CompTIA Security Plus Mock Test Q1724

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

A. SQL injection
B. Header manipulation
C. Cross-site scripting
D. Flash cookie exploitation

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1570

A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users online activities and sends them to a central logging server. Which of the following attacks took place?

A. Man-in-the-browser
B. Flash cookies
C. Session hijacking
D. Remote code execution
E. Malicious add-on

Correct Answer: E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1433

A technician reports a suspicious individual is seen walking around the corporate campus. The individual is holding a smartphone and pointing a small antenna, in order to collect SSIDs. Which of the following attacks is occurring?

A. Rogue AP
B. Evil Twin
C. Man-in-the-middle
D. War driving

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1165

Given the following list of corporate access points, which of the following attacks is MOST likely underway if the company wireless network uses the same wireless hardware throughout?
MAC SID
00:01:AB:FA:CD:34 Corporate AP
00:01:AB:FA:CD:35 Corporate AP
00:01:AB:FA:CD:36 Corporate AP
00:01:AB:FA:CD:37 Corporate AP
00:01:AB:FA:CD:34 Corporate AP

A. Packet sniffing
B. Evil Twin
C. WPS attack
D. Rogue access point

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1159

The Chief Security Officer (CSO) for a datacenter in a hostile environment is concerned about protecting the facility from car bomb attacks. Which of the following BEST would protect the building from this threat? (Select two.)

A. Dogs
B. Fencing
C. CCTV
D. Guards
E. Bollards
F. Lighting

Correct Answer: B,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1082

A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?

A. Key escrow
B. Private key verification
C. Public key verification
D. Certificate revocation list


Correct Answer: D
Section: Cryptography

Explanation:
If we put the root certificate of the comprised CA in the CRL, users will know that this CA (and the certificates that it has issued) no longer can be trusted.
The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the
reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.

Incorrect Answers:
A: Key escrow is not related to revoked certificates.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could
also be an employer if an employee’s private messages have been called into question.
B: Within PKI there are only two methods to verify certificates or keys still are valid. One is using a CRL and the other is using the OCSP protocol. Private key verification cannot be
used to check if a CA is comprised.
C: Public key verification cannot be used to a comprised CA. Within PKI there are only two methods to verify certificates or keys still are valid. One is using a CRL and the other is
using the OCSP protocol.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285

CompTIA Security Plus Mock Test Q958

Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

A. Spoofing
B. Man-in-the-middle
C. Dictionary
D. Brute force
E. Privilege escalation

Correct Answer: C,D
Section: Access Control and Identity Management

Explanation:
Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely
passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used
by user accounts.

Incorrect Answers:
A: Spoofing is the act of falsifying data by changing the source addresses of network packets.
B: A man-in-the-middle attack is a type of communications eavesdropping attack.
E: Privilege escalation is a breach of authorization restrictions and may be a breach of authentication.

References:
https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Account-Lockout-Policy
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 168, 173, 176, 319