Exam 1.pdf - 10:02 AM Exam Report CompTIA Security...

Info icon This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 5/7/16, 10:02 AM Exam Report: CompTIA Security+ Certification Practice Exam Date: 5/7/2016 8:17:42 am Time Spent: 01:26:03 Candidate: McKenzie, Kerzan Login: KerzanM Overall Performance Your Score: 59% Passing Score: 95% View results by: Objective Analysis Individual Responses Individual Responses Question 1: Correct You walk by the server room and notice a fire has started. What should you do first? Call the fire department. Make sure everyone has cleared the area. Turn on the overhead sprinklers. Grab a fire extinguisher and try to put out the fire. Explanation Your first action should be to ensure the safety of others. Make sure that people are out of the area. Fires and other hazards can quickly spread, so fast action is required to make sure that everyone is safe. Call the fire department after you have taken steps to warn people who might be in danger. In most cases, you should not try to put out fires on your own as they can quickly get out of control. References LabSim for Security Pro, Section 5.3. [Questions.exm APESS_7-1 [106]] Question 2: Incorrect You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (Select two.) Implement an IDS to detect SQL injection attacks on the database. about:blank Page 1 of 60 5/7/16, 10:02 AM Enable anonymous access. Enable data encryption in the database configuration. Implement an Application layer protocol to encrypt data prior to saving it in the database. Disable anonymous access. Explanation To harden a NoSQL implementation, consider the following measures: • Configure user accounts and assign strong passwords to them. • Disable anonymous access and require authentication. • Configure access controls to restrict access based on the user account. • Because the database itself likely doesn't provide encryption, data should be encrypted using an Application layer protocol prior to saving it in the database. This ensures the data at rest is stored in an encrypted format within the database. • Encrypt data in transit using SSL. • Because of its minimal security controls, NoSQL database servers should only be implemented in a hardened, secure environment protected by traditional network security mechanisms such as firewalls, VLANs, and ACLs. Because NoSQL does not support most aspects of the SQL language, NoSQL databases are less susceptible to SQL injection attacks when compared to traditional SQL database implementations. References LabSim for Security Pro, Section 9.6. [Questions.exm MCM7] Question 3: Correct How many keys are used with symmetric key cryptography? One Two Four Five Explanation Private Key or Symmetric Cryptography uses a single shared key. Both communicating parties must possess the shared key to encrypt and decrypt messages. The biggest challenge to Symmetric Cryptography is the constant need to protect the shared private key. This protection must be applied at all times, including the initial transmission of the shared key between the parties. References LabSim for Security Pro, Section 3.3. [Questions.exm SP02_4-1 [76]] about:blank Page 2 of 60 5/7/16, 10:02 AM Question 4: Correct Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages and you found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach? Geo-tagging was enabled on her smartphone. Sideloaded apps were installed on her smartphone. An Xmas Tree attack was executed on her smartphone. Weak passwords were used on her smartphone. Explanation Geo-tagging embeds GPS coordinates within mobile device files (such as image or video files) created with the device's camera. While this feature can be useful in some circumstances, it can also create security concerns. In this scenario, the vice president probably posted geo-tagged images to her social media accounts. The attacker likely analyzed the images to discover where she lives and then conducted a dumpster dive attack that yielded the sticky note with the vice president's VPN credentials. The best way to remedy this weakness is to simply disable this functionality in the mobile devices you manage. Sideloaded apps can only be installed if the device administrator has specifically configured the device to allow them, so this is an unlikely cause. A weak smartphone password is a concern, but would not be the cause of the exploit if the device was always in the vice president's possession. An Xmas Tree attack is used to fingerprint network devices, not to gather personally identifying information. References LabSim for Security Pro, Section 5.5. [Questions.exm RT-5.5-4] Question 5: Correct You are creating a new Active Directory domain user account for the Robert Tracy user account. During the account setup process, you assigned a password to the new account. However, you know that for security reasons the system administrator should not know any user's password. Only the user should know his or her own password—no one else. Click the option you would use in the New Object - User dialog to remedy this situation. about:blank Page 3 of 60 5/7/16, 10:02 AM Explanation When creating a new user account or resetting a forgotten password, a common practice is to reset the user account password, and then select User must change password at next logon. This forces the user to reset the password immediately following logon, ensuring the user is the only person who knows the password. Enable the User cannot change password option when you want to maintain control over a Guest, service, or temporary account. For example, many applications use service accounts for performing system tasks. The application must be configured with the user account name and password. In this situation, you may also need to enable the Password never expires option. The Account is disabled option is used