Home > Articles > Certification > CompTIA

This chapter is from the book

This chapter is from the book

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd EditionCompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd Edition

Learn More Buy

This chapter is from the book

This chapter is from the book

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd EditionCompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd Edition

Learn More Buy

Answers and Explanations

  1. C. By using a virtual machine (which is one example of a virtual instance), any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer. Patching a computer does not automatically patch virtual machines existing on the computer. Other virtual machines can be compromised, especially if nothing is done about the problem. Finally, virtual machines can definitely be affected by hacking techniques. Be sure to secure them!
  2. A. Virtualization enables a person to install operating systems (or applications) in an isolated area of the computer’s hard drive, separate from the computer’s main operating system.
  3. C. The Network and Sharing Center is where you can disable file sharing in Windows 7. It can be accessed indirectly from the Control Panel as well. By disabling file sharing, you disallow any (normal) connections to data on the computer. This can be very useful for computers with confidential information, such as an executive’s laptop or a developer’s computer.
  4. A. To hide ntldr you need to enable the Hide Protected Operating System Files checkbox. Keep in mind that you should have already enabled the Show Hidden Files and Folders radio button.
  5. A. and B. Two ways to harden an operating system include installing the latest service pack and installing Windows Defender. However, virtualization is a separate concept altogether; it can be used to create a compartmentalized OS, but needs to be secured and hardened just like any other OS. PHP scripts will generally not be used to harden an operating system. In fact, they can be vulnerabilities to websites and other applications.
  6. B. NTFS is the most secure file system for use with today’s Windows. FAT and FAT32 are older file systems, and DFS is the distributed file system used in more advanced networking.
  7. A. The convert command is used to upgrade FAT and FAT32 volumes to the more secure NTFS without loss of data. HPFS is the High Performance File System developed by IBM and is not used by Windows. NFS is the Network File System, something you would see in a storage area network.
  8. D. NTFS and FAT32 support the same number of file formats, so this is not an advantage of NTFS. However, NTFS supports file encryption, larger file sizes, and larger volumes, making it more advantageous in general in comparison to FAT32, and is capable of higher levels of security, most especially down to the file level.
  9. D. The biggest risk of running a virtual computer is that it will go offline immediately if the server that it is housed on fails. All other virtual computers on that particular server will also go offline immediately.
  10. D. The beauty of a virtualized browser is that regardless of whether a virus or other malware damages it, the underlying operating system will remain unharmed. The virtual browser can be deleted and a new one can be created; or if the old virtual browser was backed up previous to the malware attack, it can be restored. This concept applies to entire virtual operating systems as well, if configured properly.
  11. D. The System State needs to be backed up on a domain controller to recover the Active Directory database in the future. The System State includes user data and system files but does not include the entire operating system. If a server fails, the operating system would have to be reinstalled, and then the System State would need to be restored.
  12. C. A patch can fix a single security issue on a computer. A service pack addresses many issues and rewrites many files on a computer; it may be overkill to use a service pack when only a patch is necessary. You might obtain the patch from a support website. A baseline can measure a server or a network and obtain averages of usage.
  13. C. Often, operating system manufacturers such as Microsoft refer to the attack surface as all the services that run on the operating system. By conducting an analysis of which services are necessary and which are unnecessary, an administrator can find out which ones need to be disabled, thereby reducing the attack surface. Service packs, antivirus software, and network intrusion detection systems (NIDSs) are good tools to use to secure an individual computer and the network but do not help to reduce the size of the attack surface of the operating system.
  14. A., B., and C. After installing an operating system, it’s important to install the latest service pack, patches, and a firewall. These three methods can help to secure the operating system. However, remote desktop support programs can actually make a computer less secure and should be installed only if the user requests that functionality.
  15. A. Virtualization of computer servers enables a network administrator to isolate the various network services and roles that a server may play. Analyzing network traffic would have to do more with assessing risk and vulnerability and monitoring and auditing. Adding network services at lower costs deals more with budgeting than with virtualization, although, virtualization can be less expensive. Centralizing patch management has to do with hardening the operating systems on the network scale.
  16. C. Patch management is an example of verifying any new changes in software on a test system (or live systems for that matter.) Verifying the changes (testing) is the second step of the standard patch management strategy. Application hardening might include updating systems, patching them, and so on, but to be accurate, this question is looking for that particular second step of patch management. Virtualization is the creating of logical OS images within a working operating system. HIDS stands for host-based intrusion detection system, which attempts to detect malicious activity on a computer.
  17. B. and D. Updating the host-based intrusion prevention system is important. Without the latest signatures, the HIPS will not be at its best when it comes to protecting against malware. Also, disabling unused services will reduce the attack surface of the OS, which in turn makes it more difficult for attacks to access the system and run malicious code. Disabling the data leakage prevention device would not aid the situation, and it would probably cause data leakage from the computer. Installing a perimeter firewall won’t block malicious software from entering the individual computer. A personal firewall would better reduce the attack surface of the computer, but it is still not meant as an anti-malware tool. Updating the NIDS signatures will help the entire network, but might not help the individual computer. In this question we want to focus in on the individual computer, not the network. In fact, given the scenario of the question, you do not even know if a network exists.
  18. A. The best way to establish host-based security for your organization’s workstations is to implement GPOs (Group Policy objects). When done properly from a server, this can harden the operating systems in your network, and you can do it from a central location without having to configure each computer locally. It is the only answer that deals with the client operating systems. The other answers deal with database and web servers, and firewalls that protect the entire network.
  19. B. Of the answers listed, the only one that will not show the version number is wf.msc. That brings up the Windows Firewall with Advanced Security. All of the other answers will display the version number in Windows.
  20. A. If you migrate some of these low-resource servers to a virtual environment (a very smart thing to do), you could end up spending more on licensing, but less on hardware, due to the very nature of virtualization. In fact, the goal is to have the gains of hardware savings outweigh the losses of licensing. Load balancing and clustering deals with an OS utilizing the hardware of multiple servers. This will not be the case when you go virtual, nor would it have been the case anyway, because clustering and load balancing is used in environments where the server is very resource-intensive. Baselining, unfortunately, will remain the same; you should analyze all of your servers regularly, whether they are physical or virtual. These particular servers should not encounter latency or lowered throughput because they are low-resource servers in the first place. If, however, you considered placing into a virtual environment a Windows Server 2012 that supports 5,000 users, you should definitely expect latency.

