CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [12]
22. B. The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. For additional information, see Chapter 8.
23. A. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. For additional information, see Chapter 7.
24. C. The use policy is also referred to as the usage policy. It should state acceptable uses of computer and organizational resources by employees. This policy should outline consequences of noncompliance. For additional information, see Chapter 8.
25. B. The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This session creates a secret key. When the key has been exchanged, the regular session begins. For more information, see Chapter 7.
26. A. Elliptic Curve Cryptography (ECC) would probably be your best choice for a PDA. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. For additional information, see Chapter 7.
27. B. An incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup. See Chapter 8 for more information.
28. C. Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification. For more information, see Chapter 1.
29. C. Role-Based Access Control (RBAC) is primarily concerned with providing access to systems that a user needs based on the user’s role in the organization. For more information, see Chapter 8.
30. A. Computer forensics is the process of investigating a computer system to determine the cause of an incident. Part of this process would be gathering evidence. For additional information, see Chapter 8.
Chapter 1
General Security Concepts
THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
✓ 1.6 Explain the purpose and application of virtualization technology.
✓ 2.2 Distinguish between network design elements and components.
■ DMZ
■ VLAN
■ NAT
■ Network interconnections
■ NAC
■ Subnetting
■ Telephony
✓ 3.7 Deploy various authentication models and identify the components of each.
■ Biometric reader
■ Kerberos
■ CHAP
■ PAP
■ Mutual
✓ 3.8 Explain the difference between identification and authentication (identity proofing).
Security is unlike any other topic in computing. To begin with, the word is so encompassing that it is impossible to know what you mean just by using it. When you talk about security, do you mean physical security of servers and workstations and protecting them from those who might try to steal them or from damage that might occur if the side of the building collapses? Or do you mean the security of data and protecting it from viruses and worms or from hackers and miscreants who have suddenly targeted you and have no other purpose in life than to keep you up at night? Or maybe security to you is the comfort that comes in knowing that you can restore files if a user accidentally deletes them.
The first problem with security is that it is next to impossible for everyone to agree on what it means because it can include all of these items. The next problem with security is that we don’t really mean that we want things to be completely secured. If you wanted the customer list file to truly be secure, you would never put it on the server and make it available. It is on the server because you need to access it and so do 30 other people. In this sense, security means that only 30 people can get to it and not anyone outside of the select 30.
The next problem is that while everyone wants security, no one wants to be inconvenienced by it. To use an analogy,