An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?
A. Use a honeypot B. Disable unnecessary services C. Implement transport layer security D. Increase application event logging
Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?
A. Configure port security for logons B. Disable telnet and enable SSH C. Configure an AAA server D. Disable password and enable RSA authentication
A web administrator has just implemented a new web server to be placed in production. As part of the company’s security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data:
21 tcp open FTP
23 tcp open Telnet
22 tcp open SSH
25 UDP open smtp
110 tcp open pop3
443 tcp open https
Which of the following is the BEST recommendation for the web administrator?
A. Implement an IPS B. Disable unnecessary services C. Disable unused accounts D. Implement an IDS E. Wrap TELNET in SSL
Log file analysis on a router reveals several unsuccessful telnet attempts to the virtual terminal (VTY) lines. Which of the following represents the BEST configuration used in order to prevent unauthorized remote access while maintaining secure availability for legitimate users?
A. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with RSA encryption B. Disable both telnet and SSH access to the VTY lines, requiring users to log in using HTTP C. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with PSK encryption D. Disable telnet access to the VTY lines, enable SSL access to the VTY lines with RSA encryption
Which of the following would be used as a secure substitute for Telnet?
A. SSH B. SFTP C. SSL D. HTTPS
Correct Answer: A Section: Cryptography
Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides
alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows
systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.
B: SFTP is for File transfers, not for telnet.
The SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any
reliable data stream.
C: SSL is used to provide a secure channel, not to establish a telnet connection.
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel
between two machines operating over the Internet or an internal network.
D: HTTPS is not used for telnet connections.
HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 76, 91, 268-269, 271, 274
A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system’s services to the list of standard services on the company’s system image. This review process depends on:
A. MAC filtering. B. System hardening. C. Rogue machine detection. D. Baselining.
Correct Answer: D Section: Application, Data and Host Security
Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components,
operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the
required level of security is being maintained.
A: MAC Filtering is used to secure access to wireless network access points. It is used to explicitly allow MAC addresses on a whitelist, blocking all other MAC addresses.
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
C: Rogue machine detection attempt to identify the presence of unauthorized systems on a network.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 178, 215-217, 219
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 206, 207, 208
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).
A. 21 B. 22 C. 23 D. 69 E. 3389 F. SSH G. Terminal services H. Rlogin I. Rsync J. Telnet
Correct Answer: B,C,F,J Section: Threats and Vulnerabilities
The question states that Jane was able to establish a connection to an internal router. Typical ports and protocols used to connect to a router include the following:
B, F: Port 22 which is used by SSH (Secure Shell).
C, J: Port 23 which is used by Telnet.
SSH and Telnet both provide command line interfaces for administering network devices such as routers and switches.
A: Port 21 is used by FTP (File Transfer Protocol). It is used for downloading and uploading files over a network using a TCP connection. It is not used for connecting to network
devices such as routers or switches.
D: Port 69 is used by TFTP (Trivial File Transfer Protocol). It is used for downloading and uploading files over a network using a UDP connection. It is not used for connecting to
network devices such as routers or switches.
E: Port 3389 is used by Remote Desktop Protocol (RDP). RDP is used for connecting to Windows computers. It is not used for connecting to network devices such as routers or
G: Terminal Services is an earlier name for Remote Desktop Services. Terminal Services uses Remote Desktop Protocol (RDP) on port 3389. It is not used for connecting to network
devices such as routers or switches.
H: Rlogin (Remote Login) uses port 513 and is used for connecting to Linux or Unix computers. It is not used for connecting to network devices such as routers or switches.
I: RSync is a file synchronization protocol that uses port 873. It is used for synchronizing files between Linux or Unix computers. It is not used for connecting to network devices such
as routers or switches.
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null
Correct Answer: C Section: Compliance and Operational Security
Within Microsoft Windows, you have the ability to put signs (in the form of onscreen pop-up banners) that appear before the login telling similar information — authorized access only,
violators will be prosecuted, and so forth. Such banners convey warnings or regulatory information to the user that they must “accept” in order to use the machine or network. You need to make staff aware that they may legally be prosecuted and a message is best given via a banner so that all staff using workstation will get notification.
A: Command shell restrictions are not used to make everyone aware that they may be prosecuted. It is rather used to implement the actual restriction.
B: A restricted interface will just hamper staff in their execution of their duties. Prosecution can only be done when the staff is made aware of the prohibitions and accept the terms.
D: Configuring the session output pipe tp /dev/null is applying the restriction and not making staff aware of the prohibitions.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 374
A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing?
A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443.
Correct Answer: B Section: Network Security
B: The Telnet program parameters are: telnet is the name or IP address of the remote server to connect to. is the port number of the service to use for the connection.
TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.
A: The telnet command parameter used by the colleague is done to check what service is running, i.e. HTTPS, not an attempt to get a denial of service attack.
C: TCP port 443 will not allow an insecure remote session because is the default SSL port.
D: TCP port 443 is the default SSL port and SSH makes use of TCP port 22.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 83