Practice Exam 3 Flashcards
CompTIA Security+ Practice Tests: Exam SY0-501
An attacker tricks one of your employees to click a malicious link that causes an unwanted action on the website the employee is currently authenticated to. What type of attack is this?
A. Replay
B. Cross-site request forgery
C. Cross-site scripting
D. Buffer overflow
B. Cross-site request forgery
A cross-site request forgery attack occurs when an attacker tricks a user into performing unwanted actions on a website the user is currently authenticated to.
Option A is incorrect. A replay attack occurs when legitimate network transmission is captured by an attacker and then is maliciously retransmitted to trick the receiver into unauthorized operations.
Option C is incorrect. Cross-site scripting enables attackers to insert client-side script into a webpage that other users can view.
Option D is incorrect. Buffer overflow attack occurs when a program attempts to place more data in buffer (memory) than it can hold. This action can corrupt data, crash the program, or execute malicious code.
You are a security administrator and are observing unusual behavior in your network from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. You have updated the antivirus definition files and performed a full antivirus scan. The scan doesn’t show any clues of infection. Which of the following best describes what has happened on the workstation?
A. Buffer overflow
B. Session hijacking
C. Zero-day attack
D. DDoS
C. Zero-day attack
A zero-day attack takes advantage of a security vulnerability on the same day the vulnerability becomes known. Attackers may find vulnerabilities before the company discovers it.
Option A is incorrect. A buffer overflow attack occurs when a program attempts to place more data in a buffer (memory) than it can hold. This action can corrupt data, crash the program, or execute malicious code.
Option B is incorrect. Session hijacking is a method in which an attacker takes over a web user’s session by capturing the session ID and impersonating the authorized user. This allows the attacker to do whatever the authorized user can do on the network.
Option D is incorrect. A distributed denial-of-service (DDoS) occurs when an attacker uses a large number of hosts to flood a server with packets, causing the server to crash and become unavailable.
A network administrator uses their fingerprint and enters a PIN to log onto a server. Which of the following best describes this example?
A. Identification
B. Single authentication
C. Multifactor authentication
D. Transitive trust
C. Multifactor authentication
Multifactor authentication requires more than one method of authentication from independent credentials: something you know, something you have, and something you are.
Option A is incorrect. Identification is used to identify a user within the system. It allows each user to distinguish itself from other users.
Option B is incorrect. Single authentication is one method of authentication from independent credentials: something you know, something you have, and something you are.
Option D is incorrect. Transitive trust is a two-way relationship that is created between parent and child domains in a Microsoft Active Directory forest. When a child domain is created, it will share the resources with its parent domain automatically. This allows an authenticated user to access resources in both the child and parent domains.
Which of the following concepts of cryptography ensures integrity of data by the use of digital signature?
A. Key stretching
B. Steganography
C. Key exchange
D. Hashing
D. Hashing
Hashing transforms a string of characters into a key that represents the original string. When the string of characters is transformed and compared to the original hash, it will identify whether the string has been modified.
Option A is incorrect. Key stretching is a technique to make a weak key stronger against brute-force attacks and increase the time the attacker must spend to guess the result.
Option B is incorrect. Steganography is the practice of hiding a message such as a file within a picture.
Option C is incorrect. Key exchange is the practice of exchanging cryptographic keys between two parties.
Which of the following risk analysis makes use of ALE?
A. Qualitative
B. ROI
C. SLE
D. Quantitative
D. Quantitative
he correct answer is quantitative. Specific dollar values are used to prioritize risk. This is why ALE (annual loss expectancy) is classified as quantitative risk analysis.
Option A is incorrect. Qualitative risk analysis involves a ranking scale to rate risk rather than specific figures.
Option B is incorrect. ROI (return on investment) cannot be calculated before a risk analysis is completed.
Option C is incorrect. SLE (single loss expectancy) is related to risk management and risk assessment and is the expected monetary loss for each risk that occurs.
