Principles of Computer Security: CompTIA Security+ and ...r2d2.cochise.edu/namuoc/160/160 study guide.pdf · See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, ... OBJECTIVE:

Study Guide for: Principles of ComputerSecurity: CompTIASecurity+ and Beyond(Exam SY0-301), Third

Study Material for: Student 11/29/2012 2:32:05 PM

QuestionWhich security principle has to be combined with host security to avoid introducing oroverlooking vulnerabilities in a system?

Correct AnswerA: Network security

ReferencesEXPLANATION:A is correct. Network security must be combined with host-based security to close allpotential paths of attack.B, C, and D are incorrect as they all offer incomplete solutions. A is more comprehensive andthe best answer.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 12: Security Baselines

OBJECTIVE: Carry out appropriate procedures to establish host security

QuestionRemoving unnecessary services and applying service packs is an example of what?

Correct AnswerB: System hardening

ReferencesEXPLANATION:B is correct. Removing unnecessary services and applying service packs is an example ofsystem hardening.A, C, and D are common terms meant to distract.


OBJECTIVE: Carry out appropriate risk mitigation strategies

LearnKey, Inc. Copyright 2006, All Rights Reserved. Page 1

QuestionEnd users have responsibilities to protect information, and all of the following policies areinvolved in the comprehensive effort except:

Correct AnswerB: Sick leave policy

ReferencesEXPLANATION:B is correct; sick leave policies do not involve access issues.A is incorrect; leaving sensitive material on your desk when you are not there to safeguard itis a potential vulnerability. C is incorrect; passwords provide access to systems. D isincorrect; physical access by unauthorized personnel to materials and systems can createvulnerabilities.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: Operational Organizational Security

OBJECTIVE: Explain the importance of security-related awareness and training

QuestionWhat six-byte number is used to identify a Network Interface Card?

Correct AnswerB: Media Access Control address

ReferencesEXPLANATION:B is correct. The Media Access Control (MAC) address uniquely identifies Network InterfaceCards. The MAC address consists of a vendor number and serial number.A is incorrect. It is a nonsensical distractor. C and D are incorrect. They are technical termsnot related to layer 2 addressing.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 8: Infrastructure Security

OBJECTIVE: Distinguish and differentiate network design elements and compounds

QuestionA top-level CA exists in what type of PKI trust model?

Correct AnswerC: Hierarchical architecture

References


EXPLANATION:C is correct. A top-level CA is necessary to establish a hierarchical trust model.A and B are incorrect. They are nonsensical distractors. D is incorrect. Web of trust is a flatmodel dependent upon trust with peers.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 5: Public Key Infrastructure

OBJECTIVE: Implement PKI, certificate management, and associated components

QuestionWhich widely used protocol is available to vendors to establish their own customizedauthentication system?

Correct AnswerB: EAP

ReferencesEXPLANATION:B is correct; Extensible Authentication Protocol (EAP) allows vendors to customize their ownauthentication system.A is incorrect; ICMP is not used in authentication. C and D are incorrect; they are distractorsbuilt from protocols used in authentication.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 10: Wireless Security


QuestionTo sniff all network traffic connected to your computer, what is necessary?

Correct AnswerB: Your NIC card must be in promiscuous mode.

ReferencesEXPLANATION:B is correct; your NIC card must be able to examine all traffic on your network media, whichmeans it must be set to promiscuous mode.A is incorrect; it is always true, and not discriminatory. C is incorrect; it is not relevant. D isincorrect; it is a nonsensical distractor.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011.


Chapter 11: Intrusion Detection Systems

OBJECTIVE: Explain the security function and purpose of network devices and technologies.

QuestionWhich of the following security terms ensures that only authorized individuals are able tocreate or change information?

Correct AnswerB: Integrity

ReferencesEXPLANATION:B is correct; integrity refers to the protection of information from unauthorized alteration.A is incorrect; confidentiality refers to the protection of information disclosure to unauthorizedparties. C and D are incorrect; they are not related to changing of information.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 19: Privilege Management

OBJECTIVE: Exemplify the concepts of confidentiality, integrity, and availability (CIA)

QuestionWhich of the following is not a typical cloud-based offering?

Correct AnswerC: Authentication as a Service

ReferencesEXPLANATION:C is correct; authentication does not lend itself to the autoprovisioning aspects of cloudservices.A is incorrect; Platform as a Service (PaaS) is the autoprovisioning of platforms across anetwork. B is incorrect; Infrastructure as a Service (IaaS) is the autoprovisioning ofinfrastructure across a network. D is incorrect; Software as a Service (SaaS) is theautoprovisioning of software across a network.



QuestionWhich of the following elements is an environmental issue that could breach computer


security?

Correct AnswerC: Air conditioning

ReferencesEXPLANATION:C. Air conditioning failures can lead to overheating and system shutdowns, adverselyaffecting availability, one of the elements of security.A, B, and D are incorrect; they are security term distractors.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 7: Physical Security

OBJECTIVE: Explain the impact and proper use of environmental controls

QuestionWhich of the following models of computer security implements the principle, Protection =Prevention + (Detection + Response)?

