Chapter 5

What does the term ’Rights Management’ primarily refer to?

The use of technologies to provide copyright protection for copyrighted works

What is the difference between public and private subnets in a cloud-based network?

Public subnets have public IP addresses and are accessible via the internet, whereas private subnets have private IP addresses and aren’t directly accessible via the internet.

What can a cloud-based DLP policy be configured to do after detecting sensitive information?

Send an alert to a security administrator, block attempts to save the data, and quarantine the data

What actions does a data loss prevention (DLP) system perform in an organization?

All of the above

Searching for specific words or phrases in data traffic and taking action when it detects them

Examining outgoing data and detecting all types of unauthorized data transfers

Blocking the use of USB flash drives and controlling the use of removable media

What kind of memory does the Arduino microcontroller board contain?

Random-access memory (RAM) and read-only memory (ROM)

The Arduino microcontroller board, as described in the passage, contains the CPU, random access memory (RAM), and read-only memory (ROM).

Why is encrypting data considered a primary way to prevent the loss of confidentiality?

Because encrypted data is more difficult for an attacker to view than unencrypted data

What is a Trusted Platform Module (TPM)?

A hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption

Which of the following explains a key security challenge specific to embedded systems?

The maintenance of embedded systems in terms of security fixes is often overlooked

What is the main difference between COPE (corporate-owned, personally enabled) and CYOD (choose your own device) deployment models?

In COPE model, the organization provides the device while in CYOD, employees select the device from an approved list.

What is likely to happen if the cost of an embedded system device is minimized by the manufacturer?

The device may sacrifice security features.

What is a potential benefit of hardening a system?

It can help make an operating system or application more secure from its default installation.

What is the difference between the function of FPGA and Arduino in terms of configurability?

FPGA can change its function with the memory chip while Arduino requires a new firmware upgrade

What are the consequences of implied trust in embedded systems?

Many devices have vulnerabilities that are not known or widely reported

What is a hybrid cloud in the context of cloud deployment models?

A combination of two or more clouds (public, private, community, or a combination) that retain their separate identities, but are bridged together.

What is the function of RFID systems in mobile devices?

They transmit data over the air using RF signals

RFID (Radio Frequency Identification) systems transmit data over the air using radio frequency signals. Some NFC (Near Field Communication) systems use RFID technologies.

What is the function of the Permissive mode in the Security-Enhanced Linux (SELinux) policy?

It logs all activity that the policy would block without enforcing the policy

Permissive mode in SELinux is used for testing policies. It does not enforce the policy but logs all the activities that would have been blocked if it was in the Enforcing mode. The main purpose is to verify that the policy works as intended before changing it to Enforcing mode.

What are the three steps in the use of secure baselines in organizations?

Initial baseline configuration, Regular monitoring for changes, Follow-up action for detected changes

The three steps in the use of baselines as discussed are: 1. Initial baseline configuration where administrators set up systems in a secure state, 2. Integrity measurements for baseline deviation where tools are employed to monitor for and report changes, 3. Remediation where network access control methods are used to detect changes and isolate or quarantine systems for manual correction by administrators.

Which of the following is a key function of a next-generation Secure Web Gateway (SWG)?

Filters URLs and scans for malware

What differentiates an application approved list from an application block list?

An application approved list lists authorised software and prevents users from installing or running software that isn’t on the list, while an application block list lists unauthorised software, and prevents users from installing or running software on the list.

Which of the following limitations of embedded systems could potentially lead to security vulnerabilities?

All of the above

All the listed factors are potential security risks. Limited computational power might limit the use of cryptographic protocols, thereby possibly creating vulnerabilities. Dependence on the parent device for power may reduce the device’s range, thereby creating opportunities for attacks. The inability to patch devices makes them susceptible to attacks as revealed vulnerabilities cannot be fixed.

What are the limitations of mobile devices when it comes to the use of passwords or personal identification numbers (PINs) in the context of Mobile Device Management (MDM) systems?

Some mobile devices only support PINs, while others support either passwords or PINs.

What does the ’remote wipe’ feature in Mobile Device Management (MDM) do?

It sends a remote signal to delete all data on a lost or stolen mobile device

What is the risk associated with the use of third-party app stores?

Apps from third-party app stores do not undergo the same level of scrutiny and thus represent a higher risk

What is the main difference between Corporate-owned, personally enabled (COPE) model and the traditional corporate-owned model?

