CompTIASecurity+Performance

BasedQuestions
http://www.infosecinstitute.com/SecurityPlus
Copyright2013InfoSecInstitute 1of26
Question
1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
servingbothsecured,andunsecuredwebpagesinthediagrambelow.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Copyright2013InfoSecInstitute 2of26
AnswertoPreviousPage
1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
servingbothsecured,andunsecuredwebpagesinthediagrambelow.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Allow TCP * * 192.0.2.9/32 80
Allow TCP * * 192.0.2.9/32 443
Sincethequestionspecifiedthatbothsecuredandunsecuredwebpageswouldbeserved,
then,youneededtoallowbothHTTP(port80)andHTTPS(port443)throughthefirewall.Since
thetrafficiscomingfromtheinternet,allsourceIPaddressesshouldbeallowedin.
Copyright2013InfoSecInstitute 3of26
Question
2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
everyonecansendSMTPtraffic.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Copyright2013InfoSecInstitute 4of26
AnswertoPreviousPage
2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
everyonecansendSMTPtraffic.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Allow TCP * * 192.0.2.10/32 25
Allow TCP 203.0.113.0/24 * 192.0.2.10/32 110
Allow TCP 203.0.113.0/24 * 192.0.2.10/32 143
InternalclientsneedtohaveaccesstobothIMAP(Port:143)andPOP3(Port:110)ports.Since
onlyinternalclientsareallowedtohaveaccess,thesourceIPAddressneedstobelimitedtothe
internalnetwork.SincethemailserverwouldreceiveSMTP(Port:25)fromanywhere,that
trafficneedstobeallowedfromanywhere.
Copyright2013InfoSecInstitute 5of26
Question
3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
that?

Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Copyright2013InfoSecInstitute 6of26
AnswertoPreviousPage
3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
that?

Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress Source
Port
DestinationIP Destination
Port
Allow TCP 203.0.113.45/32 * 192.0.2.10/32 22
Deny TCP 203.0.113.45/32 * 192.0.2.10/32 23
SinceSSHisonport22,thisistheportthatmustbeallowedin.Also,sincethisisan
administrativetool,onlytrafficfromtheAdministratorComputershouldbeletthrough,andnot
fromtheinternalnetworkasawhole.
Shedeniedtrafficonport23(theTelnetport)sinceshedoesntwantnonencrypted,
administrativetraffictobegoingtotheserver.Thisisanadmittedlysomewhatartificialexample,
butitdemonstrateshowtopreventtrafficfromgoingthroughafirewall.
Copyright2013InfoSecInstitute 7of26
Questions
4. Matchtheporttotheprotocol.
a. FTPDataChannel 1.TCP/UDP:53
b. LDAP 2.TCP/UDP:389
c. NetBIOSnameservice 3.TCP:20
d. DNS 4.TCP/UDP:137
5. Matchtheporttotheprotocol.
a. SSH 1.TCP:21
b. FTPControlChannel 2.TCP:443
c. TFTP 3.TCP:22
d. HTTPS 4.UDP:69
6. Matchtheporttotheprotocol.
a. POP3 1.TCP:22
b. NetBIOSsessionservice 2.TCP:110
c. SCP 3.UDP:161
d. SNMP 4.TCP/UDP:139
7. Matchtheporttotheprotocol.
a. Telnet 1.TCP:80
b. HTTP 2.TCP/UDP:138
c. NetBIOSdatagramservice 3.TCP:636
d. LDAP/SSL 4.TCP:23
Copyright2013InfoSecInstitute 8of26
AnswertoPreviousPage
4. Matchtheporttotheprotocol.
a. 3FTPDataChannel 1.TCP/UDP:53
b. 2LDAP 2.TCP/UDP:389
c. 4NetBIOSnameservice 3.TCP:20
d. 1DNS 4.TCP/UDP:137
5. Matchtheporttotheprotocol.
a. 3SSH 1.TCP:21
b. 1FTPControlChannel 2.TCP:443
c. 4TFTP 3.TCP:22
d. 2HTTPS 4.UDP:69
6. Matchtheporttotheprotocol.
a. 2POP3 1.TCP:22
b. 4NetBIOSsessionservice 2.TCP:110
c. 1SCP 3.UDP:161
d. 3SNMP 4.TCP/UDP:139
7. Matchtheporttotheprotocol.
a. 4Telnet 1.TCP:80
b. 1HTTP 2.TCP/UDP:138
c. 2NetBIOSdatagramservice 3.TCP:636
d. 3LDAP/SSL 4.TCP:23
Whenitcomestomatchingprotocolstoports,thereisnosubstitutionformemorizingthe
correctportprotocolmapping.
Copyright2013InfoSecInstitute 9of26
Question
8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
implementthis?
Copyright2013InfoSecInstitute 10of26
AnswertoPreviousPage
8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
implementthis?
Whenpeopleseethewirelessnetworks,whattheyareseeing,istheSSID.Whetheror
notitisvisible,isdeterminedbywhetherornottheSSIDisbroadcastornot.Soforthis,
wewanttosettheSSIDtoOURNETWORK,anddisablebroadcastingoftheSSID
(sincetheyonlywantpeoplewhoknowaboutittobeabletologintoit).
OfthevariousSecurityModes,WPA2providesthebestencryptionpossiblehere.Using
PSK,oraPreSharedKey,allowsalluserstoconnectusingthesamepassphrase.
Copyright2013InfoSecInstitute 11of26
Question
9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
persontologinusingauniqueusername/passwordcombination.Howshouldthe
configurationbechangedtoaccommodatethis?
Someports:
RADIUSAuthentication:1812
RADIUSAccounting:1813
Copyright2013InfoSecInstitute 12of26
AnswertoPreviousPage
9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
persontologinusinguniqueusername/passwordcombination.Howshouldthe
configurationbechangedtoaccommodatethis?
Radiusserversarecommonlyusedtoprovideauthenticationservicesforwireless
accesspoints.Sinceweareusingthisforauthentication(confirmingthatthisisaperson
thesystemrecognizes),weneedtouseport1812.
Copyright2013InfoSecInstitute 13of26
Question
10.Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
WAP?
11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
WAP?
Copyright2013InfoSecInstitute 14of26
AnswertoPreviousPage
10. Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
WAP?
MACaddressfiltering.
11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
WAP?
ByimplementingMACaddressfiltering,thedeviceswiththeMACAddress
998877665501or998877665548wouldhaveaccesstothesystem.Thus2
deviceswouldhaveaccess.
Copyright2013InfoSecInstitute 15of26
Questions
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
12.___
13.____
Copyright2013InfoSecInstitute 16of26
AnswertoPreviousPage
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
12.b.
Theuseofmultiple(distributed)machineswiththegoalisofmakingitsothatthevictimmachine
isnotabletoperformitstasksmakesthisaDistributedDenialofServiceattack.
13.c.
Asthekeygoalismakingitsothatthevictimisnotabletoprocessitsregulartasks,makesthis
aDenialofServiceattack.
Copyright2013InfoSecInstitute 17of26
Questions
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone..
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
14.____
15.____
Copyright2013InfoSecInstitute 18of26
AnswerstoPreviousPage
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
14.a.
Asonewouldexpectfromthename,theManinthemiddleinvolvesgettinginthemiddleof
requestsgoingtoandfromtheserver.Theattackercanthenmodifythetraffictosuithisneeds.
15.e.
AnEvilTwinattackusesanaccesspointwhichhasduplicatedthelegitimateaccesspoints
SSID,inordertoenticemachinestoconnecttothem.Atthispoint,theattackercansnoopthe
victimstraffic.WhilethisisatypeofManInTheMiddleattackEvilTwinisabetterchoice,since
theEvilTwinisaspecificimplementationofaManInTheMiddleattack.
Copyright2013InfoSecInstitute 19of26
Questions
16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
A. RemoteWipe
B. LockedCabinet
C. Encryption
D. Passcode
E. SecuredRooms
F. AutomaticLocking
G. Wipeafter10FailedSecurityCodeEntries
17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
A. LockedCabinet
B. Wipeafter10FailedSecurityCodeEntries
C. SecuredRoom
D. RemoteWipe
E. CCTV
F. EnvironmentalControls
G. AccessLogs
Copyright2013InfoSecInstitute 20of26
AnswerstoPreviousPage(CorrectAnswersinBold)
16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
A. RemoteWipe
B. LockedCabinet
C. Encryption
D. Passcode
E. SecuredRooms
F. AutomaticLocking
G. Wipeafter10FailedPasscodeEntries
A:Remotewipeallowsacompanytoremoveinformationfromthedeviceonceitleaves
itscontrol.
C,D,F:Encryptingthecontentsofamobiledeviceandsecuringitwithapasscode
reducesanattackersabilitytogetatthedataonthedeviceshouldshegaincontrolof
thedevice.Automaticallylockingthedevicereducesthechanceanattackerwillgain
controlofanunlockeddevice.
G:Wipeafter10FailedPasscodeEntrieswillreducethechanceofgettingatadevices
datashoulditbelost/stolen.
B,E:Allofthesewouldeliminatethemobilityofthedevice,andthuseliminatetheability
touseiteffectively.Thus,theyarenotpracticalcontrols.
17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
A. LockedCabinet
B. Wipeafter10FailedSecurityCodeEntries
C. SecuredRoom
D. RemoteWipe
E. CCTV
F. EnvironmentalControls
G. AccessLogs
A,C:Thesehelplimitaccesstotheserver.
E,G:Increasesthelikelihoodthatintruderswouldbenoticed,anddetersinsidersfrom
maliciousactions.
F:Dependingonthecontrolsimplementedthesecanreducetherisksassociatedwith
itemssuchEMI,humidity,andtemperature.
B,D:Thesecouldactuallyincreaserisksassociatedwithserver,asDoSattacksare
possible.
Copyright2013InfoSecInstitute 21of26
Question
18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
UserComputer.WhichdeviceisnotsetupforImplicitDeny?
Router
Time Severity Message SourceIP
Source
Port DestinationIP
Destination
Port
20131112
14:10:20 Info
Sessionpermitted.
ACL3 203.0.113.42 23896 216.34.181.45 80
20131112
14:10:21 Info
Sessionpermitted.
ACL4. 74.125.134.26 42563 192.0.2.10 25
20131112
14:10:22 Info
Sessionpermitted.
NoACLmatch. 203.0.113.21 23323 17.178.96.59 69
20131112
14:10:22 Info SessionACL3. 203.0.113.21 23323 17.178.96.59 80
Copyright2013InfoSecInstitute 22of26
Firewall
Time Severity Message SourceIP
Source
Port DestinationIP
Destination
Port
20131112
14:10:20 Info
Session
established. 203.0.113.42 23896 216.34.181.45 80
20131112
14:10:20 Info
SessionDenied.No
ACLmatched 203.0.113.41 43512 74.125.225.230 69
20131112
14:10:21 Info
Session
established. 203.0.113.44 32355 74.125.225.230 80
20131112
14:10:21 Info
Session
established. 74.125.134.26 42563 192.0.2.10 25
20131112
14:10:22 Info Sessionestablished 203.0.113.21 23323 17.178.96.59 80
EndUserMachine
Time Severity Message
2013111214:10:15 Info
Sessionestablished.ACLRule2match.DestinationIP192.0.2.10,Port:
143.
2013111214:10:25 Error SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
2013111214:10:30 Info SessionEstablished.ACLRule1match.74.125.225.230,Port:80
Copyright2013InfoSecInstitute 23of26
AnswertoQuestion18
18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
UserComputer.WhichdeviceisnotsetupforImplicitDeny?
WhencheckingforafailureofImplicitDeny,thequestioniswhichdeviceletstraffic
throughifnoruleismatched.Thekeypiecesfromthelogsarehere:
Router
20131112
14:10:22 Info
Sessionpermitted.
NoACLmatch. 203.0.113.21 23323 17.178.96.59 69
Firewall
20131112
14:10:20 Info
SessionDenied.No
ACLmatched 203.0.113.41 43512 74.125.225.230 69
EndUserMachine
2013111214:10:25 Error SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
WhenthereisnotanACLmatch,thentrafficmustbedeniedforImplicitDenytobein
place.InthiscasetheRouterissetuptopermittrafficthroughwhennoruleismatched,
soitisnotsetupproperlyforImplicitDeny.
Copyright2013InfoSecInstitute 24of26
Questions
19.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
____PageFile
____CacheMemory
____NetworkDrive
____HardDrive
20.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
____RAM
____CDRarchivemedia
____PageFile
____HardDrive
21.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
____RAM
____CacheMemory
____NetworkDrive
____CDRarchivemedia
Bonus:Identifyallofthedifferentstoragetypespresented,andrankthemaccordingly.
Copyright2013InfoSecInstitute 25of26
AnswerstoPreviousPage
19.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
2PageFile
1CacheMemory
4NetworkDrive
3HardDrive
20.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
1RAM
4CDRarchivemedia
2PageFile
3HardDrive
21.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
2RAM
1CacheMemory
3NetworkDrive
4CDRarchivemedia
Hereisabriefsummaryofthedifferenttypesofstorage,andtheiroverallorderofvolatility.
1. CacheMemoryAcacheisusedtostorefrequentlyorrecentlyaccessedmemory.Itis
fasterforaCPUtoaccessdatastoredinthecachethanallotherformsofmemory.Itis
overwrittenbydatafromRAMfrequentlyaspartofthestandardoperationoftheoperating
system.Itisnotpersistentonpowerdown.
2. RAMRAM,orRandomAccessMemoryisusedbythesystemaspartoftheregular
operationofthecomputer.Itisnotpersistentonpowerdown.
3. PageFileOperatingsystemswilltemporarilystoredatathatwouldbekeptinRAMina
fileontheharddisk.Thisfile,calledapagefile,pagingfile,orswapfile.Thisfilecan
survivethesystempoweringdown,howeversomeoperatingsystemswilldeletethefile
whengoingthroughacleanshutdown.
4. HardDriveDatastoredonaharddriveismaintainedthroughoutasystemshutdown.
5. NetworkDrive/RemoteSystemDatastoredonanetworkdrivewouldsurviveevenifthe
targetsystemisentirelyinoperableorincapableofbeinginvestigated.
6. CDRopticalmediaArchivemediasuchCDRnotonlycansurviveasystempower
down,oncethedataiswrittentothemedia,andthemediadisconnectedfromthe
system,itcannotbemodifiedinanywaybythetargetsystem.
Copyright2013InfoSecInstitute 26of26