Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
SSIDStateChannelLevel
Computer AreUs1connected170dbm
Computer AreUs2connected580dbm
Computer AreUs3connected375dbm
Computer AreUs4connected695dbm
Which of the following is this an example of?
A. Rogue access point
B. Near field communication
C. Jamming
D. Packet sniffing
Answer: A
Explanation:
The question states that the building has three wireless networks. However, the scan is showing four wireless networks with the SSIDs: Computer AreUs1 , Computer AreUs2 , Computer AreUs3 and Computer AreUs4. Therefore, one of these wireless networks probably shouldn’t be there. This is an example of a rogue access point. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.
Q2. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Answer: D
Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.
Q3. Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).
A. Rootkit
B. Logic Bomb
C. Botnet
D. Backdoor
E. Spyware
Answer: B,D
Explanation:
This is an example of both a logic bomb and a backdoor. The logic bomb is configured to ‘go off’ or activate one week after her account has been disabled. The reactivated account will provide a backdoor into the system. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set
time are not normally regarded as logic bombs.
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext,
and so on, while attempting to remain undetected. The backdoor may take the form of an installed
program (e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination
which gives access to the system.
Q4. Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?
A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations
Answer: D
Explanation:
When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.
Q5. A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
C. Exploit security controls to determine vulnerabilities and misconfigurations.
D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
Answer: A
Explanation:
We need to determine if vulnerabilities exist by passively testing security controls. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Q6. An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes
Answer: D
Explanation:
Q7. DRAG DROP
A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset type.
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex,
Indianapolis, 2014, pp 221, 222, 369, 418
http://www.mentor-app.com/
Q8. Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?
A. AES
B. Blowfish
C. RC5
D. 3DES
Answer: B
Explanation:
Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).
Q9. A way to assure data at-rest is secure even in the event of loss or theft is to use:
A. Full device encryption.
B. Special permissions on the file system.
C. Trusted Platform Module integration.
D. Access Control Lists.
Answer: A
Explanation:
Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Q10. A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?
A. SaaS
B. MaaS
C. IaaS
D. PaaS
Answer: B
Explanation:
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.
Q11. Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?
A. CCTV system access
B. Dial-up access
C. Changing environmental controls
D. Ping of death
Answer: C
Explanation:
Environmental systems include heating, air conditioning, humidity control, fire suppression, and power systems. All of these functions are critical to a well-designed physical plant. A computer room will typically require full-time environmental control. Changing any of these controls (when it was set to its optimum values) will result in damage.
Q12. Which of the following provides additional encryption strength by repeating the encryption process with additional keys?
A. AES
B. 3DES
C. TwoFish
D. Blowfish
Answer: B
Explanation:
Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).
Q13. A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties
Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Q14. Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?
A. Joe’s public key
B. Joe’s private key
C. Ann’s public key
D. Ann’s private key
Answer: D
Explanation:
The sender uses his private key, in this case Ann's private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. The receiver uses a key provided by the sender—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
Q15. Establishing a method to erase or clear cluster tips is an example of securing which of the following?
A. Data in transit
B. Data at rest
C. Data in use
D. Data in motion
Answer: B
Explanation: