CompTIA Security Plus Mock Test Q1249

A company recently received accreditation for a secure network, In the accreditation letter, the auditor specifies that the company must keep its security plan current with changes in the network and evolve the systems to adapt to new threats. Which of the following security controls will BEST achieve this goal?

A. Change management
B. Group Policy
C. Continuous monitoring
D. Credential management


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1228

A Company has recently identified critical systems that support business operations. Which of the following will once defined, be the requirement for restoration of these systems within a certain period of time?

A. Mean Time Between Failure
B. Mean Time to Restore
C. Recovery Point Objective
D. Recovery Time Objective


Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1206

In an environment where availability is critical such as Industrial control and SCADA networks, which of the following technologies in the MOST critical layer of defense for such systems?

A. Log consolidation
B. Intrusion Prevention system
C. Automated patch deployment
D. Antivirus software


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1205

Ann a network administrator has been tasked with strengthening the authentication of users logging into systems in area containing sensitive information. Users log in with usernames and passwords, following by a retinal scan. Which of the following could she implement to add an additional factor of authorization?

A. Requiring PII usage
B. Fingerprint scanner
C. Magnetic swipe cards
D. Complex passphrases

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1060

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers?

A. SSL
B. TLS
C. HTTP
D. FTP


Correct Answer: B
Section: Cryptography

Explanation:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC
2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by
default.

Incorrect Answers:
A: As of 2014 the 3.0 version of SSL is considered insecure as it is vulnerable to the POODLE attack that affects all block ciphers in SSL; and RC4, the only non-block cipher
supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.
B: The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is not a transport protocol.
D: The File Transfer Protocol (FTP) is not a transport layer protocol. FTP is a standard network protocol used to transfer computer files from one host to another host over a TCPbased
network, such as the Internet.
FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 268-269

CompTIA Security Plus Mock Test Q1006

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

A.
Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys


Correct Answer: D
Section: Cryptography

Explanation:
Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.
In more detail:
* Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be
protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.
* Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to
encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

Incorrect Answers:
A: Symmetric encryption uses private keys, not public keys.
B: Symmetric encryption uses private keys, not shared keys.
C: Asymmetric encryption does not use session keys, it uses a public key to encrypt data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 251, 262

CompTIA Security Plus Mock Test Q982

A recent review of accounts on various systems has found that after employees’ passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

A. Reverse encryption
B. Minimum password age
C. Password complexity
D. Account lockouts
E. Password history
F. Password expiration

Correct Answer: B,E
Section: Access Control and Identity Management

Explanation:
E: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow
a user from changing his password to any of his previous 5 passwords.
B: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password
history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is
the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the
same password for at least 30 days.

Incorrect Answers:
A: Storing encrypted passwords in a way that is reversible means that the encrypted passwords can be decrypted. This will not prevent users from changing their passwords multiple
times to cycle back to their original passwords. Therefore, this answer is incorrect.
C: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. It will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
D: Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. Account lockout settings will
not prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.
F: Password expiration determines how long a password can be used for before it must be changed. Password expiration will force users to change their passwords but it will not
prevent users from changing their passwords multiple times to cycle back to their original passwords. Therefore, this answer is incorrect.

References:
https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh

CompTIA Security Plus Mock Test Q953

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

A. Annual account review
B. Account expiration policy
C. Account lockout policy
D. Account disablement


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to
expire at a specific time and on a specific day.

Incorrect Answers:
A: An account review would conclude if users have been suitably completing their work tasks or whether there have been failed and/or successful attempts at violating company
policies or the law. It would not prevent contractors from having access to systems in the event a contractor has left.
C: Account lockout automatically disables an account due to repeated failed log on attempts. It would not prevent contractors from having access to systems in the event a contractor
has left.
D: The question states: “The provisioning team does not always get notified that a contractor has left the company”. Therefore, disabling an account needs to happen automatically.
The account expiration policy meets the requirements.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294.