CompTIA Security+ 1 - 50
48. Of the following choices, what will store RSA keys? A. TPM and SSL B. TPM and HSM C. SSL and HSM D. CCMP and TKIP
B. (A Trusted Platform Module {TPM} and a hardware security module {HSM} are hardware devices that store RSA keys, provide encryption and decryption services, and can assist with user authentication. SSL uses RSA keys, also called asymmetric keys, but it is a protocol and does not store RSA keys. CCMP is an improved wireless encryption protocol used with WPA2, while TKIP is an older wireless protocol used with WPA, but neither store RSA keys. See chapter 5. )
49. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this? A. TPM B. HSM C. DLP D. IaaS
B. (A hardware security module {HSM} is a hardware device you can add to a server to provide encryption capabilities. A TPM is a chip embedded into a motherboard that also provides hardware encryption, but you can't easily add a TPM to an existing server. A DLP can reduce the risk of employees e-mailing confidential information outside the organization. Organizations use IaaS to rent access to hardware such as servers via the cloud to limit their hardware footprint and personnel costs. See chapter 5. )
18. A security professional observes employees regularly tailgating others into a secure datacenter. What can prevent this? A. CCTV B. Mantrap C. Proximity card D. Cipher lock
B. (A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating. CCTV provides video surveillance and it can record unauthorized entry, but it can't prevent it. A proximity card is useful as an access control mechanism, but it won't prevent tailgating, so it isn't as useful as a mantrap. A cipher lock is a door access control, but it can't prevent tailgating. See chapter 2. )
4. A user enters a username and a password and logs onto a system. What does this describe? A. Identification B. Authentication C. Authorization D. Availability
B. (Authentication occurs when an identity is verified. An entity claims an identity by presenting something like a username and proves the identity with an authentication mechanism such as a password. Authorization provides access to resources and occurs after authentication. Availability indicates that the system is up and operational when needed. See chapter 1. )
3. What does RAID-1 support? A. Authentication B. Availability C. Confidentiality D. Integrity
B. (Redundant Array of Inexpensive Disks 1 {RAID-1} uses two disks to create a mirror of each, and it provides availability through fault tolerance. If a single drive fails, the system can tolerate the fault and continue to operate. Authentication provides proof of a user's identity. Confidentiality ensures that data is only viewable by authorized users. Integrity provides assurances that data has not been modified. See chapters 1 and 8. )
31. Your network includes a device that examines network traffic and determines when the traffic is outside expected boundaries. What is this device? A. Anomaly-based HIDS B. Signature-based HIDS C. Anomaly-based NIDS D. Signature-based NIDS
C. (An anomaly-based, network-based intrusion detection system {NIDS} compares current activity with a previously created baseline to detect abnormal activity. HIDS systems only monitor individual systems, not the network. Signature-based IDSs use signatures similar to antivirus software. See chapter 4. )
21. You want to ensure that data remains in an encrypted format while it is transmitted over the Internet. Of the following choices, what can you use? {Choose all that apply.} A. SFTP, FTPS, TFTP, HTTPS, SSL, TLS B. SSH, SFTP, SSL, HTTP C. TLS, SSL, SSH, FTPS, SFTP, D. HTTPS, FTP, SSH, SSL
C. (Transport Layer Security {TLS}, Secure Sockets Layer {SSL}, Secure Shell {SSH}, File Transfer Protocol Secure {FTPS}, and Secure File Transfer Protocol {SFTP} can all encrypt data transmitted over the Internet. {Notice they all have an "S"? in them.} TFTP, HTTP, and FTP are all unencrypted. See chapter 3. )
13. Sally is required to review security logs and maintain three servers within a network. Instead of giving her full access to all network resources, she is granted access only to the security logs and the three servers. Which of the following choices best identifies what is being used? A. MAC B. DAC C. RBAC D. Least privilege
D. (The principle of least privilege is a technical control and ensures that users have only the rights and permissions needed to perform the job, and no more. MAC, DAC, and RBAC are access control models that include much more than just a single access control such as least privilege. See chapter 2. )
36. You are configuring a secure wireless network that will use WPA2. Management wants to use a more secure method than PSKs. Of the following choices, what will you need? A. 802.11n B. CCMP C. AES D. RADIUS
D. (WPA2 needs RADIUS to support WPA2 Enterprise mode. WPA2 personal mode uses a preshared key {PSK}, and since management does not want to use PSKs, the solution requires Enterprise mode. 802.11n is a wireless standard. CCMP and AES provide strong encryption. However, using 802.11n, CCMP, or AES does not prevent the use of PSKs. See chapter 4. )
38. You are planning to complete a wireless audit. What should you check? {Choose all that apply.} A. Antenna placement B. Power levels C. Footprint D. Encryption E. Flood guards