You are an IT security officer and you want to classify and assess privacy risks throughout the development life cycle of a program or system. Which of the following tools would be best to use for this purpose?
A. BIA
B. PIA
C. RTO
D. MTBF
B. PIA
PIA (privacy impact assessment) is a tool used to collect personally identifiable information (PII). It states what is collected and how the information will be maintained and how it will be protected.
Option A is incorrect. BIA (business impact analysis) is used to evaluate the possible effect a business can suffer should an interruption to critical system operations occur. This interruption could be as a result of an accident, emergency, or disaster.
Option C is incorrect. RTO (recovery time objective) is the amount of time it takes to resume normal business operations after an event.
Option D is incorrect. MTBF (mean time between failures) is the rating on a device or component that predicts the expected time between failures.
Which of the following is defined as hacking into a computer system for a politically or socially motivated purpose?
A. Hacktivist
B. Insider
C. Script kiddie
D. Evil twin
A. Hacktivist
A hacktivist’s purpose is to perform hacktivism. This is the act of hacking into a computer system for a politically or socially motivated purpose.
Option B is incorrect. An insider is someone who threatens a company’s security from within the company.
Option C is incorrect. A script kiddie is an immature hacker. The typical script kiddie will use existing and well-known techniques and scripts to search for and exploit weaknesses in a computer system.
Option D is incorrect. An evil twin is a rouge wireless access point that impersonates an authentic Wi-Fi access point. The purpose of an evil twin is to have the user connect to the rouge access point to collect their personal information without the user’s knowledge.
Which of the following is defined as sending unsolicited messages to nearby Bluetooth devices?
A. Jamming
B. Bluesnarfing
C. Brute force
D. Bluejacking
D. Bluejacking
Bluejacking is the act of sending unsolicited messages from one Bluetooth device to another Bluetooth device such as smartphones, tablets, and laptop computers.
Option A is incorrect. Jamming can compromise a wireless network denying service to authorized users by overwhelming frequencies of illegitimate traffic.
Option B is incorrect. Bluesnarfing is the theft of information from a Bluetooth enabled device through a Bluetooth connection.
Option C is incorrect. Brute force is a trial and error method that involves guessing all possible passwords and passphrases until the correct one is discovered.
You are a system administrator and are asked to prevent staff members from using another member’s credentials to access secured areas of the building. Which of the following will best address this request?
A. Install a biometric reader at the entrance of the secure area.
B. Install a proximity card reader at the entrance of the secure area.
C. Implement least privilege concept.
D. Implement Group Policy enforcement.
A. Install a biometric reader at the entrance of the secure area.
Biometrics are a person’s physical characteristics, such as a fingerprint, retina, hand geometry, and voice.
Option B is incorrect. A proximity card is a contactless smartcard that is held near an electronic reader to grant access to a particular area.
Option C is incorrect. Least privilege gives users the lowest level of rights so they can do their job to limit the potential chance of security breach.
Option D is incorrect. Group Policy is used by network administrators in a Microsoft Active Directory to implement certain configurations for users and computers.
A chief security officer (CSO) notices that a large number of contractors work for the company. When a contractor leaves the company, the provisioning team is not notified. The CSO wants to ensure the contractors cannot access the network when they leave. Which of the following polices best supports the CSO’s plan?
A. Account disablement
B. Account lockout policy
C. Enforce password history
D. Account expiration policy
D. Account expiration policy
Account expiration policy will prevent the contracts from attempting to access the network after they leave. The provisioning team can set a date when the contract is set to leave, and the user will not be able to have access to systems within the company’s network.
Option A is incorrect. Account disablement requires an administrator to manually disable the account. Should the administrator set a policy for failed logon attempts, this would disable the account. If the contractor can sign in without failed attempts, the disablement policy will not go into effect.
Option B is incorrect. Account lockout policy is set if there are failed attempts to log into the system. If the contractor can sign in without failed attempts, the lockout policy will not go into effect.
