CompTIA Security Plus Mock Test Q1636

Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?


A.
Configure port security for logons
B. Disable telnet and enable SSH
C. Configure an AAA server
D. Disable password and enable RSA authentication

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1520

A web administrator has just implemented a new web server to be placed in production. As part of the company’s security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data:
21 tcp open FTP
23 tcp open Telnet
22 tcp open SSH
25 UDP open smtp
110 tcp open pop3
443 tcp open https
Which of the following is the BEST recommendation for the web administrator?

A. Implement an IPS
B. Disable unnecessary services
C. Disable unused accounts
D. Implement an IDS
E. Wrap TELNET in SSL


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1364

Ann, a technician, wants to implement a single protocol on a remote server which will enable her to encrypt and proxy all of her traffic though the remote server via SOCKS5. Which of the following should Ann enable to support both encryption and proxy services?

A. SSH
B. IPSEC
C. TLS
D. HTTPS


Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1123

A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?

A. AES
B. IPSec
C. PGP
D. SSH


Correct Answer: D
Section: Cryptography

Explanation:
With SSH you can use automatically generated public-private key pairs to encrypt a network connection, and then use password authentication to log on. Or you can use a manually
generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.

Incorrect Answers:
A: AES is an algorithm used in symmetric key cryptography. Symmetric or secret-key ciphers use the same key for encrypting and decrypting. This means that there is only one key,
not a key pair.
B: IPSec provides secure authentication and encryption of data and headers for LAN-to-LAN connections.
C: Pretty Good Privacy (PGP) is mainly used for message encryption.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 91, 272
https://en.wikipedia.org/wiki/Secure_Shell
http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

CompTIA Security Plus Mock Test Q1065

Which of the following protocols provides transport security for virtual terminal emulation?

A. TLS
B. SSH
C. SCP
D. S/MIME

Correct Answer: B
Section: Cryptography

Explanation:
Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides
alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows
systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.

Incorrect Answers:
A: TLS is used to provide a secure channel, not to establish a telnet connection.
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel
between two machines operating over the Internet or an internal network.
C: Secure copy or SCP is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH)
protocol. SCP is not used to establish a telnet connection.
D: S/MIME is for e-mail and other electronic messaging applications, not for telnet connections.
S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity, non-repudiation of origin (using digital
signatures), privacy and data security (using encryption).

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 76, 91, 270, 271

CompTIA Security Plus Mock Test Q1064

Which of the following would be used as a secure substitute for Telnet?

A. SSH
B. SFTP
C. SSL
D. HTTPS


Correct Answer: A
Section: Cryptography

Explanation:
Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides
alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows
systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.

Incorrect Answers:
B: SFTP is for File transfers, not for telnet.
The SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any
reliable data stream.
C: SSL is used to provide a secure channel, not to establish a telnet connection.
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel
between two machines operating over the Internet or an internal network.
D: HTTPS is not used for telnet connections.
HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 76, 91, 268-269, 271, 274

CompTIA Security Plus Mock Test Q1032

Which of the following is used to verify data integrity?

A. SHA
B. 3DES
C. AES
D. RSA


Correct Answer: A
Section: Cryptography

Explanation:
SHA stands for “secure hash algorithm”. SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used applications and protocols
including TLS and SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity.
Note:
A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a
formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they’re used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts
it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two
hashes. If they’re the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity.

Incorrect Answers:
B: In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data
Encryption Standard (DES) cipher algorithm three times to each data block. 3DES is used to encrypt data, not to verify data integrity.
C: AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was
published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is used to encrypt
data, not to verify data integrity.
D: RSA encryption is used for encrypting data in transit. RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages.
Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. RSA is used to encrypt data, not to verify data integrity.

References:
http://en.wikipedia.org/wiki/SHA-1
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256

CompTIA Security Plus Mock Test Q999

The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

A. Create a firewall rule to block SSH
B. Delete the root account
C. Disable remote root logins
D. Ensure the root account has a strong password


Correct Answer: C
Section: Access Control and Identity Management

Explanation:
Remote users log in to Unix or Linux servers by using SSH. Although SSH is secure, allowing remote access as root is a security risk.
One of the biggest security holes you could open on a Unix or Linux server is to allow directly logging in as root through SSH, because any cracker can attempt to brute force your root
password and potentially get access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary.
You should disable root ssh access by editing /etc/ssh/sshd_config to contain:
PermitRootLogin no

Incorrect Answers:
A: Blocking SSH would prevent all remote access to all servers using SSH. We do not want to disable all SSH access; we just want to prevent remotely logging in to the UNIX server
as root. Therefore, this answer is incorrect.
B: You should never delete the root account. The root account is required by Unix. Therefore, this answer is incorrect.
D: Ensuring the root account has a strong password is a good idea. However, this will not prevent remotely logging in to the server as root. Therefore, this answer is incorrect.

References:

Security Tip: Disable Root SSH Login on Linux