CompTIA Security Plus Mock Test Q738

Which of the following is a best practice for error and exception handling?

A.
Log detailed exception but display generic error message
B. Display detailed exception but log generic error message
C. Log and display detailed error and exception messages
D. Do not log or display error or exception messages


Correct Answer: A
Section: Application, Data and Host Security

Explanation:
A detailed explanation of the error is not helpful for most end users but might provide information that is useful to a hacker. It is therefore better to display a simple but helpful message
to the end user and log the detailed information to an access-restricted log file for the administrator and programmer who would need as much information as possible about the
problem in order to rectify it.

Incorrect Answers:
B, C, D: The programmer would need as much information as possible about the problem in order to rectify it. However, a detailed explanation of the error should not be displayed to
the end user as this information might be useful to a hacker. Therefore, a detailed explanation should be logged and a generic message should be displayed to the end user.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 219
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 230

CompTIA Security Plus Mock Test Q737

A program displays:
ERROR: this program has caught an exception and will now terminate.
Which of the following is MOST likely accomplished by the program’s behavior?

A. Operating system’s integrity is maintained
B. Program’s availability is maintained
C. Operating system’s scalability is maintained
D. User’s confidentiality is maintained


Correct Answer: A
Section: Application, Data and Host Security

Explanation:
The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs.

Incorrect Answers:
B: Availability is the process of ensuring that authorized users have access to the data and systems that they require. Data backups, redundant systems, and disaster recovery plans
can be used to support availability, not error and exception handling.
C: Scalability is the ability of a system to adapt to increased demand. Error handling does not contribute to a system’s scalability.
D: Confidentiality is maintained when unauthorized users do not have access to sensitive information. Error and Exception handling is not related to this.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 259, 413-414

CompTIA Security Plus Mock Test Q735

Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?

A. Buffer overflow
B. Pop-up blockers
C. Cross-site scripting
D. Fuzzing

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the
application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary
access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer
overflow exploits.

Incorrect Answers:
B: Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute
malicious code. This does not entail error and exception handling alongside input validation.
C: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be
mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 338, 218
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 192, 197, 229, 246

CompTIA Security Plus Mock Test Q734

Which of the following is an application security coding problem?

A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing

Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and
should capture errors and exceptions so that they could be handled by the application.

Incorrect Answers:
B: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from known attacks and
vulnerabilities, and is provided by the vendor in response to newly discovered vulnerabilities in the software.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230, 231-232

CompTIA Security Plus Mock Test Q595

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

A. Zero-day
B. Buffer overflow
C. Cross site scripting
D. Malicious add-on


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
This question describes a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

Incorrect Answers:
A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it — this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. Zero-day attacks are generally not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack.
C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. XSS attacks are not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack.
D: The application is a legacy application. It is therefore unlikely to have an add-on. The question states that the application often stops running due to a memory error. Memory errors are indicative of a buffer overflow attack.

References:
http://searchsecurity.techtarget.com/definition/buffer-overflow
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.pctools.com/security-news/zero-day-vulnerability/