The organization purchases devices in both models, but in the COPE model, employees are free to use the device for their personal activities.

Which of the following features of Mobile Device Management (MDM) can be useful if a mobile phone is lost or stolen?

Remote wipe

Which of the following methods is commonly used as a payment gateway allowing you to make payments simply by waving your phone in front of a reader at a retailer?

NFC (near field communication)

What is the main benefit of using cloud computing for heavily utilized systems and networks?

It can handle increased loads

Which of the following is NOT true about Software as a Service (SaaS)?

Web-based email is not an example of SaaS.

What is the term for the process of modifying an Android device to give full administrative access to a user?

Rooting

What does ’Range’ constraint in embedded systems refer to?

The maximum distance the system can wirelessly connect to other devices

What is the primary difference between edge computing and fog computing based on the given text?

Fog computing uses a network close to the device and may have multiple nodes processing data, whereas edge computing stores and processes data on single nodes or appliances.

What type of wireless protocol do most mobile devices use to support the use of a Bluetooth headset for hands-free use?

Bluetooth

What is meant by ’hardware root of trust’ in the context of TPM?

It refers to the private key burned into the TPM for asymmetric encryption.

The hardware root of trust is the known secure starting point provided by the unique RSA private key that is burned into the chip. This key matches a public one and used for asymmetric encryption and authentification.

What is a characteristic of a non-persistent virtual desktop?

Allows changes to be made that revert back to the original snapshot when user log off

What is one of the primary risks associated with Multimedia Messaging Service (MMS) as stated in the text?

It can be used to gain remote code execution privileges on a user’s phone

Attackers have found a way to send an MMS message to a phone number which can allow them to gain remote code execution privileges on the user’s phone. This means they could potentially control the device remotely.

Which of the following statements best describes Rich Communication Services (RCS)?

RCS is a newer communication protocol designed to replace SMS, which can also transmit multimedia and default to MMS or SMS when the network doesn’t support RCS.

Which of the following describes the limitations of 5G communication method for embedded systems and IoT devices?

It has a limited range and can be blocked by physical barriers

What is the role of integrity measurements in baseline deviations?

They use automated tools to monitor the systems for any baseline changes.

Integrity measurements for baseline deviation involve the use of automated tools that monitor the systems for any baseline changes. Any detected changes can either be reported or the systems can be reconfigured to the baseline settings.

What is the function of security groups within cloud-based resources according to CompTIA?

They assign permissions to a group and add users to the account

What is meant by ’High availability and high availability across zones’ in terms of cloud security controls?

It refers to a system or service that remains operational with negligible downtime

What does ’Host elasticity’ in terms of virtual machines (VM) mean?

It refers to the ability to dynamically change resources assigned to the VM based on the load without requiring a reboot

Host elasticity in terms of virtual machines refers to the technology’s capability to automatically adapt and reassign resources to a VM when the system detects an increase in load. This automatic process does not require a reboot of the system.

What is one key difference between a Managed Security Service Provider (MSSP) and a Managed Service Provider (MSP)?

An MSSP is a third-party vendor that provides security services, whereas an MSP provides a wider range of IT services.

In the context of mobile device management, what does ’context-aware authentication’ entail?

It uses geolocation, time of day, type of device and verifies that the device is within a geofence to authenticate a user and a mobile device.

What is an example of the harm that can be caused by faults in the Industrial Control Systems (ICS)?

Overpressurization in gas mains leading to explosions and fires.

What is a primary benefit of utilizing an off-premises cloud service provider (CSP) solution?

CSP performs the maintenance and ensures the hardware is operational

The text mentions that a primary benefit of an off-premises solution is that the CSP performs the maintenance and ensures the hardware is operational.

What does the term ’Narrow-band’ generally refer to in the context of communication methods for embedded systems and IoT devices?

A signal with a very narrow frequency range

What does MDM tools do when the organization owns the device?

MDM tools download and install all required applications

What does the term ’Guest’ refer to in the context of VMs and virtualization?

It refers to the operating systems running on the host system

In the context of virtual machines and virtualization, a ’Guest’ refers to operating systems that are running on the host system or host machine.

What is the purpose of a Virtual Private Cloud (VPC) endpoint within a virtual network?

To allow users or services to connect and access other resources via the virtual network, reducing bandwidth needed to access resources directly

What is a common use of an Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) in the manufacturing and industrial sector?

