CompTIA Security Plus Mock Test Q1640

A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

A. Replace FTP with SFTP and replace HTTP with TLS
B. Replace FTP with FTPS and replaces HTTP with TFTP
C. Replace FTP with SFTP and replace HTTP with Telnet
D. Replace FTP with FTPS and replaces HTTP with IPSec


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1629

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site?
Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

A. Rule 1: deny from inside to outside source any destination any service smtp
B. Rule 2: deny from inside to outside source any destination any service ping
C. Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
D. Rule 4: deny from any to any source any destination any service any


Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1373

A security administrator is reviewing the web logs and notices multiple attempts by users to access: http://www.comptia.org/idapsearch?user-*
Having identified the attack, which of the following will prevent this type of attack on the web server?

A. Input validation on the web server
B. Block port 389 on the firewall
C. Segregate the web server by a VLAN
D. Block port 3389 on the firewall

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1271

Anne an employee receives the following email:
From: Human Resources
To: Employee
Subject: Updated employee code of conduct
Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated code of conduct at your earliest convenience.
After clicking the email link, her computer is compromised. Which of the following principles of social engineering was used to lure Anne into clicking the phishing link in the above email?

A. Authority
B. Familiarity
C. Intimidation
D. Urgency

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1146

A technician wants to secure communication to the corporate web portal, which is currently using HTTP. Which of the following is the FIRST step the technician should take?

A. Send the server’s public key to the CA
B. Install the CA certificate on the server
C. Import the certificate revocation list into
D. the server Generate a certificate request from the server


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1011

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?

A. SSLv2
B. SSHv1
C. RSA
D. TLS

Correct Answer: D
Section: Cryptography

Explanation:
HTTP Secure HTTP Secure (HTTPS) is the protocol used for “secure” web pages that users should see when they must enter personal information such as credit card numbers,
passwords, and other identifiers. It combines HTTP with SSL/TLS to provide encrypted communication.
Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL, and it is also referred to as SSL 3.1.

Incorrect Answers:
A: SSLv2 is not as secure as TLS(also known as SSL 3.1).
B: Secure Shell, or SSH, is not used to secure browser sessions. SSH is a cryptographic (encrypted) network protocol for initiating text-based shell sessions on remote machines in a
secure way.
C: RSA is not used to encrypt browser sessions.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 252, 268-269, 271

CompTIA Security Plus Mock Test Q748

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).

A. Permit redirection to Internet-facing web URLs.
B. Ensure all HTML tags are enclosed in angle brackets, e.g., ”<” and “>”.
C. Validate and filter input on the server side and client side.
D. Use a web proxy to pass website requests between the user and the application.
E. Restrict and sanitize use of special characters in input and URLs.


Correct Answer: C,E
Section: Application, Data and Host Security

Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge.
XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session establishment and checking the client HTTP request header referrer for
spoofing.

Incorrect Answers:
A: Permitting redirection to Internet-facing web URLs is to do with redirecting data traffic. It is not used to prevent XSS attacks.
B: Ensuring all HTML tags are enclosed in angle brackets is not used to prevent XSS attacks. The use of angle brackets is standard practice in HTML code. Without angle brackets,
the HTML code would not work.
D: Web proxies tend to be used for caching web page content and/or restricting access to websites to aid compliance with company Internet usage policies. Web proxies are not used
to prevent XSS attacks.

References:
http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Cross-site_scripting#Reducing_the_threat

CompTIA Security Plus Mock Test Q615

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

A. HTTPS
B. HTTP
C. RDP
D. TELNET

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
HTTP uses port 80. HTTP does not provide encrypted communications. Port 443 is used by HTTPS which provides secure encrypted communications. Port 3389 is used by RDP (Remote Desktop Protocol) which does provide encrypted communications.

Incorrect Answers:
A: HTTPS uses port 443. HTTPS uses SSL or TLS certificates to secure HTTP communications. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTP is secure so this answer is incorrect.
C: RDP (Remote Desktop Protocol) is used to remotely connect to a Windows computer. RDP uses encrypted communications and is therefore considered secure. This answer is therefore incorrect.
D: Telnet uses port 23. This is not one of the ports listed as open in the question. This answer is therefore incorrect.

References:
http://searchsoftwarequality.techtarget.com/definition/HTTPS
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security Plus Mock Test Q613

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).

A. FTP service should be disabled
B. HTTPS service should be disabled
C. SSH service should be disabled
D. HTTP service should disabled
E. Telnet service should be disabled


Correct Answer: C,D
Section: Threats and Vulnerabilities

Explanation:
Port 80 is used by HTTP. Port 22 is used by SSH. By disabling the HTTP and Telnet services, you will prevent access to the router on ports 80 and 22.

Incorrect Answers:
A: FTP uses ports 20 and 21. Disabling this service will not prevent access to the router on ports 80 or 22.
B: HTTPS uses port 443. Disabling this service will not prevent access to the router on ports 80 or 22.
E: Telnet uses port 23. Disabling this service will not prevent access to the router on ports 80 or 22.

References:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security Plus Mock Test Q596

Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA HTTP/1.1” 200 2731 “http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209” “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”

A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:

The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

Incorrect Answers:
A: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. The code in the question is not SQL code.
C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. The code in this question is not an example of an XSS attack.
D: The code in the question is not an online password crack. The long text in place of a username indicates an attempt to overflow a memory buffer.

References:
http://searchsecurity.techtarget.com/definition/buffer-overflow
http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Cross-site_scripting