CompTIA SK0-005 Practice Test

Explanation:

When a security scan reports that an application has a known vulnerability, the vulnerability exists within that specific application software, not necessarily in the operating system or network configuration.

The best and most direct course of action is to:

Upgrade or patch the affected application package to the latest version provided by the vendor.
Vendors release patches and updates specifically to fix security vulnerabilities, improve stability, and ensure compliance with current security standards.
This approach directly eliminates the vulnerability at its source instead of only mitigating it at other layers.

Why the Other Options Are Wrong:

B. Tighten the rules on the firewall
While tightening firewall rules can reduce attack exposure, it does not actually fix the vulnerability within the application.
It’s considered a temporary mitigation, not a long-term fix.

C. Install antivirus software
Antivirus software helps protect against malware infections, but it does not address software vulnerabilities in applications.
The issue here is with an application flaw, not malicious code.

D. Patch the server OS
Patching the OS is good security hygiene but unrelated in this case.
The vulnerability exists in the application, not in the operating system.

Reference:
CompTIA Server+ SK0-005 Exam Objectives:
4.2 – Summarize server hardening and security best practices.
4.3 – Given a scenario, implement proper patch management.

NIST SP 800-40 Rev. 4 (Guide to Enterprise Patch Management):
Recommends prioritizing updates that address known vulnerabilities in applications and software packages.

Summary:
When a vulnerability is found in an application, the most effective and recommended action is to upgrade or patch the application package to eliminate the flaw.

Explanation

The problem is that the application servers, which are intended to be local to each country, are currently accessible from sites in other countries. The most effective and direct solution to restrict network access based on geographic location (or, more practically, based on source IP address ranges) is to use a Firewall.

A. Configure a firewall (Correct):
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on pre-defined security rules.
An administrator can configure the firewall to allow traffic only from the IP address ranges known to be associated with the local country's network or Internet Service Providers (ISPs).
Conversely, the firewall can be configured to deny all traffic originating from the IP address ranges associated with the organization's sites or ISPs in other countries. This is the only option that directly addresses the requirement of restricting access based on location.

B. Close the unneeded ports / D. Disable unneeded services (Incorrect, but important hardening steps):
Closing ports and disabling services are fundamental security hardening steps. They reduce the attack surface by limiting what services are exposed.
However, they do not address who (or where) can access the server. An attacker from another country could still exploit an allowed port or service (like the application port) if the firewall isn't properly configured.

C. Install a HIDS (Host-based Intrusion Detection System) (Incorrect):
A HIDS monitors a server's internal activity (file changes, system logs, processes) for signs of a compromise after a connection is established.
It is a detection tool, not a prevention tool, and it certainly does not prevent connections from specific geographic locations.

Reference
This question relates to the Security domain of the SK0-005 exam, specifically focusing on Server Hardening and Network Access Control. The use of a firewall to implement access control lists (ACLs) based on source IP address is the core concept being tested.

Explanation:

The CIO’s concern is external detection of transmissions from the datacenter—meaning electromagnetic (EM) signals, such as Wi-Fi, cellular, Bluetooth, or even unintentional RF emanations (TEMPEST risks). To prevent signal leakage, physical countermeasures that block or contain EM radiation are required.

C. Signal blocking

What it means: Use of RF shielding materials (e.g., Faraday cages, conductive paint, metal mesh in walls, shielded cabling, RF-blocking window films).
How it resolves the concern: Prevents EM signals from escaping the building, blocking external interception using spectrum analyzers or rogue receivers.
Real-world use: SCIFs (Sensitive Compartmented Information Facilities), secure datacenters, and military installations use full-room Faraday shielding.
Directly addresses the CIO’s fear of detectable transmissions.

E. Reflective glass

What it means: Windows coated with metallic or dielectric films that reflect RF signals (often marketed as "RF-shielded" or "signal-blocking" glass).
How it resolves the concern: Windows are a common weak point for RF leakage. Reflective glass blocks radio waves while allowing visible light.
Bonus: Also provides visual privacy and energy efficiency.
Used in: Secure government and financial datacenters.

Why the other options are incorrect:

A. RFID
RFID is a tracking/access technology using radio signals. It generates more EM emissions—increasing the risk of detection, not reducing it.

B. Proximity readers
These are access control devices (e.g., Prox cards). They emit low-power RF for card reading—adding to signal leakage, not blocking it.

D. Camouflage
Camouflage hides the visual appearance of the building (e.g., making it look like a warehouse). It does nothing to stop radio signal detection.

F. Bollards
Bollards are physical barriers to prevent vehicle ramming. They protect against physical attacks, not signal interception.