Correct AnswerB: Operational Security

ReferencesEXPLANATION:B is correct; the Operational Security model is defined as: Protection = Prevention +(Detection + Response).A, C, and D are incorrect; they are access control models of differing types.



QuestionPrivilege auditing is not useful for:

Correct AnswerD: Identifying users with evil intentions

ReferencesEXPLANATION:D is correct; audits cannot determine user intentions, only what permissions the users shouldhave based on logical factors.A, B, and C are incorrect; these are all advantages of privilege auditing.




QuestionThe program TFTP uses what port for data transfer?

Correct AnswerD: UDP 69

ReferencesEXPLANATION:D is correct. Trivial File Transfer Program (TFTP) operates over UDP port 69.A is incorrect; this is the port for SSH. B is incorrect; TCP 443 is the HTTPS port. C isnonsensical. HTTP is over TCP port 80.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Authentication and Remote Access

OBJECTIVE: Identify commonly used default network ports

QuestionWhich of the following describes an attack in which an attacker tries to write more data thanallowed to a the memory of a victim's computer?

Correct AnswerA: Buffer overflow

ReferencesEXPLANATION:A is correct; a buffer overflow results when data is written beyond the allocated memory. Thedata may overwrite other data space, code space, registers, or stack space, resulting inunexpected behavior.B, C, and D are all attacks, but not ones that are the result of overwriting memory buffers.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 13: Types of Attacks and Malicious Software


Question


Instead of Telnet, what protocol is recommended?

Correct AnswerB: SSH

ReferencesEXPLANATION:B is correct, as Telnet sends messages in plaintext over the network. SSH is stronglyrecommended instead of Telnet.A and D are incorrect and built using distractors from common terms. C is incorrect as SSL isa transport-level encryption methodology and not used for command-level access.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication

OBJECTIVE: Apply and implement secure network administration principles

QuestionAn Account Lockout Policy is an excellent countermeasure against which type of attack?

Correct AnswerD: Brute-force attack

ReferencesEXPLANATION:D is correct; an account lockout policy will typically require an account to be disabled for aperiod of time before the user can try their password again, making a brute force attacktime-consuming and more easily detectable.A, B, and C are incorrect. They are not account-based attacks.


OBJECTIVE: Implement appropriate security controls when performing account management

QuestionOn mail servers, relaying occurs when:

Correct AnswerB: The server handles a message and neither the sender nor the recipient is a local user

ReferencesEXPLANATION:B is correct; on mail servers, relaying occurs when the server handles a message and neitherthe sender nor the recipient is a local user.A, C, and D are incorrect as they are all related to normal e-mail processing.


REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging


QuestionClear text passwords are a weakness associated with which protocol?

Correct AnswerB: PAP

ReferencesEXPLANATION:B is correct; PAP is a two-way handshake involving the clear text transmission of apassword.A, C, and D are incorrect; they all involve encryption.


OBJECTIVE: Use and apply appropriate cryptographic tools and products

QuestionWhich of the following is not a classification of a security control type?

Correct AnswerC: Auditable

ReferencesEXPLANATION:C is correct. Auditability is not a descriptive element associated with security controls.A, B, and D are incorrect. They are all types of security controls.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 17: Risk Management

OBJECTIVE: Explain risk-related concepts

QuestionWhich encryption scheme is used in cell phones and other mobile devices?


Correct AnswerB: ECC

ReferencesEXPLANATION:B is correct; ECC (elliptic curve cryptography) uses integers and is less processor-intensivethan other algorithms.A, C, and D are incorrect; these algorithms are more computationally intensive than ECC.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4: Cryptography


QuestionSmart Card Authentication can be described as using the following to verify identity:

Correct AnswerA: Something you have (token)

ReferencesEXPLANATION:A is correct. Smart cards are typically credit card-sized devices used to authenticate with aserver that individuals carry with them.B is incorrect. Something you are is related to biometrics, not smart cards. C and D areincorrect. Smart cards may use strong cryptography, but they are ultimately tokens.


OBJECTIVE: Explain fundamental concepts of Authentication

QuestionWhich port should be opened on a firewall to permit e-mail traffic to pass?

Correct AnswerC: TCP 25

ReferencesEXPLANATION:C is correct; TCP port 25 is used by SMTP (Simple Mail Transport Protocol).A is incorrect; TCP 21 is for FTP. B is incorrect; UDP 88 is used with Kerberos. D is incorrect;TCP 139 is NetBIOS.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™


All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 14: E-Mail and Instant Messaging


QuestionWhich of the following correctly describes the TCP three-way handshake?

Correct AnswerA: SYN, SYN/ACK, ACK

ReferencesEXPLANATION:A is correct. The three-way handshake is as follows: SYN, SYN/ACK, ACK. Each of theseitems is represented as one bit in the TCP Header.B, C, and D are incorrect; they are IP flags used as distractors.


OBJECTIVE: Implement and use common protocols

QuestionAn attack that simultaneously involves many attackers in an attempt to shut down services isknown as what?

