Interference could disrupt the signal in the building as well.
C: WEP is not a secure encryption protocol.
D: This allows users access to all the applications and systems they need when they log on.
E: This option would “cloak” the network, not limit its signal strength.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 149, 171, 177, 183