Monitoring every processing stage and reporting anomalies in real time

What is the potential security threat associated with GPS tagging?

The geographical information added to files, like pictures, can be exploited.

GPS tagging or geotagging adds geographical information, like latitude and longitude coordinates, to files, such as pictures, when they’re posted on social media websites. If a perpetrator gains access to these tagged pictures, they can acquire valuable information, like the person’s home or any location they frequent. For instance, if pictures tagged at home are regularly uploaded, and then suddenly pictures appear from a vacation spot, thieves could deduce that the person’s home is unattended and burgle it.

What does strong authentication methods in APIs prevent?

 Unauthorized entities from using the API

What is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it?

Sideloading

Sideloading is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it. The device must be set to allow apps from unknown sources, leading to potential security risks.

Which of the following deployment models for mobile devices allows employees to use their corporate-owned devices for personal activities?

COPE (corporate-owned, personally enabled)

What is the main challenge that organizations face when implementing a BYOD (bring your own device) policy?

Monitoring and managing a variety of devices

What is the purpose of Endpoint Detection and Response (EDR) tools in Endpoint Security?

They perform a deep investigation of all activity on endpoints.

What is the main difference between Wi-Fi Direct and a wireless ad hoc network?

Wi-Fi Direct uses single radio hop communication and cannot share an Internet connection

Wi-Fi Direct is a method that lets devices connect over a wireless connection without requiring a Wireless Access Point or Wireless Router. This is similar to an ad hoc network, but the key difference is that in Wi-Fi Direct, devices use single radio hop communication and as a result, they can’t share an internet connection.

What is the primary reason for an organization to potentially block the ability to switch carriers on a COPE device?

To reduce the risk of the device connecting to a untrusted network

What is a key difference in traffic routing between a software-defined network (SDN) and traditional hardware routers?

SDN uses virtualization technologies and software for routing, while hardware routers use rules within an ACL

What does dynamic resource allocation in cloud-based resources mean?

It refers to the CSP’s ability to dynamically allocate additional resources, such as more processors, more memory, or more disk space to a cloud-based resource when it’s needed and remove them when they are no longer required.

What does the term ’jailbreaking’ refer to?

Removing all software restrictions from an Apple device

What is a characteristic of Container Virtualization?

Services or applications run within isolated containers or application cells

What is the main concept of Platform as a Service (PaaS)?

Customers are offered a fully managed platform including hardware, operating systems, and limited applications

What are the primary issues associated with VM sprawl?

Unauthorized VMs consuming system resources and leaving VMs unpatched

What is the function of a real-time operating system (RTOS) in the context of embedded systems?

It reacts to input within a specific time

A RTOS is an operating system that handles and responds to input within a strict time constraint. If it cannot process the given data within that specified time, it will report an error.

What can MDM tools do to control applications on mobile devices?

They can create a list of allowed applications

MDM tools can restrict what applications can run on mobile devices. They often use application allow lists to control the applications and prevent unapproved applications from being installed.

What is the purpose of using secure baselines as a part of an organization’s security strategy?

All of the above

Using secure baselines helps to automate the detection and correction of security issues, improve the overall security posture of systems, and provide a way to monitor for any baseline changes. Any detected changes can then be handled either automatically or manually, with automated tools often reconfiguring systems back to their baseline settings when changes are detected.

Which cloud deployment model is only available for one specific organization?

Private Cloud

What method of authentication discussed in chapter 2 does mobile device management (MDM) support?

Biometric authentication

The section says that many mobile devices now support biometrics for authentication and you can teach the device your fingerprint and then use your fingerprint to authenticate instead of entering a password or PIN.

Which type of cloud deployment model is provided by third-party companies and is available to anyone willing to pay for the services?

Public cloud

Public cloud services are provided by third-party companies like Google, Amazon, Microsoft, and Apple. These services are open for anyone willing to pay for them.

What does high availability across zones indicate in the context of cloud security controls?

The nodes are located in different cloud locations

What is the characteristic of Zigbee as a communication protocol?

Zigbee is used for smaller networks and supports strong security, including data encryption.

What is a point-to-point connection in mobile devices?

Connection between two smartphones using wireless technology.

A point-to-point connection refers to the connectivity between two devices, and in the context of mobile devices, it refers to the wireless connection between two smartphones. This can use technologies like Bluetooth, NFC, and RFID.