A, B, C, D. (A wireless audit can check antenna placement, WAP power levels, WAP footprint, and encryption techniques. It also looks for rogue access points and unauthorized users, which are not listed in the answers. Flood guards can help prevent SYN flood attacks. See chapter 4. )
41. Of the following choices, what can you do to protect a system from malicious software? {Choose two.} A. Disable unused services B. Disable the host-based firewall C. Keep a system up-to-date with current patches D. Install malware
A, C. (You can protect a system from malicious software by disabling unused services and keeping a system up-to-date. Enabling the firewall, not disabling it, provides protection against attacks. Installing antivirus or anti-malware software, not installing malware, protects a system. See chapters 5 and 6. )
42. An administrator is upgrading an application on a server. What would the administrator update when complete? A. Baseline B. The IaaS plan C. The HVAC system D. The hard drive hash
A. (A configuration baseline documents the configuration of a system and should be updated after modifying a system, such as after upgrading new software or installing a service pack. IaaS is a cloud-based technology that allows an organization to reduce its hardware footprint by outsourcing equipment requirements. HVAC provides heating and cooling, but doesn't need to be updated after upgrading an application. Incident response procedures use a hard drive hash to identify evidence tampering. See chapter 5. )
20. An employee has left the company to go back to school. Which of the following is considered a security best practice in this situation? A. Disable the account B. Set the account to expire in sixty days C. Set the password to expire D. Since the employee left on good terms, nothing needs to be done
A. (An account disablement policy would ensure that a terminated employee's account is disabled to revoke the employee's access. Setting an account to expire is useful for a temporary account, but in this situation, it would leave the account available for anyone to use for the next sixty days instead of immediately disabling it. Expiring the password forces the user to change the password at the next logon. It doesn't matter why employees leave a company; if they are no longer employed, the account should be disabled. See chapter 2. )
5. Your organization has configured an account policy that locks out a user accounts for thirty minutes if they enter the wrong password five times. What is this policy? A. Account lockout policy B. Account disablement policy C. Account continuance policy D. Password policy
A. (An account lockout policy will force an account to be locked out after the wrong password is entered a set number of times {such as after five failed attempts}. An account disablement policy specifies that accounts are disabled when no longer needed, such as after an employee leaves the company. There is no such thing as an account continuance policy. A password policy ensures strong passwords are used and users change their password regularly. See chapter 1. )
37. You have discovered a counterfeit wireless station using the same SSID as your wireless network. What best describes this? A. Evil twin B. IV attack C. War driving D. Rogue access point
A. (An evil twin is a rogue {or counterfeit} access point with the same SSID as an authorized access point. An IV attack attempts to discover encryption keys to crack WEP. War driving is the practice of driving around looking for access points. A rogue access point is an unauthorized wireless station, but if it has the same SSID, it's best described as an evil twin. See chapter 4. )
1. You want to ensure that data can only be viewed by authorized users. What provides this assurance? A. Confidentiality B. Integrity C. Availability D. Authentication
A. (Confidentiality prevents unauthorized disclosure and is enforced with access controls and encryption. Integrity provides assurances that data has not been modified and is enforced with hashing. Availability ensures systems are up and operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are who they claim to be. See chapter 1. )
47. Sally stores a list of her passwords in a file on her computer's local hard drive. What can protect this data if her computer is lost or stolen? A. File level encryption B. DLP C. GPS D. Permissions
A. (File level encryption can protect a single file against loss of confidentiality if a computer is lost or stolen. A DLP system can examine and analyze data to detect sensitive or confidential data. A GPS can help locate a lost or stolen computer but won't protect the individual file. Permissions provide a level of protection but can be bypassed if a computer is lost or stolen. See chapter 5. )
40. What type of control is MAC filtering? A. Network access control B. Physical control C. Detective control D. Management control
A. (MAC filtering is a form of network access control {NAC}. A physical control restricts physical access to buildings and hardware devices. A detective control such as a security audit detects when a vulnerability has been exploited. Management controls are primarily administrative in function, such as risk assessments or vulnerability assessments. See chapter 4. )
16. You want to increase physical security for your server room. Which of the following provides the best protection? A. Limit access to only a single well-protected entrance B. Ensure that the server room has one door for entrance and one door for exit C. Ensure that access to the server is limited to only management D. Remove all physical access to the server room
A. (One of the best examples of physical security for a server room is to ensure that access is limited to only a single well-protected entrance. Two doors {one for entrance and one for exit} requires security at both doors, and it is difficult to ensure that each is only used for an entrance or exit. More than one entrance and exit makes it harder to monitor access. Administrators need physical access to a server room, but management typically does not need physical access. See chapter 2. )
45. Of the following choices, what indicates the best choice to verify software changes on a system? A. Patch management B. A patch management policy C. Standardized images D. Performance baseline
A. (Patch management includes testing and deploying patches and verifying the software changes made by the patches. A patch management policy defines the patch management process, including a timeline for installing patches. Standardized images provide a secure baseline and include mandatory security configurations, and a performance baseline documents a system's performance. You can compare current systems with standardized images and performance baselines to identify differences, but just an image or a baseline will not verify the changes. See chapter 5. )
15. What is the difference between rule-based and role-based access control? A. Rule-based access control is based on a set of approved instructions while role-based is based on job function B. Rule-based access control is based on job function while role-based is based on a set of approved instructions C. Rule-based access control uses labels to identify subjects and objects while role-based requires every object to have an owner D. They are both the same, and known as RBAC
A. (Rule-based access control {RBAC} is based on a set of approved instructions configured as rules, while role-based uses roles {or groups} based on job functions. MAC uses labels to identify subjects and objects and DAC requires every object to have an owner. While both rule-based and role-based access controls share the same acronym {RBAC}, they are not the same. See chapter 2. )
23. What port does SCP use? A. 22 B. 23 C. 25 D. 80
A. (Secure Copy {SCP} uses port 22, as do other protocols encrypted with Secure Shell {SSH}, such as Secure File Transfer Protocol {SFTP}. Telnet uses port 23. SMTP uses port 25. HTTP uses port 80. See chapter 3. )
39. Your organization wants to provide secure remote access to the internal network to over two hundred employees that are regularly on the road. What would they use? A. VPN concentrator B. Health agents C. Web application firewall D. Honeypot
A. (VPN concentrators provide strong security and support large numbers of VPN clients. Health agents are required for network access control {NAC} solutions, but not required for all remote access solutions. A web application firewall {WAF} is a firewall specifically designed to protect a web application, such as a web server, and not required for remote access. A honeypot is a server designed to look valuable to an attacker, can divert attacks, and can help organizations identify the latest unknown attacks. See chapter 4. )
34. Attackers have launched multiple attacks against your network in recent weeks. While administrators have taken action to reduce the impact of the attacks, management wants to prevent these attacks. What can prevent ongoing network-based attacks? A. NIDS B. NIPS C. HIDS D. HIPS
B. (A network-based intrusion prevention system {NIPS} can detect and prevent ongoing network-based attacks. In contrast, a NIDS would only detect the activity, and this is likely what is alerting administrators to the attacks now. Host-based IDSs and IPSs detect malicious activity only on a host, not a network. See chapter 4. )
6. Which of the following supports the use of one-time passwords? A. Proximity card B. Tokens C. CAC D. PIV
B. (A token {such as an RSA token} provides a rolling password for one-time use. A proximity card is something you have {or something a user has} as a factor of authentication, but it doesn't use one-time passwords. A CAC and a PIV are both specialized types of smart cards that include photo identification. See chapter 1. )
27. Your organization has configured switches so that only devices with specific MAC addresses can connect to specific ports on the switches. The switch prevents any other devices from connecting. What is this? A. Content filtering B. Port security C. Load balancing D. Proxy caching
B. (A version of port security maps specific end-device MAC addresses to specific ports on the switch and prevents any other devices from connecting. Web security gateways and all-in-one security appliances provide content filtering. A load balancer optimizes and distributes data loads across multiple computers or multiple networks. A proxy server provides content filtering and caching. See chapter 3. )
2. A database administrator has just completed an update to a database using a script. Unfortunately, the script had an error and wrote incorrect data throughout the database. What has been lost? A. Confidentiality B. Integrity C. Availability D. Authentication
B. (If an unauthorized or unintended change occurs to data, the data has lost integrity. Confidentiality prevents unauthorized disclosure and is enforced with access controls and encryption. Availability ensures systems are up and operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are who they claim to be. See chapter 1. )
12. What is a primary difference between TACACS and TACACS+? A. TACACS can use either TCP or UDP ports 514 while TACACS+ uses only TCP port 514 B. TACACS can use either TCP or UDP ports 49 while TACACS+ uses only TCP port 49 C. TACACS+ can use either TCP or UDP ports 49 while TACACS uses only TCP port 49 A. TACACS+ can use either TCP or UDP ports 514 while TACACS uses only TCP port 514
B. (TACACS can use either TCP or UDP ports 49, while TACACS+ uses only TCP port 49. Port 514 is used for the UNIX-based syslog. See chapter 1. )
22. You want to configure traps on devices in your network. What would you use? A. A load balancer B. SNMP C. Default gateways D. SCP
B. (The Simple Network Management Protocol {SNMP} uses device traps to send notifications, and it can monitor and manage network devices, such as routers or switches. A load balancer can optimize and distribute data workloads across multiple computers. A default gateway is an IP address on a router, and it provides a path to another network. SCP is based on SSH and copies files over a network in an encrypted format. See chapter 3. )
9. Which of the following choices is an example of authentication based on something you have and something you are? A. A username, password, and PIN B. A token and a fingerprint scan C. A token and a password D. A PIN and a fingerprint scan
B. (Token-based authentication is based on something you have, and a fingerprint scan is based on something you are. A username, password, and PIN all fall in under the something you know factor of authentication. A token and password are something you have and something you know. A PIN and a fingerprint scan are something you know and something you are. See chapter 1. )
32. Attackers frequently attack your organization, and administrators want to learn more about zero day attacks on the network. What can they use? A. Anomaly-based HIDS B. Signature-based HIDS C. Honeypot D. Signature-based NIDS
C. (A honeypot is a server designed to look valuable to an attacker and can help administrators learn about zero day exploits, or previously unknown attacks. HIDS protects host-based attacks and wouldn't help with network-based attacks. Signature-based tools would not have a signature for zero day attack since the attack method is unknown by definition. See chapter 4. )
11. Dawn logged on using her work account at 6:45 a.m. into a Kerberos realm. She was able to access network resources throughout the day with no problem. A crisis kept her at work late. However, she found that at about 7:30 p.m., she was no longer able to access a server she accessed earlier. Another worker working on the evening shift accessed the server without any problem. What is the likely problem? A. The server is down B. Her certificate has expired C. Her ticket has expired D. The server's certificate has expired
C. (Kerberos uses time-stamped tickets, and they often have a lifetime of ten or twelve hours. If the ticket is expired, the user won't be able to use it anymore without logging off and back on. Since another user is accessing the server, it is not down. A Kerberos realm uses tickets, not certificates, and there is no indication that certificates are being used. See chapter 1. )
30. An organization wants to hide addresses it uses on its internal network. What can assist with this goal? A. MAC filtering B. NAC C. NAT D. DMZ
C. (Network Address Translation {NAT} translates public IP addresses to private, private IP addresses back to public, and hides addresses on the internal network. Port security and network access control use MAC filtering to limit access. Network access control can inspect clients for health prior to allowing network access. A DMZ provides access to services {hosted on servers} from the Internet while providing a layer of protection for the internal network. See chapter 3. )
14. An administrator wants to use user templates as a method of complying with the principle of least privilege. What access control model supports this process? A. Discretionary access control {DAC} B. Mandatory access control {MAC} C. Role-based access control {RBAC} D. Rule-based access control {RBAC}
C. (Role-based access control {RBAC} allows an administrator to create a user template, add the user template to one or more groups based on roles, and then assign rights and permissions to the groups. Any user accounts created with this template will automatically have these permissions. The DAC model specifies that every object has an owner, and Windows systems use the DAC model by default for NTFS files and folders. The MAC model uses sensitivity labels. Rule-based access control is based on a set of approved instructions. See chapter 2. )
19. An employee found a USB flash drive in the parking lot. What should the employee do with this? A. Look at the contents to determine the owner B. Destroy it C. Turn it into a security professional D. Take it home and insert it into a home computer
C. (The USB flash drive should be turned in to a security professional. It's risky to plug it in to look at the contents or take it home, since it could have malware. While it may be safe to destroy it, a security professional can plug it into an isolated system to determine its contents and the owner. See chapter 2. )
8. Of the following choices, what qualifies as two-factor authentication? A. Fingerprints from both of a user's hands B. Two passwords C. A smart card and a PIN D. A token and a smart card
C. (Two-factor authentication includes authentication from two of three factors {something you know, something you have, and something you are} and only a smart card {something you have} and a PIN {something you know} meet this requirement. Fingerprints from two hands use only biometrics {something you are}, two passwords are two instances of something you know, and a token and smart card represent two instances of something you have. See chapter 1. )
44. A virtual machine includes data on employees, including folders and files with payroll data. Management is concerned that an attacker can copy the virtual machine and access the data. What would you suggest to protect against this? A. Enable VM escape B. Disable VM escape C. Encrypt the files and folders D. Add a network-based DLP device
C. (You can encrypt files and folders on virtual machines to protect against loss of confidentiality just as you can on physical systems. VM escape is an attack run on virtual machines, allowing the attacker to access and control the physical host. You can't enable or disable VM escape, but you can keep a system patched and up to date to help protect against VM escape attacks. A DLP is a device that reduces the risk of employees e-mailing confidential information outside the organization. See chapters 1 and 5. )
43. An administrator is deploying a service pack to several database servers. What would the administrator update when complete? A. The SaaS plan B. The patch management policy C. A chain of custody D. Configuration baseline
D. (A configuration baseline documents the configuration of a system and is updated after modifying a system, such as through a service pack or upgrading new software. SaaS is a cloud-based technology that provides applications such as web-based e-mail to users. A patch management policy defines how patches are tested and applied, including a timeline for deployment. A chain of custody validates the control of forensic evidence, such as a disk drive, during transport. See chapter 5. )
28. You are reviewing a firewall's ACL and see the following statement: drop all. What security principle does this enforce? A. Least privilege B. Integrity C. Availability D. Implicit deny
D. (A drop all or deny any any statement is placed at the end of an access control list {ACL} and enforces an implement deny strategy. Least privilege ensures users have only the access they need to perform their jobs and no more. Integrity provides assurances that data has not been modified, and availability ensures systems and data are up and operational when needed, but the drop all statement doesn't address either of these as directly as implicit deny. See chapter 3. )
7. A user must swipe his finger on a fingerprint scanner to gain access to his laptop. What is being used for authentication? A. Something the user knows B. Something the user has C. Something the user wants D. Biometrics
D. (A fingerprint scanner is using biometrics {in the something the user is factor of authentication}. Biometrics are the most difficult for an attacker to falsify or forge since it represents a user based on personal characteristics. A password or PIN is an example of something the user knows. A token or smart card is an example of something the user has. Something the user wants is not a valid factor of authentication. See chapter 1. )
33. Users in your network are complaining that they are unable to download content from a specific website. Additionally, your IDS is recording multiple events on the network. What is a likely reason why users are unable to download this content? A. A load balancer is blocking content from the website B. The firewall is in failopen mode C. An evil twin is on the network D. NIPS is blocking content from the website
D. (A network-based intrusion prevention system {NIPS} can detect and block malicious content, and both a NIPS and an intrusion detection system {IDS} can record the events. A load balancer can optimize and distribute data loads across multiple computers. Firewalls would normally fail in failsafe/failsecure {or closed} mode, blocking all traffic, but if it failed in failopen mode, it would allow all traffic. An evil twin is a rogue wireless access point with the same SSID as a live wireless access point. See chapter 4. )
26. You are examining open ports on a firewall and you see that port 500 is open. What is the likely reason? A. To support an L2TP VPN connection B. To support a PPTP VPN connection C. To support a TACACS+ VPN connection D. To support an IPsec VPN connection
D. (Internet Protocol security {IPsec} virtual private network {VPN} connections use port 500 {often combined with protocol IDs 50 and/or 51 to identify IPsec} with the Internet Key Exchange {IKE} protocol. L2TP uses port 1701. PPTP uses port 1723. TACACS+ uses port 49. See chapters 3 and 4. )
10. Which of the following authentication protocols uses tickets? A. LDAP B. MD5 C. SHA1 D. Kerberos
D. (Kerberos is a network authentication protocol using tickets. The Lightweight Directory Access Protocol {LDAP} specifies formats and methods to query directories and is used to manage objects {such as users and computers} in an Active Directory domain. MD5 and SHA1 are hashing algorithms, not authentication protocols. See chapter 1. )
29. Firewalls include rules in an ACL. Which of the following would block network traffic that isn't in any of the previously defined rules? A. Explicit allow B. Implicit allow C. Explicit deny D. Implicit deny
D. (Most firewalls have an implicit deny statement {such as drop all or deny any any} at the end of an access control list {ACL} to block all traffic not previously allowed. An allow rule would not block traffic. An explicit deny rule explicitly blocks traffic defined in the rule only, not all other traffic. See chapter 3. )
24. Of the following choices, what is the best choice to indicate the protocol{s} that use{s} port 22? A. SCP B. SCP and SSH C. SCP, TFTP, SQL, and SSH D. SCP, SFTP, and SSH
D. (Secure Copy {SCP}, Secure File Transfer Protocol {SFTP}, and Secure Shell {SSH} all use port 22. While SCP alone, and SCP and SSH, both use port 22, answer D is the best choice since it shows more of the protocols using this port. TFTP uses port 69 and Microsoft's SQL server uses port 1433. See chapter 3. )
25. An administrator wants to determine what services and protocols are running on a remote system. Of the following choices, what is the best choice to achieve this goal? A. Go to the datacenter, log on, and inspect the system B. Perform a vulnerability assessment C. Perform an ICMP sweep D. Identify open ports on the system
D. (Since many services and protocols use open ports, an administrator can identify running services on a system by determining what ports are open. Since the system is remote, it could be in another building or even another city, so going to the datacenter is not the best choice. While a vulnerability assessment will often include a port scan, it will do much more. An ICMP sweep {also called a host enumeration sweep} will identify servers on a network, but not individual services, protocols, or ports. See chapter 3. )
50. Your organization issues laptop computers to employees. Employees use them while traveling, and frequently store sensitive data on these systems. What can you use to recover a laptop if an employee loses it? A. Encryption B. Remote wipe C. Remote lock D. GPS tracking
D. (The goal in the question is to recover the laptop, and the only answer that helps recover it is Global Positioning System {GPS} tracking. If you want to protect the data in the event that the employee loses the laptop, full disk encryption is a good choice. If you want to erase all the data so that an attacker can't read it after the laptop is lost, you can use remote wipe. If you want to make it more difficult for an attacker to use the device, you can use remote lock to lock it with a different passcode. See chapter 5. )
17. Users in an organization are issued proximity cards that they use to access secure areas. Lately, users have begun trading their proximity cards so co-workers can access resources with someone else's card. What permits this misuse? A. A lack of authorization controls B. A lack of access controls C. Authentication verification without authorization D. Authorization verification without authentication
D. (The proximity card is being used without any type of authentication other than holding the proximity badge, which is granting authorization to resources without authenticating users; a solution would be to require authentication though a method other than the proximity badge prior to authorizing access, such as matching a PIN to the card. Authorization is being granted based on possession of the proximity cards so there are authorization and access controls; however, there isn't any authentication verification. See chapter 2. )
35. Users that are further away from the WAP installed in your company's network are having trouble connecting. What can you check to increase the coverage of the WAP? A. SSID broadcasting B. Encryption method C. Verify Enterprise mode is used D. Power levels
D. (You can increase coverage of a wireless access point {WAP} by increasing the power level and by adjusting the antenna placement. SSID broadcasting and encryption method does not affect the wireless coverage. Enterprise mode uses an 802.1X server for authentication and stronger security but does not affect the coverage of the WAP. See chapter 4. )
46. A software vendor recently released several patches that apply to several of your servers. When should you apply these patches to the production servers? A. Immediately B. On the second Tuesday of each month C. Annually D. After testing
D. (You should apply patches to production servers after performing regression testing, and testing should be performed in a test environment that mirrors the production environment. Patches applied immediately may adversely affect production systems. Microsoft releases patches on the second Tuesday of each month, but patches still need to be tested. Applying patches annually leaves systems vulnerable to known threats between the updates. See chapter 5. )