CompTIA Security+ Question H-30

Which of the following BEST describes a protective countermeasure for SQL injection?

A. Eliminating cross-site scripting vulnerabilities
B. Installing an IDS to monitor network traffic
C. Validating user input in web applications
D. Placing a firewall between the Internet and database servers

Answer: C

Explanation:
By validating user input and preventing special characters, we can prevent the injection of client-side scripting code. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

CompTIA Security+ Question H-29

Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?

A. Malicious logic
B. Cross-site scripting
C. SQL injection
D. Buffer overflow

Answer: D

Explanation:
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Validating the size of a variable before writing it to memory will ensure that the variable can fit into the buffer. Failure to validate the size of a variable before writing it to memory can result in a buffer overflow.

CompTIA Security+ Question H-28

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

A. Policies
B. Procedures
C. Metrics
D. Standards

Answer: C

Explanation:
All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training.

CompTIA Security+ Question H-27

An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?

A. A password that has not changed in 180 days
B. A single account shared by multiple users
C. A user account with administrative rights
D. An account that has not been logged into since creation

Answer: C

Explanation:
A user account with administrative rights has the same rights as an administrator account on a computer. An administrator account is a user account that lets you make changes that will affect other users. Administrators can change security settings, install software and hardware, and access all files on the computer. Administrators can also make changes to other user accounts. This compares to a standard user (non-administrative) account which has limited rights on a computer. For example, a standard user account cannot install software, cannot make system changes that would affect other users and cannot access other users’ files. Therefore, a compromised user account with administrative rights has the potential for the most damage.

CompTIA Security+ Question H-26

Which of the following does full disk encryption prevent?

A. Client side attacks
B. Clear text access
C. Database theft
D. Network-based attacks

Answer: B

Explanation:
Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question H-25

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?

A. Incident management
B. Server clustering
C. Change management
D. Forensic analysis

Answer: C

Explanation:
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘performing updates to business critical systems.

CompTIA Security+ Question H-23

Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

A. NIPS
B. Content filter
C. NIDS
D. Host-based firewalls

Answer: D

Explanation:
A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a filter is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it. Log records information about the packet into a log file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required, other potentially compromised application services would be prevented from being exploited across the network.

CompTIA Security+ Question H-22

Which of the following ports would be blocked if Peter, a security administrator, wants to deny access to websites?

A. 21
B. 25
C. 80
D. 3389

Answer: C

Explanation:
Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.

CompTIA Security+ Question H-21

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

A. Integrity of downloaded software.
B. Availability of the FTP site.
C. Confidentiality of downloaded software.
D. Integrity of the server logs.

Answer: A

Explanation:
Digital Signatures is used to validate the integrity of the message and the sender. In this case the software firm that posted the patches and updates digitally signed the checksums of all patches and updates.