While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as “unknown” and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic?
A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer
The chief security officer (CSO) has issued a new policy to restrict generic or shared accounts on company systems. Which of the following sections of the policy requirements will have the most impact on generic and shared accounts?
A. Account lockout B. Password length C. Concurrent logins D. Password expiration
A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that is wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client. Which of the following should the company implement?
A. Port security B. WPA2 C. Mandatory Access Control D. Network Intrusion Prevention
An organization’s security policy states that users must authenticate using something you do. Which of the following would meet the objectives of the security policy?
A. Fingerprint analysis B. Signature analysis C. Swipe a badge D. Password
Correct Answer: B Section: Access Control and Identity Management
Authentication systems or methods are based on one or more of these five factors:
Something you know, such as a password or PIN
Something you have, such as a smart card, token, or identification device
Something you are, such as your fingerprints or retinal pattern (often called biometrics)
Something you do, such as an action you must take to complete authentication
Somewhere you are (this is based on geolocation)
Writing your signature on a document is ‘something you do’. Someone can then analyze the signature to see if it matches one stored on record.
A: Authenticating using a fingerprint is classed as ‘something you are’, not ‘something you do’. A fingerprint is part of you. Therefore, this answer is incorrect.
C: Swiping a badge is classed as ‘something you have, not ‘something you do’. You ‘have’ the badge. Therefore, this answer is incorrect.
D: Authenticating using a password is classed as ‘something you know, not ‘something you do’. You ‘know’ the password. Therefore, this answer is incorrect.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 131
A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?
A. Increase the password length requirements B. Increase the password history C. Shorten the password expiration period D. Decrease the account lockout time
Correct Answer: C Section: Access Control and Identity Management
Reducing the password expiration period will require passwords to be changed at the end of that period. A password needs to be changed if it doesn’t meet the compliance
requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system
intrusion. This will give online password attackers less time to crack the weak passwords.
A: Increasing the password length will not make the new passwords less susceptible to online password attackers.
B: Password history tracks previous passwords to prevent password reuse. It will not make the new passwords less susceptible to online password attackers.
D: Account lockout automatically disables an account due to repeated failed log on attempts. When the account is unlocked it will still have the same weak password, and still
susceptible to online password attacks.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 292-294
Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks?
A. Shoulder surfing B. Dumpster diving C. Tailgating D. Spoofing
Correct Answer: B Section: Threats and Vulnerabilities
Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.
A: Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. This is not what is described in this question.
C: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by walking through the door before it closes and locks. This is not what is described in this question.
D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a trick.
In a caller ID attack, the spoofer will falsify the phone number he/she is calling from. This is not what is described in this question.
A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?
A. Require different account passwords through a policy B. Require shorter password expiration for non-privileged accounts C. Require shorter password expiration for privileged accounts D. Require a greater password length for privileged accounts
Correct Answer: A Section: Compliance and Operational Security
A password policy aka account policy enforcement can be configured in such a way so as to make sure that system administrators make use of different passwords for different accounts.
B: Password expiration does not enforce the use of different passwords for different accounts. It is used as a disablement tool.
C: Shorter password expiration is still just a disablement tool and will not enforce the use of different passwords for different accounts.
D: Password length serves to make it more complex so as to strengthen the password and not to enforce the use of different passwords for different accounts.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291, 293
Correct Answer: B Section: Compliance and Operational Security
Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment.
A: Security control frameworks refer to the backbone of SAFE (architecture) and unification is the underlying key to security which incorporates all ptrs of the network, including theWAN, the extranet, the Internet, and the intranet.
C: Access control methodologies refer to Mandatory- Discretionary- and Rule-based access control types that can be implemented.
D: Compliance activity usually comes into focus when a third party involvement is being considered.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 29