Reference:
CompTIA Server+ SK0-005 Exam Objectives – Domain 3.0 Security, Objective 3.4:
“Given a scenario, apply physical security methods including… signal blocking, shielded rooms…”

NIST SP 800-53 (Rev 5) – PE-19: Electromagnetic Pulse (EMP) Protection and Information Leakage controls include RF shielding.

NSA TEMPEST Standards: Require signal containment in classified environments.

BICSI Datacenter Design Manual: Recommends RF-shielded glass and Faraday cage construction for high-security facilities.

Explanation

Split encryption keys, also known as secret sharing or key splitting, is a security technique where a single encryption key is divided into multiple parts (shares). To decrypt the data, a predetermined number of these shares (e.g., 2 out of 3, or 3 out of 5) must be combined.
This method is specifically designed to mitigate the risk of a single point of failure or compromise.

Let's see how it applies to an insider threat:

Mitigation of Insider Threat:
In this scenario, no single individual within the organization holds the complete power to decrypt the sensitive files. A malicious insider (or even a coerced employee) who possesses only one share of the key cannot access the data alone. It would require collusion among multiple authorized individuals to reconstruct the full key, which is a much more difficult and detectable action. This enforces the principle of least privilege and separation of duties.

Why the Other Options Are Incorrect

A. Hardware Failure:
Split keys do not protect against hardware failure. Mitigation for hardware failure involves solutions like RAID (Redundant Array of Independent Disks), backups, and redundant power supplies. The data could still be lost if the storage media fails, regardless of how the key is managed.

B. Malware:
While encrypting files can protect them from certain types of malware (like ransomware that encrypts data), the technique of splitting the key does not specifically mitigate the malware itself. Malware could still infect the system, corrupt files, or log keystrokes. Anti-malware software, network security, and application whitelisting are the primary defenses here.

C. Data Corruption:
Split keys have no bearing on data integrity. Data corruption occurs when bits on a storage device are altered. This is mitigated by technologies like checksums, hashing (e.g., SHA-256), and filesystems with built-in integrity checking (e.g., ZFS). Encryption protects confidentiality, not integrity.

Reference
This question falls under Domain 5.0: Security, specifically addressing:
5.3: Explain the importance of logical security concepts.
It touches on core security principles like Separation of Duties (splitting responsibilities to prevent fraud or error) and Defense in Depth (using multiple layers of security controls).

Key Takeaway:
Split encryption keys are an administrative and logical control designed to distribute trust and prevent any single person from having unilateral access to sensitive encrypted data. This makes it a powerful tool specifically for mitigating risks associated with trusted insiders.

Explanation:

A Service Level Agreement (SLA) is a formal contract or agreement between a service provider (such as a system administrator, IT team, or vendor) and a customer or internal department.

It defines specific performance standards and response expectations, such as:

Maximum response time to tickets or incidents
Resolution time targets
System uptime or availability guarantees
Support hours and escalation procedures

In this scenario, since the server administrator must respond to tickets within a certain amount of time, this requirement clearly comes from an SLA, which outlines response and resolution commitments.

Why the Other Options Are Incorrect:

A. BIA (Business Impact Analysis)
A BIA identifies critical business functions and the impact of disruptions, helping define recovery priorities.
It does not define response times for support tickets.
Not relevant here.

B. RTO (Recovery Time Objective)
RTO defines the maximum acceptable downtime for a system after an outage before business operations are affected.
It’s a disaster recovery metric, not a service response target.
Not about responding to tickets.

C. MTTR (Mean Time To Repair/Recover)
MTTR measures the average time taken to repair or restore a system after a failure.
It’s a performance metric, not a formal obligation or policy.
It tracks performance but doesn’t define required response times.

Reference:
CompTIA Server+ SK0-005 Exam Objective:
4.4 – Summarize key elements of service level agreements and support concepts.

ITIL Framework:
Defines SLAs as agreements specifying measurable performance targets, including incident response times and resolution deadlines.

Summary:
The requirement for the server administrator to respond to tickets within a defined time frame is established by a Service Level Agreement (SLA).

Explanation:

In this scenario, the technician is setting up a single server at a remote site to monitor and record security camera footage.
The goal is to minimize cost, not to deploy a large-scale or high-density server infrastructure.

Let’s evaluate each option carefully:

A. Virtual
Virtualization requires additional hardware resources (CPU, RAM, storage) and possibly hypervisor licensing costs.
It’s most useful for running multiple servers or applications on the same hardware, not a single-purpose system.
Not cost-effective for a small, single-server setup.

B. Blade
Blade servers are designed for large data centers with high-density compute needs.
They require a blade chassis, shared power, and cooling infrastructure — all of which are expensive and not suitable for a small, remote site.
Overkill and costly for this use case.

C. Tower
Tower servers resemble desktop PCs and are ideal for small offices or single-server deployments.

They are:

Cheaper to purchase and maintain
Simple to install
Require minimal cooling and rack infrastructure
Perfect for a remote site with limited space and budget constraints.
Most cost-effective and practical choice.

D. Rack mount
Rack-mounted servers are great for larger environments where multiple servers need to be organized in racks.
They require rack enclosures, cooling systems, and power management, which add to the cost.
Not ideal for a single, standalone deployment.

Reference:
CompTIA Server+ SK0-005 Exam Objective:
2.1 – Given a scenario, install server hardware and configure basic settings.

Vendor Guidelines (Dell, HPE, Lenovo):
Tower servers are recommended for small business or remote site setups where space and budget are limited.

Summary:
For a single server used to monitor and record security cameras at a remote site, the most affordable and practical solution is a tower server.

Explanation:

The requirement is to support no more than 30 usable IP addresses on a network. The most efficient subnet is the smallest one that provides at least 30 usable host IPs, thereby minimizing wasted addresses.

To determine usable hosts, recall the formula:

Usable IPs = 2^(32 – CIDR) – 2 (subtract 2 for network and broadcast addresses).

Now, let’s evaluate each option:

A. 255.255.255.0 → This is a /24 subnet.
2^(32–24) = 2^8 = 256 total IPs → 254 usable.
This provides over 8 times the required hosts — highly inefficient.

B. 255.255.255.128 → This is a /25 subnet.

2^(32–25) = 2^7 = 128 total IPs → 126 usable.
Still supports 4 times the needed hosts — significant waste.

C. 255.255.255.224 → This is a /27 subnet.

2^(32–27) = 2^5 = 32 total IPs → 30 usable.
This gives exactly 30 usable IPs — perfect fit, with zero waste.

D. 255.255.255.252 → This is a /30 subnet.
2^(32–30) = 2^2 = 4 total IPs → 2 usable.
Only supports 2 devices — insufficient for 30.

Efficiency means using the smallest subnet that meets or slightly exceeds the requirement.
→ 255.255.255.224 (/27) is the most efficient because it provides exactly 30 usable addresses.

Example Network (192.168.10.0/27):
Network address: 192.168.10.0
Usable host range: 192.168.10.1 – 192.168.10.30
Broadcast address: 192.168.10.31

Why the others are incorrect:

A. 255.255.255.0 (/24) → 254 hosts: Far too large — wastes 224 addresses.
B. 255.255.255.128 (/25) → 126 hosts: Still overprovisioned — wastes 96 addresses.
D. 255.255.255.252 (/30) → 2 hosts: Too small — cannot accommodate 30 devices.

Reference:
CompTIA Server+ SK0-005 Exam Objectives – Domain 1.0 Server Hardware, Objective 1.5:
“Explain the purpose of IPv4 addressing including subnetting and variable length subnet masking (VLSM)…”
RFC 3021 – Using /31 for point-to-point links; standard practice uses /27 for ~30 hosts.

Cisco IP Addressing and Subnetting for New Users:
“To support 30 hosts, use a /27 mask (32 total, 30 usable).”
Subnetting Best Practice: Always select the smallest subnet that satisfies the host requirement.

Explanation

The question has two critical requirements for the RAID configuration: it must be able to handle up to two drive failures, and it must use the least amount of drive space for RAID overhead (parity or mirroring).

Let's evaluate the options:

RAID 6 is known as dual-parity RAID. It stripes data across all drives and calculates two sets of parity information, which are also distributed across the drives.

Fault Tolerance:
Because it has two independent parity blocks, it can withstand the complete failure of any two drives in the array. This meets the first requirement perfectly.

Overhead:
The capacity overhead for RAID 6 is always the equivalent of two drives. In an array of eight drives, this means you lose 2 drives worth of space for parity, leaving 6 drives for usable data. This is a 25% overhead, which is the smallest possible for a two-drive fault-tolerant configuration.

Why the Other Options Are Incorrect

A. RAID 0:
This level offers zero fault tolerance. A single drive failure results in the complete loss of the entire array. It also has zero overhead, but it completely fails the primary requirement for fault tolerance.

B. RAID 5:
This level uses striping with single parity. It can only tolerate the failure of a single drive. If a second drive fails before the first is replaced and rebuilt, the array fails and all data is lost. Therefore, it does not meet the requirement of handling up to two drive failures.

D. RAID 10:
This is a nested level that creates a striped set from a series of mirrored pairs. Its fault tolerance is conditional; it can survive multiple drive failures, but only if no single mirrored pair loses both of its drives. If two drives in the same mirror fail, the array is destroyed. So, it does not guarantee survival from any two drive failures. Furthermore, RAID 10 has a constant 50% capacity overhead because every drive is mirrored. In an eight-drive array, only four drives worth of space are usable for data. This is a much higher overhead than RAID 6's 25%, failing the second requirement.

Reference
This question falls under Domain 3.0: Storage, specifically addressing the objective of selecting and implementing appropriate RAID levels based on given specifications for performance, capacity, and fault tolerance.

Conclusion:
RAID 6 is the definitive choice because it is the only standard RAID level that provides a guaranteed two-drive fault tolerance with the minimal possible capacity overhead of two drives' worth of space.

Explanation:

An air-gapped system is a physically isolated computer or network that is not connected to the internet or any external systems, used to protect highly sensitive or classified data.
Even with an air gap, the biggest remaining risk is an insider threat — someone with legitimate access who might intentionally or accidentally compromise the system. To counter this, organizations use two-person integrity (TPI) or dual control mechanisms.

What is Two-Person Integrity (TPI)?

Two-person integrity is a security principle requiring two authorized individuals to be present or to approve certain actions before access is granted or changes are made.

Examples include:

Requiring two administrators to log in or use two separate keys to access or modify sensitive data.
Mandating that two people verify each other's actions to prevent unauthorized changes, theft, or tampering.
This significantly reduces the likelihood that a single insider could act maliciously or bypass controls.

Why the Other Options Are Incorrect:

B. SSO (Single Sign-On)
SSO improves user convenience by allowing one login for multiple systems.
It does not enhance security against insider threats; in fact, it centralizes risk if a credential is compromised.
Not suitable for air-gapped systems.

C. SIEM (Security Information and Event Management)
SIEM helps aggregate and analyze logs for suspicious activity.
While useful in connected environments, it requires network integration and real-time data feeds, which an air-gapped system does not have.
Not applicable in isolated systems.

D. Faraday Cage
A Faraday cage blocks electromagnetic signals to prevent wireless data leaks.
It protects against external attacks, not insider misuse.
Not effective for insider threat prevention.

E. MFA (Multi-Factor Authentication)
MFA protects against unauthorized external access by requiring multiple verification methods.
However, an insider with valid credentials can still misuse access once logged in.
MFA doesn’t prevent malicious insider activity after authentication.

Reference:
CompTIA Server+ SK0-005 Exam Objective:
4.2 – Summarize server hardening and security best practices.

NIST SP 800-53 (AC-5 & AC-6):
Recommends dual authorization mechanisms for highly sensitive or classified systems to prevent insider misuse.

Summary:
For air-gapped systems holding extremely sensitive data, the best way to defend against insider threats is implementing two-person integrity, ensuring no single individual can compromise the system alone.

Explanation

To build a software RAID (Redundant Array of Independent Disks) on a Windows Server, the administrator uses the storage management feature known as Dynamic Disk.

B. Dynamic disk (Correct):
In Windows Server operating systems, changing a basic disk to a dynamic disk unlocks advanced storage features managed by the operating system (software), rather than a dedicated hardware controller. These features include:

Spanning:
Combining space from multiple disks into one volume.

Striping (RAID 0):
Spreading data across multiple disks for performance.

Mirroring (RAID 1):
Duplicating data across multiple disks for redundancy.

RAID-5:
Striping with parity across three or more disks for a balance of performance and redundancy.

Why the other options are incorrect:

A. Logical volume management (LVM):
This is the technology used on Linux and Unix systems for managing storage partitions and creating software RAID configurations. It is not the term or technology used by Windows.

C. GPT (GUID Partition Table):
This is a modern standard for the partition table format on a hard disk, replacing the older MBR. It deals with how the disk is partitioned (allowing for larger disks and more partitions) but does not inherently create or manage RAID arrays.

D. UEFI (Unified Extensible Firmware Interface):
This is the modern replacement for the traditional BIOS. It is the firmware interface that manages the server's boot process and initial hardware settings. It has no direct function in creating a software RAID array managed by the operating system.

Reference
This question falls under the Storage domain of the SK0-005 exam, testing the administrator's knowledge of Software RAID implementation specifically within the Windows Server environment, where Dynamic Disks are the key enabler for software-based redundancy and performance configurations.