Correct AnswerA: DDoS

ReferencesEXPLANATION:A is correct; an attack that simultaneously involves many attackers in an attempt to shutdown services is known as a Distributed Denial of Service attack (DDoS). A DDoS attack isusually perpetrated by Zombie machines.B is incorrect; Denial of Service is not from multiple attackers. C is incorrect; war-chalking isthe leaving of visual clues as to wireless locations. D is incorrect; social engineering is anattack against the people element of security.


OBJECTIVE: Analyze and differentiate among types of attacks

Question


Loop protection involves which of the following?

Correct AnswerA: Switches

ReferencesEXPLANATION:A is correct; loops can be formed at layer 2, and the Spanning Tree Protocol is typically usedto prevent loops.B, C, and D are incorrect; they are distractors built using relevant terms.



QuestionWhich of the following is not a cryptographic algorithm used for encryption?

Correct AnswerB: MD5

ReferencesEXPLANATION:B is correct; MD5 is a hash algorithm and is not used to encrypt information.A is incorrect; DES is the Data Encryption Standard. C is incorrect; ECC is elliptic curvecryptography. D is incorrect; AES is Advanced Encryption Standard.



QuestionTCP port 21 is typically associated with which protocol?

Correct AnswerC: FTP

ReferencesEXPLANATION:C is correct. FTP uses TCP port 21 for control channel.A is incorrect; SMTP uses port 25. B is incorrect; SSH uses port 22. D is incorrect; FTPSuses ports 989/990.

REFERENCES:


See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 9: Remote Access and Authentication


QuestionWhat kind of algorithm uses the same key to encrypt and decrypt a message?

Correct AnswerC: Symmetric algorithm

ReferencesEXPLANATION:C is correct. Symmetric algorithms use the same key to encrypt and decrypt.A, B, and D are incorrect: A is a nonsense term. B uses two different keys. D does not use akey.


OBJECTIVE: Summarize general cryptographic concepts

QuestionSpoofing can be described as:

Correct AnswerB: Pretending to be someone you are not

ReferencesEXPLANATION:B is correct. Spoofing can be described as pretending to be someone you are not.A is incorrect; this is flooding. C and D are not attacks, but rather are techniques to detectattacks.



QuestionKerberos systems require which of the following item(s)?

Correct Answer


A: Key Distribution Center (KDC)

ReferencesEXPLANATION:A is correct; Kerberos uses a KDC, which is composed of two parts, an Authentication Server(AS) and a Ticket Granting Server (TGS).B, C, and D are incorrect; an RAS is not required, nor is a client certificate or a certificateauthority in the Kerberos scheme.


OBJECTIVE: Explain the function and purpose of authentication services

QuestionThe term "Open Relay" refers to what?

Correct AnswerC: E-mail servers

ReferencesEXPLANATION:C is correct; Open Relay, also known as Open Mail Relay, refers to allowing anyone to sendmail through a mail server. This is the source of much of the spam people receive.A is incorrect; HTTP servers simply process requests. B is incorrect; FTP servers have aconnection for communication. D is incorrect; the answer "application servers" is a genericdistractor.



QuestionWhich device does not segregate data-link traffic?

Correct AnswerB: Hub

ReferencesEXPLANATION:B is correct as hubs do not segregate any type of network traffic.A is incorrect; switches separate traffic based on layer 2 addresses. C is incorrect; bridgessplit traffic based on layer 2 addresses. D is incorrect; VLANs are implemented usingswitches and layer 2 addresses.



OBJECTIVE: Explain the security function and purpose of network devices and technologies

QuestionConfiguring the operating system of a hard drive with RAID 1 is an example of what?

Correct AnswerC: Fault tolerance

ReferencesEXPLANATION:C is correct; configuring the operating system of a hard drive with RAID 1 is an example offault tolerance.A, B, and D are distractors made from common terms in this area of knowledge.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 16: Disaster Recovery and Business Continuity

OBJECTIVE: Execute disaster recovery plans and procedures

QuestionThe formula for Single Loss Expectancy (SLE) is

Correct AnswerD: Asset Value times EF

ReferencesEXPLANATION:D is correct; the formula for Single Loss Expectancy (SLE) is Asset Value times ExposureValue (EF).A, B, and C are incorrect; they are distractors constructed from risk quantification terms.



Question


What is the best way to generate a complex password?

Correct AnswerC: Using a passphrase

ReferencesEXPLANATION:C is correct. A complex password is long and utilizes alphabetic and numeric characters. Thebest way to generate a complex password is as a passphrase.A is incorrect. A dictionary attack can concatenate two words. B is incorrect. Randompasswords are difficult to remember and their use often results in users writing them down. Dis incorrect. Concatenating known pieces of information can be guessed.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 2: General security concepts and models

OBJECTIVE: Implement appropriate security controls when performing account management

QuestionWhich of the following is not associated with authentication?

Correct AnswerD: Something you had

ReferencesEXPLANATION:D is correct. Authentication is usually accomplished by providing something you "have","know", or "are" (as in the case of biometrics). The key word is "had" as this implies pasttense, and is therefore not appropriate for authentication.A, B, and C are incorrect. These answers all relate to common items used for authentication.


OBJECTIVE: Explain fundamental concepts of Authentication

QuestionAn evil twin attack is performed utilizing:

Correct AnswerC: A rogue access point

ReferencesEXPLANATION:C is correct. An evil twin is a rogue access point set up by an attacker that produces astronger signal than the legitimate access point, pulling in users by virtue of the stronger


signal.A is incorrect; the Fire sheep plug-in targets a different vulnerability. B is incorrect;credentials do not play a role in the evil twin attack. D is incorrect; spoofed packets are notinvolved in the evil twin attack.


OBJECTIVE: Analyze and differentiate among types of wireless attacks

QuestionWhat does ACL stand for?

Correct AnswerC: Access Control List.

ReferencesEXPLANATION:C is correct. ACL stands for Access Control list.A and D are incorrect; they are distractors from unrelated technical terms. B is incorrect; it isa nonsensical distractor.


OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization, and access control

QuestionTwofish was designed to replace what algorithm?

Correct AnswerB: DES

ReferencesEXPLANATION:B is correct. Twofish was a candidate to replace DES as part of the AES competition.A, C, and D are incorrect. MD5 is a hashing algorithm, not an encryption algorithm; Twofishwas part of the AES competition; and Blowfish is a distractor.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4. Cryptography


OBJECTIVE: Apply appropriate cryptographic tools

QuestionTo help secure production web servers, sample files:

Correct AnswerB: Should be removed from production servers

ReferencesEXPLANATION:B is correct; to help secure production web servers, sample files should be removed from allproduction servers.A, C, and D are incorrect as they allow unneeded information to reside on production servers.



QuestionLockouts prevent what type of activity?

Correct AnswerB: 137, 138, 139

ReferencesEXPLANATION:B is correct; UDP 137 is NetBIOS name service, UDP 138 is NetBIOS Datagram service, andTCP 139 is NetBIOS connection.A and C are incorrect; as port 135 is not associated with NetBIOS. D is incorrect as it skipsport 138, which is part of NetBIOS.



QuestionPKI is used to manage identities through the use of:

Correct AnswerA: Certificates

References


EXPLANATION:A is correct; a PKI uses certificates to pass keys associated with identities.B is incorrect; digital signatures involve certificates and PKI, but they don't manage theidentities. C is incorrect; Kerberos can involve certificates and PKI, but it doesn't manage theidentities. D is a distractor using a security term.


OBJECTIVE: Explain the core concepts of public key infrastructure

QuestionWhich of the following is a tool designed to identify what devices are connected to a givennetwork and, where possible, the operating system in use on that device?

Correct AnswerD: Network mapper

ReferencesEXPLANATION:D is correct; a network mapper is a tool designed to identify what devices are connected to agiven network and, where possible, the operating system in use on that device.A, B, and C are tools for operational security, not for network discovery.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 11: Intrusion Detection Systems

OBJECTIVE: Implement assessment tools and techniques to discover security threats andvulnerabilities

QuestionProper humidity and temperature for information systems equipment is an example of whattype of security?

Correct AnswerA: Physical security

ReferencesEXPLANATION:A is correct. Environmental controls are an example of physical security.B, C and D are incorrect. These are all common distractors. They are relevant terms tosecurity, but not to this question.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,


2011. Chapter 7: Physical Security


QuestionAn Access Control List (ACL) is

Correct AnswerC: A list that contains the subjects that have access rights to a particular object

ReferencesEXPLANATION:C is correct; an Access Control List is used to define which subjects have which accessrights to a particular object. The list identifies not only the subject but the specific accessgranted to the subject for the object.A is incorrect; a list of all users is not relevant to an object. B is incorrect as the current loginstatus is not relevant. D is incorrect as access control lists are based on positive criteria, notexceptions.



QuestionWhich Boolean operator is most commonly used in cryptographic applications?

Correct AnswerA: XOR

ReferencesEXPLANATION:A is correct; the Exclusive OR (XOR) is typically used to encrypt and decrypt data.B, C, and D are incorrect; they are built from logical distractors.


OBJECTIVE: Summarize general cryptography concepts

QuestionA one-way algorithm that creates a unique fixed-size number from a variable-length message


is known as what?

Correct AnswerD: Hash

ReferencesEXPLANATION:D is correct. A hash is a fixed-sized result of an algorithm that is generated based on thecontent of the input to an algorithm.A is incorrect; it is a nonsense term. B and C are cryptographic terms associated with othercryptographic items, not fixed block.



QuestionWhich type of social engineering attack utilizes voice messaging to send unsolicited bulkmessages?

Correct AnswerB: SPIM

ReferencesEXPLANATION:B is correct. SPIM is basically SPAM sent via a messaging service.A is incorrect; vishing is basically a variation of phishing that uses voice communicationtechnology to obtain the information the attacker is seeking. C is incorrect; SPAM is notassociated directly with voice messaging. When it is, it is called SPIM, making B a betterchoice. D is incorrect; it is a nonsensical distractor.



