Scribd Logo
Upload

Welcome to Scribd!

  • Comptia Security Plus Mini Course Handbook

    Uploaded by

    drthtater
    866 views26 pages
    Study guide handbook for Comptia's Security Plus certification. Get yourself ready to take the exam!

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Study guide handbook for Comptia's Security Plus certification. Get yourself ready to take the exam!

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    866 views26 pages

    Comptia Security Plus Mini Course Handbook

    Uploaded by

    drthtater
    Study guide handbook for Comptia's Security Plus certification. Get yourself ready to take the exam!

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    CompTIASecurity+Performance

    BasedQuestions
    http://www.infosecinstitute.com/SecurityPlus
    Copyright2013InfoSecInstitute 1of26
    Question
    1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
    servingbothsecured,andunsecuredwebpagesinthediagrambelow.
    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Copyright2013InfoSecInstitute 2of26
    AnswertoPreviousPage
    1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
    servingbothsecured,andunsecuredwebpagesinthediagrambelow.
    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Allow TCP * * 192.0.2.9/32 80
    Allow TCP * * 192.0.2.9/32 443
    Sincethequestionspecifiedthatbothsecuredandunsecuredwebpageswouldbeserved,
    then,youneededtoallowbothHTTP(port80)andHTTPS(port443)throughthefirewall.Since
    thetrafficiscomingfromtheinternet,allsourceIPaddressesshouldbeallowedin.
    Copyright2013InfoSecInstitute 3of26
    Question
    2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
    AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
    everyonecansendSMTPtraffic.
    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Copyright2013InfoSecInstitute 4of26
    AnswertoPreviousPage
    2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
    AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
    everyonecansendSMTPtraffic.
    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Allow TCP * * 192.0.2.10/32 25
    Allow TCP 203.0.113.0/24 * 192.0.2.10/32 110
    Allow TCP 203.0.113.0/24 * 192.0.2.10/32 143
    InternalclientsneedtohaveaccesstobothIMAP(Port:143)andPOP3(Port:110)ports.Since
    onlyinternalclientsareallowedtohaveaccess,thesourceIPAddressneedstobelimitedtothe
    internalnetwork.SincethemailserverwouldreceiveSMTP(Port:25)fromanywhere,that
    trafficneedstobeallowedfromanywhere.
    Copyright2013InfoSecInstitute 5of26
    Question
    3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
    Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
    server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
    that?

    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Copyright2013InfoSecInstitute 6of26
    AnswertoPreviousPage
    3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
    Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
    server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
    that?

    Usea*toindicateAny.
    Allow/
    Deny
    TCP/
    UDP
    SourceIPAddress Source
    Port
    DestinationIP Destination
    Port
    Allow TCP 203.0.113.45/32 * 192.0.2.10/32 22
    Deny TCP 203.0.113.45/32 * 192.0.2.10/32 23
    SinceSSHisonport22,thisistheportthatmustbeallowedin.Also,sincethisisan
    administrativetool,onlytrafficfromtheAdministratorComputershouldbeletthrough,andnot
    fromtheinternalnetworkasawhole.
    Shedeniedtrafficonport23(theTelnetport)sinceshedoesntwantnonencrypted,
    administrativetraffictobegoingtotheserver.Thisisanadmittedlysomewhatartificialexample,
    butitdemonstrateshowtopreventtrafficfromgoingthroughafirewall.
    Copyright2013InfoSecInstitute 7of26
    Questions
    4. Matchtheporttotheprotocol.
    a. FTPDataChannel 1.TCP/UDP:53
    b. LDAP 2.TCP/UDP:389
    c. NetBIOSnameservice 3.TCP:20
    d. DNS 4.TCP/UDP:137
    5. Matchtheporttotheprotocol.
    a. SSH 1.TCP:21
    b. FTPControlChannel 2.TCP:443
    c. TFTP 3.TCP:22
    d. HTTPS 4.UDP:69
    6. Matchtheporttotheprotocol.
    a. POP3 1.TCP:22
    b. NetBIOSsessionservice 2.TCP:110
    c. SCP 3.UDP:161
    d. SNMP 4.TCP/UDP:139
    7. Matchtheporttotheprotocol.
    a. Telnet 1.TCP:80
    b. HTTP 2.TCP/UDP:138
    c. NetBIOSdatagramservice 3.TCP:636
    d. LDAP/SSL 4.TCP:23
    Copyright2013InfoSecInstitute 8of26
    AnswertoPreviousPage
    4. Matchtheporttotheprotocol.
    a. 3FTPDataChannel 1.TCP/UDP:53
    b. 2LDAP 2.TCP/UDP:389
    c. 4NetBIOSnameservice 3.TCP:20
    d. 1DNS 4.TCP/UDP:137
    5. Matchtheporttotheprotocol.
    a. 3SSH 1.TCP:21
    b. 1FTPControlChannel 2.TCP:443
    c. 4TFTP 3.TCP:22
    d. 2HTTPS 4.UDP:69
    6. Matchtheporttotheprotocol.
    a. 2POP3 1.TCP:22
    b. 4NetBIOSsessionservice 2.TCP:110
    c. 1SCP 3.UDP:161
    d. 3SNMP 4.TCP/UDP:139
    7. Matchtheporttotheprotocol.
    a. 4Telnet 1.TCP:80
    b. 1HTTP 2.TCP/UDP:138
    c. 2NetBIOSdatagramservice 3.TCP:636
    d. 3LDAP/SSL 4.TCP:23
    Whenitcomestomatchingprotocolstoports,thereisnosubstitutionformemorizingthe
    correctportprotocolmapping.
    Copyright2013InfoSecInstitute 9of26
    Question
    8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
    peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
    wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
    network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
    implementthis?
    Copyright2013InfoSecInstitute 10of26
    AnswertoPreviousPage
    8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
    peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
    wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
    network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
    implementthis?
    Whenpeopleseethewirelessnetworks,whattheyareseeing,istheSSID.Whetheror
    notitisvisible,isdeterminedbywhetherornottheSSIDisbroadcastornot.Soforthis,
    wewanttosettheSSIDtoOURNETWORK,anddisablebroadcastingoftheSSID
    (sincetheyonlywantpeoplewhoknowaboutittobeabletologintoit).
    OfthevariousSecurityModes,WPA2providesthebestencryptionpossiblehere.Using
    PSK,oraPreSharedKey,allowsalluserstoconnectusingthesamepassphrase.
    Copyright2013InfoSecInstitute 11of26
    Question
    9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
    persontologinusingauniqueusername/passwordcombination.Howshouldthe
    configurationbechangedtoaccommodatethis?
    Someports:
    RADIUSAuthentication:1812
    RADIUSAccounting:1813
    Copyright2013InfoSecInstitute 12of26
    AnswertoPreviousPage
    9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
    persontologinusinguniqueusername/passwordcombination.Howshouldthe
    configurationbechangedtoaccommodatethis?
    Radiusserversarecommonlyusedtoprovideauthenticationservicesforwireless
    accesspoints.Sinceweareusingthisforauthentication(confirmingthatthisisaperson
    thesystemrecognizes),weneedtouseport1812.
    Copyright2013InfoSecInstitute 13of26
    Question
    10.Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
    WAP?
    11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
    WAP?
    Copyright2013InfoSecInstitute 14of26
    AnswertoPreviousPage
    10. Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
    WAP?
    MACaddressfiltering.
