SY0-501 : CompTIA Security+ Certification​​ : Part 20

  1. Which of the following could help detect trespassers in a secure facility? (Choose two.)

    • Faraday cages
    • Motion-detection sensors
    • Tall, chain-link fencing
    • Security guards
    • Smart cards
  2. The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems.

    The help desk is receiving reports that users are experiencing the following error when attempting to log in

    to their previous system:

    Logon Failure: Access Denied

    Which of the following can cause this issue?

    • Permission issues
    • Access violations
    • Certificate issues
    • Misconfigured devices
  3. A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.

    Which of the following is the MOST likely method used to gain access to the other host?

    • Backdoor
    • Pivoting
    • Persistance
    • Logic bomp
  4. Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO.

    Which of the following are needed given these requirements? (Choose two.)

    • Public key
    • Shared key
    • Elliptic curve
    • MD5
    • Private key
    • DES
  5. The POODLE attack is an MITM exploit that affects:

    • TLS1.0 with CBC mode cipher
    • SSLv2.0 with CBC mode cipher
    • SSLv3.0 with CBC mode cipher
    • SSLv3.0 with ECB mode cipher
    Explanation:
    A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
    How To Protect your Server Against the POODLE SSLv3 Vulnerability On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.
    Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.
    The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3.
    Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.
    To find out more information about the vulnerability, consult the CVE information found at CVE-2014-3566.
    What is the POODLE Vulnerability?

    The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in- the-middle context to decipher the plain text content of an SSLv3 encrypted message.
    Who is Affected by this Vulnerability?

    This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.
    Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.

    How Does It Work?

    In short, the POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.
    Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.
    An average of once out of every 256 requests will accepted at the destination, allowing the attacker to decrypt a single byte. This can be repeated easily in order to progressively decrypt additional bytes. Any attacker able to repeatedly force a participant to resend data using this protocol can break the encryption in a very short amount of time.

    How Can I Protect Myself?

    Actions should be taken to ensure that you are not vulnerable in your roles as both a client and a server. Since encryption is usually negotiated between clients and servers, it is an issue that involves both parties.
    Servers and clients should should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fallback option.
    This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.

  6. To determine the ALE of a particular risk, which of the following must be calculated? (Choose two.)

    • ARO
    • ROI
    • RPO
    • SLE
    • RTO
  7. Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Choose two.)

    • XOR
    • PBKDF2
    • bcrypt
    • HMAC
    • RIPEMD
  8. Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security.

    Which of the following authentication methods should be deployed to achieve this goal?

    • PIN
    • Security question
    • Smart card
    • Passphrase
    • CAPTCHA
  9. A security administrator needs to address the following audit recommendations for a public-facing SFTP server:

    Users should be restricted to upload and download files to their own home directories only.
    Users should not be allowed to use interactive shell login.

    Which of the following configuration parameters should be implemented? (Choose two.).

    • PermitTunnel
    • ChrootDirectory
    • PermitTTY
    • AllowTcpForwarding
    • IgnoreRhosts
  10. An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

    • SaaS
    • CASB
    • IaaS
    • PaaS
    Explanation:
    Security Broker (CASB) gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.
  11. Which of the following is commonly done as part of a vulnerability scan?

    • Exploiting misconfigured applications
    • Cracking employee passwords
    • Sending phishing emails to employees
    • Identifying unpatched workstations
  12. A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company’s aging systems are unable to keep up with customer demand. Which of the following cloud models will the company MOST likely select?

    • PaaS
    • SaaS
    • IaaS
    • BaaS
  13. After a security incident, management is meeting with involved employees to document the incident and its aftermath.

    Which of the following BEST describes this phase of the incident response process?

    • Lessons learned
    • Recovery
    • Identification
    • Preparation
  14. A user needs to send sensitive information to a colleague using PKI.

    Which of the following concepts apply when a sender encrypts the message hash with the sender’s private key? (Choose two.)

    • Non-repudiation
    • Email content encryption
    • Steganography
    • Transport security
    • Message integrity
  15. As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices.

    Which of the following would BEST help to accomplish this?

    • Require the use of an eight-character PIN.
    • Implement containerization of company data.
    • Require annual AUP sign-off.
    • Use geofencing tools to unlock devices while on the premises.
  16. A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach.

    Which of the following is MOST likely the cause?

    • Insufficient key bit length
    • Weak cipher suite
    • Unauthenticated encryption method
    • Poor implementation
  17. An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server.

    Which of the following should a security analyst do FIRST?

    • Make a copy of everything in memory on the workstation.
    • Turn off the workstation.
    • Consult information security policy.
    • Run a virus scan.
  18. A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

    • Put the desktops in the DMZ.
    • Create a separate VLAN for the desktops.
    • Air gap the desktops.
    • Join the desktops to an ad-hoc network.
  19. An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography.

    Discovery of which of the following would help catch the tester in the act?

    • Abnormally high numbers of outgoing instant messages that contain obfuscated text
    • Large-capacity USB drives on the tester’s desk with encrypted zip files
    • Outgoing emails containing unusually large image files
    • Unusual SFTP connections to a consumer IP address
  20. A member of the admins group reports being unable to modify the “changes” file on a server.
    The permissions on the file are as follows:

    Permissions User Group File
    -rwxrw-r–+ Admins Admins changes

    Based on the output above, which of the following BEST explains why the user is unable to modify the “changes” file?

    • The SELinux mode on the server is set to “enforcing.”
    • The SELinux mode on the server is set to “permissive.”
    • An FACL has been added to the permissions for the file.
    • The admins group does not have adequate permissions to access the file.