CompTIA Security+ Cert Guide

Transcription

1 CompTIA Security+ Cert Guide Bonus Exam Excerpt 5 questions and answers. This is an unedited excerpt from the Security+ SY0-401 Cert Guide 3 rd Edition. For the entire 60 question bonus exam, get the book from Amazon at the following link: The book has 800 questions and answers with explanations in total, and 30 videos and simulations. Enjoy! David L. Prowse What port and transport mechanism does TFTP use by default? A. 68 and TCP B. 69 and TCP C. 68 and UDP D. 69 and UDP

2 Answer: D. 69 and UDP Explanation: TFTP, the Trivial File Transfer Protocol, uses port 69 by default, and utilizes the UDP (User Datagram Protocol) connectionless transport mechanism. This makes for a simple, lightweight protocol used to automate the transfer of basic files such as boot files in a localized environment. For example, if a PXE-compliant client computer boots off of the network, it might make use of an embedded TFTP program within the network card to transfer the appropriate boot files from a server located somewhere on the local area network. TFTP is inherently insecure, so it is not recommended for use on the Internet. Incorrect answers: Port 68 is used by the Dynamic Host Configuration Protocol (DHCP) (client-side) and the client side of the Bootstrap Protocol (BOOTP). TCP is the Transmission Control Protocol which offers a guaranteed, connection-oriented transport mechanism, in contrast to UDP. TCP is not used by TFTP via port 69 or DHCP via port 68 (or port 67 for that matter).

3 2. Your network has a DHCP server, AAA server, LDAP server, and server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP s authentication screen, what server should you point to, and which port should you use? A. The DHCP server and port 67 B. The AAA server and port 1812 C. The LDAP server and port 389 D. The server and port 143

4 Answer: B. The AAA server and port 1812 Explanation: AAA in computer security is an acronym that refers to authentication, authorization, and accounting. RADIUS (Remote Authentication Dial In User Service) is an example of an AAA server, and would be the server that takes care of authentication for the wireless access point (WAP) in this scenario. By default, the RADIUS server uses port 1812 for authentication. Also by default, it does this over a UDP transport mechanism (though it can use TCP as well). Incorrect answers: The DHCP server (which uses ports 67 and 68) takes care of assigning IP addresses to computers on the network that require they be dynamically assigned. The Lightweight Directory Access Protocol (LDAP) server is used to maintain directory information, for example in a Microsoft domain controller or an server. It is based on the X.500 specification, and allows either unencrypted authentication or encrypted authentication via Transport Layer Security (TLS). An server that uses port 143 has the IMAP protocol running. Though this server may be involved in the authentication of logins, it does not authenticate for connections made to a WAP.

5 3. What is it known as when traffic to a website is redirected to another, illegitimate site? A. Phishing B. Whaling C. Pharming D. Spim

6 Answer: C. Pharming Explanation: Pharming (a portmanteau of farming and phishing) is an attack that redirects traffic from a legitimate site to a different illegitimate and possibly malicious site. It can occur because of an exploited DNS server (which would affect many users), or can occur by modifying the hosts file of one or more computers (which would affect those computers only). If a hosts file is modified, it can be easily fixed by deleting the file, and either recreating the file or letting the operating system re-create it. Individual computers can also be protected by configuring anti-phishing in the web browser or adding-on third-party anti-phishing software, and using updated antivirus software. DNS servers can be protected through careful monitoring of DNS configurations and log files. Incorrect answers: Phishing is an attempt at obtaining private information from someone. It is usually done by . Whereas pharming attacks are often designed to phish for information, phishing can be accomplished in a variety of ways in addition to pharming. Whaling is a subset of phishing; when an attacker targets senior executives an example of spear phishing. Spim is the abuse of messaging systems other than .

7 4. Which of the following protocols operates at the highest layer of the OSI model? A. IPsec B. TCP C. ICMP D. SCP

8 Answer: D. SCP Explanation: SCP (Secure Copy) is a protocol/application used to transfer files securely between computers. It relies on Secure Shell (SSH) and uses port 22, and it is an application, and therefore resides on the application layer (layer 7), the highest layer of the OSI model, as does SSH. Because the OSI model is normally represented with a top down approach, the application layer is at the top, and is considered highest. Incorrect answers: IPsec is a protocol used to secure IP communications, for example within L2TP VPN connections; it is a network layer (layer 3) protocol. TCP resides on the transport layer (layer 4). ICMP (Internet Control Message Protocol) resides on the network layer (layer 3), and is instrumental in testing networking connections; for example with the ping command.

9 5. What can happen if access mechanisms to data on encrypted USB hard drives are not implemented correctly? A. Data on the USB drive can be corrupted B. Data on the hard drive can be vulnerable to log analysis C. The security controls on the USB drive can be bypassed D. User accounts can be locked out

10 Answer: C. The security controls on the USB drive can be bypassed. Explanation: If access mechanisms such as permissions and policies are not implemented correctly on a USB hard drive (or any hard drive for that matter), then those security controls for that drive can be bypassed by an attacker. Incorrect answers: The possibility of data corruption usually happens because a hard drive physically fails or becomes too fragmented, not because of security controls being bypassed. Data on the USB drive should not be vulnerable to log analysis because the logs are normally stored in the system partition of the operating system. That drive is internal to the computer, whereas a USB hard drive will be external to the computer. The same holds true for user accounts. Those accounts are stored within the OS, and again on the main drive, not on a USB hard drive. Buy the book today!