CompTIA® Security+ Exam Notes : Given A Scenario,Troubleshooting Common Security Issues

2. Technologies and Tools

2.3 Given a scenario, troubleshoot common security issues

Whether required or not, several services are installed by default. Disabling the services that are not required will ensure better security for the system.

Scenario: You have recently productionized a web server after several internal checks. In the process of testing the server, you have created several sample files on the server. What should you do with such files when the server is put in production environment?

Solution: It is important that any extraneous files are removed from the server before making it available in production environment. Any such files may lead to security loop holes in ways that are not easily predictable.

Scenario: You are a network admin for an organization, and need to monitor the network traffic. What needs to be performed for monitoring the network traffic?

Solution: Your NIC card must be in promiscuous mode to be able to examine all the network traffic.

Content Filter: Internet content filter is used to block specific types of information from being passed on to the user. Other options are devious and not correct.

Software Backout procedure is a term used for restoring the system or software in the event of any recent failure due to upgrade.

Standard is a mandatory element in the implementation of policies, where as guidelines and procedures are descriptive.

Confidentiality, Integrity, and Availability are the three main goals when it comes to information security.

  • Confidentiality: Confidentiality means that the message retains its privacy. To make data confidential, the organization must work hard to make sure that it can be accessed only by authorized individuals
  • Integrity: means that the message can't be altered without detection. Authorization is necessory before data can be modified in any way, this is done to protect the data's integrity.
  • Availability: means that data is obtainable regardless of how information is stored,accessed, or protected. It also means that data should be available regardless of the malicious attack that might be perpetrated on it.

These three principles should be applied when dealing with the security of hardware, software, or communications.



Previous   Contents   Next


Security+ Cram Notes Contents certexams.com ad