CompTIA Security+ Question E-60

Which of the following authentication provides users XML for authorization and authentication?

A. Kerberos
B. LDAP
C. RADIUS
D. SAML

Answer: D

CompTIA Security+ Question E-59

Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?

A. Two factor authentication
B. Identification and authorization
C. Single sign-on
D. Single factor authentication

Answer: A

Explanation:
Two-factor authentication is when two different authentication factors are provided for authentication purposes. Speaking (Voice) – something they are. Passphrase – something they know.

CompTIA Security+ Question E-58

A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI.
B. PGP, because it is simple to incorporate into a small environment.
C. X.509, because it uses a hierarchical design that is the most trusted form of PKI.
D. X.509, because it is simple to incorporate into a small environment.

Answer: B

Explanation:
PGP easier to use and setup than the corporate PKI model, but it is also less robust when it comes to issues like authentication and trust. However, the full benefits of public key cryptography are used.

CompTIA Security+ Question E-57

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

A. User rights reviews
B. Least privilege and job rotation
C. Change management
D. Change Control

Answer: A

Explanation:
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their β€˜new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.

CompTIA Security+ Question E-56

Which of the following application attacks is used to gain access to SEH?

A. Cookie stealing
B. Buffer overflow
C. Directory traversal
D. XML injection

Answer: B

Explanation:
Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft’s implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

CompTIA Security+ Question E-55

A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO).

A. UDP 1723
B. TCP 500
C. TCP 1723
D. UDP 47
E. TCP 47

Answer: C,D

Explanation:
A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. The PPTP GRE packet format is non-standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.

CompTIA Security+ Question E-54

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:

A. no longer used to authenticate to most wireless networks.
B. contained in certain wireless packets in plaintext.
C. contained in all wireless broadcast packets by default.
D. no longer supported in 802.11 protocols.

Answer: B

Explanation:
The SSID is still required for directing packets to and from the base station, so it can be discovered using a wireless packet sniffer.

CompTIA Security+ Question E-53

Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

A. User rights reviews
B. Incident management
C. Risk based controls
D. Annual loss expectancy

Answer: A

Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more.

CompTIA Security+ Question E-52

Which of the following attacks impact the availability of a system? (Select TWO).

A. Smurf
B. Phishing
C. Spim
D. DDoS
E. Spoofing

Answer: A,D

Explanation:
A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real sender’s address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to steal information, but instead attempt to disable a computer or network.

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time.

CompTIA Security+ Question E-51

The recovery agent is used to recover the:

A. Root certificate
B. Key in escrow
C. Public key
D. Private key

Answer: D

Explanation:
A key recovery agent is an entity that has the ability to recover a private key, key components, or plaintext messages as needed. Using the recovered key the recovery agent can decrypt encrypted data.