After a few users report problems with the wireless network, a system administrator notices that a new wireless access point has been powered up in the cafeteria. The access point has the same SSID as the corporate network and is set to the same channel as nearby access points. However, the AP has not been connected to the Ethernet network. Which of the following is the MOST likely cause of the user’s wireless problems?
A. AP channel bonding B. An evil twin attack C. Wireless interference D. A rogue access point
Joe a sales employee is connecting to a wireless network and has entered the network information correctly. His computer remains connected to the network but he cannot access any resources on the network. Which of the following is the MOST likely cause of this issue?
A. The encryption is too strong B. The network SSID is disabled C. MAC filtering is enabled D. The wireless antenna power is set too low
While an Internet café a malicious user is causing all surrounding wireless connected devices to have intermittent and unstable connections to the access point. Which of the following is MOST likely being used?
A. Evil Twin B. Interference C. Packet sniffer D. Rogue AP
A security Operations Center was scanning a subnet for infections and found a contaminated machine. One of the administrators disabled the switch port that the machine was connected to, and informed a local technician of the infection. Which of the following steps did the administrator perform?
A. Escalation B. Identification C. Notification D. Quarantine E. Preparation
A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
SSID State Channel Level
Computer AreUs1 connected 1 70dbm
Computer AreUs2 connected 5 80dbm
Computer AreUs3 connected 3 75dbm
Computer AreUs4 connected 6 95dbm
Which of the following is this an example of?
A. Rogue access point B. Near field communication C. Jamming D. Packet sniffing
Correct Answer: A Section: Threats and Vulnerabilities
The question states that the building has three wireless networks. However, the scan is showing four wireless networks with the SSIDs: Computer AreUs1 , Computer AreUs2 , Computer AreUs3 and Computer AreUs4. Therefore, one of these wireless networks probably shouldn’t be there. This is an example of a rogue access point.
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.
To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.
B: Near field communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 10 cm or less. NFC operates at 13.56 MHz on ISO/IEC 18000-3 air interface and at rates ranging from 106 kbit/s to 424 kbit/s. NFC always involves an initiator and a target; the initiator actively generates an RF field that can power a passive target.
This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or cards that do not require batteries. NFC peer-to-peer communication is possible, provided both devices are powered.
NFC tags contain data and are typically read-only, but may be rewriteable. They can be custom-encoded by their manufacturers or use the specifications provided by the NFC Forum, an industry association charged with promoting the technology and setting key standards. The tags can securely store personal data such as debit and credit card information, loyalty program data, PINs and networking contacts, among other information. The NFC Forum defines four types of tags that provide different communication speeds and capabilities in terms of configurability, memory, security, data retention and write endurance. Tags currently offer between 96 and 4,096 bytes of memory. The SSID’s in the question indicate wireless networks. Therefore this answer is incorrect.
C: Jamming is used to block transmissions typically over wireless or radio frequencies. This is not what is described in this question.
D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. This is not what is described in this question.
A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?
A. Zero-day B. Trojan C. Virus D. Rootkit
Correct Answer: C Section: Threats and Vulnerabilities
A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. A zero-day vulnerability is not described in this question.
B: In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus. A Trojan is not what is being described in this question. A Trojan is not what is described in this question.
D: A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. A rootkit is not what is described in this question.
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
A. Water base sprinkler system B. Electrical C. HVAC D. Video surveillance
Correct Answer: C Section: Compliance and Operational Security
HVAC refers to heating, ventilation and air-conditioning to allow for a zone-based environmental control measure. The fire-alarm system should ideally also be hooked up to the HVAC so that the HVAC can monitor the changes in heating and ventilation.
A: A water based sprinkler system is designed to extinguish a fire and not to prevent data loss. It can also cause extreme damage to computers and electrical equipment.
B: Electrical systems are not designed to prevent the spread of fire.
D: Video surveillance is used mainly as a deterrent and will not help to prevent the spread of fire.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 378-380
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?
A. The company wireless is using a MAC filter. B. The company wireless has SSID broadcast disabled. C. The company wireless is using WEP. D. The company wireless is using WPA2.
Correct Answer: A Section: Network Security
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
B: because she could connect to the wireless with the first device, the SSID must be broadcasting.
C, D: Both WEP and WPA2 require a password or phrase.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 61
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?
A. VPN B. VLAN C. WPA2 D. MAC filtering
Correct Answer: B Section: Network Security
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
A: A virtual private network (VPN) is a communication tunnel between two entities across an intermediary network. In most cases, the intermediary network is an untrusted network,
such as the Internet, and therefore the communication tunnel is also encrypted.
C: WPA2 is a new encryption scheme known as the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the Advanced
Encryption Standard (AES) encryption scheme. To date, no real-world attack has compromised the encryption of a properly configured WPA2 wireless network.
D: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. Although it’s a useful feature to
implement, it can only be used in environments with a small (fewer than 20 wireless devices), static set of wireless clients.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 11, 23, 60, 61