Security+ Match Device Controls
The Security+ exam expects you to understand controls and you should be able to match device controls with specific devices. For example, can you match device controls used with mobile devices such as tablets and smartphones? Can you match device controls used on servers?
Performance Based Questions
Topics such as security controls for devices are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to drag and drop different controls to the devices that they protect. If you’re unfamiliar with the new performance based questions, you might like to check out these blogs too:
- CompTIA Performance Based Testing
- Security+ and Performance Based Questions
- Security+ WAP Performance Based Questions
- Security+ Forensic Performance Based Question
- CompTIA Testing Changes
Match Device Controls Practice Question
The following list of controls includes some that are used with mobile devices such as smartphones, tablets, and laptops. It also includes some controls that are used with servers but not mobile devices. Do you know which ones are which?
Click the image for a larger view.
Some of these are used only on mobile devices, some are only used on servers, and some can be used on both.
|Which security controls are for mobile devices?||Â|
|Which security controls are for servers?||Â|
Match Device Controls for Mobile Devices
Here are the common security controls used for mobile devices:
- Screen lock. Uses a passcode or password to lock the device. This prevents a thief from using a stolen device.
- Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Laptops support strong passwords but smartphones and tablets typically only support simple passwords such as personal identification numbers (PINs) but since the question included laptops in the listing of mobile devices, strong passwords can be used. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
- Data encryption. Encryption protects the confidentiality of data and smartphone security includes device encryption to protect the data against loss of confidentiality. It’s possible to selectively encrypt some data on a system, an entire drive, or an entire device.
- Remote wipe/sanitation. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device, ensuring that all valuable data is removed.
- Voice encryption. It’s possible to use voice encryption with some phones to help prevent the interception of conversations
- Global positioning system (GPS) tracking. A GPS pinpoints the location of the phone. Many phones include GPS applications that you can run on another computer. If you lose your phone, GPS can help you find it. Who knows? You may find that it just fell through the cushions in your couch. This is useful to know before you send a remote wipe signal.
- TPM. Trusted platform modules (TPMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.
- Cable locks. The number of laptops stolen during lunches at conferences is astronomical. Many people don’t seem to know how common thefts are and often leave their laptops unprotected. Cable locks can secure a mobile computer. They often look about the same as a cable lock used to secure bicycles.
- Locked cabinet or safe. Small devices can be secured within a locked cabinet or safe. When they aren’t in use, a locked cabinet helps prevent their theft.
Note about TPMs
This is a great example of how technology has changed since the original Security+ objectives were released. Back then, you would typically only find TPMs on laptops and some systems that needed full disk encryption, but not other mobile devices such as smartphones and tablets. Today, some smartphones and tablets include TPMs to encrypt data. If the Security+ exam questions are keeping up with the current technology, you could include TPMs with mobile devices.
You can read more about them in the TPM and HSM Hardware Encryption Devices blog.
If you were to match the controls to the Mobile devices, it might look like this. The idea is that you drag and drop individual controls from the area on the right to the area under Mobile Devices.
Click the image for a larger view.
Match Device Controls for Servers
If you were to match the controls to servers, it might look like this:
Click the image for a larger view.
Some of these items are the same as the mobile devices, and some of the items are unique for servers:
- Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
- Least privilege. Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions. Rights and permissions are commonly assigned on servers, but rarely on mobile devices such as tablets and smartphones.
- Data encryption. Encryption protects the confidentiality of data on servers just as it can protect the confidentiality of data on mobile devices. It’s possible to selectively encrypt individual files or entire disk volumes.
- Mantrap, cipher lock, and proximity lock. This are examples of physical security and they can be used to restrict access to a server room.
- Firewall. Software-based firewalls are commonly used on servers but are extremely rare on mobile devices.
- HSM. Hardware security modules (HSMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.
Security+ Match Device Controls Summary
You can expect to see some performance based questions on the Security+ exam and you might even see one requiring you to match device controls to specific devices. While these are different from a typical multiple choice question, you can still answer them correctly as long as you know the content. The information from this blog was derived from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, and it covers all of the security controls in the Security+ exam.
Other Security+ Study Resources
- Security+ blogs organized by categories
- Security+ blogs with free practice test questions
- Security+ blogs on new performance-based questions
- Mobile Apps: Apps for mobile devices running iOS or Android
- Audio Files: Learn by listening with over 6 hours of audio on Security+ topics
- Flashcards: 494 Security+ glossary flashcards, 222 Security+ acronyms flashcards and 223 Remember This slides
- Quality Practice Test Questions: Over 300 quality Security+ practice test questions with full explanations
- Full Security+ Study Packages: Quality practice test questions, audio, and Flashcards