CompTIA Security+ (Sy0-301) Practice Exam

All sensitive documents need to be sent through a shredder before the paper is disposed of. All the other answers are incorrect because they do not protect the sensitive information from falling into other people’s hands.

Tailgating or piggybacking is the term we use in the security field for someone who enters a locked door behind you after it is opened by an authorized person. Be sure to educate employees on tailgating!

When working with mobile devices, ensure that employees password protect the device so that if it is lost or stolen, the data on the device is not easily accessible. You will need to run a mobile OS on the phone, and features like texting and e-mail are popular features that will most likely be used by the employee, so they cannot be disabled.

A keylogger in this case is a hardware device connected between the keyboard and the computer which is designed to capture the keystrokes of a user. Keyloggers can also be software based. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A rootkit is a back door planted on the system, which gives the hacker administrative access to the system. A logic bomb is malicious software that is triggered by an event such as a specific date.

When dealing with mobile device security it is important to educate employees on how to remotely wipe a device or to report the lost device at once so that the network administrator can remotely wipe the device.

One of the major concerns with thumb drive usage is the fact that a worm virus can replicate to the thumb drive, and then the drive could be connected to a corporate system. Thumb drives do have large capacities—enough to store the typical user’s data—and are not too large to carry around. Data on a thumb drive can—and should—be encrypted.

A denial of service attack involves the hacker causing a system to not perform its job role by overburdening the system with traffic. The DoS attack could cause the system to crash or slow the system down.

Biometrics is using a characteristic of yourself to authenticate to a system. Popular examples of biometrics are fingerprint reading, retina scanning, and voice recognition.

You will want to verify with management before they head into the meeting what your responsibilities are, and they will typically inform you of what corporate policy is surrounding the termination of employment, but typically you want to disable the account while notice is given to the employee so that when the employee comes out of the meeting, they cannot access company assets and do any damage.

The key point here is to educate the user on company policy regarding the use of P2P software with company assets. Explain to the user the risks associated with downloading content from untrusted sources, and explain that P2P software is where a lot of viruses come from.

The password policy contains the password requirements that need to be enforced on the network servers. The VPN policy contains details on the approved VPN solution and what the requirements are for employees to be able to VPN into the network from a remote location. The acceptable use policy (AUP) contains the rules for proper computer, Internet e-mail, and device usage within the company. The secure disposal of computers policy contains the rules governing how to get rid of old computers and equipment and requires that all confidential data is securely removed from the device or computer.

To protect small computer equipment such as LCD displays, projectors, and laptops from being easily stolen, use a lockdown cable to secure the equipment to a desk. In this example you are looking for a physical security control such as a lockdown cable. Although drive encryption and disabling booting from a CD/DVD are great steps to improve security, they will not stop someone from stealing the device. Such choices may protect the data on the device, but won’t prevent the device from being stolen. Logging off a station will not protect the system at all without physical security.

Having the person that writes the check being different than the person who signs the
check is an example of separation of duties.

It is critical after installing antivirus software that you ensure the virus definitions are up-to-date. Most virus protection software can schedule the updating of virus definitions. Personal firewalls have nothing to do with maintaining the antivirus software, and you should not disable the automatic updates of virus definitions; you should enable them. You also should not disable real-time protection because it scans files as they are accessed.

User awareness and training is the only way to protect against social engineering attacks. Technology solutions such as firewalls, antivirus software, and physical security will always help a little, but to truly protect against social engineering attacks, you need to educate the users so they are aware of security best practices.

One of the ways to control tailgating in highly secure environments is to use a mantrap—an area between two locked doors where one door does not open until the first door is closed. Solutions such as mantraps or revolving doors are great solutions but they cost money. A cheap solution in low secure environments is to educate the employees on tailgating and to not open the door if someone is hanging around the entrance.

Spoofing is when someone alters the source address of a message. IP spoofing is the altering of the source IP address, MAC spoofing is when the hacker alters the source MAC address, and e-mail spoofing is when the hacker alters the source e-mail address of a message.

Developers must validate all data inputted into the application. The rest of the answers are incorrect because they all deal with ensuring the application is easy to use but have nothing to do with creating a secure application.

Rotation of duties is designed to hold people responsible for their actions by having
someone else take over the position at a later time. Someone holding this position will not be
likely to perform fraudulent activities knowing that someone else will detect that activity once
placed in the position.

A botnet is a number of systems that the hacker has control of and uses in attacks such as spamming or denial of service attacks.

Availability is ensuring that the company asset, such as a server and its data, is available at all times. You can help offer availability by using RAID, server clusters, or performing regular backups.

A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A logic bomb is malicious software that is triggered by an event such as a specific date. Spyware is malicious software that monitors your Internet activity, and a worm virus self-replicates.

The secure disposal of computers policy contains the rules surrounding what to do with equipment that is no longer needed in the company. The policy should state that all hard drives have to be physically destroyed before passing the computers on, so that you can ensure that no confidential data can be retrieved from the system.

A mantrap is an area between two locked doors. The second door cannot be opened until the first door is locked, which helps employees entering the facility notice anyone who may try to enter along with them.

Information within the company is assigned a data classification label, while the employees are then given a clearance level. For example, a document may be assigned the top secret classification label so that for an employee to gain access to the information, they must have the top secret clearance level.

Privilege escalation is when someone raises their permissions or rights from user level to administrative level. This is normally done by exploiting the operating system or software running on the operating system. Dictionary and brute-force are types of password attacks and do not involve raising someone’s level of access to a system. A buffer overflow is a type of attack against software that aids in privilege escalation.

