A security administrator is reviewing logs and notices multiple attempts to access the HVAC controls by a workstation with an IP address from the open wireless network. Which of the following would be the best way to prevent this type of attack from occurring again?
A. Implement VLANs to separate the HVAC B. Enable WPA2 security for the wireless network C. Install a HIDS to protect the HVAC system D. Enable Mac filtering for the wireless network
Ann the security administrator has been reviewing logs and has found several overnight sales personnel are accessing the finance department’s network shares. Which of the following security controls should be implemented to BEST remediate this?
A. Mandatory access B. Separation of duties C. Time of day restrictions D. Role based access
A cyber security administrator receives a list of IPs that have been reported as attempting to access the network. To identify any possible successful attempts across the enterprise, which of the following should be implemented?
A. Monitor authentication logs B. Disable unnecessary accounts C. Time of day restrictions D. Separation of duties
When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann’s workstation. Which of the following could have prevented this from happening?
A. Password complexity policy B. User access reviews C. Shared account prohibition policy D. User assigned permissions policy
Correct Answer: A Section: Access Control and Identity Management
The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Since changes were made to Ann’s desktop
configuration settings while she was not at work, means that her password was compromised.
B: User access reviews are performed to conclude whether users have been performing their work tasks correctly or if there have been failed and/or successful attempts at violating
company policies or the law. It would not have prevented Ann’s password being compromised.
C: Shared account prohibition aids in providing user accountability. It would not have prevented Ann’s password being compromised.
D: User assigned permissions can be assigned by the user. Since Ann’s workstation was accessed using her password, the intruder would also have her permissions.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292, 294
After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?
A. Trusted OS B. Mandatory access control C. Separation of duties D. Single sign-on
Correct Answer: D Section: Access Control and Identity Management
Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. The question states
that when Ann logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. This describes an SSO scenario.
A: Trusted OS requires a particular OS to be present in order to gain access to a resource.
B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
C: Separation of duties divides administrator or privileged tasks into separate groupings.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 82, 246, 278, 284
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane’s company?
A. Vulnerability scanner B. Honeynet C. Protocol analyzer D. Port scanner
Correct Answer: B Section: Threats and Vulnerabilities
The Internet hosts used to gather data on new malware are known as honeypots. A collection of honeypots is known as a honeynet.
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker’s activities and methods can be studied and that information used to
increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and “trap” people who attempt to
penetrate other people’s computer systems. Although the primary purpose of a honeynet is to gather information about attackers’ methods and motives, the decoy network can benefit
its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer
security and information sharing, actively promotes the deployment of honeynets.
In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet
doesn’t actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence
that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all
the legitimate network data. Applications within a honeynet are often given names such as “Finances” or “Human Services” to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
A: A vulnerability scanner is software designed to assess computers, computer systems, networks or applications for weaknesses. This includes applications or default configurations
posing a security risk. In this question, we have computers set up with the aim of being attacked to enable Jane to gather data on new malware. The question is asking about the
computers themselves, not the tools used to assess the computers. These computers form a honeynet.
C: A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. This is not
what is described in this question.
D: A port scanner is typically a software application used to scan a system such as a computer or firewall for open ports. A malicious user would attempt to access a system through
an open port. A security administrator would compare the list of open ports against a list of ports that need to be open so that unnecessary ports can be closed thus reducing the
vulnerability of the system. This is not what is described in this question.
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?
A. LDAP B. HTTP C. RDP D. HTTPS
Correct Answer: C Section: Network Security
RDP uses TCP port 3389.
A: LDAP operates over TCP ports 636 and 389.
B: HTTP uses TCP port 80 or TCP port 8080.
D: HTTPS uses TCP port 443 (or TCP port 80 in some configurations of TLS).
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 23, 55, 56