QuestionWhich of the following is centralized security based on typical job types?

Correct AnswerB: RBAC

ReferencesEXPLANATION:B is correct; Role-based Access Control (RBAC) grants access based on the type of work the


user is granted.A is incorrect; Mandatory Access Control is based on data, not job type. C is incorrect;Realm-based is not based on job types. D is incorrect; Discretionary Access Control is basedon data, not job type.



QuestionWhat type of device stores and issues certificates?

Correct AnswerA: CA

ReferencesEXPLANATION:A is correct. A certificate authority (CA) stores and issues certificates.B, C, and D are incorrect; they are security acronyms and terms used to distract.



QuestionWhich of the following measures will NOT improve the physical security of a computer?

Correct AnswerA: Insuring the server

ReferencesEXPLANATION:A is correct; insuring the server only provides a financial method of recovering from someaspect of loss; it does not improve the security posture.B, C, and D are incorrect; they all improve the level of physical security.




QuestionThe first and most critical step of auditing is:

Correct AnswerB: To ensure the correct things are being audited

ReferencesEXPLANATION:B is correct; the first and most critical step of logging is to ensure that the correct things arebeing audited.A is incorrect; this wastes space. C is incorrect; as it is a necessary item, just not first. D isincorrect; again, not a first step.


OBJECTIVE: Analyze and differentiate among types of mitigation and deterrent techniques

QuestionWhich of the following steps will an attacker often take to attack a computer system?

Correct AnswerD: Perform a port scan to identify all open ports.

ReferencesEXPLANATION:D is correct; attackers will often perform a port scan to identify all open ports on a system todetermine which potential vulnerabilities may be exploited.A is incorrect; this is a nonsensical answer. B is incorrect; attackers will not install all patches.C is incorrect; this is a mitigation effort, not an attacker effort.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 20: Computer Forensics


QuestionIn which of the following attacks does the attacker ensure that all communication going to orfrom the target machine passes through the attacker's machine?

Correct AnswerD: Man-in-the-middle attack

ReferencesEXPLANATION:


D is correct; in the man-in-the-middle attack, the attacking machine inserts itself in the path ofcommunications between the target machine and its connections.A is incorrect; in replay attacks, the replay packets do not involve all data. B is incorrect;spoofing is falsifying content fields. C is incorrect; the brute force method alleviates theimportance of the positioning of the attacker with respect to their pattern of attack.



QuestionQuantum cryptography is best used for:

Correct AnswerA: Secure Key Distribution

ReferencesEXPLANATION:A is correct. Quantum cryptography is best utilized for secure key distribution.B, C, and D are incorrect. Quantum cryptography is computationally challenging (bad formobile), and its strength is in detecting interception and in strength of encryption-ruling out Cand D.



QuestionAll employees should be expected to read and understand which of the following documentsassociated with end-user responsibilities?

Correct AnswerA: Acceptable Use agreement

ReferencesEXPLANATION:A is correct. All employees should read and understand the firm's acceptable use policy.B, C, and D are common security elements used as distractors. Not all choices would applyto all employees.



Chapter 2: Operational Organizational Security

OBJECTIVE: Explain the importance of security related awareness and training

QuestionAn advantage of symmetric key-based encryption over asymmetric key encryption is:

Correct AnswerA: Speed of operation for bulk encryption/decryption

ReferencesEXPLANATION:A is correct; symmetric key is faster than asymmetric key cryptography, hence it is better forbulk operations.B is incorrect; symmetric vs. asymmetric has no relation to complexity of algorithms. C isincorrect; symmetric vs. asymmetric has no relation to level of security. D is incorrect;asymmetric algorithms solve key distribution issues.


OBJECTIVE: Summarize general cryptography concepts

QuestionAn application that executes malicious code when a predetermined event occurs is calledwhat?

Correct AnswerD: Logic bomb

ReferencesEXPLANATION:D is correct; logic bombs will execute based on predetermined events.A is incorrect; evil twin is a wireless attack. B is incorrect; root kits are a means of changingthe system files and operation of an OS. C is incorrect; back doors are alternative means ofentry.


OBJECTIVE: Analyze and differentiate among types of malware

QuestionWho is responsible for access control on objects in the Mandatory Access Control (MAC)


model?

Correct AnswerC: System administrator

ReferencesEXPLANATION:C is correct; the system administrator is responsible for Mandatory Access Control modelimplementation on the system.A and B are incorrect; owners and creators can administer Discretionary Access Control(DAC) systems. D is incorrect; it is a simple distractor.



QuestionA web application firewall is designed to detect and stop which of the following?

Correct AnswerA: SQL injection attacks

ReferencesEXPLANATION:A is correct; web security gateways are intended to address the security threats and pitfallsunique to web-based traffic such as SQL injection attacks.B, C, and D are incorrect; although these are potential attacks, they are not against webapplications.



