CompTIA Security Plus Mock Test Q1485

A classroom utilizes workstations running virtualization software for a maximum of one virtual machine per working station. The network settings on the virtual machines are set to bridged. Which of the following describes how the switch in the classroom should be configured to allow for the virtual machines and host workstation to connect to network resources?

A. The maximum-mac settings of the ports should be set to zero
B. The maximum-mac settings of the ports should be set to one
C. The maximum-mac settings of the ports should be set to two
D. The maximum mac settings of the ports should be set to three

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1477

A company has had several security incidents in the past six months. It appears that the majority of the incidents occurred on systems with older software on development workstations. Which of the following should be implemented to help prevent similar incidents in the future?

A. Peer code review
B. Application whitelisting
C. Patch management
D. Host-based firewall

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q791

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management
B. Application hardening
C. White box testing
D. Black box testing

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production
system, and scheduling updates.

Incorrect Answers:
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
C: White box testing is a form of penetration testing in which the tester has significant knowledge of the system and how it functions. This simulates an attack from an insider.
D: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of the system or it how it functions. This simulates an attack from an outsider.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 221, 231-232
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217, 220, 459

CompTIA Security Plus Mock Test Q782

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.
B. Implement database hardening by applying vendor guidelines.
C. Implement perimeter firewall rules to restrict access.
D. Implement OS hardening by applying GPOs.


Correct Answer: D
Section: Application, Data and Host Security

Explanation
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented
using the native security features of an operating system, such as Group Policy Objects (GPOs).

Incorrect Answers:
A: Internet Information Services (IIS) is a Windows service that allows a computer to function as a Web Server. This is usually installed on a server rather than a workstation.
B: Database hardening will improve security for a database; it does not improve security for workstations.
C: Perimeter firewall rules can be used to restrict network access to host machines but this is a network-based, and not a host-based, security mechanism.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215, 227
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202-206, 211

CompTIA Security Plus Mock Test Q774

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.


Correct Answer: A,C
Section: Application, Data and Host Security

Explanation:
A: The USB root hub can be disabled from within the operating system.
C: USB can also be configured and disabled in the system BIOS.

Incorrect Answers:
B: Anti-virus is installed on a device, not on removable storage. Anti-virus also does not prevent the unauthorized copying of data.
D: The principle of least privilege is used to ensure that users are only provided with the minimum privileges and permissions to resources that allow them to perform their duties.
E: Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge. Detecting spyware does not prevent the unauthorized
copying of data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 153, 247-248, 300
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 82, 204

CompTIA Security Plus Mock Test Q694

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:

A. attack surface.
B. application hardening effectiveness.
C. application baseline.
D. OS hardening effectiveness.


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
In this question, we have out-of-date applications that could be exploited. The out-of-date applications are security vulnerabilities. The combination of all vulnerabilities that could be
exploited (or attacked) is known as the attack surface.
The attack surface of a software environment is the sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data
from an environment.
The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry points available to untrusted users, and eliminate services requested by
relatively few users. One approach to improving information security is to reduce the attack surface of a system or software. By turning off unnecessary functionality, there are fewer
security risks. By having less code available to unauthorized actors, there will tend to be fewer failures. Although attack surface reduction helps prevent security failures, it does not
mitigate the amount of damage an attacker could inflict once a vulnerability is found.

Incorrect Answers:
B: Determining the application hardening effectiveness would be the process of testing an application for vulnerabilities after it has been updated or patched (hardened). In this
question, the applications are out-of-date so they have not been ‘hardened’.
C: An application baseline is a standard configuration for an application or set of applications. The process of documenting which applications are out-of-date and could be exploited is
not performed to determine an application baseline.
D: Determining the OS (operating system) hardening effectiveness would be the process of testing an OS for vulnerabilities after it has been updated or patched (hardened). In this
question, nothing has been done to harden the OS. The process of documenting which applications are out-of-date and could be exploited is not performed to determine OS hardening
effectiveness.

References:
https://en.wikipedia.org/wiki/Attack_surface

CompTIA Security Plus Mock Test Q277

An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

A. DLP
B. Asset tracking
C. HSM
D. Access control


Correct Answer: A
Section: Compliance and Operational Security

Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

Incorrect Answers:
B: Asset tracking can be as simple as a serial number etched in the device or as complex as a GPS locator. Related to this is inventory control. A complete and accurate list of all devices is an integral part of mobile device management. However in this case the USB drive is already lost.
C: HSM is a backup type – it provides continuous online backup using optical or tape jukeboxes.
D: Access Control refers to who has access to resources and clearly users should be granted access if they require it to perform their duties.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 419, 437