CompTIA Security+ Question D-57

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

A. Baseline reporting
B. Input validation
C. Determine attack surface
D. Design reviews

Answer: D

Explanation:
When implementing systems and software, an important step is the design of the systems and software. The systems and software should be designed to ensure that the system works as intended and is secure. The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the system or application. A design review is basically a check to ensure that the design of the system meets the security requirements.

CompTIA Security+ Question C-99

Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?

A. Baseline Reporting
B. Capability Maturity Model
C. Code Review
D. Quality Assurance and Testing

Answer: C

Explanation:
A buffer overflow attack attacks a vulnerability caused by poor coding in an application. Reviewing the code of the application will enable you to identify code that is vulnerable to buffer overflow.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

CompTIA Security+ Question C-72

Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan

Answer: A

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture

network data communications sent between devices on a network. Capturing and analyzing the packets sent between applications on systems that are not communicating properly could help determine the cause of the issue. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).