QuestionAn example of attacking the inherent trust a web browser imparts to a web session is:

Correct AnswerA: Cross-site scripting

ReferencesEXPLANATION:A is correct. Cross-site scripting is an attack methodology; while all are attacks, this answer ismost closely related to the web.


B, C, and D are incorrect. They are not tied directly to web browser activity.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 15: Web Components

OBJECTIVE: Analyze and differentiate among types of application attacks

QuestionImplicit deny in a firewall rule set means:

Correct AnswerC: Any traffic not expressly permitted is denied.

ReferencesEXPLANATION:C is correct; implicit deny means that any traffic not expressly permitted by a rule in thefirewall's rule set or ACL is denied and rejected by the firewall.A and B are incorrect; implementation would be equivalent to a disconnection, not a firewall.D is incorrect; this is an implicit allow.



QuestionData classification allows an organization to determine what?

Correct AnswerC: Data security policy: how much protection does the data need?

ReferencesEXPLANATION:C is correct; data classification is the cornerstone of determining what the securityrequirements are for the data.A is incorrect; retention is not strictly determined by data sensitivity (classification). B isincorrect; storage is not strictly determined by data sensitivity (classification). D is incorrect;duplication is not strictly determined by data sensitivity (classification).


OBJECTIVE: Explain the importance of data security


QuestionThe activity of searching for unsecured wireless networks is known as what?

Correct AnswerC: War-driving

ReferencesEXPLANATION:C is correct; the activity of searching for unsecured wireless networks is known aswar-driving.A, B, and D are incorrect; they are distractors using wireless terms and the "war-" prefix.


OBJECTIVE: Implement a wireless network in a secure manner

QuestionA disadvantage of a Full backup is:

Correct AnswerB: It takes the longest time to restore.

ReferencesEXPLANATION:B is correct; a full backup takes the longest to restore as it contains all information.A is incorrect; full backups can be stored on a variety of media. C is incorrect; it is not adisadvantage. D is incorrect; all backups can backup malware infections, it is not unique tofull backups.


OBJECTIVE: Execute disaster recovery plans and procedures

QuestionWhat type of survey is performed to assess the optimal location of Wireless Access Points?

Correct AnswerB: Site survey

ReferencesEXPLANATION:B is correct; a site survey is performed to assess the optimal location of Wireless Access


Points.A, C, and D are distractors built from common wireless terms.


OBJECTIVE: Implement wireless network in a secure manner

QuestionYou have created a file on a remote server that is confidential. You wish to assign permissionto access the file to selected members of your team. You will be choosing which of thefollowing type of access control systems?

Correct AnswerC: Discretionary Access Control

ReferencesEXPLANATION:C is correct; Discretionary Access Control gives the user the option of setting controls.A is incorrect as Mandatory Access Control does not provide for user control. B and D areincorrect as they are created from nonsense terms.


OBJECTIVE: Explain the fundamental concepts and best practices related to authentication,authorization and access control

QuestionA _________ refers to a bootable media device left in the open with an enticing title.

Correct AnswerC: Road apple

ReferencesEXPLANATION:C is correct. "Road apple" is the term used to describe the social engineering attackassociated with leaving bootable media for people to pick up and use.A and B are incorrect; they can be bootable media, but are not necessarily an attack. D is anonsense distractor.



OBJECTIVE: Analyze and differentiate among types of social engineering

QuestionWhat is tailgating?

Correct AnswerD: Following another individual through an open door

ReferencesEXPLANATION:D is correct. Following an individual through a normally locked door is called tailgating.A is incorrect, it is a form of social engineering called shoulder surfing. B and C are incorrect.They are nonsensical distractors.


OBJECTIVE: Analyze and differentiate among types of social engineering attacks

QuestionCallback can be exploited by what means?

Correct AnswerD: Call Forwarding

ReferencesEXPLANATION:D is correct. Call Forwarding will route the legitimate call from the Remote Access Server tothe attacker's phone number.A, B, and C are incorrect; they are all distractors built using terms that are relevant to thesubject.



QuestionECC is particularly suited to

Correct AnswerD: Mobile devices


ReferencesEXPLANATION:D is correct. ECC requires very little power, making it ideal for low-power devices, such asmobile devices.A, B, and C are incorrect. Although used on mainframes, ECC is primarily designed and usedin low-power situations where transmission errors may occur, as in mobile devices.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 4. Cryptography

OBJECTIVE: Explain general cryptography concepts.

QuestionWhich of the following sends unguaranteed or best-effort data transfers?

Correct AnswerD: UDP

ReferencesEXPLANATION:D is correct. User Datagram Protocol (UDP) sends data without guaranteeing delivery.A is incorrect. DNS is not a data transfer protocol. B and C are both guaranteed deliveryprotocols.



QuestionFlood guards are related to which elements of network security?

Correct AnswerB: IDS/IPS

ReferencesEXPLANATION:B is correct. Flooding-type attacks can be caught using an intrusion detection (or prevention)system.A is incorrect. Spanning Tree Algorithm is related to loop protection. C and D are incorrect.Both are legitimate terms, but not related to flooding attacks and prevention.



