CompTIA Security Certification
Question No: 261 – (Topic 2)
The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?
Application firewall review
Application change management
Application patch management
Answer: C Explanation:
Change management is the structured approach that is followed to secure a company’s assets. Promoting code to application on a SMZ web server would be change management.
Question No: 262 – (Topic 2)
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Answer: A Explanation:
Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.
Question No: 263 – (Topic 2)
Which of the following technologies uses multiple devices to share work?
Answer: B Explanation:
Load balancing is a way of providing high availability by splitting the workload across multiple computers.
Question No: 264 – (Topic 2)
Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).
Scanning printing of documents.
Scanning of outbound IM (Instance Messaging).
Scanning copying of documents to USB.
Scanning of SharePoint document library.
Scanning of shared drives.
Scanning of HTTP user traffic.
Answer: B,F Explanation:
DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy.
Question No: 265 – (Topic 2)
Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
Answer: D Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud.
Question No: 266 DRAG DROP – (Topic 2)
A Security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and Drop the applicable controls to each asset type.
Instructions: Controls can be used multiple times and not all placeholders needs to be filled. When you have completed the simulation, Please select Done to submit.
Cable locks are used as a hardware lock mechanism – thus best used on a Data Center Terminal Server.
Network monitors are also known as sniffers – thus best used on a Data Center Terminal Server.
Install antivirus software. Antivirus software should be installed and definitions kept current on all hosts. Antivirus software should run on the server as well as on every workstation. In addition to active monitoring of incoming fi les, scans should be conducted regularly to catch any infections that have slipped through- thus best used on a Data Center Terminal Server.
Proximity readers are used as part of physical barriers which makes it more appropriate to use on a center’s entrance to protect the terminal server.
Mentor app is an Apple application used for personal development and is best used on a mobile device such as a smart phone.
Remote wipe is an application that can be used on devices that are stolen to keep data safe. It is basically a command to a phone that will remotely clear the data on that phone. This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to another user.
Should a device be stolen, GPS (Global Positioning System) tracking can be used to identify its location and allow authorities to find it – thus best used on a smart phone. Screen Lock is where the display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access the system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called lockout – thus best used on a smart phone.
Strong Password since passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values – thus best use strong passwords on a smartphone as it can be stolen more easily than a terminal server in a data center.
Device Encryption- Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords. It is recommended to you use Trusted Platform Module (TPM) for all mobile devices where possible.
Use pop-up blockers. Not only are pop-ups irritating, but they are also a security threat. Pop-ups (including pop-unders) represent unwanted programs running on the system, and they can jeopardize the system’s well-being. This will be more effective on a mobile device rather than a terminal server.
Use host-based firewalls. A firewall is the first line of defense against attackers and malware. Almost every current operating system includes a firewall, and most are turned on by Default- thus best used on a Data Center Terminal Server.
Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex,
Question No: 267 – (Topic 2)
Key elements of a business impact analysis should include which of the following tasks?
Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
Answer: D Explanation:
The key components of a Business impact analysis (BIA) include: Identifying Critical Functions
Prioritizing Critical Business Functions Calculating a Timeframe for Critical Systems Loss
Estimating the Tangible and Intangible Impact on the Organization
Question No: 268 – (Topic 2)
Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?
Acceptable Use Policy
Human Resource Policy
Answer: A Explanation:
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.
Question No: 269 – (Topic 2)
Which of the following is the process in which a law enforcement officer or a government
agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
Answer: B Explanation:
Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. Entrapment is a valid legal defense in a criminal prosecution.
Question No: 270 – (Topic 2)
A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
Systems should be restored within six hours and no later than two days after the incident.
Systems should be restored within two days and should remain operational for at least six hours.
Systems should be restored within six hours with a minimum of two days worth of data.
Systems should be restored within two days with a minimum of six hours worth of data.
Answer: C Explanation:
The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation. The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|