What is the purpose of the screen-locking feature supported by most mobile devices?

It prevents easy access to the device and its data by locking the device after a specified number of minutes of inactivity.

What is the primary use of NFC (near field communication) in mobile devices?

Act as a payment gateway at retail portals

What does ’Instance awareness’ refer to in the context of cloud-based resources?

The ability of the CSP to know and report how many instances of cloud-based resources an organization is renting.

What are two important benefits of using master images for baseline configurations?

Reduced costs and secure starting point

Using master images for baseline configurations provide two important benefits; they offer a secure starting point as the image includes mandated security configurations for the system and they reduce costs by decreasing overall maintenance and improving reliability.

What is the main purpose of a hypervisor in a virtualized system?

It is the software that creates, runs, and manages the VMs

The hypervisor in a virtualized system is indeed the software that creates, runs, and manages the VMs. It is responsible for distributing the physical resources of the host machine among the multiple guest machines.

Which of the following are NOT common considerations developers should address to ensure APIs aren’t vulnerable to common exploits?

External Advertising

What does resource policies control in a cloud-based system?

They ensure customers don’t create more resources than their plan allows

What are the functions of a network-based Data Loss Prevention (DLP) system in preventing data exfiltration?

Scan outgoing data for sensitive information specified by an administrator

A network-based DLP monitors outgoing data looking for sensitive data, specified by an administrator. This includes scanning the text of all emails and the content of any attached files for sensitive information.

What is the purpose of data replication in cloud data security as mentioned in the CompTIA Security+ SY0-701 syllabus?

To create a copy of data and store it in a different location

Why might an organization want to limit a mobile device’s ability to tether or use Wi-Fi Direct?

To prevent bypassing of network controls and potential security risks

In the context of cloud security controls, what does segmentation refer to?

The method by which cloud-based networks can segment computers or networks the same way local networks do with VLANs and subnets

What is a private cloud?

A cloud set up for specific organizations

What is the purpose of storage segmentation in mobile device management?

To ensure that all content retrieved from an organization source is stored in an encrypted segment.

What is a VM escape attack?

An attack that allows an attacker to access the host system from within the virtual system.

What are some methods to protect the confidentiality of data within a database?

Strong access controls and database column encryption

Why is using a master image beneficial for system deployments?

It allows for a secure starting point and reduced costs

Using a master image allows for a secure starting point because the image includes mandated security configurations for the system and individuals deploying the system do not need to remember or follow extensive checklists to ensure that new systems are set up with all the detailed configuration and security settings. It also helps in reducing costs, as support personnel only need to learn one system environment, reducing overall maintenance costs and improving reliability.

Which of the following practices increases the security risk to a mobile device?

Installing apps from third-party app stores

What is a community cloud in terms of cloud deployment models?

A cloud shared by communities with common concerns such as shared goals, security requirements, or compliance considerations

What is a point-to-multipoint connection?

A connection creating an ad hoc network

A point-to-multipoint connection creates an ad hoc network. Ad hoc mode lets wireless devices connect to each other without an AP. This is a method of network connection designed to be formed as needed.

What network security mechanism is typically used to block unwanted traffic from reaching a SCADA system or an ICS, that is connected to the corporate network?

Network intrusion prevention system (NIPS)

A Network Intrusion Prevention System (NIPS) is typically used to block unwanted traffic from reaching an Industrial Control Systems (ICS) or Supervisory Control and Data Acquisition (SCADA) systems. These systems are usually connected to the corporate network, but they are placed within an isolated VLAN. NIPS helps to protect the network by identifying and preventing potential intrusions.

Which of the following correctly describes a USB (Universal Serial Bus) in the context of mobile devices?

It is a cable-based connection method that allows mobile devices to connect to a desktop or laptop.

Which of the following is a method to distribute updated version of firmware on Android devices?

Over-the-air (OTA) updates

What is the role of a hypervisor in a virtualization setup?

It is the software that creates, runs, and manages the virtual machines.

How does an organization typically protect the confidentiality of its data?

Through encryption and strong access controls

What is the benefit of adding Software-defined visibility (SDV) to an organization’s network?

It ensures all network traffic is viewable and can be analyzed.

Which of the following represents a potential risk associated with hardware features on mobile devices, and how MDM tools can be tailored to mitigate such risks?