Chapter 8: Infrastructure Security


QuestionAcceptable use policies are used to define

Correct AnswerD: All user responsibilities

ReferencesEXPLANATION:D is correct; an acceptable use policy defines all user responsibilities with respect to using ITresources.A, B, and C are incorrect; they are security term distractors.



QuestionWhat type of firewall works primarily on port and IP addresses?

Correct AnswerD: Packet-filtering firewall

ReferencesEXPLANATION:D is correct. A packet-filtering firewall works primarily on ports and IP addresses.A and B are incorrect. They are different types of firewalls that require additional packetinspection. C is incorrect. This is a simple distractor.



QuestionWhich of the following documents is used to determine your most critical business functionsand is used to help build your DRP?

Correct AnswerD: Business Impact Analysis


ReferencesEXPLANATION:D is correct; the BIA outlines what the loss of any of your critical functions will mean to theorganization and is used in the development of the Disaster Recovery Plan (DRP).A is incorrect; it is high level. B is incorrect; it is a nonsensical distractor. C is incorrect; itdoes not directly address the question.


OBJECTIVE: Explain and apply physical access security methods.

QuestionWhat is the term given to the process of returning to an earlier release of a softwareapplication in the event that a new release causes either a partial or complete failure?

Correct AnswerC: Backout

ReferencesEXPLANATION:C is correct; a backout plan is the steps to restore a system in the event of a failure of anupgrade.A, B, and D are incorrect; they are distractors constructed from relevant terms.


OBJECTIVE: Identify and apply industry best practices for access control methods.

QuestionThe attribute that prevents someone from later denying their actions is called what?

Correct AnswerA: Nonrepudiation

ReferencesEXPLANATION:A is correct. Nonrepudiation prohibits people from denying their actions.B, C, and D are incorrect. These are all terms used in cryptography but do not relate to theconcept of repudiation and nonrepudiation.



Chapter 4: Cryptography


QuestionWhich protocol is a countermeasure for network sniffing?

Correct AnswerB: SSH

ReferencesEXPLANATION:B is correct; Secure Shell (SSH) encrypts traffic, making the traffic not available to sniffers.A, C, and D are incorrect; they are all plaintext protocols, with their traffic available forsniffing.



QuestionTesters who have full access to design and coding elements in developing their test plan areusing which methodology?

Correct AnswerD: White-box testing

ReferencesEXPLANATION:D is correct; white box testing refers to testing schemes where design and coding decisionsare open to inspection.A is incorrect; black-box testing refers to testing in which the testers have no knowledge ofwhat is inside. B is incorrect; grey-box testing refers to partial knowledge. C is incorrect; it is acombination of terms meant to distract.


OBJECTIVE: Within the realm of vulnerability assessments, explain the proper use ofpenetration testing versus vulnerability scanning

QuestionTo help secure DNS servers, zone transfers should:


Correct AnswerA: Be limited to DNS servers that need access to the entire zone information for update andreplication purposes

ReferencesEXPLANATION:A is correct; zone transfers should be limited to DNS servers that need access to the entirezone information for update and replication purposes.B, C, and D are incorrect as they would impair DNS operations.



QuestionWhich type of social engineering attack targets only specific individuals high up in anorganization, such as the corporate officers, with e-mail attempting to get them to revealpersonal or sensitive information?

Correct AnswerB: Whaling

ReferencesEXPLANATION:B is correct; whaling refers to the use of more senior execs to create trust in lower levels toany unauthorized users.A, C, and D are incorrect. They are all social engineering attacks, but with differentmethodologies.


OBJECTIVE: Analyze and differentiate among types of social engineering attacks

QuestionA key element in using PKI certificate-based security is the use of which of the following?

Correct AnswerD: CRL

ReferencesEXPLANATION:D is correct. CRL (Certificate Revocation List) is the best answer. The CRL determineswhether the issuer has revoked the certificate.A and C are incorrect; they are involved, but not in any fashion that provides better security


than a CRL. B is incorrect; it is not involved in PKI certificate trust decisions.


OBJECTIVE: Implement PKI, certificate management, and associated components

QuestionFor a security policy to be effective, it must be understood by:

Correct AnswerA: All employees

ReferencesEXPLANATION:A is correct because security is an all-hands effort; all employees must understand theeffects of a security breach and the company policy associated with security.B, C, and D are incorrect; as they are subsets of "All employees," which is a better answer.



QuestionWhich of the following is not a method to implement 802.1X?

Correct AnswerA: EAP-RC2

ReferencesEXPLANATION:A is correct; RC2 is not a valid crypto scheme for 802.1X.B, C, and D are incorrect. B uses MD5 for encryption, C is Tunneling TLS, and D is TLS.



Question


Escalation auditing is the process of looking for:

Correct AnswerC: An increase in privilege

ReferencesEXPLANATION:C is correct; escalation auditing is the process of looking for an increase in privilege.A is incorrect; this is a nonsensical distractor. B is incorrect; this is not an escalation issue.The audit searches for threats that can come from an increase in privilege. D is incorrect;although unauthorized logins are a security issue, they are not related to this topic.