Option C is incorrect. Enforce password history is a policy that requires users to use a certain number of unique passwords before they can reuse a password. This policy will not help prevent contractors from accessing the company’s network.
Which of the following measures the amount of time required to return a failed device, component, or network to normal functionality?
A. RTO
B. MTTR
C. MTBF
D. RPO
B. MTTR
MTTR (mean time to repair) is the average time it takes for a failed device or component to be repaired or replaced.
Option A is incorrect. RTO (recovery time objective) is the amount of time it takes to resume normal business operations after an event.
Option C is incorrect. MTBF (mean time between failures) is the rating on a device or component that predicts the expected time between failures.
Option D is incorrect. RPO (recovery point objective) is the period of time a company can tolerate lost data being unrecoverable between backups.
Your company’s sales team is working late at the end of the month to ensure all sales are reported for the month. The sales members noticed they cannot save or print reports after regular hours. Which of the following general concepts is preventing the sales members from performing their job?
A. Job rotation
B. Time-of-day restrictions
C. Least privilege
D. Location-based policy
B. Time-of-day restrictions
Time-of-day restrictions are a form of logical access control where specific applications or systems are restricted access outside of specific hours.
Option A is incorrect. Job rotation is the practice of rotating employees who are assigned jobs within their employment to promote flexibility and keep employees interested in their jobs.
Option C is incorrect. Least privilege gives users the lowest level of rights so they can do their job to limit the potential chance of security breach.
Option D is incorrect. A location-based policy uses a device’s location data to control features such as disabling a smartphone’s camera in a sensitive area.
To authenticate, a Windows 10 user draws a circle around a picture of a dog’s nose and then touches each ear starting with the right ear. Which of the following concepts is this describing?
A. Something you do
B. Something you know
C. Something you have
D. Somewhere you are
A. Something you do
The correct answer is something you do. This is an example of picture password. A user selects a photo of their choice and record gestures over it. Each gesture can be a line, a circle, or a dot, executed in an exact order. The user will repeat the gestures to log into their Windows account.
Option B is incorrect. Something you know is a knowledge factor such as a user knowing their username and password.
Option C is incorrect. Something you have is a possession factor such as a user possessing a smartcard or a security token.
Option D is incorrect. Something you are is a inherence biometric factor such as a user’s fingerprint.
A new employee added network drops to a new section of the company’s building. The cables were placed across several fluorescent lights. When users attempted to connect to the datacenter on the network, they experienced intermittent connectivity. Which of the following environmental controls was most likely the cause of this issue?
A. DMZ
B. EMI
C. BIOS
D. TPM
B. EMI
Electromagnetic interference (EMI) will disrupt the operation of an electronic device when it is in the area of an electromagnetic field.
Option A is incorrect. A demilitarized zone (DMZ) is designed to protect the internal network but allow access to resources from the Internet. This provides an additional layer of protection to the LAN.
Option C is incorrect. A Basic Input/Output System (BIOS) manages the data between the computer’s OS and the attached devices such as the video adapter, network interface card, keyboard, and mouse.
Option D is incorrect. A Trusted Platform Module (TPM) is a specialized chip that stores RSA encryption keys that is specific to the operating system for hardware authentication.
Which of the following wireless attacks would be used to impersonate another WAP to obtain unauthorized information from nearby mobile users?
A. Rogue access point
B. Evil twin
C. Bluejacking
D. Bluesnarfing
B. Evil twin
An evil twin is a fake access point that looks like a legitimate one. The attacker will use the same network name and transmit beacons to get a user to connect. This allows the attacker to gain personal information without the end user knowing.
Option A is incorrect. A rogue access point is a wireless access point that has been installed on a network without the user’s knowledge. It receives beacons transmitted by legitimate access points within the company.
Option C is incorrect. Bluejacking is the act of sending unsolicited messages from one Bluetooth device to another Bluetooth device, such as smartphones, tablets, and laptop computers.
