CompTIA Security+ Missed Questions and Acronyms
Your organization is planning to implement an internal PKI. What is required to ensure users can validate certificates? Wildcard certificates An intermediate CA CSR CRL
A certificate revocation list (CRL) includes a list of revoked certificates and it allows users to validate certificates. Wrong: Any CA can issues a CRL, so an intermediate CA is not needed. Users request certificates with a certificate signing request (CSR) Wildcard certificates reduce the administrative burden for certificates, but do not have anything to do with validating certificates
You need to request a certificate for a web server. Which of the following would you MOST likely use? CRL CA CSR OCSP
A certificate signing request (CSR) uses a specific format to request a certificate. You submit the CSR to a Certificate Authority (CA), but the request needs to be in the CSR format. A certificate revocation list (CRL) is a list of revoked certificates. The Online Certificate Status Protocol (OCSP) is an alternative method of validating certificates and indicates if a certificate is good, revoked, or unknown.
A security manager is reviewing security policies related to data loss. Which of the following is the security administrator most likely to be reviewing? Separation of duties Clean desk policy Change management Job rotation
A clean desk policy requires users to organize their areas to reduce the risk of possible data theft and password compromise. Wrong: A separation of duties policy separates individual tasks of an overall function between different people. Job rotation policies require employees to change roles on a regular basis. Change management helps reduce intended outages from changes.
Your organization is planning to implement stronger authentication for remote access users. An updated security policy mandates the use of token-based authentication with a password that changes every 30 seconds. Which of the following choices BEST meets this requirement? Smart card HOTP TOTP CHAP
A time-based one-time password (TOTP) creates passwords that expire after 30 seconds An HMAC-based One time password (HOTP) creates passwords that do not expire Challenge Handshake Authentication Protocol uses a nonce (a number used once) but a nonce does not expire after 30 seconds
True
The last default rule on a firewall is to deny all traffic
A user wants to hide confidential data within a .jpg file. Which of the following is the BEST choice to meet this need? ECC CRL File-level encryption Steganography
Steganography allows users to hide data within the white space of other files, including .jpg files. Certificate Revocation list (CRL) identifies revoked certificates file-level encryption encrypts a file, such as a master password list, but does not hide data within another file.
After a recent incident, a forensic analyst was given several hard drives to analyze. What should the analyst do first? Take screenshots and capture system images Perform antivirus scans and create a chain-of-custody documents Take hashes and capture system images Take hashes and screenshots
Take hashes and capture system images. Forensic analysts capture images and take hashes before beginning analysis, and they only analyze the image copies, not the original drive. Wrong: Screenshots are taken when a computer is running. An antivirus scan might modify the drive and chain-of-custody documents are created when evidence is collected.
Flood guard
Which of the following security solutions provides a countermeasure against denial of service attack characterized by increasing number of half-open connections
Vulnerability assessment
identifies a system or network's security posture
Port scanner
identifies services running on a system
Berkeley Internet Name Domain (BIND)
type of Domain Name System (DNS) software commonly used on the Internet and in some internal networks, so a BIND server is a DNS server. Runs on Unix servers, but not all Unix servers are BIND servers
Neighbor Discovery Protocol (NDP)
used by IPv6 to resolve addresses to media access control (MAC) addresses (also called hardware addresses)
An organization is planning to implement an internal PKI for smart cards. Which of the following should the organization do FIRST? Generate key pairs Identify a recovery agent Install a CA Generate a certificate
A public Key infrastructure (PKI) requires a certification authority (CA), so a CA should be installed first. Smart cards require certificates and would be issued by the CA. After installing the CA, you can generate key pairs to be used with certificates issued by the CA. A recovery agent can be identifies, but it isn't required to be done as a first for a CA
ACL (Access Control List)
A set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object
Your organization wants to protect its web server from cross-site scripting attacks. Which of the following choices provides the BEST protection? Network-based firewall WAF Host-based firewall IDS
A web application firewall (WAF) is an Application layer firewall designed specifically to protect web servers. Wrong: Although both host-based and network-based firewalls provide protection, they aren't necessarily Application layer firewalls, so they do not provide the same level of protection for a web server as a WAF does. An intrusion detection system (IDS) can help detect attacks, but it isn't as good as the WAF when protecting the web server.
Exception
Allowing a connection through a firewall is known as creating
Attacker is bypassing client-side input validation by interception and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack? Proxy Exception handling Flash cookie Command injection
An attacker can use a web proxy to intercept the HTTP POST command. The attacker then modifies the data in the command sends it to the website. Wrong: Command injection is a type of client-side injection attack that input validation thwarts Flash cookies are used by Adobe Flash applets, but are not used to bypass input validation. Exception handling catches errors, allowing applications to handle them gracefully
An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution? SHA Blowfish ECC Bcrypt
Bcrypt is a key stretching technique designed to protect against brute force attempts and is the best choice of the given answers. Another alternative is Password-Based Key Derivation Function 2 (PBKDF2). Both salt the password with additional bits. Wrong: Passwords stored using Secure Hash Algorithm (SHA) are easier to crack because they don't use salts. PBKDF2 is based on Blowfish, but Blowfish itself isn't commonly used to encrypt passwords Elliptic curve cryptography (ECC) is efficient and sometimes used with mobile devices, but not to encrypt passwords
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring? SQL Injection Buffer overflow XML injection Zero-day
Buffer overflow atacks includ a series of no operation (NOP) commands, such as hexadecimal 90 (x90). When successful, they can crash applications and expose memory, allowing attackers to run malicious code on the system. Wrong: SQL injectoin attacks and Extensible Markup Language (XML) injection attacks do not use NOP commands. Zero-day attacks are unknown or undocumented, but attacks using NOP commands are known.
Home installed code designed to enable his account automatically three days after someone disables it. What did Homer create? Backdoor Rootkit Armored virus Ransomware
By ensuring that his account is automatically reenabled, Homer has created a backdoor. He is creating this with a logic bomb, but a logic bomb isn't available as a choice in this question. Rootkits include hidden processes, but they do not activate in response to events. An armored virus uses techniques to make it difficult for researches to reverse engineer it. Ransomware demands payment to release a user's computer or data
Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process? Carl's private key Lenny's private key Carl's public key Lenny's public key
Carl uses his private key to digitally sign the file Lenny uses Carl's public key to decrypt the digital signature. Lenny's keys are not used in this scenario
Your organization is investigating possible methods of sharing encryption keys over a public network. Which of the following is the BEST choice? ECDHE PBKDF2 CRL Hashing
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) allows entities to negotiation encryption keys securely over a public network Password-Based Key Derivation Function 2 is a key stretching technique designed to make password cracking more difficult. A certificate revocation list (CRL) identifies revoked certificates and is unrelated to sharing encryption keys. Hashing methods do not support sharing encryption keys over a public network.
SMTP, 25
Which of the following answers list the protocol and port number used by a spam filter
Which of the following is a management control? Least privilege Encryption Security policy Change management
Written security policies are management controls Wrong: Encryption and the principle of least privilege are technical controls Change management is an operational control
Rule-based access control
access control model in which access to resources is granted or denied depending on Access Control List entires
Penetration test
determines if vulnerabilities can be exploited
Radio-frequency identification (RFID)
provides automated inventory control and can detect movement of devices