CompTIA Security+ Question I-80

Which of the following will help prevent smurf attacks?

A. Allowing necessary UDP packets in and out of the network
B. Disabling directed broadcast on border routers
C. Disabling unused services on the gateway firewall
D. Flash the BIOS with the latest firmware

Answer: B

Explanation:
A smurf attack involves sending PING requests to a broadcast address. Therefore, we can prevent smurf attacks by blocking broadcast packets on our external routers. A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real sender’s address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to steal information, but instead attempt to disable a computer or network.

CompTIA Security+ Question I-78

A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company’s gateway firewall?

A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Answer: D

Explanation:
The default HTTPS port is port 443. When configuring SSL VPN you can change the default port for HTTPS to a port within the 1024-65535 range. This ACL will allow traffic from VPNs using the 1024-65535 port range to access the company network via company’s gateway firewall on port

443.

CompTIA Security+ Question I-77

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?

A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning

Answer: B

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.

CompTIA Security+ Question I-76

Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

A. Spoofing
B. Man-in-the-middle
C. Dictionary
D. Brute force
E. Privilege escalation

Answer: C,D

Explanation:
Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used by user accounts.

CompTIA Security+ Question I-75

A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?

A. Training staff on security policies
B. Establishing baseline reporting
C. Installing anti-malware software
D. Disabling unnecessary accounts/services

Answer: B

Explanation:
The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline. A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

CompTIA Security+ Question I-74

Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?

A. 25
B. 53
C. 143
D. 443

Answer: D

Explanation:
* HTTPS authenticates the website and corresponding web server with which one is communicating. HTTPS makes use of port 443.

Incorrect Options:

A: Port 25 is used by Simple Mail Transfer Protocol (SMTP) for routing e-mail between mail servers.

B: Port 53 is used by Domain Name System (DNS).

C: Port 143 is used by Internet Message Access Protocol (IMAP) for the management of email messages.

Reference:

https://en.wikipedia.org/wiki/HTTPS

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security+ Question I-73

Users can authenticate to a company’s web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials
B. Changes to passwords on the social media site can be delayed from replicating to the company
C. Data loss from the corporate servers can create legal liabilities with the social media site
D. Password breaches to the social media site affect the company application as well

Answer: D

Explanation:
Social networking and having you company’s application authentication ‘linked’ to users’ credential that they use on social media sites exposes your company’s application exponentially more than is necessary. You should strive to practice risk avoidance.

CompTIA Security+ Question I-72

An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
Which of the following is an example of this threat?

A. An attacker using the phone remotely for spoofing other phone numbers
B. Unauthorized intrusions into the phone to access data
C. The Bluetooth enabled phone causing signal interference with the network
D. An attacker using exploits that allow the phone to be disabled

Answer: B

Explanation:
Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information — such as the user’s calendar, contact list and e-mail and text messages -­without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.

CompTIA Security+ Question I-71

Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?

A. Clustering
B. RAID
C. Load balancing
D. Virtualization

Answer: A

Explanation:
Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy (but also add costs).