A malicious user has collected the following list of information:
Which of the following techniques is MOST likely to gather this type of data?
A. Banner grabbing B. Port scan C. Host scan D. Ping scan
A malicious individual used an unattended customer service kiosk in a busy store to change the prices of several products. The alteration was not noticed until several days later and resulted in the loss of several thousand dollars for the store. Which of the following would BEST prevent this from occurring again?
A. Password expiration B. Screen locks C. Inventory control D. Asset tracking
In which of the following scenarios is PKI LEAST hardened?
A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user.
Correct Answer: C Section: Cryptography
A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the Internet, including banking and e-commerce sites secured using the HTTPS
protocol. A rogue CA certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be signed by one of the root CAs that browsers trust by default.
A rogue Certification Authority (CA) certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites.
A: The CRL should be readily accessible. It should be posted on a publically accessible location.
A CRL is a database of revoked keys and signatures.
B: Incorrect time offsets is much less of a security threat compared to a rogue Certification Authority certificate.
D: Public keys are public and can be accessed by anyone.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
A. Malicious code on the local system B. Shoulder surfing C. Brute force certificate cracking D. Distributed dictionary attacks
Correct Answer: A Section: Access Control and Identity Management
Once a user authenticates to a remote server, malicious code on the user’s workstation could then infect the server.
B: Shoulder surfing is when a malicious user can watch your keyboard or view your display to figure out your password. This would not work as you are using a smart card.
C: Brute force attacks are designed to try every possible valid combination of characters to construct possible passwords in the attempt to discover the specific passwords used by
user accounts. This would not work as you are using a smart card.
D: Dictionary attacks create hashes to compare via prebuilt lists of potential passwords. This would not work as you are using a smart card.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-282
Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?
A. Output sanitization B. Input validation C. Application hardening D. Fuzzing
Correct Answer: B Section: Application, Data and Host Security
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
A: Output sanitization, which is an example of secure output handling is primarily associated with preventing Cross-site Scripting (XSS) vulnerabilities in web sites.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230
An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following?
A. Spear phishing B. Phishing C. Smurf attack D. Vishing
Correct Answer: A Section: Threats and Vulnerabilities
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular
phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site
with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own
company and generally someone in a position of authority.
B: Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal rather than a trusted source
such as an individual within the recipient’s own company.
C: A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attack is a type of
DDoS attack; it does not involve the use email messages to gain access to confidential data.
D: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be
a legitimate business, and fools the victim into thinking he or she will profit. Vishing uses verbal communication; it does not involve the use email messages and does not appear to be
from a trusted source such as an individual within the recipient’s own company.
An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?
A. The malicious user has access to the WPA2-TKIP key. B. The wireless access point is broadcasting the SSID. C. The malicious user is able to capture the wired communication. D. The meeting attendees are using unencrypted hard drives.
Correct Answer: C Section: Threats and Vulnerabilities
In this question, the wireless users are using WPA2-TKIP. While TKIP is a weak encryption protocol, it is still an encryption protocol. Therefore, the wireless communications between
the laptops and the wireless access point are encrypted.
The question states that user was able to intercept ‘clear text’ HTTP communication between the meeting attendees and the Internet. The HTTP communications are unencrypted as
they travel over the wired network. Therefore, the malicious user must have been able to capture the wired communication.
TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It was a stopgap encryption protocol
introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now
A: TKIP provides a rekeying mechanism which ensures that every data packet is sent with a unique encryption key. Therefore, having a WPA2-TKIP key would not enable the user to
decrypt the data. Furthermore, if the wireless communications were captured, they would still be encrypted. This question states that the user was able to intercept ‘clear text’ (nonencrypted)
B: The wireless access point broadcasting the SSID would not enable interception of clear text HTTP communication between the meeting attendees and the Internet.
D: The meeting attendees using unencrypted hard drives would not enable interception of clear text HTTP communication between the meeting attendees and the Internet. The
communication was intercepted between the laptops and the Internet. It was not read from the hard drives.
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?
A. UDP B. IPv6 C. IPSec D. VPN
Correct Answer: B Section: Threats and Vulnerabilities
ARP is not used in IPv6 networks.
The Address Resolution Protocol (ARP) is a telecommunication protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access
networks. ARP is used for converting a network address (e.g. an IPv4 address) to a physical address like an Ethernet address (also named a MAC address).
In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).
A: UDP (User Datagram Protocol) can be used over IPv6. However, it is more commonly used over IPv4 which relies on ARP and is therefore susceptible to ARP spoofing attacks.
C: IPSec (IP Security) can be used to secure IPv6. However, it is more commonly used to secure IPv4 which relies on ARP and is therefore susceptible to ARP spoofing attacks.
D: A VPN (Virtual Private Network) can be created over IPv6. However, VPNs are more commonly used in IPv4 which relies on ARP and is therefore susceptible to ARP spoofing
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?
A. Whaling B. Vishing C. Spear phishing D. Impersonation
Correct Answer: A Section: Threats and Vulnerabilities
Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts
are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar metaphor to the process of scouring technologies for loopholes and
opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may
also set up key logging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level
executives in business and government to stay vigilant about the possibility of cyber threats.
B: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be
a legitimate business, and fools the victim into thinking he or she will profit. A voice mail was used in this question, not a telephone conversation.
C: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in
regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or
Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the
recipient’s own company and generally someone in a position of authority. The attack described in this question is not an example of spear phishing.
D: Impersonation is where a person, computer, software application or service pretends to be someone it’s not. Impersonation is commonly non-maliciously used in client/server
applications. However, it can also be used as a security threat. The attack described in this question is not an example of impersonation.
Which of the following tests a number of security controls in the least invasive manner?
A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep
Correct Answer: A Section: Threats and Vulnerabilities
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk
assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.
B: A threat assessment is the assessment of all threats to a business, not just those related to IT. It is not used to test security controls in a network.
C: Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test
(reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security
awareness and the organization’s ability to identify and respond to security incidents.
Penetration is considered ‘active’ because you are actively trying to circumvent the system’s security controls to gain access to the system as opposed to vulnerability scanning which
is considered passive and therefore the least invasive.
D: A ping sweep is the process of sending ICMP ping requests to all IP addresses in an IP subnet to see which addresses map to live hosts. It is not used to test security controls in a