Whaling is the term for targeting the phishing attack to “the big fish” in the company. With a whaling attack the e-mail message is typically personalized by using the name of that individual. Phishing is sending a generic e-mail to a mass group of people in hopes that someone clicks the link that goes to the fake web site. Pharming is modifying DNS or the hosts file to lead people to the wrong site. Spim is spamming (sending unsolicited e-mails) through instant messenger applications.

A buffer overflow attack is when the hacker sends too much data to an application, causing the data to get stored beyond the buffer area. If the hacker can access the area beyond the buffer, they can run whatever code they want, which typically results in them gaining administrative access to the system.

You should ensure that you are locking the screen and encrypting data on the mobile device to protect it from unauthorized access. You should have a password enabled instead of disabled, and never disable emergency calling, so that if the phone is locked, you can still call 911. Bluetooth should be disabled if not used, but most people use Bluetooth for wireless headsets.

To maintain a high level of security on your systems, disable booting from CD/DVD or even change the boot order so that the hard drive always boots before the CD/DVD. Removing the CD/DVD is not a great answer as it means that the user will not have a CD-ROM/DVD-ROM device. Implementing a strong password on the administrative account and having an account lockout policy are not good choices either because they will be bypassed when a live CD is used.

System hardening involves disabling unnecessary services and uninstalling unnecessary software from the system. System hardening also involves disabling unused accounts and patching the system. The rest of the answers are incorrect because they are all network hardening techniques and not system hardening techniques. MAC filtering controls which systems can send data to other
systems, port security controls which systems can connect to a port by MAC address, and 802.1x controls who has access to a wired or wireless network by using a central authentication server.

A very important principle of security is the concept of least privilege. Least privilege is
the principle that you should always give only the minimum level of permissions or rights to an
individual.

A logic bomb is malicious software that is triggered by an event such as a specific date. A Trojan virus is a virus that disguises itself as a legitimate program and then when installed opens the system up to the hacker—normally by opening a port on the system. A worm virus is a self-replicating virus, and a rootkit is a back door planted on the system, which gives the hacker administrative access to the system.

A white-hat hacker learns hacking techniques to learn how to defend against a
malicious hacker.
The other options are incorrect for the following reasons:
A black-hat hacker is someone who hacks for financial gain
or malicious reasons. A gray-hat hacker is someone who learns of a vulnerability and then
publishes it to the world. There is no such thing as a yellow-hat hacker.

The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. Job rotation is a security principle that requires employees to rotate through job positions on a regular basis in order to detect any improper activities. Separation of duties is a security principle that involves dividing a job into multiple tasks with each task being performed by a different employee. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company.

Cross-site scripting involves the hacker inputting data into a web site that contains script code that will execute when the page is viewed by another visitor. ActiveX and Java applets are programming components that are used by applications such as a web site, and a macros virus is a virus written with a macros language that comes with software.

Proxy servers are used to control outbound Internet access by filtering web sites users can surf and applications they can use.

One of the benefits of virtualization is that you need to implement physical security controls on fewer systems because less hardware is used as a result of virtualization. You will need to patch and virus protect the host operating system and each of the virtual machines. Encryption may still be needed based on any drives you would like to maintain confidentiality on.

When you harden the system by uninstalling unneeded software and disable unnecessary services, you are reducing the attack surface of the system.

If the NAS device is hit with a virus or is hacked into, then the security incident may apply to all files in the company if all data is stored on the NAS device. Great care should be taken with the configuration of the NAS device. Most NAS devices run SMB and NFS protocols in order for clients to connect to the data and are not considered security concerns. The NAS device also has a web interface device to use to make the configuration changes to the device.

Implementing the security principle known as job rotation is a great way to detect fraudulent activities performed by employees. The concept of least privilege is to ensure you give only the minimal permissions or rights needed to perform a task. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. Disabling the user account and access cards will not help you detect fraudulent activity—you need someone to take over the job role for a while in hopes they will discover improper activity by the previous employee.

A load balancer can be used to split the workload between multiple systems, in this case multiple web servers. Load balancing is a common solution for optimizing performance on web sites or even mail servers.

A kernel-level rootkit replaces core operating system files such as a driver file in hopes of hiding itself. A library-level rootkit is a DLL that is replaced on the system, while an application-level rootkit comes in the form of an EXE file and is planted on the system. A virtualized rootkit loads as soon as a computer boots up and then loads the real operating system.

Personal Identifiable Information (PII) is unique information about a person that
should be protected at all times and kept confidential.

Before authorization can occur each individual must first be authenticated to the system or network. Authentication is the proving of your identity by typically using a password (authentication) to go with the username (identification).

The firewall policy contains the detailed information needed to know what the company’s approved firewall configuration is. The acceptable use policy (AUP) contains the rules for proper computer, Internet, e-mail, and device usage within the company. The hiring policy contains rules surrounding the process for HR to follow when hiring a new employee. The VPN policy
contains details on the approved VPN solution and what the requirements are for employees to
be able to VPN into the network from a remote location.

A personal firewall should be used anytime a system is going to be connected to an untrusted network. The other answers are incorrect because they do not represent recommendations to implement regarding the security of Jim’s laptop.

Hot-fix is the term used for an update to a piece of software that should be applied immediately. A patch is a fix to a software error that does not necessarily need to be applied immediately. A service pack contains all the patches and hot-fixes since the previous service pack or release of the software. An update is a general term for applying patches to a system.

The security reason to implement mandatory vacation is so that while they are on vacation, you can hopefully detect improper activity performed by an employee. If the employee is always around, they will continue to avoid detection of their activity.

Confidentiality involves ensuring untrusted parties cannot view sensitive information. You typically implement confidentiality by encrypting data and communications or by setting permissions on the resource.