in situations where you want to create an account now, but the user will not actually need it until a future date. References LabSim for Security Pro, Section 2.6. [Questions.exm RT-2.5-5] Question 6: Correct You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement? Job rotation Need to know Least privilege Separation of duties Explicit deny Explanation about:blank Page 4 of 60 5/7/16, 10:02 AM Job rotation is a technique where users are cross-trained in multiple job positions, and where responsibilities are regularly rotated between personnel. Job rotation can be used for training purposes, but also allows for oversight of past transactions. As jobs rotate, personnel in new positions have the chance to review actions taken by others in that same position and possibly catch security problems. Separation of duties is the concept of having more than one person required to complete a task. The principle of least privilege states that users or groups are given only the access they need to do their job (and nothing more). With explicit deny, users are specifically prevented from gaining access to a resource. Need to know describes the restriction of data that is highly sensitive and is usually referenced in government and military context. References LabSim for Security Pro, Section 2.4. [Questions.exm SP08_3-1 3] Question 7: Correct What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy? Auditing Awareness sessions Job action warnings Keystroke logging Explanation The primary means to ensure employee compliance with security policy is to use auditing. Keystroke logging is another possible tool, but it requires significant work to interpret the keystrokes and place them in context in order to determine what is actually being performed. Plus, keystroke logging itself does not indicate when security has been violated, that is only discovered after intense investigation of the keystroke logs. Awareness sessions remind workers of the security policy, it does not check for compliance. Job action warnings are used to encourage compliance and discourage violations, but they do not detect or determine whether or not violations have occurred. References LabSim for Security Pro, Section 4.9. [Questions.exm CISSP-704 NEW [79]] Question 8: Correct Which of the following would you find on a CPS? A description of the format for a certificate A list of revoked certificates A declaration of the security that the organization is implementing for all certificates A list of issued certificates about:blank Page 5 of 60 5/7/16, 10:02 AM Explanation The Certificate Practice Statement (CPS) is a declaration of the security that the organization is implementing for all certificates issued by the CA holding the CPS. The Certificate Revocation List (CRL) resides at the CA and consists of a list of certificates that have been previously revoked. The Online Certificate Status Protocol (OCSP) is a protocol used for checking the status of an individual digital certificate to verify if it is good or has been revoked. X.509 is the standard that identifies the format for certificates. References LabSim for Security Pro, Section 3.5. [Questions.exm SP08_5-5 6] Question 9: Correct Which IPSec subprotocol provides data encryption? AH SSL AES ESP Explanation The Encapsulating Security Payload (ESP) protocol provides data encryption for IPSec traffic. The Authentication Header (AH) provides message integrity through authentication, verifying that data are received unaltered from the trusted destination. AH provides no privacy however, and is often combined with ESP to achieve integrity and confidentiality. References LabSim for Security Pro, Section 6.9. [Questions.exm SSCP-3 SP [954]] Question 10: Incorrect Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code? (Select two.) IPS VPN ACL Firewall IDS Explanation An Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) are devices that about:blank Page 6 of 60 5/7/16, 10:02 AM scan packet contents looking for patterns that match known malicious attacks. Signature files identify the patterns of all known attacks. When a packet matches the pattern indicated in the signature file, the packet can be dropped or an alert sent. Firewalls use an access control list (ACL) to filter packets based on the packet header (not data) information. Firewalls can filter packets based on port, protocol, or IP address. A Virtual Private Network (VPN) is an encrypted communication channel established between two entities to exchange data over an unsecured network. References LabSim for Security Pro, Section 7.6. [Questions.exm C802_601-603 MULTIPLE CHOICE [263]] Question 11: Correct Which of the following is an example of an internal threat? A delivery man is able to walk into a controlled area and steal a laptop A water pipe in the server room breaks A user accidentally deletes the new product designs A server backdoor allows an attacker on the Internet to gain access to the intranet site Explanation Internal threats are intentional or accidental acts by employees including: • • • Malicious acts such as theft, fraud, or sabotage. Intentional or unintentional actions that destroy or alter data. Disclosing sensitive information through snooping or espionage. External threats are those events originating outside of the organization that typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are those events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe. References LabSim for Security Pro, Section 1.1. [Questions.exm SP08_4-1 1] Question 12: Correct You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used? MAC RBAC DAC DACL about:blank Page 7 of 60 5/7/16, 10:02 AM Explanation Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security access level. Users are made members of a role, and receive the permissions assigned to the role. Discretionary access