Certain apps may contain malicious codes allowing attackers to remotely access the device’s hardware features, like camera and microphone, which can be controlled by disabling these features using MDM tools.

Why is it often not possible to patch embedded systems?

Vendors don’t always include methods to patch devices, and even if they do, they don’t always write and release patches in a timely manner

Which communication method is typically used when transferring data over a cable rather than over the air?

Baseband radio

Baseband radio signals include frequencies that are very near zero. They are typically used when transferring data over a cable rather than over the air. Whereas, 5G, Narrowband, and Zigbee are primarily used for wireless communications.

How is replication beneficial for a virtual machine?

It enables easy restoration of a failed virtual server.

What does the use of a USB data blocker in the context of a security policy generally serve to prevent?

Delivery of malware via removable media

A USB data blocker prevents systems from writing data to, or reading data from, a USB or other removable device. This is primarily used to prevent malware from being delivered via removable media, as stated in the given text.

What is the role of a transit gateway in a cloud-based network?

It connects VPCs to an on-premises network

A transit gateway in a cloud-based network serves as a connection hub between VPCs (Virtual Private Clouds) and on-premises networks. This enables the exchange of data between the networks securely.

What is an embedded system as defined by the CompTIA Security+ objectives?

Any device that has a dedicated function and uses a computer system to perform that function

What is monitored by SCADA systems in water treatment facilities?

The temperature and humidity

What is the primary difference between the traditional Corporate-owned model and the Corporate-owned, personally enabled (COPE) model?

In COPE, employees can use organization-owned devices for personal activities

What are the primary goals of configuration management practices in an organization?

All of the above

Configuration management practices aim to support the deployment of systems with secure configurations, to identify configurations with standard naming conventions, and to change configurations using decision-making methods. The process is beneficial in maintaining system security, and the method an organization chooses to achieve this is less important than the consistent use of a method.

What is the purpose of using push notifications in Mobile Device Management (MDM)?

To send messages to mobile devices from apps regarding security settings or compliance with security policies

What is the primary purpose of taking a snapshot of a virtual machine?

To revert the VM to a known good state in case of problem

What is the role of a Cloud Access Security Broker (CASB)?

It monitors traffic and enforces security policies between an organization’s network and the cloud provider.

What distinguishes Raspberry Pi from Arduino in terms of its functionality?

Raspberry Pi is a microprocessor-based mini-computer that uses Raspberry Pi OS to run and can also control systems such as HVAC systems.

Which communication method has a significantly lower range compared to 4G and can be blocked by physical barriers such as trees, walls, and glass?

5G

5G, though it can reach peak speeds significantly higher than 4G and transfer data quicker, has a limited range compared to 4G and can be blocked by physical barriers like trees, walls, and glass.

What are the shared responsibilities between a cloud service provider and a customer in IaaS, PaaS, SaaS models?

Both security and maintenance responsibilities

Which connection method is typically used by smartphones and tablets to connect to a high-speed digital transfer service that is provided by a cellular network?

Cellular

Which of the following is not considered a constraint of embedded systems based on the provided text?

Ability to provide own power supply

What does the term ’Anything as a Service’ (XaaS) refer to?

It refers to all cloud-based services other than SaaS, PaaS, and IaaS including communications, databases, desktops, storage, security, etc.

What is the process of ’Remediation’ in the context of secure baselines?

Correcting detected baseline deviation manually by administrators.

In the context of secure baselines, ’Remediation’ usually involves the systems being isolated or quarantined in a remediation network after a deviation from the baseline is detected by NAC methods. After this, administrators manually correct the problem in these systems to align them back to the baseline.

What does the term ’On-premises’ refer to in relation to organization’s resources?

Resources that are owned, operated, and maintained within the organization’s properties

Which of the following does not accurately describe a constraint faced by embedded systems?

All embedded systems have their own power supply

What does encryption aid in when referring to Cloud Service Providers (CSPs)?

It protects the confidentiality of data.

What is the role of authorization in the context of APIs?

It is used to secure access to the API.

In the context of APIs, authorization methods are used to secure access. Different users or roles may have different levels of access. This can help protect the API from unauthorized usage and potential attacks.

Why might designers skip authentication when designing embedded systems?

Due to the extra requirements

In embedded systems, designers often forego, or skip, authentication due to its extra requirements. Embedded systems are often constrained by resources, and implementing authentication can be a drain on these resources.

What distinguishes a microservices API from a web services-based API in terms of its business tie-in?

A microservices API isn’t tied to any specific business

According to the text, a microservices module isn’t tied to any specific business. This means that developers can use it in different applications without modifying it.

Why do embedded systems often have weak defaults?

Security is often an afterthought in the design process.

When designing embedded systems, security is often not prioritized and weak defaults are used for things like authentication or encryption when sending traffic. This is less about the ability of the embedded system to handle strong defaults and more about where security is placed in the priorities of the design process.

According to NIST SP 800-124, which of the following characteristics are NOT found in mobile devices?

Lower functioning operating system

According to NIST SP 800-124, mobile devices should have an operating system, and basic cell phones, digital cameras, and IoT devices are excluded from this category because they have a limited functioning operating system or do not have an operating system.

What potential risk does Universal Serial Bus On-The-Go (USB OTG) cables pose to an organization’s information security?

They allow to connect any device to a mobile device, including potential malware-contaminated external media

Which of the following describes a technique used by organizations to create a virtual geographic boundary using mobile device’s GPS capabilities?

Geofencing

Geofencing is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries. Organizations can configure mobile apps to operate only within this virtual fence.

What does ’Host Scalability’ refer to in the context of virtual machines?

The ability to resize the computing capacity of the VM by assigning it more memory, processors, disk space, or network bandwidth.

What are some common uses of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems in the context of Energy?

Power generation and oil and gas processing

What is the primary difference between a non-Opal-compliant SED and an Opal-compliant SED?

An Opal-compliant SED requires user authentication to unlock the drive

An Opal-compliant SED requires users to enter credentials to unlock the drive upon bootup. Non-Opal-compliant drives do not have this restriction, allowing an attacker to potentially access data if the drive is installed in another system.

What is Bluetooth commonly used with in the context of mobile devices?

Personal Area Networks

Bluetooth is most commonly used with personal area networks, like connecting to a wireless headset or other personal devices.

Which of the following is a common use of the supervisory control and data acquisition (SCADA) systems and ICS?

For monitoring processes within shipping facilities

What function does geofencing perform in the context of mobile device security?

It creates a virtual fence or geographical boundary, which can restrict the usage of certain mobile apps or wireless networks to within the defined boundary.

Geofencing uses GPS technology to create a virtual geographical boundary, enabling software to trigger a response when mobile devices enter or leave a specific area. In terms of mobile device security, an organization can use geofencing to restrict the usage of certain apps or wireless networks to within the boundary, thus establishing an added layer of security control.

Which of the following best describes the main point regarding ’Implementing Secure Systems?’

Systems need to be secured before deployment and kept secure after.

What are Subscriber identity module (SIM) cards typically used for in the context of embedded systems and IoT devices?

They are used to connect with a cellular provider via a unique serial number

Management within an organization might want to limit a mobile device’s connections to prevent certain security threats. What could be a potential threat if employees use tethering within the organization?

Employees could bypass company firewalls and other security measures

What does full device encryption provide in terms of mobile device security?

It provides application security, data security, and device security

What is the role of a host in the context of virtualization?

It is the physical system that hosts the VMs.

The host in the context of virtualization refers to the physical system that houses the virtual machines or VMs. It usually requires more resources than a typical system, such as multiple processors, massive amounts of RAM, abundant hard drive space, and fast network cards.

What is the primary function of permissions in a cloud service provider’s system?

Permissions are used to identify who can access data in the system.

Which of the following best describes the risks associated with using Short Message Service (SMS) and Multimedia Messag Service (MMS)?

Both services send text in plaintext, potentially exposing the information to interception

What does a customer have to do with a server provided via Infrastructure as a Service (IaaS)?

Configure the operating system based on their needs

What is a field programmable gate array (FPGA) in the context of an embedded system?

A programmable integrated circuit installed on a circuit board

A field programmable gate array is a programmable integrated circuit initialized without any configuration. When the device is turned on, it takes a configuration program from a configuration memory chip or an external processor. The memory chip is non-volatile, thus can retain the configuration even without power.

What is a constraint of power in embedded systems?

They do not have their own power supplies and instead use power from the parent device

Which among the following embedded systems does not use an operating system, but uses firmware for functionality?

Arduino

Arduino is a microcontroller board that does not need an operating system to run, but it uses firmware. It performs simple repetitive tasks, whilst the other choices like FPGA, MFP, and Raspberry Pi use operating systems to function.

What is the purpose of content management in mobile device management (MDM)?

To ensure that all content from an organization source is stored in an encrypted segment.

What does it mean when a system or service is said to have high availability?

It refers to a system or service that remains operational with almost zero downtime.

What does patch management mainly include?

Identifying, downloading, testing, deploying, and verifying patches.

Which of the following is not a common constraint of an embedded system?

Use of all cryptographic protocols

What is the purpose of a CSP integrating auditing methods into the cloud-based resources?

To help customers identify the effectiveness of security controls at protecting the confidentiality, integrity, and availability of cloud-based resources.

What types of resources can access virtual desktop infrastructures (VDIs)?

 Both traditional computers and mobile devices
 
 While traditional computers typically access virtual desktop infrastructures (VDIs) within a network, it’s also possible to deploy a VDI that users can access with their mobile device. This allows users to access any applications installed on their desktop.

What are the primary risks associated with text messaging services such as Short Message Service (SMS) and Multimedia Messaging Service (MMS)?

Unencrypted plaintext and potential for remote code execution attacks

Which of the following defines the ’Enforcing mode’ in the context of Security-Enhanced Linux (SELinux) used by the security-enhanced Android (SEAndroid) security model?

It is a mode where the SELinux policy is enforced and all activities denied by policy are blocked and logged.

Which type of network depends on the cellular provider and the device in use?

Cellular

What is the role of transport level security in an API?

It encrypts traffic transferred over the Internet

Transport level security in an API is used to encrypt any traffic that is transferred over the Internet, ensuring that unauthorized entities are unable to see the traffic.

Which of the following statements regarding SEAndroid security model is NOT correct?

When enabled, SELinux operates using a default allowance principle.

What is the major advantage of UEFI over BIOS?

UEFI can boot from larger disks and it is CPU-independent

UEFI can boot from a larger amount of disk space than BIOS, and because it’s CPU-independent, it doesn’t rely on a central processing unit. This gives it the ability to operate on a wider range of systems.

What are the main characteristics of an on-premises cloud solution according to the text?

The organization retains full control over cloud resources, implements security measures, and takes responsibility for maintenance

What does Infrastructure as code refer to?

Managing and provisioning data centers with code to define VMs and virtual networks.

What distinguishes the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM) from SP-800-53 Revision 5?

The CCM focuses on security controls related to cloud-based resources while SP-800-53 is for all computing systems.

The main difference between the CSA’s CCM and SP-800-53 Revision 5 is their focus. While both provide security controls, the CCM specifically targets cloud-based resources whereas SP-800-53 covers all computing systems.

What does ’instance awareness’ in cloud security controls refer to?

The ability of the CSP to know and report the number of instances of the cloud-based resources an organization is renting

What are two benefits of deploying systems using a master image?

Reduces overall deployment costs and increases reliability

By having a single, mastered system environment that is deployed across the network, the total cost of ownership (TCO) for systems is reduced. It provides a secure starting point, eliminates the need for extensive security and configuration checklists, and simplifies the troubleshooting process for support personnel.

What is the function of containerization in mobile device management?

It runs an organization’s application in a container to isolate and protect the application and its data

What type of wireless technology is Infrared and how is it used?

It is a line-of-sight wireless technology used by mobile devices primarily for audovisual remote controls and file transfer.

Which of the following is NOT a way in which IoT (Internet of Things) technology is commonly used?

Tracking international postal packages

Which of the following is NOT true about Change Management Policy in IT?

A attribute of change management is that administrators can make configuration changes immediately before submitting for review and approval

What is the primary purpose of boot integrity processes implemented by many organizations?

To verify the integrity of the operating system and boot loading systems.

According to the section ’Firewall Considerations’, which one is NOT a characteristic of cloud-based firewalls?

They are always free of charge

What does ’secrets management’ refers to in the context of cloud security controls?

Process of managing and distributing encryption keys and passwords

What is a key difference between a hardware security module (HSM) and a TPM?

An HSM is a removable, external device while a TPM is embedded into the motherboard.

An HSM is a removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. In comparison, a TPM is a chip embedded into the motherboard.

What is a System on a Chip (SoC) in the context of CompTIA Security+?

An integrated circuit that includes all the functionality of a computing system within the hardware