CompTIA Security Certification
Question No: 631 – (Topic 3)
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?
Set up a protocol analyzer
Set up a performance baseline
Review the systems monitor on a monthly basis
Review the performance monitor on a monthly basis
Answer: B Explanation:
A performance baseline provides the input needed to design, implement, and support a secure network. The performance baseline would define the actions that should be performed on a server that is running low on memory.
Question No: 632 – (Topic 3)
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to establishing the link?
Answer: B Explanation:
This question is asking about a new private network link (a VPN) with a business partner. This will provide access to the local network from the business partner.
When implementing a VPN, an important step is the design of the VPN. The VPN should be designed to ensure that the security of the network and local systems is not compromised.
The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the systems or applications. A design review is basically a check to ensure that the design of the system meets the security requirements.
Question No: 633 – (Topic 3)
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?
Answer: D Explanation:
White box testing is the process of testing an application when you have detailed knowledge of the inner workings of the application.
White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test.
Question No: 634 – (Topic 3)
Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?
Answer: D Explanation:
When a password is quot;triedquot; against a system it is quot;hashedquot; using encryption so that the
actual password is never sent in clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a password usually looks like a bunch of garbage and is typically a different length than the original password. Your password might be quot;shitzuquot; but the hash of your password would look something like quot;7378347eedbfdd761619451949225ec1quot;.
To verify a user, a system takes the hash value created by the password hashing function on the client computer and compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and granted access.
Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes in the stolen password file. If it finds a match then the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves.
With a rainbow table, all of the possible hashes are computed in advance. In other words, you create a series of tables; each has all the possible two-letter, three-letter, four-letter, and so forth combinations and the hash of that combination, using a known hashing algorithm like SHA-2. Now if you search the table for a given hash, the letter combination in the table that produced the hash must be the password you are seeking.
Question No: 635 – (Topic 3)
A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:
application hardening effectiveness.
OS hardening effectiveness.
Answer: A Explanation:
In this question, we have out-of-date applications that could be exploited. The out-of-date applications are security vulnerabilities. The combination of all vulnerabilities that could be exploited (or attacked) is known as the attack surface.
The attack surface of a software environment is the sum of the different points (the quot;attack vectorsquot;) where an unauthorized user (the quot;attackerquot;) can try to enter data to or extract data from an environment.
The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry points available to untrusted users, and eliminate services requested by relatively few users. One approach to improving information security is to reduce the attack surface of a system or software. By turning off unnecessary functionality, there are fewer security risks. By having less code available to unauthorized actors, there will tend to be fewer failures. Although attack surface reduction helps prevent security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.
Question No: 636 – (Topic 3)
What is a system that is intended or designed to be broken into by an attacker?
Answer: A Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that
are potentially invulnerable to future hackers.
There are two main types of honeypots:
Production – A production honeypot is one used within an organization#39;s environment to help mitigate risk.
Research – A research honeypot add value to research in computer security by providing a platform to study the threat.
Question No: 637 – (Topic 3)
Matt, an administrator, is concerned about the wireless network being discovered by war driving.
Which of the following can be done to mitigate this?
Enforce a policy for all users to authentic through a biometric device.
Disable all SSID broadcasting.
Ensure all access points are running the latest firmware.
Move all access points into public access areas.
Answer: B Explanation:
B: War driving is the act of using a detection tool to look for wireless networking signals. The setting making a wireless network closed (or at least hidden) is the disabling of service set identifier (SSID) broadcasting. Thus by disabling all SSID broadcasting you can mitigate the risk of war driving.
Question No: 638 – (Topic 3)
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).
Answer: B,D Explanation:
This is an example of both a logic bomb and a backdoor. The logic bomb is configured to ‘go off’ or activate one week after her account has been disabled. The reactivated account will provide a backdoor into the system.
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool#39;s Day. Trojans that activate on certain dates are often called quot;time bombsquot;.
To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.
Question No: 639 – (Topic 3)
An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
Answer: A Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed.
The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Question No: 640 – (Topic 3)
A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).
Detect security incidents
Reduce attack surface of systems
Implement monitoring controls
Hardening network devices
Prevent unauthorized access
Answer: A,C Explanation:
By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls.
With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect
100% Ensurepass Free Download!
–Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|