Comptia Security+ Exam
You need to manage a remote server. Which of the following ports should you open on the firewall between your system and the remote server?
22 and 3389
What protocol ID does IPsec use?
50
An ______________ server provides port-based authentication and can prevent unauthorized devices from connecting to a network.
802.1x
Checking the logs of a web server, you see the following entry: 192.252.69.129 --[1/Sep/2013:05:20]"GET /index.php? username=ZZZZZZZZZZZZZZZZZZZZZBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCHTTP/1.1" "http://gcgapremium.com/security/" "Chrome3 1" Which of the following is the BEST choice to explain this entry?
A buffer overflow attack
Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning?
A matrix of functions matched with their required privileges
What would you configure on a Layer 3 device to allow FTP traffic to pass through?
Access Control List (ACL)
Your organization includes the following statement in the security policy: "Security controls need to protect against both online and offline password brute force attacks." Which of the following controls is the LEAST helpful to meet these goals?
Account Expiration
__________________ helps protect against brute force attacks.
Account Lockout
You want to deter an attacker from using brute force to gain access to a mobile device. What would you configure?
Account lockout settings
Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity?
Advanced Persistent Threat
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: 'or '1'='1'-- Which of the following is the MOST likely explanation for this?
An SQL Injection attack
__________________ identifies the expected monetary loss for an incident.
Annual Loss Expectancy (ALE)
You are asked to identify the number of times a specific type of incident occurs per year. Which of the following BEST identifies this?
Annual Rate of Occurrence (ARO)
A logic bomb is code that executes in response to an event. If the logic bomb is set to enable an account after it has been disabled, the logic bomb is creating a ______________________.
Back Door
Lisa recently completed an application used by the Personnel department to store PII and other employee information. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. What does this describe?
Backdoor
You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first?
Baseline
Network administrators identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of services from the standard image, you verify this application is very likely the problem. What process allowed you to make this determination?
Baselining
Which type of authentication is a retina scan?
Biometric
A security professional is testing the functionality of an application, but does not have any knowledge about the internal coding of the application. What type of test is this tester performing?
Black Box
Which of the following is an attack against a mobile device?
Bluejacking
_______________attacks use formatted input.
Command Injection
An organization recently suffered a significant outage after a technician installed an application update on a vital server during peak hours. The server remained down until administrators were able to install a previous version of the application on the server. What could the organization implement to prevent a re-occurrence of this problem?
Create a patch management policy
Input validation includes boundary or limit checking to validate data before using it. Proper input validation also prevents many problems such as cross-site request forgery (XSRF), ______________________, buffer overflow, and command injection attacks.
Cross-Site Scripting (XSS)
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?
DDoS
Management within your organization wants to limit documents copied to USB flash drives. Which of the following can be used to meet this goal?
Data Loss Prevention (DLP)
Your primary job activities include monitoring security logs, analyzing trend reports, and installing CCTV systems. Which of the following choices BEST identifies your responsibilities?
Detecting security incidents and implementing monitoring controls
A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. What is the BEST response to this situation?
Disable the accounts
Your organization has several switches used within the network. You need to implement a security control to secure the switch from physical access. What should you do?
Disable unused ports
Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with reducing the attack surface of this server to prevent future attacks. Which of the following will meet this goal?
Disabling unnecessary services
Your organization issues users a variety of different mobile devices. However, management wants to reduce potential data losses if the devices are lost or stolen. Which of the following is the BEST technical control to achieve this goal?
Disk encryption
____________________________ uses multiple public IP addresses instead of just one.
Dynamic Network Address Translation (DNAT)
Your organization routinely hires contractors to assist with different projects. Administrators are rarely notified when a project ends and contractors leave. Which of the following is the BEST choice to ensure that contractors cannot log on with their account after they leave?
Enable account expiration
You need to transmit PII via email and you wan tot maintain its confidentiality. What should you do?
Encrypt it before sending
A security administrator is implementing a security program that addresses confidentiality and availability. What else should the administrator include?
Ensure systems are not susceptible to unauthorized changes
What type of device would have the following entries used to define its operation? permit IP any any eq 80 permit IP any any eq 443 deny IP any any
Firewall
________________ help protect against SYN flood attacks.
Flood guards
Your organization is planning to issue mobile devices to some employees, but they are concerned about protecting the confidentiality of data if the devices are lost or stolen. Which of the following are the BEST way to secure data at rest on a mobile device?
Full device encryption
_____________________ sends random or unexpected input into an application to test the application's ability to handle it.
Fuzzing
A small business owner modified his wireless router with the following settings: PERMIT 1A:2B:3C:4D:5E:6F DENY 6F:5E:4D:3C:2B:1A After saving his settings, an employee reports that he cannot access the wireless network anymore. What is the most likely reason that the employee cannot access the network?
Hardware address filtering
Homer recently implemented a wireless network in his home using WEP. He asks you for advice. Which of the following is the BEST advice you can give him?
He should not use WEP because it implements weak IVs for encryption keys
A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?
Honeynet
A __________________ is a server designed to look valuable to an attacker and can divert attacks.
Honeypot
__________________________ identifies hosts on a network.
Host Enumeration
After disabling unnecessary services, what should you do next to reduce the attack surface of a web server?
Identify the baseline
Bart is performing a vulnerability assessment. Which of the following BEST represents the goal of this task?
Identify the system's security posture
You are configuring a switch and need to ensure that only authorized devices can connect to it and access the network through this switch. Which of the following is the BEST choice to meet this goal?
Implement 802.1x
A security analyst is evaluating a critical industrial control system. The analyst wants to ensure the system has security controls to support availability. Which of the following will BEST meet this need?
Implementing control redundancy and diversity
Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy?
Inability to ensure devices are up to date with current system patches
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue?