Option D is incorrect. Bluesnarfing is the theft of information from a Bluetooth-enabled device through a Bluetooth connection.
You are a system administrator and you are creating a public and private key pair. You have to specify the key strength. Which of the following would be your best choice?
A. RSA
B. DES
C. MD5
D. SHA
A. RSA
RSA is an asymmetric algorithm that uses private and public keys to encrypt and decrypt data.
Option B is incorrect. Data Encryption Standard (DES) is a symmetric key algorithm that uses the same key to encrypt and decrypt data.
Option C is incorrect. MD5 is a 128-bit hashing algorithm.
Option D is incorrect. SHA is known as a hashing algorithm. Hashing transforms a string of characters into a key that represents the original string. This is also known as a one-way encryption because the hash cannot be decrypted to reveal the original string.
You are the network administrator for your company’s Microsoft network. Your CISO is planning the network security and wants a secure protocol that will authenticate all users logging into the network. Which of the following authentication protocols would be the best choice?
A. RADIUS
B. TACACS+
C. Kerberos
D. SAML
C. Kerberos
Kerberos is an authentication protocol that uses tickets to allow access to resources within the network.
Option A is incorrect. Remote Authentication Dial-In User Service (RADIUS) enables remote access servers to communicate with a central server. This central server is used to authenticate and authorize users to access network services and resources.
Option B is incorrect. TACACS+ is a protocol developed by Cisco and uses TCP for authentication, authorization, and accounting services.
Option D is incorrect. Security Assertion Markup Language (SAML) is an XML standard that allows a user to log in once to an affiliate website and that supports Single Sign-On (SSO) authentication.
Company users are stating they are unable to access the network file server. A company security administrator checks the router ACL and knows users can access the web server, email server, and printing services. Which of the following is preventing access to the network file server?
A. Implicit deny
B. Port security
C. Flood guard
D. Signal strength
A. Implicit deny
Implicit deny is placed at the bottom of the list. If traffic goes through the ACL list of rules and isn’t explicitly denied or allowed, implicit deny will deny the traffic as it is the last rule. In other words, if traffic is not explicitly allowed within an access list, then by default it is denied.
Option B is incorrect. Port security allows an administrator to prohibit or permit devices based on their MAC address by configuring individual physical switch ports.
Option C is incorrect. A flood guard helps prevent denial-of-service (DoS) attacks by stopping a large amount of traffic on a network in an attempt to stop a service of a device.
Option D is incorrect. Signal strength is the power of electric field transmitted by an antenna. The lower the strength, the shorter the distance devices can connect to a wireless access point.
Tony, a security administrator, discovered through an audit all the company’s access points are currently configured to use WPA with TKIP for encryption. Tony needs to improve the encryption on the access points. Which of the following would be the best option for Tony?
A. WPA2 with CCMP
B. WEP
C. WPA with CCMP
D. WPS
A. WPA2 with CCMP
WPA2 with CCMP provides data confidentiality and authentication. CCMP uses a 128-bit key, which is considered secured against attacks.
Option B is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for WLANs and is known to have vulnerabilities that make it prone to attacks.
Option C is incorrect. WPA with CCMP does not exist. WPA adopted protocol TKIP.
Option D is incorrect. WiFi Protected Setup (WPS) uses an 8-digit PIN and is vulnerable to a brute-force attack.
An employee informs that the Internet connection is slow and difficult to access websites to perform their job. You analyze their computer and discover the MAC address of the default gateway in the ARP cache is not correct. What type of attack have you discovered?
A. DNS poisoning
B. Injection
C. Impersonation
D. ARP poisoning
D. ARP poisoning
ARP poisoning is an attack created by an attacker by sending spoofed Address Resolution Protocol (ARP) messages onto a local network. This allows the attacker to monitor data passing through the network.
Option A is incorrect. DNS poisoning is an attack where the attacker modifies the DNS server records to redirect a user to another website that can contain different types of malware.
Option B is incorrect. Injection is a computer attack where the attacker enters malicious code in an application and the malicious code is passed to the backend database.
A user entered a username and password to log into the company’s network. Which of the following best describes the username?
A. Authorization
B. Authentication
C. Identification
D. Accounting
C. Identification
Identification is used to identify a user within the system. It allows each user to distinguish itself from other users.
Option A is incorrect. Authorization determines the user’s privilege or access level to a resource such as computer programs, files and data.
Option B is incorrect. Authentication confirms a user’s identity from the credentials provided.
Option D is incorrect. Accounting is the process of tracking a user’s activities within a network. These activities include services accessed, amount of data accessed or transferred, and login for authentication and authorization.
Tony, a college student, downloaded a free word editor program to complete his essay. After downloading and installing the software, Tony noticed his computer is running slow and he receives notifications from his antivirus program. Which of the following malware best describes what he installed?
A. Keylogger
B. Worm
C. Ransomware
D. Trojan
D. Trojan
A Trojan is malware that is disguised as a legitimate program and can allow hackers to gain access to a user’s system.
Option A is incorrect. A keylogger is a program that records every keystroke form the user and sends them to the hacker.
Option B is incorrect. A worm is a self-replicating malware that spreads to other computers in the network. It is designed to consume network bandwidth.
Option C is incorrect. Ransomware is malware that prevents and limits users from accessing their computer. This is achieved by locking the system’s screen or encrypting the user’s files unless a ransom is paid.
Which of the following statements best describes mandatory vacations?
A. Companies ensure their employees can take time off to conduct activities together.
B. Companies use it as a tool to ensure employees are taking the correct amount of days off.
C. Companies ensure their employees are properly recharged to perform their duties.
D. Companies use it as a tool for security protection to detect fraud.
D. Companies use it as a tool for security protection to detect fraud.
Companies will use mandatory vacations policy to detect fraud by having a second person who is familiar with the duties help discover any illicit activities.
Option A is incorrect. Companies usually don’t want many of their employees out at the same time. This will cause a shortage in a particular area and could compromise the security posture of the company.
Option B is incorrect. Companies have a policy of “use or lose” vacation time if not taken by the end of the calendar year. Mandatory vacations policy isn’t the tool used to ensure employees are taking the correct amount of days off. This is usually maintained by the HR department.
Option C is incorrect. Companies do want their employees to be recharged to properly conduct their duties, but from a security standpoint, this isn’t the best answer.
Your department manager assigns Tony, a network administrator, the job of expressing the business and financial effects that a failed SQL server would cause if it was down for 4 hours. What type of analysis must Tony perform?
A. Security audit
B. Asset identification
C. Business impact analysis
D. Disaster recovery plan
C. Business impact analysis
Business impact analysis (BIA) usually identifies costs linked to failures. These costs may include equipment replacement, salaries paid to employees to catch up with loss of work, and loss of profits.
Option A is incorrect. A security audit tests how effective security policies are in helping protect company’s assets, such as performing security vulnerability scans.
Option B is incorrect. Asset identification identifies system assets based on known information about the asset. The policy usually describes the purpose of the asset and methods for identifying assets.
Option D is incorrect. A disaster recovery plan (DRP) is a document that describes the steps for responding to an unplanned incident. Tony’s job is to determine what result would occur should the SQL server go down. A DRP is a plan when a system component actually fails.
Which of the following is not a vulnerability of end-of-life systems?
A. When systems can’t be updated, firewalls and antiviruses are not sufficient protection.
B. Out-of-date systems can result in fines in regulated industries.
C. When an out-of-date system reaches the end-of-life, it will automatically shut down.
D. Operating out-of-date systems can result in poor performance and reliability and can lead to denial of services.
C. When an out-of-date system reaches the end-of-life, it will automatically shut down.
The correct answer is C. This is not a vulnerability, because most systems will not automatically shut down when they have reached their end-of-life period.