control (DAC) assigns access directly to subjects based on the discretion (or decision) of the owner. Objects have a discretionary access control list (DACL) with entries for each subject. Owners add subjects to the DACL and assign rights or permissions. The permissions identify the actions the subject can perform on the object. Mandatory access control (MAC) uses labels for both subjects (users who need access) and objects (resources with controlled access). When a subject's clearance lines up with an object's classification, and when the user has a need to know (referred to as a category), the user is granted access. References LabSim for Security Pro, Section 2.1. [Questions.exm SP08_3-2 3] Question 13: Correct Which of the following is not part of security awareness training? Establish reporting procedures for suspected security violations. Employee agreement documents. Familiarize employees with the security policy. Communicate standards, procedures, and baselines that apply to the employee's job. Explanation Employee agreement documents are part of employee management. The other options are all necessary parts of security awareness training. References LabSim for Security Pro, Section 4.9. [Questions.exm SSCP-7 NEW [102]] Question 14: Correct Which of the following defines an object as used in access control? Data, applications, systems, networks, and physical space. Policies, procedures, and technologies that are implemented within a system. Users, applications, or processes that need to be given access. Resources, policies, and systems. Explanation Objects are the data, applications, systems, networks, and physical space. about:blank Page 8 of 60 5/7/16, 10:02 AM Subjects are the users, applications, or processes that need access to objects. The access control system includes the policies, procedures, and technologies that are implemented to control a subject's access to an object. References LabSim for Security Pro, Section 2.1. [Questions.exm SSCP-1 NEW [15]] Question 15: Correct Which of the following security measures encrypts the entire contents of a hard drive? Hard disk password BIOS password Trusted Platform Module (TPM) DriveLock Chassis intrusion detection Explanation DriveLock encrypts the entire contents of a hard drive, protecting all files on the disk. When a password is set for the hard drive, you cannot move the drive to another system to access the disk without the password (the password moves with the disk). A Trusted Platform Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. Chassis intrusion detection helps you identify when a system case has been opened. When the case cover is removed, the switch sends a signal to the BIOS. A BIOS password controls access to the system. If set, the administrator (or supervisor or setup) password is required to enter the CMOS program to make changes to BIOS settings. References LabSim for Security Pro, Section 10.3. [Questions.exm AP09ESS_5-2 #10] Question 16: Incorrect You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? Have the server generate its own certificate. Obtain a certificate from a public PKI. Run a third-party tool to generate the certificate. Create your own internal PKI to issue certificates. Explanation about:blank Page 9 of 60 5/7/16, 10:02 AM Computers must trust the CA that issues a certificate. For computers that are used on the Internet and accessible to public users, obtain a certificate from a public CA such as VeriSign. By default, most computers trust well-known public CAs. Use a private PKI to issue certificates to computers and users within your own organization. You configure computers to trust your own PKI, so certificates issued by your internal CAs are automatically trusted. A certificate generated by a server is called a self-signed certificate. A selfsigned certificate provides no proof of identity because any other server can claim to be that server just by issuing itself a certificate. References LabSim for Security Pro, Section 3.5. [Questions.exm NP09_6-4 MCS3] Question 17: Correct You are interested in identifying the source of potential attacks that have recently been directed against your network but which have been successfully blocked. Which log would you check? Firewall Application Performance Security Explanation A firewall log identifies traffic that has been allowed or denied through a firewall. You can detect attempted attacks by examining firewall logs and looking for traffic allowed or blocked by the firewall. A security log records information related to logons, such as incorrect passwords being used, and the use of user rights. An application log records actions performed by an application. A performance log records information about the use of system resources. References LabSim for Security Pro, Section 11.4. [Questions.exm SP08_4-6 5] Question 18: Correct Which of the following activities are considered passive in regards to the functioning of an intrusion detection system? (Choose two.) Monitoring the audit trails on a server Transmitting FIN or RES packets to an external host Listening to network traffic Disconnecting a port being used by a zombie about:blank Page 10 of 60 5/7/16, 10:02 AM Explanation Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS systems are undetectable by intruders. Passive IDS systems can monitor audit trails or listen to network traffic in real time. Active IDS functions are those that interact with the network and generate detectible events. Such events can include disconnecting ports or transmitting FIN or RES packets to attackers. References LabSim for Security Pro, Section 7.6. [Questions.exm SP02_3-4 [116]] Question 19: Incorrect You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffe...
View Full Document

  • Fall '14
  • Security Pro

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern