Learn About SY0-201 – CompTIA Security+ (2008 Objectives)

These questions are based on SY0-201 – CompTIA Security+ (2008 Objectives)
A Self Test Software Practice Test

Objective: Systems Security.
SubObjective: Implement security applications.

Multiple Answer, Multiple Choice

Which two options represent active measures taken to protect against hacker attacks? (Choose two.)

A.    Logging.
B.    Deception.
C.    Connection termination.
D.    Notification.

Answer:
B, C

Tutorial:
Deception and connection termination represent active measures taken to protect against hacker attacks. A honeypot is an example of a deception measure; it is set up on a network to lure attackers to attack, and to deceive attackers into attacking specific areas that present limited liability to the network. Connection termination automatically breaks connections that meet criteria indicative of an attack, and blocks subsequent connection attempts to the compromised point of access.

Logging and notification are examples of passive responses to hacker attacks, not active responses.

Reference:
Countermeasures, http://www.iss.net/security_center/advice/Countermeasures/default.htm

Objective: Network Infrastructure.
SubObjective: Explain the vulnerabilities and mitigations associated with network devices.

Single Answer, Multiple Choice

A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers.

Which type of attack has affected the file server?

A.    Man-in-the-middle attack.
B.    Denial-of-service (DoS) attack.
C.    Back door attack.
D.    Privilege escalation.

Answer:
B

Tutorial:
The file server has become the victim of a denial-of-service (DoS) attack. Because multiple routers and servers are involved the attack, a distributed DoS (DDoS) attack has actually occurred. A DDoS attack usually involves the hijacking of several computers and routers to use as agents of the attack. Multiple servers and routers involved in the attack often overwhelm the bandwidth of the attack victim.

Privilege escalation usually occurs by logging in to a system using your valid user account and then finding a way to access files that you do not have permissions to access. This usually involves invoking a program that can change your permissions, such as Set User ID (SUID) or Set Group ID (SGID), or invoking a program that runs in an administrative context. There are several methods of dealing with privilege escalation, including using least privilege accounts, privilege separation and so on. Privilege escalation can lead to denial-of-service (DoS) attacks. An example of privilege escalation is gaining access to a file you should not access by changing the permissions of your valid account.

Back doors are hidden applications that vendors create to ensure that they are able to access their devices. After installing new devices or operating systems, you need to ensure that all back doors and default passwords are either disabled or reset. Often, hackers first attempt to use such back doors and default passwords to access new devices.

A man-in-the-middle attack occurs when a hacker intercepts messages from a sender, modifies those messages and sends them to a legitimate receiver.

Reference:
Network Security: DoS versus DDoS attacks, http://www.crime-research.org/articles/network-security-dos-ddos-attacks/

Objective: Access Control.
SubObjective: Compare and implement logical access control methods.

Single Answer, Multiple Choice

Which device generates time-sensitive passwords?

A.    Security token.
B.    EAP.
C.    Digital certificate.
D.    Kerberos.

Answer:
A

Tutorial:
A security token is either a physical device or a software key that generates time-sensitive passwords. A security token generates a new password when the old password has expired and helps to secure remote authentication attempts to a network.

Token-based authentication is not as easy to attack as other forms of authentication because tokens are devices that are physically owned.

A digital certificate is a document that contains a user's public key pair and owner information. Extensible Authentication Protocol (EAP) extends Point-to-Point Protocol (PPP) to enable PPP to use multiple types of authentication. Kerberos is a network authentication protocol.

Reference:
Proper Timekeeping for Security, http://www.hurricanelabs.com/september2008_story_2

Objective: Cryptography.
SubObjective: Explain general cryptography concepts.

Multiple Answer, Multiple Choice

Which three elements are provided by digital signatures? (Choose three.)

A.    Non-repudiation.
B.    Integrity.
C.    Availability.
D.    Encryption.
E.    Authentication.

Answer:
A, B, E

Tutorial:
A digital signature provides integrity, authentication and non-repudiation in electronic mail. The public key of the signer is used to verify a digital signature.

Non-repudiation ensures that the sender cannot deny the previous actions or message.

Integrity involves providing assurance that a message was not modified during transmission apply. Authentication is the process of verifying that the sender is who he says he is.

Digital signatures do not provide encryption and cannot ensure availability.

A digital signature is a hash value that is encrypted with the sender's private key. For example, a file on Windows 98 that has been digitally signed indicates that the file has passed quality testing by Microsoft. The message is digitally signed. Therefore, it provides authentication, non-repudiation and integrity.

If a recipient wants to verify a digital signature, the public key of the signer must be used in conjunction with the hash value.

Digital Signature Standard (DSS) defines digital signatures. It provides integrity and authentication. It is not a symmetric key algorithm.

A digital signature cannot be spoofed. Therefore, attacks, such as man-in-the-middle attacks, cannot harm the integrity of the message.

Microsoft uses digital signing to ensure the integrity of driver files.

Reference:
Digital signature, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html

Objective: Organizational Security.
SubObjective: Identify and explain applicable legislation and organizational policies.

Single Answer, Multiple Choice

What is defined in an acceptable use policy?

A.    Which method administrators should use to back up network data.
B.    The sensitivity of company data.
C.    Which users require access to certain company data.
D.    How users are allowed to employ company hardware.

Answer:
D

Tutorial:
An acceptable use policy defines how users are allowed to employ company hardware. For example, an acceptable use policy, which is sometimes referred to as a use policy, might answer the following questions: Are employees allowed to store personal files on company computers? Are employees allowed to play network games on breaks? Are employees allowed to "surf the Web" after hours?

An information policy defines the sensitivity of a company's data. In part, a security policy defines separation of duties, which determines who needs access to certain company information. A backup policy defines the procedure that administrators should use to back up company information.

Reference:
Acceptable Use Policy (PDF), http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>