Unformatted text preview: 5/7/16, 10:02 AM Exam Report: CompTIA Security+ Certification Practice Exam Date: 5/7/2016 8:17:42 am
Time Spent: 01:26:03 Candidate: McKenzie, Kerzan
Login: KerzanM Overall Performance
Your Score: 59%
Passing Score: 95%
View results by: Objective Analysis Individual Responses Individual Responses
Question 1: Correct You walk by the server room and notice a fire has started. What should you do first?
Call the fire department.
Make sure everyone has cleared the area.
Turn on the overhead sprinklers.
Grab a fire extinguisher and try to put out the fire. Explanation
Your first action should be to ensure the safety of others. Make sure that people are out of the
area. Fires and other hazards can quickly spread, so fast action is required to make sure that
everyone is safe.
Call the fire department after you have taken steps to warn people who might be in danger. In
most cases, you should not try to put out fires on your own as they can quickly get out of
LabSim for Security Pro, Section 5.3.
[Questions.exm APESS_7-1 ]
Question 2: Incorrect You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in
You've downloaded an Open Source NoSQL database from the Internet and installed it on a test
system in an isolated lab environment.
What should you do to harden this database before implementing it in a production
environment? (Select two.)
Implement an IDS to detect SQL injection attacks on the database. about:blank Page 1 of 60 5/7/16, 10:02 AM Enable anonymous access.
Enable data encryption in the database configuration.
Implement an Application layer protocol to encrypt data prior to saving it in the
Disable anonymous access. Explanation
To harden a NoSQL implementation, consider the following measures:
• Configure user accounts and assign strong passwords to them.
• Disable anonymous access and require authentication.
• Configure access controls to restrict access based on the user account.
• Because the database itself likely doesn't provide encryption, data should be encrypted
using an Application layer protocol prior to saving it in the database. This ensures the data at
rest is stored in an encrypted format within the database.
• Encrypt data in transit using SSL.
• Because of its minimal security controls, NoSQL database servers should only be
implemented in a hardened, secure environment protected by traditional network security
mechanisms such as firewalls, VLANs, and ACLs.
Because NoSQL does not support most aspects of the SQL language, NoSQL databases are less
susceptible to SQL injection attacks when compared to traditional SQL database
LabSim for Security Pro, Section 9.6.
Question 3: Correct How many keys are used with symmetric key cryptography?
Private Key or Symmetric Cryptography uses a single shared key. Both communicating parties
must possess the shared key to encrypt and decrypt messages. The biggest challenge to
Symmetric Cryptography is the constant need to protect the shared private key. This protection
must be applied at all times, including the initial transmission of the shared key between the
LabSim for Security Pro, Section 3.3.
[Questions.exm SP02_4-1 ]
about:blank Page 2 of 60 5/7/16, 10:02 AM Question 4: Correct Recently, a serious security breach occurred in your organization. An attacker was able to log in
to the internal network and steal data through a VPN connection using the credentials assigned
to a vice president in your organization.
For security reasons, all individuals in upper management in your organization have unlisted
home phone numbers and addresses. However, security camera footage from the vice
president's home recorded someone rummaging through her garbage cans prior to the attack.
The vice president admitted to writing her VPN login credentials on a sticky note that she
subsequently threw away in her household trash. You suspect the attacker found the sticky note
in the trash and used the credentials to log in to the network.
You've reviewed the vice president's social media pages and you found pictures of her home
posted, but you didn't notice anything in the photos that would give away her home address.
She assured you that her smart phone was never misplaced prior to the attack.
Which security weakness is the most likely cause of the security breach?
Geo-tagging was enabled on her smartphone.
Sideloaded apps were installed on her smartphone.
An Xmas Tree attack was executed on her smartphone.
Weak passwords were used on her smartphone. Explanation
Geo-tagging embeds GPS coordinates within mobile device files (such as image or video files)
created with the device's camera. While this feature can be useful in some circumstances, it can
also create security concerns. In this scenario, the vice president probably posted geo-tagged
images to her social media accounts. The attacker likely analyzed the images to discover where
she lives and then conducted a dumpster dive attack that yielded the sticky note with the vice
president's VPN credentials. The best way to remedy this weakness is to simply disable this
functionality in the mobile devices you manage.
Sideloaded apps can only be installed if the device administrator has specifically configured the
device to allow them, so this is an unlikely cause. A weak smartphone password is a concern,
but would not be the cause of the exploit if the device was always in the vice president's
possession. An Xmas Tree attack is used to fingerprint network devices, not to gather personally
identifying information. References
LabSim for Security Pro, Section 5.5.
Question 5: Correct You are creating a new Active Directory domain user account for the Robert Tracy user account.
During the account setup process, you assigned a password to the new account.
However, you know that for security reasons the system administrator should not know any
user's password. Only the user should know his or her own password—no one else.
Click the option you would use in the New Object - User dialog to remedy this situation. about:blank Page 3 of 60 5/7/16, 10:02 AM Explanation
When creating a new user account or resetting a forgotten password, a common practice is to
reset the user account password, and then select User must change password at next
logon. This forces the user to reset the password immediately following logon, ensuring the
user is the only person who knows the password.
Enable the User cannot change password option when you want to maintain control over a
Guest, service, or temporary account. For example, many applications use service accounts for
performing system tasks. The application must be configured with the user account name and
password. In this situation, you may also need to enable the Password never expires option.
The Account is disabled option is used in situations where you want to create an account
now, but the user will not actually need it until a future date. References
LabSim for Security Pro, Section 2.6.
Question 6: Correct You are concerned that the accountant in your organization might have the chance to modify
the books and steal from the company. You want to periodically have another person take over
all accounting responsibilities to catch any irregularities.
Which solution should you implement?
Need to know
Separation of duties
Explicit deny Explanation
about:blank Page 4 of 60 5/7/16, 10:02 AM Job rotation is a technique where users are cross-trained in multiple job positions, and where
responsibilities are regularly rotated between personnel. Job rotation can be used for training
purposes, but also allows for oversight of past transactions. As jobs rotate, personnel in new
positions have the chance to review actions taken by others in that same position and possibly
catch security problems.
Separation of duties is the concept of having more than one person required to complete a task.
The principle of least privilege states that users or groups are given only the access they need to
do their job (and nothing more). With explicit deny, users are specifically prevented from gaining
access to a resource. Need to know describes the restriction of data that is highly sensitive and
is usually referenced in government and military context. References
LabSim for Security Pro, Section 2.4.
[Questions.exm SP08_3-1 3]
Question 7: Correct What is the primary means by which supervisors can determine whether or not employees are
complying with the organization's security policy?
Job action warnings
Keystroke logging Explanation
The primary means to ensure employee compliance with security policy is to use auditing.
Keystroke logging is another possible tool, but it requires significant work to interpret the
keystrokes and place them in context in order to determine what is actually being performed.
Plus, keystroke logging itself does not indicate when security has been violated, that is only
discovered after intense investigation of the keystroke logs. Awareness sessions remind workers
of the security policy, it does not check for compliance. Job action warnings are used to
encourage compliance and discourage violations, but they do not detect or determine whether
or not violations have occurred. References
LabSim for Security Pro, Section 4.9.
[Questions.exm CISSP-704 NEW ]
Question 8: Correct Which of the following would you find on a CPS?
A description of the format for a certificate
A list of revoked certificates
A declaration of the security that the organization is implementing for all certificates
A list of issued certificates
about:blank Page 5 of 60 5/7/16, 10:02 AM Explanation
The Certificate Practice Statement (CPS) is a declaration of the security that the organization is
implementing for all certificates issued by the CA holding the CPS.