QuestionWhich of the following does not secure e-mail?

Correct AnswerC: MIME

ReferencesEXPLANATION:C is correct, as S/MIME, PGP, and OpenPGP are all methods of securing e-mail viaencryption. MIME is not encrypted.A, B, and D are incorrect, as they all enable encryption with e-mail.



QuestionWhich of the following is a reason given for limiting an object's privileges as part of theprinciple of least privilege?

Correct AnswerB: It limits the amount of harm that can be caused, thus limiting an organization's exposure todamage.

ReferencesEXPLANATION:B is correct; this is the primary reason given for implementing the concept of least privilege.


A is incorrect; the opposite is more true, with least privilege, you limit the user base that canbe responsible. C is incorrect; least privilege adds to the preparation work, but makesresponse easier. D is incorrect as it is has no relationship to the actual number of permittedparties, just the correct ones.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 1: General Security Concepts


QuestionWhich of the following services allows a client to retrieve email from a mail server?

Correct AnswerB: POP3

ReferencesEXPLANATION:B is correct; POP3 (Post Office Protocol) is the only correct answer.A is incorrect; SNMP is Simple Network Management Protocol. C is incorrect; FTP is for filetransfers. D is incorrect; HTTP is used to communicate to a web server, not the e-mail server.



QuestionWhat was described as the chief drawback to the security principle of separation of duties?

Correct AnswerC: The cost required in terms of both time and money.

ReferencesEXPLANATION:C is correct; the chief drawback with the principle of separation of duties is the perceived costinvolved.A is incorrect; while it may not be popular among users, this is not a chief drawback. B and Dare incorrect, as the principle is not hard to understand, and it doesn't make it easier forinsiders to take advantage of security holes.

REFERENCES:See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. "CompTIA Security+™All-in-One Exam Guide (Exam SY0-301), Third Edition." New York, Osborne/McGraw-Hill,2011. Chapter 1: General Security Concepts


OBJECTIVE: Identify and explain applicable legislation and organizational policies.

QuestionInternet content filter appliances can be used to:

Correct AnswerB: Block end-user access to specific types of data based on content

ReferencesEXPLANATION:B is correct; Internet content filters act to restrict the types of information being accessed byweb users.A is incorrect; this is data loss prevention. C is incorrect; this is load balancing. D is incorrect;this is done by web application firewalls.



QuestionWhen comparing two different implementations of the same algorithms for cryptographicstrength, what is the best guide?

Correct AnswerD: Key length in bits

ReferencesEXPLANATION:D is correct. The strength of an implementation is directly related to keyspace (number ofpotential keys).A, B, and C are incorrect. These are all common distractors.


OBJECTIVE: Summarize general cryptographic Concepts

QuestionA root kit does what?

Correct AnswerA: Helps malicious users gain unauthorized administrative access to computers


ReferencesEXPLANATION:A is correct. Rootkits are designed to help malicious users, including unauthorized users,gain unauthorized administrative access to computers.B, C, and D are incorrect. They are all distractors based on relevant terms.


OBJECTIVE: Analyze and differentiate among types of malware

QuestionWhen a certificate authority signs a certificate, it uses what to do so?

Correct AnswerC: The CA's private key

ReferencesEXPLANATION:C is correct; the CA uses its private key, allowing users to use the public key to authenticatethe origin of the signature.A is incorrect; it is false-CAs do sign certificates. B is incorrect; it would require the release ofthe CA's private key for validation of the signature. D is incorrect: because the CA does notknow who the requestor is at the time of signing, one signature is used for many requests.



QuestionWhich of the following addresses is an example of a MAC address?

Correct AnswerD: 00:07:e9:7c:c8:aa

ReferencesEXPLANATION:D is correct; it is a MAC address and is a hexadecimal representation of 48 bits.A is incorrect; it is an IP address. B is incorrect; it is a common subnet mask for IPv4. C isincorrect; it is an IPv6 address.



Chapter 8: Infrastructure Security


QuestionWhich media is most susceptible to EMI?

Correct AnswerB: Unshielded Twisted-Pair

ReferencesEXPLANATION:B is correct. Unshielded Twisted-Pair (UTP) is most susceptible to electromagneticinterference.A and D are incorrect. Both of these media are outside the typical frequency range of EMI,and in the case of fiber optics, shielded as well. C is incorrect as it is a shielded cable.



QuestionWhich of the following protocols cannot traverse NAT?

Correct AnswerC: L2TP

ReferencesEXPLANATION:C is correct; L2TP cannot traverse NAT. One recommended option is to have the VPNterminate at the firewall instead of traversing it.A, B, and D are incorrect; SMTP, NTP, and FTP applications can communicate across NAT.




Documents

Principles of Computer Security: CompTIA Security+ and ...r2d2.cochise.edu/namuoc/160/160 study guide.pdf · See Conklin, A., White, G., Williams, D., Davis, R., & Cothren, ... OBJECTIVE: