CompTIA Security+ Question G-80

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).

A. Rootkit
B. Logic Bomb
C. Botnet
D. Backdoor
E. Spyware

Answer: B,D

Explanation:
This is an example of both a logic bomb and a backdoor. The logic bomb is configured to ‘go off’ or activate one week after her account has been disabled. The reactivated account will provide a backdoor into the system. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool’s Day. Trojans that activate on certain dates are often called “time bombs”. To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set

time are not normally regarded as logic bombs. A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.

CompTIA Security+ Question G-79

Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?

A. HIPS on each virtual machine
B. NIPS on the network
C. NIDS on the network
D. HIDS on each virtual machine

Answer: A

Explanation:
Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

CompTIA Security+ Question G-78

Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?

A. Rootkit
B. Logic bomb
C. Worm
D. Botnet

Answer: B

Explanation:
This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the company. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool’s Day. Trojans that activate on certain dates are often called “time bombs”. To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.

CompTIA Security+ Question G-77

A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?

A. SNMP
B. SNMPv3
C. ICMP
D. SSH

Answer: B

Explanation:
Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

CompTIA Security+ Question G-76

Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?

A. SMTP
B. SNMPv3
C. IPSec
D. SNMP

Answer: B

Explanation:
Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

CompTIA Security+ Question G-75

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?

A. Multifactor authentication
B. Single factor authentication
C. Separation of duties
D. Identification

Answer: B

Explanation:
Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server.

CompTIA Security+ Question G-74

Peter, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

A. SAML
B. LDAP
C. iSCSI
D. Two-factor authentication

Answer: B

Explanation:
Peter is able to manage the backup system by logging into the network. This is an example of Single Sign-on. A common usage of LDAP is to provide a “single sign on” where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

CompTIA Security+ Question G-73

Which of the following is mainly used for remote access into the network?

A. XTACACS
B. TACACS+
C. Kerberos
D. RADIUS

Answer: D

Explanation:
Most gateways that control access to the network have a RADIUS client component that communicates with the RADIUS server. Therefore, it can be inferred that RADIUS is primarily used for remote access.

CompTIA Security+ Question G-72

In regards to secure coding practices, why is input validation important?

A. It mitigates buffer overflow attacks.
B. It makes the code more readable.
C. It provides an application configuration baseline.
D. It meets gray box testing standards.

Answer: A

Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.

CompTIA Security+ Question G-71

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use

Answer: A

Explanation:
Issues of limiting potential legal concerns regarding company rules where users are allowed to bring their own devices is the premise of data ownership. When a third party (in this case the user’s own device) is involves in a data exchange when clear rules and restrictions should be applied regarding data ownership.