CompTIA Security+ Get Certified Get Ahead - CH5 Review Flashcards

1
Q

Attackers recently exploited vulnerabilities in a web Server hosted by your organization. Management has tasked administrators with checking the Server and eliminating any weak configurations on it. Which of the following will meet this goal?

Installing a NIDS
Disabling unnecessary Services.
Enabling Root Accounts
Implementing SSL Encryption

A

Disabling unnecessary Services

Explanation:
Unnecessary open ports and services are common elements that contribute to weak configurations so it’s important to close ports that aren’t needed and disable unnecessary services.

A network-based intrusion detection system (NIDS) helps protect internal systems, but a NIDS would not be installed on the server and administrators are tasked with checking the server.
Unsecured root accounts indicate a weak configuration. If root accounts are disabled, enabling them won’t increase security on the server.
Secure Sockets Layer (SSL) is a weak encryption protocol and should not be implemented on servers.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 546). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The BizzFad organization develops and sells Software. Occasionally they update the software to fix Security vulnerabilities and/or add additional features. However, before releasing these updates to customers, they test them in different environments. Which of the following solutions provides the BEST method to test the updates?

Baseline Configuration
BYOD
Sandbox
Change Management

A

Sandbox

Explanation:
A sandbox provides a simple method of testing updates. It provides an isolated environment and is often used for testing.

A baseline configuration is a starting point of a computing environment.
Bring your own device (BYOD) refers to allowing employee-owned mobile devices in a network and is not related to this question.
Change management practices ensure changes are not applied until they are approved and documented.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 546). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

** Network administrators have identified what appears to be malicious traffic comming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to run hping3 via remote websites. After comparing the computer with a list of applications from the master image, they verify this application is likely the problem. What allowed them to make this determination?

Version control
Sandbox
Blacklist
Integrity measurements

A

Integrity measurements

Explanation:
The master image is the baseline, and the administrators performed integrity measurements to identify baseline deviations. By comparing the list of applications in the baseline with the applications running on the suspect computer, it’s possible to identify unauthorized applications. None of the other answers include the troubleshooting steps necessary to discover the problem.

Version control tracks software versions as software is updated.
A sandbox is an isolated area of a system, typically used to test applications.
A blacklist is a list of prohibited applications.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 546-547). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

** While investigating a recent data breach, investigators discovered a RAT on Bart’s computer. Antivirus software didn’t detect it. Logs show a user with local administrator privileges installed it. Which of the following answers has the BEST chance of preventing this from happening again in the future?

Enforce an application Allow list.
Enforce an application Block list.
Implement a BYOD policy.
Implement a DLP system.

A

Enforce an application Allow list.

Explanation:
Enforcing an application allow list (sometimes called an application whitelist) would prevent this. An application allow list identifies the only applications that can be installed on a computer and would not include a malicious remote access tool (RAT).

An application block list identifies applications to block, but malware changes so often, this wouldn’t help. Code signing verifies code is valid and hasn’t been modified.
A bring your own device (BYOD) policy identifies mobile devices employees can buy and connect to a network but is unrelated to this question.
A data loss protection (DLP) system typically monitors outgoing traffic and wouldn’t stop a user from installing a malicious application.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 547). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

** Salespeople within a company regularly take company-owned laptops with them on the road. The company wants to implement a solution to protect laptop drives against data theft. The solution should operate without user interaction for ease of use. Which of the following is the BEST choice to meet these needs?

DLP
HSM
MDM
SEDs

A

SEDs (Self-Encrypting Drives)

Explanation:
Self-encrypting drives (SEDs) are the best solution. SEDs have encryption circuitry built into the drive. They encrypt and decrypt data without user interaction, though it’s common to require personnel to use credentials to unlock the SED when booted.

A data loss prevention (DLP) solution typically monitors outgoing traffic to prevent confidential information from getting outside the organization.
A hardware security module (HSM) is used to manage, generate, and store cryptographic keys. It’s generally used on a network instead of on laptops.
Mobile device management (MDM) refers to technologies used to manage mobile devices.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 547). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

** Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer’s configuration. Which of the following will meet this goal?

Trusted Platform Module
Hardware Root of Trust
Remote Attestation
Tokenization

A

Remote Attestation

Explanation:
A remote attestation process checks a computer during the boot cycle and sends a report to a remote system. The remote system attests or confirms that the computer is secure. None of the other answers sends data to a remote system.

A Trusted Platform Module (TPM) is a hardware chip on a motherboard and provides a local secure boot process.
A TPM includes an encryption key burned into the CPU, which provides a hardware root of trust.
Tokenization replaces sensitive data with a token or substitute value, and this token can be used in place of the original data.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 547-548). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your organization recently updated its security policy to prohibit the use of external storage devices. The goal is to reduce threats from insiders. Which of the following methods would have the BEST chance of reducing the risk of data exfiltration using external storage devices?

Train employees about the policy.
Monitor Firewall logs to detect data exfiltration.
Block write capabilities to removable media.
Implement a Network-based DLP solution.

A

Block write capabilities to removable media.

Explanation:
Blocking write capabilities to removable media is the best choice. This can be done with a data loss prevention (DLP) solution on all computers.

Training employees might help, but it won’t stop an insider threat.
Monitoring firewall logs might detect data exfiltration out of the network, but it won’t monitor the use of external storage devices.
A network-based DLP solution might detect and stop data exfiltration out of the network, but it would stop users from copying data to removable media.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 548). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Maggie, the new CTO at your organization, wants to reduce costs by utilizing more cloud services. She has directed the use of a cloud service instead of purchasing all the hardware and software needed for an upcoming project. She also wants to ensure that the cloud provider maintains all the required hardware and software. Which of the following BEST describes the cloud computing service model that will meet these requirements?

IaaS
PaaS
SaaS
XaaS

A

PaaS (Platform as a Service)

Explanation:
My Take: The question indicates they need the Cloud Service for a “Project”, implying they have specific development needs for the Cloud Service. Which makes it Platform as a Service.

Platform as a Service (PaaS) provides customers with a preconfigured computing platform including the hardware and software. The cloud provider maintains the hardware and specified software such as the operating system and key applications such as a web server application.

Infrastructure as a Service (IaaS) is a cloud computing option where the vendor provides access to a computer, but customers must install the operating system and maintain the system.
Software as a Service (SaaS) provides access to specific applications such as an email application.
Anything as a Service (XaaS) refers to cloud services beyond IaaS, PaaS, and SaaS.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 548). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are asked to research prices for Cloud-based services. The cloud service provider needs to supply Servers, storage, and Networks, but nothing else. Which of the following will BEST meet your needs?

IaaS
PaaS
SaaS
XaaS

A

IaaS (Infrastructure as a Service)

Explanation:
My Take: The question indicates they just need the Hardware, for no particular dneeds other than Storage. That makes it Infrastructure as a Service.

An Infrastructure as a Service (IaaS) cloud model provides clients with hardware but nothing else.

A Platform as a Service (PaaS) model provides customers with a computing platform including operating systems and some applications.
A Software as a Service (SaaS) model provides customers with one or more applications.
Anything as a Service (XaaS) refers to cloud services beyond IaaS, PaaS, and SaaS, but this scenario clearly describes an IaaS model.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 549). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your organization has been using more cloud resources and Lisa, the CIO, is concerned about Security. She wants to add a service that is logically placed between the organization’s Network and the cloud provider. This service will monitor all Network traffic and ensure that data sent to the cloud for storage is Encrypted. Which of the following will BEST meet these requirements?

CASB
Storage Permissions
A Storage Encryption Policy
Firewall

A

CASB (Cloud Acess Security Broker)

Explanation:
A cloud access security broker (CASB) is placed between a network and a cloud provider and would meet the chief information officer (CIO) requirements. It can monitor traffic and enforce security policies, such as ensuring all data sent to the cloud is encrypted.

Permissions should be set on cloud storage locations to ensure only authorized personnel can access them, but they don’t encrypt the data.
A storage encryption policy can be created to require encryption of data stored in the cloud, but the policy wouldn’t monitor all traffic to and from the cloud.
A firewall can filter traffic, but it doesn’t include all the capabilities of a CASB, such as verifying data is encrypted.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 549). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Management at your organization wants to add a Cloud-based service to filter all traffic going to or from the Internet from internal clients. At a minimum, the solution should include URL filtering, DLP Protection, and Malware Detection and Filtering. Which of the following will BEST meet these requirements?

Next-generation SWG
Container Security
Cloud-based Segmentation
API inspection and integration

A

Next-generation SWG (Secure Web Gateway)

Explanation:
A next-generation secure web gateway (SWG) provides proxy services for traffic from clients to Internet sites, such as filtering Uniform Resource Locators (URLs) and scanning for malware. Permissions should be set on cloud storage locations to ensure only authorized personnel can access them, but they don’t encrypt the data.

Container security can be applied as a cloud security control to protect data by placing it in different containers with different permissions or encryption controls.
Segmentation within a network isolates hosts or networks, and cloud-based segmentation does the same thing, except the isolation occurs within the cloud.
Application programming interface (API) inspection and integration refers to testing an API for usability, but this scenario is much too complex for an API.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 549). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

** Your organization is planning to implement a BYOD policy. However, management wants to implement a comprehensive solution to protect the organization’s data when the BYOD policy is put into place. Which of the following is the BEST choice to meet these needs?

