CompTIA Security Plus Mock Test Q791

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management
B. Application hardening
C. White box testing
D. Black box testing

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production
system, and scheduling updates.

Incorrect Answers:
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
C: White box testing is a form of penetration testing in which the tester has significant knowledge of the system and how it functions. This simulates an attack from an insider.
D: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of the system or it how it functions. This simulates an attack from an outsider.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 221, 231-232
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217, 220, 459

CompTIA Security Plus Mock Test Q683

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

A. Vulnerability scanning
B. Port scanning
C. Penetration testing
D. Black box


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk
assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.

Incorrect Answers:
B: A port scanner is typically a software application used to scan a system such as a computer or firewall for open ports. A malicious user would attempt to access a system through an
open port. A security administrator would compare the list of open ports against a list of ports that need to be open so that unnecessary ports can be closed thus reducing the
vulnerability of the system. A port scanner is not used for a general scan of common misconfigurations on multiple systems.
C: Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test
(reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security
awareness and the organization’s ability to identify and respond to security incidents.
Penetration testing is used to test the security controls on an individual system; it is not used for a general scan of common misconfigurations on multiple systems.
D: Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be
applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing
as well. Black-box testing is used for testing applications. It is not used to common misconfigurations in a network.

References:
http://www.webopedia.com/TERM/V/vulnerability_scanning.html
http://searchsoftwarequality.techtarget.com/definition/penetration-testing

CompTIA Security Plus Mock Test Q676

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?

A. Vulnerability scanning
B. SQL injection
C. Penetration testing
D. Antivirus update


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk
assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.

Incorrect Answers:
B: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the
database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string
literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites
but can be used to attack any type of SQL database.
SQL injection is not a method used to test for unapplied security controls and patches.
C: Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets.
The difference between a vulnerability scan and a penetration test is that by performing a penetration test, you are actually trying to access a system by exploiting a weakness in the
system. This question states that you need to test for unapplied security controls and patches without attacking or compromising the system.
D: An antivirus update is the process of updating the virus definition files used by antivirus software. It is not used to test for unapplied security controls and patches.

References:
http://www.webopedia.com/TERM/V/vulnerability_scanning.html
http://en.wikipedia.org/wiki/SQL_injection

CompTIA Security Plus Mock Test Q632

A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?

A. Training staff on security policies
B. Establishing baseline reporting
C. Installing anti-malware software
D. Disabling unnecessary accounts/services


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline.
A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

Incorrect Answers:
A: Training staff on security policies is always a good idea. However, this will not provide a mechanism for making the security manager aware of the security posture of each system.
C: Anti-malware is required to remove any existing malware and prevent malware being installed in the future. However, anti-malware does not provide a mechanism for making the security manager aware of the security posture of each system.
D: Disabling unnecessary accounts/services is a good practice for reducing the attack surface of a computer system. However, it does not provide a mechanism for making the security manager aware of the security posture of each system.

References:
http://en.wikipedia.org/wiki/IT_baseline_protection