Case Studies for Chapter 3

The case studies in this chapter offer generic scenarios for you to read through and answer according to your own technology and experiences. At the end of the section are example solutions. Your solutions will vary in comparison to the book, but both can certainly be valid. Many case study solutions also point to hands-on videos and simulations, which can be found on the book’s disc.

Case Study 3-1: Discerning and Updating the Service Pack Level

Scenario: You have been tasked with finding out the service pack level of a Windows 7 computer and updating it if necessary. You must also configure the Windows Update program in such a way that you will be notified of new updates but they will not be downloaded until you decide to do so, in keeping with your company’s policies.

Usually an organization will choose to have the latest service packs installed for every Windows system, and the latest patches for other operating systems. It’s important to be able to recognize whether a computer is up to date. Try and locate the service pack level for your version of Windows, and attempt to find out the version numbers for any other computing devices you might possess. Enter your results in Table 3-3. Afterward, define how you would go about configuring Windows Update, and what option you would choose.

Table 3-3 Operating System and Version Responses

Operating System

Version

Example: Windows 7

Example: SP1 (version 6.1.7601)

________________________________________________

________________________________________________

________________________________________________

________________________________________________

________________________________________________

Case Study 3-2: Securing a Virtual Machine

Scenario: Now that you have installed virtual machine software, and created a new VM, you are required to secure it. Your task is to disable unnecessary virtual hardware and secure the virtual BIOS.

Virtual machines that are contained within a Type 2 host are sort of like a computer within a computer. Consider writing down exactly what you are configuring. Try to do this in an illustrative nature. Or, consider using a network documentation program such as Visio. As you progress in the virtual world, you will be using more and more virtual computers, and will connect to them in a variety of remote ways. The more you document what it is that you are doing, the better you will understand your virtual environments.

Within your virtual software, disable the sound card, COM ports, LPT ports, and floppy disks (if any exist). This is done in the properties (or settings) of the virtual machine. Secure the BIOS by modifying the BIOS boot order, disabling unnecessary hardware, and setting an administrative (supervisor) password.

Case Study 3-3: Stopping Services in the Command-Line

Scenario: You have found that working in the GUI is good, but working in the command-line can be better. Besides, you almost always have a CLI (command-line interface) open, and you can type quickly, so it makes sense to use the CLI as often as possible. You know that unnecessary services can be vulnerabilities to your systems, so you decide to reduce the size of the attack surface by stopping and disabling services—and do this from the CLI.

Demonstrate that you can stop services in the Windows Command Prompt (such as the Windows Firewall), as well as services in the Linux CLI (such as an Apache web server if installed). Specific commands and syntax will vary depending on the version of the operating system you are working in.

Case Study Solutions

Case Study 3-1 Solution

To find out the service pack level of Windows 7, navigate to Start, then right-click Computer and select Properties. This displays the System window and should show the Windows edition, as well as the service pack level. If no service pack is listed, then none is installed, and is known as service pack 0. Other versions of Windows use similar navigation to find out the service pack level. To update to the latest service pack for a given Windows operating system, go to http://support.microsoft.com/ and search the relevant phrase, such as “Windows 7 SP1.” Latest service packs can be downloaded directly from the website. An organization might also use an optical disc to update individual computers or, if there are a lot of computers, stream the service pack update over the network.

Service packs are large groups of patches and updates. But they are static, meaning after one is released, it remains the same. So, additional updates are always necessary. By default this is taken care of by Windows Update. To modify the Windows Update settings, choose Start > All Programs > Windows Update. Then click the Change Settings link. Click the drop-down menu under Important Updates to select the correct setting. In this scenario it was “Check for updates but let me choose whether to download and install them.” This is a good solution for an individual computer, giving the user a good amount of control over what is installed. However, it probably wouldn’t be the best solution in an organization, and it is more likely that updates would be streamed across the network with a centralized solution such as SCCM.

Keep in mind that some computers will need to be updated beyond the service pack, and beyond what is automatically downloaded from Windows Update. Patches for specific problems are known as hotfixes. It is important to know how to acquire these hotfixes (also known as update rollups). They are usually found at the Microsoft Support website and are listed by Knowledge Base (KB) number. For example, one hotfix that repairs a memory leak in Windows 7 SP1 can be found at the following link: http://support.microsoft.com/kb/2911106.

It is article number 2911106 in the Microsoft Knowledge Base. It actually fixes a lot of documented issues, and can be an important fix for various Windows operating systems in addition to Windows 7 SP1. Over time, these hotfixes are gathered together in automatically downloaded Windows Update groups (if it is deemed necessary), and ultimately are added to newer service packs.

Video Solution

Watch the video solution “3-1: Discerning and Updating the Service Pack Level” on the accompanying disc for in-depth details of each step, plus content on Linux, OS X, Android, and iOS.

Case Study 3-2 Solution

Virtualization security is vital. VMs should be secured the same way that a regular operating system is secured. However, the VM itself (and the virtual hosting software) can be further secured by disabling virtual hardware, both within the virtual machine settings and within the virtual machine BIOS.

This solution utilizes a Windows 7 hosting computer and assumes that you have already downloaded and installed Microsoft Virtual PC 2007, created a virtual machine, and installed an OS. Basic steps follow below. Be sure to watch the accompanying video solution as well.

Step 1. Check the Microsoft Virtual PC 2007 software SP level from Control Panel > Programs > Programs and Features. If necessary, upgrade to the latest SP from the following link: www.microsoft.com/download/en/details.aspx?displaylang=en&id=24439

Step 2. Set security options in the Virtual PC console from File > Options > Security.

Step 3. Disable unnecessary hardware within the Virtual PC console for the VM in question. For example, the sound card, COM ports, LPT ports, and floppy disks.

Step 4. Start the virtual machine and secure the virtual BIOS. Modify the BIOS boot order, disable unnecessary devices, and configure an administrative password.

Step 5. Start the virtual machine and check the SP level of the virtual OS.

Step 6. Disable unnecessary hardware in the Device Manager of the VM.

Step 7. Remove any network sharing connections between the VM and the physical host.

Step 8. (Optional) Exit the VM and secure the folder on the host OS that contains the VM files.

Video Solution

Watch the video solution “3-2: Securing a Virtual Machine” on the accompanying disc for in-depth details of each step.

Case Study 3-3 Solution

Stopping services is an extremely important skill for a security administrator (not to mention for the Security+ exam). As an IT person, you should feel at home in the command-line. Running commands, scripting, and testing network connections are all part of a day’s work in the computer world. From a security standpoint, some things that cannot be accomplished in the GUI can be performed in the command-line.

To stop a service such as the Windows Firewall in Windows, use the following syntax:

net stop mpssvc

or

sc stop mpssvc

To stop a service in Linux (for example, stopping the udevmonitor service in Ubuntu), use the following syntax:

sudo stop udevmonitor

Be prepared to enter the administrator password because you have invoked the sudo option.

Video Solution

Watch the video solution “3-3: Working with Services in Windows and Linux” on the accompanying disc. This goes into a bit more depth, showing a few more commands, and deals with processes as well.

Simulation

Complete the simulation “3-3: Stopping Services in the Command-Line.”

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020