Options A, B, and D are incorrect. These are a vulnerability to end-of-life systems. When a system reaches its end-of-life period, attackers can exploit it since the company will no longer support the system by, for example, sending patches to further protect it.
What method should you choose to authenticate a remote workstation before it gains access to a local LAN?
A. Router
B. Proxy server
C. VPN concentrator
D. Firewall
C. VPN concentrator
A VPN concentrator is a device that creates a remote access or site-to-site VPN connection. A VPN concentrator is used when a company has a large number of VPN tunnels.
Option A is incorrect. A router determines the best route to pass a packet to its destination.
Option B is incorrect. A proxy server sends requests on behalf of the client. Proxy servers mask the client’s public IP address and can cache frequently requested websites to reduce bandwidth and improve clients’ response times.
Option D is incorrect. A firewall uses rules to control incoming and outgoing traffic in a network. Firewalls can be either hardware or software.
A sales manager has asked for an option for sales reps who travel to have secure remote access to your company’s database server. Which of the following should you configure for the sales reps?
A. VPN
B. WLAN
C. NAT
D. Ad hoc
A. VPN
A virtual private network (VPN) creates an encrypted connection between a remote client and a private network over an insecure network such as the Internet.
Option B is incorrect. Wireless LAN (WLAN) allows a mobile user to connect to a local area network (LAN) using the 802.11 wireless standard.
Option C is incorrect. Network Address Translation (NAT) is a function in a router that translates the private IP address to the public IP address, and vice versa. A NAT will hide the private IP address from the Internet world and also is a solution for the limited IPv4 addresses available.
Option D is incorrect. Ad hoc is composed of devices connected and communicating with each other directly.
Which of the following is considered the strongest access control?
A. RBAC
B. DAC
C. MAC
D. ABAC
C. MAC
The correct answer is mandatory access control (MAC). Access is controlled by comparing security labels with security clearances such as Confidential, Secret, and Top Secret.
Option A is incorrect. Role-based access control (RBAC) controls access based on the roles the users have within the system and on rules stating the access that is allowed for the users in a given role.
Option B is incorrect. Discretionary access control (DAC) controls access based on the object’s owner policy.
Option D is incorrect. Attribute-based access control (ABAC) controls access on three types of attributes: the user attributes, current environmental conditions, and accessed application or system attributes.
Your company has hired a third-party auditing firm to conduct a penetration test against your network. The company wasn’t given any information related to the company’s network. What type of test is the company performing?
A. White box
B. Red box
C. Black box
D. Gray box
C. Black box
Black-box testing refers to the process of testing a network without any information known about the network or layout.
Option A is incorrect. White-box testing refers to the process of testing a network with all information known about the network or layout.
Option B is incorrect. Red box is not a term referred to a penetration test.
Option D is incorrect. Gray-box testing refers to the process of testing a network with some information known about the network or layout.
Which of the following countermeasures is designed to best protect against a brute-force password attack?
A. Password complexity
B. Account disablement
C. Password length
D. Account lockout
D. Account lockout
Account lockout prevents the hacker from accessing the user’s account by guessing a username and password. It also locks the account for a determined amount of time or until an administrator has unlocked the account.
Option A is incorrect. Password complexity enforces the rule of inclusion of three of the four following character sets: lowercase letters, uppercase letters, numerals, and special characters. Password complexity will not lock out a hacker from potentially guessing a username and password.
Option B is incorrect. Account disablement is implemented when an employee has left a company, whether temporarily or permanently. Account disablement makes a user account no longer usable. This action is performed by an administrator within the company.
Option C is incorrect. Password length determines the minimum amount of alphanumeric characters a password must have. This will not lock out a hacker from potentially guessing a username and password.
A network manager has implemented a strategy so that all workstations on the network will receive required security updates regularly. Which of the following best describes what the network manager implemented?
A. Sandboxing
B. Ad hoc
C. Virtualization
D. Patch management
D. Patch management
Patch management consists of collecting, testing, and installing patches to a computer within a local network.
Option A is incorrect. Sandboxing is the concept of isolating a computing environment, such as a software developer testing new programming code.
Option B is incorrect. In an ad hoc network, devices are connected and communicating with each other directly.
Option C is incorrect. Virtualization allows the creation of virtual resources such as a server operating system. Multiple operating systems can run on one machine by sharing resources such as RAM, hard drives, and CPU.
An attacker exploited a bug, unknown to the developer, to gain access to a database server. Which of the following best describes this type of attack?
A. Zero-day
B. Cross-site scripting
C. ARP poisoning
D. Domain hijacking
A. Zero-day
A zero-day attack takes advantage of a security vulnerability on the same day the vulnerability becomes known. Attackers may find vulnerabilities before the company discovers it.
Option B is incorrect. Cross-site scripting enables attackers to insert client-side script into a webpage that other users can view.
Option C is incorrect. Address Resolution Protocol (ARP) poisoning occurs when an attacker changes the MAC address on the target’s ARP cache to steal sensitive data and cause a denial of service.
Option D is incorrect. Domain hijacking occurs when an attacker uses a domain for their own purpose. Attackers can collect data about visitors.
Which of the following allows a company to store a cryptographic key with a trusted third party and be released only to the sender or receiver with proper authorization?
A. CRL
B. Key escrow
C. Trust model
D. Intermediate CA
B. Key escrow
A key escrow is a location in where keys can be gained by authorized users to decrypt encrypted data.
Option A is incorrect. A certificate revocation ist (CRL) is a list of certificates that were revoked by a CA before their expiration date. The certificates listed in the CRL should not be considered trusted.
Option C is incorrect. A trust model allows the encryption keys to be trusted; the names associated with the keys are the names associated with the person or entity.
Option D is incorrect. An intermediate certificate authority (CA) issues certificates to verify a digital device within a network or on the Internet.
You are a network administrator for a bank. A branch manager discovers the deskside employees have the ability to delete lending policies found in a folder within the file server. You review the permissions and notice the deskside employees have “modify” permissions to the folder. The employees should have read permissions only. Which of the following security principles has been violated?
A. Job rotation
B. Time-of-day restrictions
C. Separation of duties
D. Least privilege
D. Least privilege
Least privilege gives users the lowest level of rights so they can do their job to limit the potential chance of security breach.
Option A is incorrect. Job rotation is the practice of rotating employees who are assigned jobs within their employment to promote flexibility and keep employees interested in their jobs.
Option B is incorrect. Time-of-day restriction is a form of logical access control where specific applications or systems are restricted access outside of specific hours.
Option C is incorrect. Separation of duties is a control where error and fraud is prevented by having at least two employees responsible for separate parts of a task.
The system administrator needs to secure the company’s data-at-rest. Which of the following would best provide the strongest protection?
A. Implement biometrics controls on each workstation.
B. Implement full-disk encryption.
C. Implement a host intrusion prevention system.
D. Implement a host intrusion detection system.
B. Implement full-disk encryption.
Full-disk encryption will protect the data that is not currently being accessed should the hard drive be compromised. Full-disk encryption will prevent an unauthorized individual from reading the data on the hard drive.
Option A is incorrect. Biometrics will not protect data stored on a storage device not in use as an attacker can steal the storage device and retrieve the clear text data without the need of biometric authentication.
Option C is incorrect. A host intrusion prevention system (HIPS) is used to monitor a client computer for malicious activity and performs an action based on an implemented rule. This will not protect data stored on a storage device should it be stolen.
Option D is incorrect. A host intrusion detection system (HIDS) is used to monitor a client computer for malicious activity. An HIDS would not protect the data if the storage device is stolen.