The Certificate Revocation List (CRL) resides at the CA and consists of a list of certificates that
have been previously revoked. The Online Certificate Status Protocol (OCSP) is a protocol used
for checking the status of an individual digital certificate to verify if it is good or has been
revoked. X.509 is the standard that identifies the format for certificates. References
LabSim for Security Pro, Section 3.5.
[Questions.exm SP08_5-5 6]
Question 9: Correct Which IPSec subprotocol provides data encryption?
The Encapsulating Security Payload (ESP) protocol provides data encryption for IPSec traffic.
The Authentication Header (AH) provides message integrity through authentication, verifying
that data are received unaltered from the trusted destination. AH provides no privacy however,
and is often combined with ESP to achieve integrity and confidentiality. References
LabSim for Security Pro, Section 6.9.
[Questions.exm SSCP-3 SP ]
Question 10: Incorrect Which of the following are security devices that perform stateful inspection of packet data,
looking for patterns that indicate malicious code? (Select two.)
An Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) are devices that
about:blank Page 6 of 60 5/7/16, 10:02 AM scan packet contents looking for patterns that match known malicious attacks. Signature files
identify the patterns of all known attacks. When a packet matches the pattern indicated in the
signature file, the packet can be dropped or an alert sent.
Firewalls use an access control list (ACL) to filter packets based on the packet header (not data)
information. Firewalls can filter packets based on port, protocol, or IP address. A Virtual Private
Network (VPN) is an encrypted communication channel established between two entities to
exchange data over an unsecured network. References
LabSim for Security Pro, Section 7.6.
[Questions.exm C802_601-603 MULTIPLE CHOICE ]
Question 11: Correct Which of the following is an example of an internal threat?
A delivery man is able to walk into a controlled area and steal a laptop
A water pipe in the server room breaks
A user accidentally deletes the new product designs
A server backdoor allows an attacker on the Internet to gain access to the intranet site Explanation
Internal threats are intentional or accidental acts by employees including:
• Malicious acts such as theft, fraud, or sabotage.
Intentional or unintentional actions that destroy or alter data.
Disclosing sensitive information through snooping or espionage. External threats are those events originating outside of the organization that typically focus on
compromising the organization's information assets. Examples are hackers, fraud perpetrators,
and viruses. Natural events are those events that may reasonably be expected to occur over
time. Examples are a fire or a broken water pipe. References
LabSim for Security Pro, Section 1.1.
[Questions.exm SP08_4-1 1]
Question 12: Correct You have implemented an access control method that allows only users who are managers to
access specific data. Which type of access control model is used?
DACL about:blank Page 7 of 60 5/7/16, 10:02 AM Explanation Role-based access control (RBAC) allows access based on a role in an organization, not
individual users. Roles are defined based on job description or a security access level. Users are
made members of a role, and receive the permissions assigned to the role.
Discretionary access control (DAC) assigns access directly to subjects based on the discretion (or
decision) of the owner. Objects have a discretionary access control list (DACL) with entries for
each subject. Owners add subjects to the DACL and assign rights or permissions. The
permissions identify the actions the subject can perform on the object.
Mandatory access control (MAC) uses labels for both subjects (users who need access) and
objects (resources with controlled access). When a subject's clearance lines up with an object's
classification, and when the user has a need to know (referred to as a category), the user is
granted access. References
LabSim for Security Pro, Section 2.1.
[Questions.exm SP08_3-2 3]
Question 13: Correct Which of the following is not part of security awareness training?
Establish reporting procedures for suspected security violations.
Employee agreement documents.
Familiarize employees with the security policy.
Communicate standards, procedures, and baselines that apply to the employee's job. Explanation
Employee agreement documents are part of employee management. The other options are all
necessary parts of security awareness training. References
LabSim for Security Pro, Section 4.9.
[Questions.exm SSCP-7 NEW ]
Question 14: Correct Which of the following defines an object as used in access control?