Input Validation
Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connected to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it's not possible to update the SCADA system. What can mitigate this risk?
Install a NIPS on the border of the SCADA network
Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with the hashes she created on the same files the previous week. Which security goal is she pursuing?
Integrity
An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. What identifies this principle?
Layered Security
Bart installed code designed to enable his account automatically, three days after anyone disables it. What does this describe?
Logic Bomb
___________________ filtering can block or allow access based on a device's MAC address, also known as the hardware address.
MAC address
A security professional has reported an increase in the number of tailgating violations into a secure data center. What can prevent this?
Mantrap
You are redesigning your password policy. You want to ensure that users change their passwords regularly, but they are unable to reuse passwords. What settings should you configure?
Maximum password age, password history, and minimum password age
Users are required to log on to their computers with a smart card and a PIN. Which describes this?
Multifactor authentication
Port Address Translation (PAT) is a form of __________________ and it allows many internal devices to share one public IP address.
Network Address Translation (NAT)
Which type of authentication does a hardware token provide?
One-time password
An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should be changed to avoid the problem shown with these passwords?
Password length
A ___________________ includes plans for identifying, testing, scheduling, and deploying updates.
Patch Management Policy
Which of the following tools is the MOST invasive type of testing?
Pentest
Your organization has implemented a network design that allows internal computers to share one public IP address. Of the following choices, what did they MOST likely implement?
Port Address Translation (PAT)
Your company recently began allowing workers to telecommute from home one or more days a week. However, your company doesn't currently have a remote access solution. They want to implement an AAA solution that supports different vendors. Which of the following is the BEST choice?
RADIUS
________________________ can be used for automated inventory control to detect movement of devices.
Radio-Frequency Identification (RFID)
__________________________ will prevent switching loop problems, but doesn't authenticate clients.
Rapid Spanning Tree Protocol (RSTP)
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent these connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solution?
Reduce antenna power
A recent change in an organization's security policy states that monitors need to be positioned so that they cannot be viewed from outside any windows. What is the purpose of this policy?
Reduce success of shoulder surfing
Which of the following represents the BEST action to increase security in a wireless network?
Replace Temporal Key Integrity Protocol (TKIP) with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Homer called into the help desk and says he forgot his password. What should the help-desk professional do after Homer has verified his identity?
Reset the password and configure the password to expire after the first use
___________________ attempts to discourage attacks with preventative controls such as a security guard.
Risk Deterrence
____________________ reduces risks through internal controls.
Risk Mitigation
An organization has purchased fire insurance to manage the risk of a potential fire. What method are they using?
Risk Transference
A _____________ attack uses specific SQL code, not random letters or characters.
SQL Injection
Which of the following list of protocols use TCP port 22 by default?
SSH, SCP, SFTP
A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if devices are lost of stolen. Which of the following meets this goal?
Screen locks and device encryption
Of the following choices, what are valid security controls for mobile devices?
Screen locks, device encryption, and remote wipe
Your organization's security policy requires that PII data at rest and PII data in transit be encrypted. Of the following choices? what would the organization use to achieve these objectives?
Secure Shell (SSH) and Pretty Good Privacy / GNU Privacy Guard (PGP/GPG)
______________________ systems use signatures similar to antivirus software.
Signature-based
_________________________ identifies the expected monetary loss for a single incident.
Single Loss Expectancy (SLE)
Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials. They can then access other systems in the organization without logging on again. What does this describe?
Single sign-on
A network administrator needs to open a port on a firewall to support a VPN using PPTP. What ports should the administrator open?
TCP 1723
Bart wants to block access to all external web sites. Which port should he block at the firewall?
TCP 80
Your organization is hosting a wireless network with an 802.1x server using Protected Extensible Authentication Protocol (PEAP). On Thursday, users report they can no longer access the wireless network. Administrators verified the network configuration matches the baseline, there aren't any hardware outages, and the wired network is operational. Which of the following is the MOST likely cause for this problem?
The RADIUS server certificate expired
While reviewing logs on a firewall, y ou see several requests for the CNAME record of gcgapremium.com. What is the purpose of this request?
To identify any aliases used by gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the "A" record of gcgapremium.com. What is the purpose of this request?
To identify the IPv4 address of gcgapremium.com
While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?
To identify the IPv6 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the MX record of gcgapremium.com. What is the purpose of this request?
To identify the mail server for gcgapremium.com
__________________________ secures transmissions for data in transit.
Transport Layer Security (TLS)
Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
Trusted Platform Module (TPM)
You need to configure a UTM security appliance to restrict access to peer-to-peer file sharing web sites. What are you MOST likely to configure?
URL filter
A security tester is using fuzzing techniques to test a software application. Which of the following does fuzzing use to test the application?
Unexpected Input
You want to test new security controls before deploying them. Which of the following technologies provides the MOST flexibility to meet this goal?
Virtualization technologies
You need to ensure that several systems have all appropriate security controls and patches. However, your supervisor specifically told you not to attack or compromise any of these systems. Which of the following is the BEST choice to meet these goals?
Vulnerability Scan
You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users enter their usernames and passwords. Which of the following BEST meets this requirement?
WPA2 over EAP-TTLS
A web developer is using methods to validate user input in a web site application. This ensures the application isn't vulnerable to XSS, SQL Injection, Buffer Overflow, and Command Injection. What attack is not prevented by validating user input?
Whaling
Testers are analyzing the web application your organization is planning to deploy. They have full access to product documentation, including the code and data structures used by the application. What type of test will they MOST likely perform?
White Box
An updated security policy defines what applications users can install and run on company-issued mobile devices. Which of the following technical controls will enforce this policy?
Whitelisting
An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?
mandatory access control (MAC)
A _______________ attack attempts to redirect users from one web site to another web site.
pharming