    11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
    WAP?
    ByimplementingMACaddressfiltering,thedeviceswiththeMACAddress
    998877665501or998877665548wouldhaveaccesstothesystem.Thus2
    deviceswouldhaveaccess.
    Copyright2013InfoSecInstitute 15of26
    Questions
    Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
    a. Maninthemiddle
    b. DDoS
    c. DoS
    d. Replay
    e. EvilTwin
    12.___
    13.____
    Copyright2013InfoSecInstitute 16of26
    AnswertoPreviousPage
    Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
    a. Maninthemiddle
    b. DDoS
    c. DoS
    d. Replay
    e. EvilTwin
    12.b.
    Theuseofmultiple(distributed)machineswiththegoalisofmakingitsothatthevictimmachine
    isnotabletoperformitstasksmakesthisaDistributedDenialofServiceattack.
    13.c.
    Asthekeygoalismakingitsothatthevictimisnotabletoprocessitsregulartasks,makesthis
    aDenialofServiceattack.
    Copyright2013InfoSecInstitute 17of26
    Questions
    Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone..
    a. Maninthemiddle
    b. DDoS
    c. DoS
    d. Replay
    e. EvilTwin
    14.____
    15.____
    Copyright2013InfoSecInstitute 18of26
    AnswerstoPreviousPage
    Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
    a. Maninthemiddle
    b. DDoS
    c. DoS
    d. Replay
    e. EvilTwin
    14.a.
    Asonewouldexpectfromthename,theManinthemiddleinvolvesgettinginthemiddleof
    requestsgoingtoandfromtheserver.Theattackercanthenmodifythetraffictosuithisneeds.
    15.e.
    AnEvilTwinattackusesanaccesspointwhichhasduplicatedthelegitimateaccesspoints
    SSID,inordertoenticemachinestoconnecttothem.Atthispoint,theattackercansnoopthe
    victimstraffic.WhilethisisatypeofManInTheMiddleattackEvilTwinisabetterchoice,since
    theEvilTwinisaspecificimplementationofaManInTheMiddleattack.
    Copyright2013InfoSecInstitute 19of26
    Questions
    16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
    A. RemoteWipe
    B. LockedCabinet
    C. Encryption
    D. Passcode
    E. SecuredRooms
    F. AutomaticLocking
    G. Wipeafter10FailedSecurityCodeEntries
    17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
    A. LockedCabinet
    B. Wipeafter10FailedSecurityCodeEntries
    C. SecuredRoom
    D. RemoteWipe
    E. CCTV
    F. EnvironmentalControls
    G. AccessLogs
    Copyright2013InfoSecInstitute 20of26
    AnswerstoPreviousPage(CorrectAnswersinBold)
    16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
    A. RemoteWipe
    B. LockedCabinet
    C. Encryption
    D. Passcode
    E. SecuredRooms
    F. AutomaticLocking
    G. Wipeafter10FailedPasscodeEntries
    A:Remotewipeallowsacompanytoremoveinformationfromthedeviceonceitleaves
    itscontrol.
    C,D,F:Encryptingthecontentsofamobiledeviceandsecuringitwithapasscode
    reducesanattackersabilitytogetatthedataonthedeviceshouldshegaincontrolof
    thedevice.Automaticallylockingthedevicereducesthechanceanattackerwillgain
    controlofanunlockeddevice.
    G:Wipeafter10FailedPasscodeEntrieswillreducethechanceofgettingatadevices
    datashoulditbelost/stolen.
    B,E:Allofthesewouldeliminatethemobilityofthedevice,andthuseliminatetheability
    touseiteffectively.Thus,theyarenotpracticalcontrols.
    17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
    A. LockedCabinet
    B. Wipeafter10FailedSecurityCodeEntries
    C. SecuredRoom
    D. RemoteWipe
    E. CCTV
    F. EnvironmentalControls
    G. AccessLogs
    A,C:Thesehelplimitaccesstotheserver.
    E,G:Increasesthelikelihoodthatintruderswouldbenoticed,anddetersinsidersfrom
    maliciousactions.
    F:Dependingonthecontrolsimplementedthesecanreducetherisksassociatedwith
    itemssuchEMI,humidity,andtemperature.
    B,D:Thesecouldactuallyincreaserisksassociatedwithserver,asDoSattacksare
    possible.
    Copyright2013InfoSecInstitute 21of26
    Question
    18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
    UserComputer.WhichdeviceisnotsetupforImplicitDeny?
    Router
    Time Severity Message SourceIP
    Source
    Port DestinationIP
    Destination
    Port
    20131112
    14:10:20 Info
    Sessionpermitted.
    ACL3 203.0.113.42 23896 216.34.181.45 80
    20131112
    14:10:21 Info
    Sessionpermitted.
    ACL4. 74.125.134.26 42563 192.0.2.10 25
    20131112
    14:10:22 Info
    Sessionpermitted.
    NoACLmatch. 203.0.113.21 23323 17.178.96.59 69
    20131112
    14:10:22 Info SessionACL3. 203.0.113.21 23323 17.178.96.59 80
    Copyright2013InfoSecInstitute 22of26
    Firewall
    Time Severity Message SourceIP
    Source
    Port DestinationIP
    Destination
    Port
    20131112
    14:10:20 Info
    Session
    established. 203.0.113.42 23896 216.34.181.45 80
    20131112
    14:10:20 Info
    SessionDenied.No
    ACLmatched 203.0.113.41 43512 74.125.225.230 69
    20131112
    14:10:21 Info
    Session
    established. 203.0.113.44 32355 74.125.225.230 80
    20131112
    14:10:21 Info
    Session
    established. 74.125.134.26 42563 192.0.2.10 25
    20131112
    14:10:22 Info Sessionestablished 203.0.113.21 23323 17.178.96.59 80
    EndUserMachine
    Time Severity Message
    2013111214:10:15 Info
    Sessionestablished.ACLRule2match.DestinationIP192.0.2.10,Port:
    143.
    2013111214:10:25 Error SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
    2013111214:10:30 Info SessionEstablished.ACLRule1match.74.125.225.230,Port:80
    Copyright2013InfoSecInstitute 23of26
    AnswertoQuestion18
    18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
    UserComputer.WhichdeviceisnotsetupforImplicitDeny?
    WhencheckingforafailureofImplicitDeny,thequestioniswhichdeviceletstraffic
    throughifnoruleismatched.Thekeypiecesfromthelogsarehere:
    Router
    20131112
    14:10:22 Info
    Sessionpermitted.
    NoACLmatch. 203.0.113.21 23323 17.178.96.59 69
    Firewall
    20131112
    14:10:20 Info
    SessionDenied.No
    ACLmatched 203.0.113.41 43512 74.125.225.230 69
    EndUserMachine
    2013111214:10:25 Error SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
    WhenthereisnotanACLmatch,thentrafficmustbedeniedforImplicitDenytobein
    place.InthiscasetheRouterissetuptopermittrafficthroughwhennoruleismatched,
    soitisnotsetupproperlyforImplicitDeny.
    Copyright2013InfoSecInstitute 24of26
    Questions
    19.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    ____PageFile
    ____CacheMemory
    ____NetworkDrive
    ____HardDrive
    20.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    ____RAM
    ____CDRarchivemedia
    ____PageFile
    ____HardDrive
    21.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    ____RAM
    ____CacheMemory
    ____NetworkDrive
    ____CDRarchivemedia
    Bonus:Identifyallofthedifferentstoragetypespresented,andrankthemaccordingly.
    Copyright2013InfoSecInstitute 25of26
    AnswerstoPreviousPage
    19.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    2PageFile
    1CacheMemory
    4NetworkDrive
    3HardDrive
    20.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    1RAM
    4CDRarchivemedia
    2PageFile
    3HardDrive
    21.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
    2RAM
    1CacheMemory
    3NetworkDrive
    4CDRarchivemedia
    Hereisabriefsummaryofthedifferenttypesofstorage,andtheiroverallorderofvolatility.
    1. CacheMemoryAcacheisusedtostorefrequentlyorrecentlyaccessedmemory.Itis
    fasterforaCPUtoaccessdatastoredinthecachethanallotherformsofmemory.Itis
    overwrittenbydatafromRAMfrequentlyaspartofthestandardoperationoftheoperating
    system.Itisnotpersistentonpowerdown.
    2. RAMRAM,orRandomAccessMemoryisusedbythesystemaspartoftheregular
    operationofthecomputer.Itisnotpersistentonpowerdown.
    3. PageFileOperatingsystemswilltemporarilystoredatathatwouldbekeptinRAMina
    fileontheharddisk.Thisfile,calledapagefile,pagingfile,orswapfile.Thisfilecan
    survivethesystempoweringdown,howeversomeoperatingsystemswilldeletethefile
    whengoingthroughacleanshutdown.
    4. HardDriveDatastoredonaharddriveismaintainedthroughoutasystemshutdown.
    5. NetworkDrive/RemoteSystemDatastoredonanetworkdrivewouldsurviveevenifthe
    targetsystemisentirelyinoperableorincapableofbeinginvestigated.
    6. CDRopticalmediaArchivemediasuchCDRnotonlycansurviveasystempower
    down,oncethedataiswrittentothemedia,andthemediadisconnectedfromthe
    system,itcannotbemodifiedinanywaybythetargetsystem.
    Copyright2013InfoSecInstitute 26of26

    You might also like