Data, applications, systems, networks, and physical space.
Policies, procedures, and technologies that are implemented within a system.
Users, applications, or processes that need to be given access.
Resources, policies, and systems. Explanation
Objects are the data, applications, systems, networks, and physical space. about:blank Page 8 of 60 5/7/16, 10:02 AM Subjects are the users, applications, or processes that need access to objects. The access
control system includes the policies, procedures, and technologies that are implemented to
control a subject's access to an object. References LabSim for Security Pro, Section 2.1.
[Questions.exm SSCP-1 NEW ]
Question 15: Correct Which of the following security measures encrypts the entire contents of a hard drive?
Hard disk password
Trusted Platform Module (TPM)
Chassis intrusion detection Explanation
DriveLock encrypts the entire contents of a hard drive, protecting all files on the disk.
When a password is set for the hard drive, you cannot move the drive to another system to
access the disk without the password (the password moves with the disk). A Trusted Platform
Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys
to verify that the hardware has not changed. This value can be used to prevent the system from
booting if the hardware has changed. Chassis intrusion detection helps you identify when a
system case has been opened. When the case cover is removed, the switch sends a signal to
the BIOS. A BIOS password controls access to the system. If set, the administrator (or
supervisor or setup) password is required to enter the CMOS program to make changes to BIOS
LabSim for Security Pro, Section 10.3.
[Questions.exm AP09ESS_5-2 #10]
Question 16: Incorrect You have a Web server that will be used for secure transactions for customers who access the
Web site over the Internet. The Web server requires a certificate to support SSL.
Which method would you use to get a certificate for the server?
Have the server generate its own certificate.
Obtain a certificate from a public PKI.
Run a third-party tool to generate the certificate.
Create your own internal PKI to issue certificates. Explanation
about:blank Page 9 of 60 5/7/16, 10:02 AM Computers must trust the CA that issues a certificate. For computers that are used on the
Internet and accessible to public users, obtain a certificate from a public CA such as VeriSign. By
default, most computers trust well-known public CAs.
Use a private PKI to issue certificates to computers and users within your own organization. You
configure computers to trust your own PKI, so certificates issued by your internal CAs are
automatically trusted. A certificate generated by a server is called a self-signed certificate. A selfsigned certificate provides no proof of identity because any other server can claim to be that
server just by issuing itself a certificate. References
LabSim for Security Pro, Section 3.5.
[Questions.exm NP09_6-4 MCS3]
Question 17: Correct You are interested in identifying the source of potential attacks that have recently been directed
against your network but which have been successfully blocked.
Which log would you check?
A firewall log identifies traffic that has been allowed or denied through a firewall. You can detect
attempted attacks by examining firewall logs and looking for traffic allowed or blocked by the
A security log records information related to logons, such as incorrect passwords being used,
and the use of user rights. An application log records actions performed by an application. A
performance log records information about the use of system resources. References
LabSim for Security Pro, Section 11.4.
[Questions.exm SP08_4-6 5]
Question 18: Correct Which of the following activities are considered passive in regards to the functioning of an
intrusion detection system? (Choose two.)
Monitoring the audit trails on a server
Transmitting FIN or RES packets to an external host
Listening to network traffic
Disconnecting a port being used by a zombie about:blank Page 10 of 60 5/7/16, 10:02 AM Explanation
Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS
systems are undetectable by intruders. Passive IDS systems can monitor audit trails or listen to
network traffic in real time.
Active IDS functions are those that interact with the network and generate detectible events.
Such events can include disconnecting ports or transmitting FIN or RES packets to attackers. References
LabSim for Security Pro, Section 7.6.
[Questions.exm SP02_3-4 ]
Question 19: Incorrect You have a small network of devices connected together using a switch. You want to capture
the traffic that is sent from Host A to Host B.
On Host C, you install a packet sniffer that captures network traffic. After running the packet
View Full Document
- Fall '14
- Security Pro