C.2.2 CompTIA A+ 220-1102 (Core 2) Domain 2: Security
You are the owner of a small startup company that consists of only five employees. Each employee has their own computer. Due to the type of services your company offers, you don't foresee the employee count increasing much in the next year or two. As a startup company, you want to keep costs low and facilitate easier file sharing and internet, printer, and local network resource access. Which of the following would be the BEST implementation for your business?
> A workgroup Explanation: If you only have five PCs and the network is not growing, a Windows workgroup lets you organize your computers in a peer-to-peer network. This workgroup network lets you share files, internet access, and printers between the five employees. A domain would do the same thing, but in this case, it is not a good idea because Windows Server brings new costs and complexity that probably wouldn't pay off for such a small company. In addition, you are introducing a single point of failure (the server). Trees and forests are subsets, or components, of a domain.
Which of the following processes is used to prove a user's identity?
> Authentication Explanation: Authentication is the process by which users provide credentials to prove their identity. Authorization defines what a user is able to access once he or she is authenticated. Certificate Manager is a Windows application for managing digital certificates. It is not used to prove a user's identity. Logical security refers to the security measures that are implemented through the operating system and software. Logical security is not used to prove a user's identity.
You want a security solution that protects your entire hard drive, preventing access even when it is moved to another system. Which of the following is the BEST method for achieving your goal?
> BitLocker Explanation: BitLocker is a Microsoft security solution that encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key, which is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer. EFS is a Windows file encryption option, but it only encrypts individual files. Encryption and decryption is automatic and dependent upon the file's creator and whether other uses have Read permissions. A virtual private network (VPN) uses an encryption protocol (such as IPsec, PPTP, or L2TP) to establish a secure communication channel between two hosts or between one site and another site. Data that passes through the unsecured network is encrypted and protected.
A public library has purchased new laptop computers to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should they use to physically secure the new laptops?
> Cable locks Explanation: Cable locks can be used to physically secure laptops in order to deter theft. Biometric authentication, a multi-factor password policy, or external encryption devices do not physically secure laptops.
A technician is replacing a SOHO router and has configured DHCP to assign private IP addresses to hosts on the local network. These hosts can communicate with each other, but users can't browse the internet. Which of the following changes to the SOHO router is MOST likely to restore internet connectivity?
> Configure the SOHO router for NAT. Explanation: Configure NAT to translate the private IP addresses on the local network to public IP addresses on the internet. Doing this will most likely restore internet connectivity in this scenario. QoS settings may cause HTTP traffic to be slower, but they would not completely interrupt it. Static IP addresses would not restore internet connectivity in this scenario. Updating the firmware is not likely to restore internet connectivity in this scenario.
Which of the following are risks of implementing a BYOD policy? (Select three.)
> Data leakage > Improper disposal > Number of different devices Explanation: BYOD risks include: Data leakage Confidential data exposure Improper disposal Variety of devices Mixing of personal and corporate data Bypassing of security policies BYOD benefits include: Increased productivity Employee satisfaction Work flexibility Lower costs
At company headquarters, several employees are having issues with their Wi-Fi access suddenly dropping and then reconnecting to the same wireless network. You decide to investigate and determine that someone has set up a rogue access point near company headquarters and is using it to capture sensitive data from the company network. Which type of social engineering attack is being used?
> Evil twin Explanation: An evil twin attack involves an attacker setting up a rogue Wi-Fi access point, using a jamming or disassociation attack to knock users off the legitimate network, and then having users reconnect to the rogue access point in order to gain access to sensitive data. Phishing is an attempt to trick a user into compromising personal information or downloading malware. Most often, it involves an email containing a malicious attachment or hyperlink. Impersonation is an attack method where the attacker impersonates a legitimate worker that should be granted access to the building or sensitive information. Eavesdropping means to listen in on other people's conversations in order to gather sensitive information.
Which of the following statements is true regarding hard tokens?
> Hard tokens provide a higher level of security. Explanation: Hard tokens provide a higher level of security, but if the token is lost or stolen, the security breach can be quite severe. Implementing hard tokens can also be expensive and time-consuming. They are generally reserved for highly sensitive data.
There are two main types of firewalls that you should be familiar with. Which of the following describes a feature of a network-based firewall?
> Inspects traffic as it flows between networks. Explanation: A network-based firewall inspects traffic as it flows between networks. A host-based firewall inspects traffic received by a specific host. This firewall type is installed directly on a host (such as a server or workstation) and only requires a single interface. A network-based firewall requires two (or more) interfaces.
Which of the following should be installed inside the entrance to the building to prevent weapons or unauthorized equipment being brought into the building?
> Magnetometer Explanation: A magnetometer is a metal detector that users walk through to detect whether they are bringing any weapons or unauthorized equipment into the building. This should be installed just inside the entrance to the building. A badge reader is installed at the entrance to a building to help control access. A badge reader is not used to prevent weapons or unauthorized equipment from being brought inside. The access control vestibule is a specialized entrance with two doors that creates a security buffer zone between two areas. An access control vestibule is not used to prevent weapons or unauthorized equipment from being brought inside. Cable locks can be used to physically secure a device to a desk. They are not used to prevent weapons or unauthorized equipment from being brought inside.
Where is the access control list stored on a Windows system?
> Master File Table Explanation: On a local Windows system, the ACL is stored on the Master File Table (MFT), which is a special partition created during the Windows installation process. Certificate Manager is a Windows application for managing digital certificates. The ACL is not stored there. A hard token is a hardware device that is used to authenticate users. It does not store the ACL. Authentication apps are installed on a user's smartphone or tablet and used for authentication purposes. They do not store the ACL.
