Upgrade to remove ads
Get Quizlet's official Security+ - 1 term, 1 practice question, 1 full practice test
Terms in this set (27)
A security administrator is implementing a security program that addresses confidentiality and availability. Of the following, what else should the administrator include?
A. Ensure critical systems provide uninterrupted service
B. Protect data in transit from unauthorized disclosure
C. Ensure systems are not susceptible to unauthorized changes
D. Secure data to prevent unauthorized disclosure
C. The administrator should ensure systems are not susceptible to unauthorized changes, an element of integrity. A security program should address the three core security principles of confidentiality, integrity, and availability. Protecting data and securing data to prevent unauthorized disclosure addresses confidentiality. Ensuring critical systems provide uninterrupted service addresses availability.
You need to transmit PII via email and you want to maintain its confidentiality. Of the following choices, what is the best solution?
A. Use hashes
B. Encrypt it before sending
C. Protect it with a digital signature
D. Use RAID
C. You can maintain confidentiality of any data, including Personally Identifiable Information (PII) with encryption. Hashes provide integrity, not confidentiality. A digital signature provides authentication, non - repudiation, and integrity. A redundant array of inexpensive disk (RAID) provides higher availability for a disk subsystem.
Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing?
B. She is pursuing integrity by verifying the configuration files have not changed. By verifying that the hashes are the same, she also verifies that the configuration files are the same. Confidentiality is enforced with encryption, access controls, and stenography. Availability ensures systems are up and operational when needed. Safety goals help ensure the safety of personnel and/or other assets.
An organization wants to provide protection against malware attacks. Administrators installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle?
A. Implicit deny
B. Layered security
C. Least privilege
D. Flood guard
B. Layered security (or defense in depth) implements multiple controls to provide several layers of protection. In this case, the antivirus software provides one layer of protection while the firewall and the intrusion detection system (IDS) provides additional layers. Implicit deny blocks access unless it has been explicitly allowed. Least privilege ensures that users are granted only the access they need to perform their jobs, and no more. A flood guard attempts to block SYN flood attacks.
Homer called into the help desk and says he forgot his password. Which of the following choices is the BEST choice for what the help-desk professional should do?
A. Verify the user's account exists
B. Look up the user's password and tell the user what it is
C. Disable the user's account
D. Reset the password and configure the password to expire after the first use
D. In this scenario, it's best to create a temporary password that expires after first use, which forces the user to create a new password. It's not necessary to verify the user's account exist but the help-desk personnel should verify the identity of the user. Passwords should not be available in such a way that allows help-desk professionals to look them up. It is not necessary to disable a user account to rest the password.
Which type of authentication does a hardware token provide?
C. Strong password
D. One-time password
D. A hardware token (such as an RSA token) uses a one-time password for authentication in the something you have factor of authentication. Biometric methods are in the something you are a factor of authentication, such as a fingerprint. A PIN and a password are both in the something you know factor of authentication and do not require a hardware token.
Which type of authentication is a retina scanner?
C. A retina scan is a biometric method of authentication in the something you are factor of authentication. You need to combine two or more factors of authentication for dual-factor and multifactor authentications. A time-based, one-time password (TOTP) is a protocol used to create passwords the expire after 30 seconds.
Users are required to log on to their computers with a smart card and a PIN. Which of the following best describes this?
A. Single-factor authentication
B. Multifactor authentication
C. Mutual authentication
B. User authenticate with two factors of authentication in this scenario, which is multifactor authentication or dual-factor authentication. The smart card is in the something you have factor authentication, and the PIN is in the something you know factor of authentication. They are using more than a single factor. Mutual authentication is when both entities in the authentication process authenticate with each other, but does not apply in this situation. A time-based, one-time password (TOTP) is a protocol used to create passwords that expire after 30 seconds.
Your company recently began allowing workers to telecommute from home one or more days a week. However, your company doesn't currently have a remote access solution. They want to implement an AAA solution that supports different vendor. Which of the following is the BEST choice?
B. Remote Authentication Dial-In User Service (RADIUS) is an authentication , authorization, and accounting (AAA) protocol and is the best choice. TACACS+ is proprietary to Cisco, so it will not support different vendor solutions. Diameter is preferable to RADIUS, but there is no such thing as a Circumference protocol. SAML is an SSO solution used with web-based applications.
Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials. They can access other systems in the organization without logging on again. What does this describe?
A. Same sign-on
C. Single sign-on
C. This describes a single-sign on (SSO) solution in which users only have to log in once. Same sign-on indicates users can access multiple systems using the same credentials, but they still have to enter their credentials again each time they access a new resource. Security Assertion Markup Language (SAML) is an SSO solution used for web-based applications, but not all SSO solutions are using SAML. Biometrics is a method of authentication, such as a fingerprint, but is not a SSO solution.
Your organization issues users a variety of different mobile devices. However, management wants to reduce potential data losses if the devices are lost or stolen. Which of the following is the BEST technical control to achieve this goal?
A. Cable locks
B. Risk assessment
C. Disk encryption
D. Hardening the systems
C. Disk encryption is a strong technical control that can mitigate potential data losses if mobile devices a re lost or stolen. Cable locks are preventive controls that can prevent theft of mobile devices such as laptops, but they do not protect the data after the device is stolen. A risk assessment is a management control. Hardening systems helps make them more secure than their default configuration, but doesn't necessarily protect data after the device is lost.
Your primary job activities include monitoring security logs, analyzing trend reports, and installing CCTV systems. Which of the following choices BEST identifies your responsibilities? (Select TWO)
A. Hardening systems
B. Detecting security incidents
C. Preventing incidents
D. Implementing monitoring controls
B, D. Monitoring security logs and analyzing trend reports are detective controls with the goal of detecting security incidents. Installing closed-circuit television (CCTV) systems is one example of implementing a monitoring control. Hardening a system is a preventive control that includes several steps such as disabling unnecessary services, but the scenario doesn't describe these steps. Preventive controls attempt to prevent incidents, but this scenario describes detective controls.
A security professional has reported an increase in the number of tailgating violations into a secure data center. What can prevent this?
C. Proximity card
D. Cipher lock
B. A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating. CCTV provides video surveillance and it can record unauthorized entry, but it cannot prevent it. A proximity card is useful as an access control mechanism, but it will not prevent tailgating, so it is not as useful as a mantrap. A cipher lock is a door access control, but it cannot prevent tailgating.
You are redesigning you password policy. You want to ensure that users change their passwords regularly, but they are unable to ruse passwords. What setting should you configure? (Select THREE)
A. Maximum password age
B. Password length
C. Password history
D. Password complexity
E. Minimum password age
A, C, E. The password age ensures the users change their passwords regularly. The password history records previously used passwords (such as the last 24 passwords) to prevent users from reusing the same passwords. The minimum password age prevents the user from changing their password repeatedly to get back to their original password and should be used with the password history setting. Password length requires a minimum number of characters in a password. Password complexity requires a mix of uppercase and lowercase letter, numbers, and special characters.
An outside security auditor recently completed an in-depth security audit on your network. One of he issues he reported was related to passwords. Specifically, he found the following passwords used on the network: P@$$, 1@W2, and G&bT3. What should be changed to avoid the problem shown with these passwords?
A. Password complexity
B. Password length
C. Password history
D. Password reuse
B. The password policy should be changed to increase the minimum password length of passwords. These passwords are only four and five characters long, which is too short to provide adequate security. They are complex because the include a mixture of at least three of the following character types: uppercase letters, lowercase letters, numbers, and special characters. Password history and password reuse should be addressed if users are reusing the same passwords, but the scenario does not indicate that this is a problem.
A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. What is the BEST response to this situation?
A. Remove the account expiration from the accounts.
B. Delete the accounts
C. Reset the accounts
D. Disable the accounts
D. The best response is to disable the accounts and then enable them when needed by the contractors. Ideally, the accounts would include an expiration date so that they would automatically expire when no longer needed, but the scenario doesn't indicate the accounts have an expiration date. Because the contractors need to access the accounts periodically, it's better to disable them rather than deleting them. Resetting the accounts implies you are changing the password, but this is not needed.
Your organization routinely hires contractors to assist with different projects. Administrators are rarely notified when a project ends and a contractor leaves. Which of the following is the BEST choice to ensure that contractors cannot log on with heir account after they leave?
A. Enable account expiration
B. Enable an account enablement policy
C. Enable an account recovery policy
D. Enable generic accounts
A. The best choice is to enable account expiration so that the contractors accounts are automatically disabled at the end of their projected contract time period. If contracts are extended, it's easy to enable the account and rest the account expiration date. Account disablement policies help ensure that any user accounts (not just contractors) are disabled when the user leaves the organization, but an account enablement policy isn't a valid term. An account recovery policy allows administrators to recover accounts and associated security keys for ex-employees. It's best to prohibit the use of generic accounts (such as Guest accounts), so enabling generic accounts is not recommended.
Developers are planning to develop an application using role-based control. Which of the following would they MOST likely include in their planning?
A. A listing of labels reflecting classification level
B. A requirements list identifying need to know
C. A listing of owners
D. A matrix of functions matched with their required privileges
D. A matrix of functions, roles, or job titles matched with the required access privileges for each of the functions, roles, or job titles is a common planning document for a role-based access control model. The mandatory access control (MAC) model uses sensitivity labels and classifications levels. MAC is effective at restricting access based on a need to know. The discretionary access control model specifies that every object has an owner and it might identify owners in an list.
An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?
B. The mandatory access control (MAC) model uses labels assigned at different levels to restrict access. The discretionary access control (DAC) model assigns permissions based on object ownership. The role-based access control (role-BAC) model uses group-based privileges. The rule-based access control (rule-BAC) model uses rules that trigger in response to events.
Your organization's security policy requires that PII data at rest and PII data in transit be encrypted. Of the following choices, what would the organization use to achieve these objectives? (Select TWO)
B, D. You can use Secure Shell (SSH) to encrypt Personally Identifiable Information (PII) data when transmitting it over the network (data in transit). While Pretty Good Privacy (PGP)/GNU Privacy Gaurd (GPG is primarily used to encrypt email, it can be used to encrypt data at rest. File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.
Malware that can reproduce itself, reproduce through the file system or network, and may or may not cause problems
Program, Boot sector, Script, Macro Viruses
Self replicate and does not need you to do anything to infect the system. Worms can take over the system very quickly
Wannacry worm: Starts with infected computer, finds vulnerable system (SMB version 1 for example), then installs and runs software and embeds itself. This installs a Backdoor, and the process repeats. Ransomware.
The bad guys want your money. You data suddenly becomes encrypted. Often times, it is not real, but is still serious.
Malware encrypts your data files until you provide an X amount of money. Encrypts most except for the Operating System. Uses public key cryptography.
Protecting against ransomware
Keep offline backups, keep an up to date OS, keep an updated anti-virus software
YOU MIGHT ALSO LIKE...
Authentication and Authorization
Chapter 1 Practice Questions Mastering the Basics…
Comptia Security+ - Chapter 1 Quiz -Mastering Secu…
Comptia Security+ - Chapter 1 Quiz -Mastering Secu…