CompTIA Security+ Simulation 12

Which of the following BEST describes the type of attack that is occurring? (Select TWO).

A. DNS spoofing
B. Man-in-the-middle
C. Backdoor
D. Replay
E. ARP attack
F. Spear phishing
G. Xmas attack






Correct Answer: A, E

We have a legit bank web site and a hacker bank web site. The hacker has a laptop connected to the network. The hacker is redirecting bank web site users to the hacker bank web site instead of the legit bank web site. This can be done using two methods: DNS Spoofing and ARP Attack (ARP Poisoning).

A: DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).

A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn’t know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again.

When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the hacker bank web site server).

E: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker’s known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker’s computer first instead of sending it to the original destination. As a result, both the user’s data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).

CompTIA Security+ Simulation 4

Select the appropriate attack from each drop down list to label the corresponding illustrated attack

Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

Correct Answer:


1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.

2: The Hoax in this question is designed to make people believe that the fake AV (anti-virus) software is genuine.

3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.

4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.

5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

References:
http://searchsecurity.techtarget.com/definition/spear-phishing
http://www.webopedia.com/TERM/V/vishing.html
http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/P/pharming.html

CompTIA Network+ Question C-1

While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local router and servers are working. The technician tries to ping all known nodes on the network and they reply positively, except for one of the servers. The technician notices that ping works only when the host name is used but not when FQDN is used. Which of the following servers is MOST likely down?

A. WINS server
B. Domain controller
C. DHCP server
D. DNS server

Correct Answer: D

CompTIA Network+ Question B-70

After repairing a computer infected with malware, a technician determines that the web browser fails to go to the proper address for some sites. Which of the following should be checked?

A. Server host file
B. Subnet mask
C. Local hosts file
D. Duplex settings

Correct Answer: C

Explanation:
The local hosts file is a text file that contains hostname-to-IP address mappings. By default, host to IP address mappings that are configured in the Hosts file supersede the information in DNS. If there is an entry for a domain name in the Hosts file, then the server will not attempt to query DNS servers for that name. Instead, the IP address that is configured in the Hosts file will be used. If the IP address corresponding to a name changes and the Hosts file is not updated, you may be unable to connect to the host.

CompTIA Network+ Question B-6

A network administrator recently installed a web proxy server at a customer’s site. The following week, a system administrator replaced the DNS server overnight. The next day, customers began having issues accessing public websites. Which of the following will resolve the issue?

A. Update the DNS server with the proxy server information.
B. Implement a split horizon DNS server.
C. Reboot the web proxy and then reboot the DNS server.
D. Put the proxy server on the other side of the demarc.

Correct Answer: A

Explanation:
Proxy servers act as an intermediary for requests from clients seeking resources from other servers. If the DNS server is not communicating with the proxy server, these requests are not forwarded. Therefore, updating the DNS server with the proxy server information will solve the problem.

CompTIA Network+ Question A-66

Jane, a system administrator, is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following solutions would BEST resolve this problem?

A. Increase the maximum log size
B. Log into the DNS server every hour to check if the logs are full
C. Install an event management tool
D. Delete the logs when full

Correct Answer: C

CompTIA Network+ Question A-48

A technician is attempting to resolve an issue with users on the network not being able to access websites. The technician pings the default gateway and DNS servers successfully. Pinging a website by URL is unsuccessful but using a known IP address is successful. Which of the following will resolve the issue?

A. Update the HOST file with the URLs for all websites
B. Use NSLOOKUP to resolve URLs
C. Ensure ICMP messages can pass through the firewall
D. Enable port 53 on the firewall

Correct Answer: D

CompTIA Network+ Question A-23

Peter, a network technician, is setting up a DHCP server on a LAN segment. Which of the following options should Peter configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to be able to access the Internet and internal company servers? (Select THREE).

A. Default gateway
B. Subnet mask
C. Reservations
D. TFTP server
E. Lease expiration time of 1 day
F. DNS servers
G. Bootp

Correct Answer: ABF

Explanation:
The question states that the client computers need to access the Internet as well as internal company servers. To access the Internet, the client computers need to be configured with an IP address with a subnet mask (answer B) and the address of the router that connects the company network to the Internet. This is known as the ‘default gateway’ (answer A).
To be able to resolve web page URLs to web server IP addresses, the client computers need to be configured with the address of a DNS server (answer F).

CompTIA Network+ Question A-11

A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. Which of the following could the technician do to fix this issue while causing internal users to route to the website using an internal address?

A. Configure NAT on the firewall
B. Implement a split horizon DNS
C. Place the server in the DMZ
D. Adjust the proper internal ACL

Correct Answer: B

Explanation:
Split horizon DNS (also known as Split Brain DNS) is a mechanism for DNS servers to supply different DNS query results depending on the source of the request. This can be done by hardware-based separation but is most commonly done in software.
In this question, we want external users to be able to access the website by using a public IP address. To do this, we would have an external facing DNS server hosting a DNS zone for the website domain. For the internal users, we would have an internal facing DNS server hosting a DNS zone for the website domain. The external DNS zone will resolve the website URL to an external public IP address. The internal DNS server will resolve the website URL to an internal private IP address.

CompTIA A+ Core 2 Question G-38

A critical server was replaced by the IT staff the previous night. The following morning, some users are reporting that they are unable to browse to the Internet upon booting their workstations. Users who did not shut down their workstations the previous day are able to connect to the Internet. A technician looks at the following report from a workstation with no Internet connectivity: IP Address: 192.168.1.101 Netmask: 255.255.255.0 DHCP Server: 192.168.1.1DNS Server: 192.168.1.2 Default Gateway: 192.168.1.1 Given the above report, which of the following is the cause of why some workstations are unable to browse the Internet?

A. The workstation has an APIPA address.
B. The DHCP server is unavailable.
C. The default gateway router is misconfigured.
D. The DHCP server is misconfigured.