A user needs to copy a file from an NTFS partition to a FAT32 partition. The file has NTFS permissions and the Read-only (R) and Encryption attributes. Which of the following will be true when the file is copied?
> Only the R attribute is retained on the file. Explanation: Only the Read-only (R) attribute is retained (not the Encryption, nor NTFS permissions). The FAT32 file system only supports the following attributes: R, H, S, and A. When you copy files from an NTFS partition to a FAT32 partition, attributes unavailable under FAT32 do not remain with the file. Moving NTFS files to a non-NTFS partition removes the permissions.
You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem?
> Open the firewall port for the Remote Desktop protocol. Explanation: You need to open the firewall port for the Remote Desktop program. Firewalls prevent all traffic except authorized traffic. To allow a specific program, open the port that corresponds to the port used by that application. Placing your computer outside of the firewall leaves it open to attack. Opening the Telnet and SSH ports on your firewall will not resolve the issue of allowing Remote Desktop to function. A VPN encrypts communications between two computers through the internet. However, a VPN will not allow a Remote Desktop connection.
You manage the two folders listed below on your computer. > C:\Confidential > D:\PublicReports The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. On the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: > Reports.doc > Costs.doc You then take the following actions. You: > Move Reports.doc from C:\Confidential to D:\PublicReports. > Copy Costs.doc from C:\Confidential to D:\PublicReports. Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder?
> Permissions are removed from both files. Explanation: Permissions will be removed from both files. Moving or copying files to a non-NTFS partition removes all permissions (FAT32 does not support NTFS permissions). Moving files to the same NTFS partition preserves the permissions. Copying files to another partition (NTFS or otherwise) removes existing permissions. Copied files on an NTFS partition inherit the permissions assigned to the drive or folder, and copied files on a non-NTFS partition do not inherit permissions because no permissions exist.
Which encryption method is used in WPA3 to generate a new key for every transmission?
> SAE Explanation: WPA3 implements the Simultaneous Authentication of Equals (SAE) standard instead of using a pre-shared key (PSK). SAE uses a 128-bit key with perfect forward secrecy to authenticate users. WPA2 makes use of the pre-shared key to authenticate users; WPA3 does not. Wi-Fi Protected Setup (WPS) is a connection method that allows a device to easily and securely connect to a wireless network. WPS is not an encryption protocol used by WPA3 802.1x is an authentication method that is extremely secure and typically used in an enterprise environment. 802.1x is not a encryption protocol for WPA3.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to a locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area so that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select two.)
> Train the receptionist to keep their iPad in a locked drawer when not in use. > Disable the network jacks in the reception area. Explanation: You should recommend the following: Disable the network jacks in the reception area. Having these jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. Train the receptionist to keep their iPad in a locked drawer when not in use. Tablet devices are small and easily stolen if left unattended. The receptionist's desk should remain where it is currently located because it allows them to visually verify each employee as they access the secured area. Biometric locks are generally considered more secure than smart cards because cards can be easily stolen. Training users to lock their workstations is more secure than using screen saver passwords, although this may be a good idea as a safeguard in case a user forgets.
Maria, a smartphone user, has recently installed a new app. She now experiences a weak signal and sometimes a complete signal loss at locations where she used to have a good cellular signal. Her phone battery is fully charged. Which of the following actions would BEST address this issue?
> Uninstall the new app and scan for malware. Explanation: Weak or lost cellular signals can be an indication of malware, especially if the location's signal has been good in the past. The best action is to uninstall the new app and use anti-malware apps and app scanners to inspect for malware. Force stopping the new app will help, but not all apps respond to a force stop, especially if they are malware. This is not the best course of action in this scenario. A reset to factory defaults will uninstall all apps and remove data. You should do this only as a last resort. A cell tower analyzer confirms a cellular signal's strength, but this analysis will not explain a weak or lost cellular signal. This is not the best course of action in this scenario.
Which of the following wireless security methods uses a common shared key that is configured on the wireless access point and all wireless clients?
> WEP, WPA Personal, and WPA2 Personal Explanation: Shared key authentication is used with WEP, WPA, and WPA2. Shared key authentication with WPA and WPA2 is often called WPA Personal or WPA2 Personal. WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients.
You have just installed Windows 11 on your laptop, purchased an infrared camera, and set up Windows Hello facial recognition as your login option. As part of the setup process, you enter a PIN as a backup login method. After a few weeks of using facial recognition login, your infrared camera fails, and you are asked to enter your PIN. Because it has been several weeks, you have forgotten the exact number. You attempt to enter your PIN at least 24 times, but are never locked out. What is the MOST likely reason that you have not been locked out after several failed PIN login attempts?
> Your laptop does not have a TPM chip, and you have not set up BitLocker for lockout. Explanation: If you are using a computer with a TPM chip, it is automatically configured for a set number of failed PIN attempts (about 10) before lockout (you do not need to set this up). If your laptop does not have a TPM chip, you can set up BitLocker for lockout after several failed PIN attempts. In this scenario, the most likely reason that you are not locked out is that your laptop does not have a TPM chip, and you have not set up BitLocker for lockout after several failed attempts.
Which of the following does Windows use to manage and enforce what a user is authorized to access?
>Access control list Explanation: Access control lists (ACLs) are used to manage and enforce what a user is authorized to access. A soft token is any digital authentication key used to authenticate a user. A soft token is not used to manage and enforce what a user is authorized to access. Certificate Manager is a Windows application for managing digital certificates. It is not used to manage and enforce what a user is authorized to access. Multi-factor authentication means that at least two authentication categories are used to authenticate a user. Multi-factor authentication is not used to manage and enforce what a user is authorized to access.