FDE
SED
MDM
MAM

A

MDM (Mobile Device Management)

Explanation:
A mobile device management (MDM) solution is the best choice because it can manage multiple risks related to mobile devices in a bring your own device (BYOD) scenario.

Full disk encryption (FDE) typically isn’t feasible in a BYOD scenario because it requires an organization to encrypt devices owned by employees.
Some FDE drives use self-encrypting drive (SED) technology, and they aren’t feasible for the same reason FDE drives aren’t feasible.
Mobile application management (MAM) only manages applications on mobile devices, and it isn’t a comprehensive solution.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 550). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

** Your organization recently implemented a Security policy requiring that all endpoint computing devices have a unique identifier to simplify asset inventories. Administrators implemented this on Servers, Desktop PCs, and laptops with an RFID system. However, they haven’t found a reliable method to tag corporate-owned smartphones and tablet devices. Which of the following choices would be the BEST alternative?

VDI
MDM Application
RFID Tag
GPS Tagging

A

MDM Application (Mobile Device Management)

Explanation:
Mobile Device Management (MDM) applications can assign unique digital identifiers to endpoint devices such as smartphones and tablets. It uses this to manage the device remotely, and the identifier can also be used to simplify asset inventories.

A virtual desktop infrastructure (VDI) provides a virtual desktop to users (including users with mobile devices), allowing them to connect to a server hosting the desktop.
Radio-frequency identification (RFID) tags are being used on other devices, but the scenario states it isn’t a reliable method for smartphones and tablet devices.
Global Positioning System (GPS) tagging adds geographical data to pictures to indicate where the photo was taken.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 550). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

** Your organization is switching from a COPE model to a BYOD model due to the cost of replacing lost or damaged mobile devices. Which of the following is the BEST choice to protect the organization’s data when using the BYOD model?

Full-disk Encryption
Containerization
Remote Wipe
Geolocation

A

Containerization

Explanation:
Containerization is the best choice. Organizations can ensure that organizational data is encrypted in some containers without encrypting user data. In a bring your own device (BYOD) model, employees own the devices, and an organization typically can’t encrypt user data with full-disk encryption.

In a corporate-owned, personally enabled (COPE) model, the organization could use full-device encryption.
Remote wipe sends a signal to a lost device to erase data, but it won’t erase data if the device is damaged, and an attacker may be able to recover data from a damaged device.
Geolocation technologies can help locate a lost device, but they won’t protect data.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 550-551). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Bart is showing Wendell a new app that he downloaded from a third party onto his iPhone. Wendell has the same model of smartphone, but when he searches for the app, he is unable to find it. Of the following choices, what is the MOST likely explanation for this?

Jailbreaking
Tethering
Sidebreaking
Rooting

A

Jailbreaking

Explanation:
Jailbreaking is the most likely reason for this. It’s possible to jailbreak an iPhone to remove all software restrictions, including the ability to install applications from sources other than the Apple App Store.

Tethering allows you to share an Internet connection with one mobile device to other mobile devices.
Sideloading is the process of installing application packages from an Application Packet Kit (APK) but sidebreaking isn’t a relevant term in this context.
Rooting is done to Android devices and provides users root-level access to the device.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 551). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your organization wants to ensure that employees do not install any unauthorized software on their computers. Which of the following is the BEST choice to prevent this?

Master Image
Application Whitelisting
Anti-malware Software
Antivirus Software

A

Application Whitelisting

Explanation:
Application Whitelisting identifies AUTHORIZED applications only and prevents users from installing anything else.

Alternately, you can use a Blacklist to identify specific applications that cannot be installed or run on a System.
A Master Image provides a Secure baseline, but it doesn’t prevent users from installing additional applications.
Anti-malware Software and Antivirus Software can detect and block malware, but they don’t prevent users from installing unauthorized Software.

17
Q

Your organization hosts a website with a Back-End Database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?

Full Database Encryption
Whole Disk Encryption
Database Column Encryption
File-Level Encryption

A

Database Column Encryption

18
Q

Lisa does not have access to the project.doc file, but she needs access to this file for her job. Homer is the System Admin and he has identified the following permissions for the file: rwx rw- — What should Homer use to grant Lisa read access to the file?

The chmod command.
A remote wipe.
Push notifications.
The chroot command.

A

The chmod command.

19
Q

Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal?

Implement patches when they are released.
Implement a change management policy.
Use only trusted operating systems.
Implement operating systems with secure configurations.

A

Implement a change management policy.

20
Q

A new mobile device Security policy has authorized the use of employee-owned devices, but mandates additional Security controls to protect them if they are lost or stolen. Which of the following meets this goal?

Screen Locks and GPS Tagging
Patch Management and Change Management
Screen Locks and Device Encryption
File Device Encryption and IaaS

A

Screen Locks and Device Encryption