CompTIA Security+ Question G-100

Which of the following describes how Emily, an attacker, can send unwanted advertisements to a mobile device?

A. Man-in-the-middle
B. Bluejacking
C. Bluesnarfing
D. Packet sniffing

Answer: B

Explanation:
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don’t know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it’s possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

CompTIA Security+ Question G-99

An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection?

A. 389
B. 440
C. 636
D. 3286

Answer: C

Explanation:
Port 636 is used for secure LDAP (LDAPS).

Incorrect Options:

A: Port 389 is used for LDAP.

B: Port 440 is not used for secure Active Directory connections.

D: Port 3286 is not used for secure Active Directory connections.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 147

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

CompTIA Security+ Question G-98

Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?

A. Spear phishing
B. Hoaxes
C. Spoofing
D. Spam

Answer: D

Explanation:
Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup. In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers. There is some debate about why it is called spam, but the generally accepted version is that it comes from the Monty Python song, “Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam”. Like the song, spam is an endless repetition of worthless text. Another school of thought maintains that it comes from the computer group lab at the University of Southern California who gave it the name because it has many of the same characteristics as the lunch meat Spam: Nobody wants it or ever asks for it. No one ever eats it; it is the first item to be pushed to the side when eating the entree. Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people. The term spam can also be used to describe any “unwanted” email from a company or website -­typically at some point a user would have agreed to receive the email via subscription list opt-in -­a newer term called graymail is used to describe this particular type of spam.

CompTIA Security+ Question G-97

The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

A. Create a firewall rule to block SSH
B. Delete the root account
C. Disable remote root logins
D. Ensure the root account has a strong password

Answer: C

Explanation:
Remote users log in to Unix or Linux servers by using SSH. Although SSH is secure, allowing remote access as root is a security risk.

One of the biggest security holes you could open on a Unix or Linux server is to allow directly logging in as root through SSH, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password. It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. You should disable root ssh access by editing /etc/ssh/sshd_config to contain: PermitRootLogin no

CompTIA Security+ Question G-96

An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

A. DLP
B. Asset tracking
C. HSM
D. Access control

Answer: A

Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

CompTIA Security+ Question G-95

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

A. The certificate will be added to the Certificate Revocation List (CRL).
B. Clients will be notified that the certificate is invalid.
C. The ecommerce site will not function until the certificate is renewed.
D. The ecommerce site will no longer use encryption.

Answer: B

Explanation:
A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request.

CompTIA Security+ Question G-93

A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).

A. Fault tolerance
B. Encryption
C. Availability
D. Integrity
E. Safety
F. Confidentiality

Answer: D,E

Explanation:
Aspects such as fencing, proper lighting, locks, CCTV, Escape plans Drills, escape routes and testing controls form part of safety controls. Integrity refers to aspects such as hashing, digital signatures, certificates and non-repudiation – all of which has to do with data integrity.

CompTIA Security+ Question G-92

Which of the following technologies was developed to allow companies to use less-expensive storage while still maintaining the speed and redundancy required in a business environment?

A. RAID
B. Tape Backup
C. Load Balancing
D. Clustering

Answer: D

CompTIA Security+ Question G-91

A company wants to prevent end users from plugging unapproved smartphones into PCs and transferring data. Which of the following would be the BEST control to implement?

A. MDM
B. IDS
C. DLP
D. HIPS

Answer: C