Services
Discover
Homeschooling
Ask a Question
Log in
Sign up
Filters
Done
Question type:
Essay
Multiple Choice
Short Answer
True False
Matching
Topic
Certification
Study Set
Computing Technology Industry Association (CompTIA)
Exam 15: CompTIA Security+
Path 4
Access For Free
Share
All types
Filters
Study Flashcards
Practice Exam
Learn
Question 21
Multiple Choice
A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements: All access must be correlated to a user account. All user accounts must be assigned to a single individual. User access to the PHI data must be recorded. Anomalies in PHI data access must be reported. Logs and records cannot be deleted or modified. Which of the following should the administrator implement to meet the above requirements? (Choose three.)
Question 22
Multiple Choice
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?
Question 23
Multiple Choice
A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe?
Question 24
Multiple Choice
A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two.)
Question 25
Multiple Choice
When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?
Question 26
Multiple Choice
A company has a data classification system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question 27
Multiple Choice
An organization's internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organization's ERP system to determine how the accounts payable module has been used to make these vendor payments. The IT security department finds the following security configuration for the accounts payable module: New Vendor Entry - Required Role: Accounts Payable Clerk New Vendor Approval - Required Role: Accounts Payable Clerk Vendor Payment Entry - Required Role: Accounts Payable Clerk Vendor Payment Approval - Required Role: Accounts Payable Manager Which of the following changes to the security configuration of the accounts payable module would BEST mitigate the risk?
Question 28
Multiple Choice
A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation?
Question 29
Multiple Choice
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone. Joe's colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Choose two.)
Question 30
Multiple Choice
Which of the following encryption methods does PKI typically use to securely protect keys?
Question 31
Multiple Choice
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?