Published - Fri, 03 Mar 2023
ComptiA Security+ Certification Exam Questions and answer - Part 16
1. After a security incident,management is meeting with involved employees to document the incident and its aftermath. Which of the following BEST describes this phase of the incident response process?
A) Preparation
B) Recovery
C) Identification
D) Lessons learned
2. A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices,and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again?
A) Have all members of the IT department review and sign the AUP and disciplinary policies
B) Restrict access to the share where the report resides to only human resources employees and enable auditing
C) Implement a DLP solution and classify the report as confidential,restricting access only to human resources staff
D) Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department
3. A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic - s -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this?
A) Containment phase
B) CSIRT
C) Tabletop exercise
D) Escalation notifications
4. A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?
A) Application hardening
B) Disable removable media
C) Anti-malware
D) Whitelisting
E) Blacklisting
5. An administrator is implementing a secure web server and wants to ensure that if the web server application is compromised,the application does not have access to other parts of the server or network. Which of the following should the administrator implement? (Choose two.)(Select 2answers)
A) Attribute-based access control
B) Rule-based access control
C) Mandatory access control
D) Discretionary access control
E) Role-based access control
A) Preparation
B) Recovery
C) Identification
D) Lessons learned
2. A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices,and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again?
A) Have all members of the IT department review and sign the AUP and disciplinary policies
B) Restrict access to the share where the report resides to only human resources employees and enable auditing
C) Implement a DLP solution and classify the report as confidential,restricting access only to human resources staff
D) Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department
3. A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic - s -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this?
A) Containment phase
B) CSIRT
C) Tabletop exercise
D) Escalation notifications
4. A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?
A) Application hardening
B) Disable removable media
C) Anti-malware
D) Whitelisting
E) Blacklisting
5. An administrator is implementing a secure web server and wants to ensure that if the web server application is compromised,the application does not have access to other parts of the server or network. Which of the following should the administrator implement? (Choose two.)(Select 2answers)
A) Attribute-based access control
B) Rule-based access control
C) Mandatory access control
D) Discretionary access control
E) Role-based access control
1. Right Answer: D
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: E
Explanation:
5. Right Answer: B,C
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation:
4. Right Answer: E
Explanation:
5. Right Answer: B,C
Explanation:
Created by
Comments (0)
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review