CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. The official exam objectives are 1.0 Network Security, 2.0 Compliance and Operational Security, 3.0 Threats and Vulnerabilities, 4.0 Application Data and Host Security, 5.0 Access Control and Identity Management and 6.0 Cryptography.
Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?
Forcing all users to renew their login credentials is commonly done if there was a recent breach in security.
Mandatory Access Control (MAC) is a type of access control where permissions and usage policies are assigned by a central authority (administrator) and cannot be changed by any user.
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules (aka policy) to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc. With mandatory access control, this security policy is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions and/or assign security attributes. (The traditional Unix system of users, groups, and read-write-execute permissions is an example of DAC.) MAC-enabled systems allow policy
Mandatory_access_control - Wikipedia, the free encyclopediaA smart card is a physical token, which holds a certificate used to authenticate your identify. A pin number or password is generally required as well.
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological characteristics which are related to the shape of the body. Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina, odor/scent, voice, shape of ears and gait. Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to mouse movement, typing rhythm, gait, signature, behavioral profiling, and credentials. Some researchers have coined the term behaviometrics to describe the latter class of biometrics.More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number. Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods; however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.
Biometrics - Wikipedia, the free encyclopediaWhich of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
SQL injection is a code injection technique where a user input is actually given a SQL code, used to display or insert information into a database. Validating and sanitizing user input will prevent this type of attack.
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Document-oriented NoSQL databases can also be affected by this security vulnerability.In a 2012 study, it was observed that the average web application received four attack campaigns per month, and retailers received twice as many attacks as other industries.
SQL injection - Wikipedia, the free encyclopediaRebecca, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $350. The likelihood that their database would be breached in the next year is only 8%. Which of the following is the ALE that Rebecca should report to management for a security breach?
Annualized Loss Expectancy (ALE) is an estimate of the average monetary value lost per year. In this case it can be calculated by finding the total loss of all records: 250 * 350 = $87,500. This gives us the Single Loss Expectancy (SLE) of the entire database. Take the SLE divided by the Annualized Rate of Occurrence (ARO) of 8%: 87,500 * .08, which gives us the ALE of $7,000.
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO × SLE {\displaystyle {\text{ALE}}={\text{ARO}}\times {\text{SLE}}} Suppose that an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25%. The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000. The annualized loss expectancy is the product of the annual rate of occurrence (ARO) and the single loss expectancy. ALE = ARO * SLE For an annual rate of occurrence of 1, the annualized loss expectancy is 1 * $25,000, or $25,000. For an ARO of 3, the equation is: ALE = 3 * $25,000. Therefore: ALE = $75,000
Annualized_loss_expectancy - Wikipedia, the free encyclopediaShoulder surfing is when an attacker watches a user enter a password or pin number. As a key punch door only requires a pin number which means anyone with the pin number has access and is susceptible to shoulder surfing. By replacing the key punch with a proximity reader shoulder surfing is not an issue as the proximity reader will require the attacker to also have a physical token to gain access. Tailgating is when an attacker enters an open door before it closes (after an authorized user opens). This can only be mitigated by user training and man traps.
In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Unauthorized users watch the keystrokes inputted on a device or listen to sensitive information being spoken, which is also known as eavesdropping.
Shoulder surfing (computer security) - Wikipedia, the free encyclopediaA Trojan Horse is a malicious program that disguises itself as a useful, harmless program. For example, a free instant messaging program that records keyboard input to obtain passwords, credit card numbers, etc would be considered a Trojan Horse.
In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.Trojans generally spread by some form of social engineering. For example, where a user is duped into executing an email attachment disguised to appear innocuous (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller who can then have unauthorized access to the affected computer. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
Trojan_horse_(computing) - Wikipedia, the free encyclopediaSeveral high level executives at a business have been targeted by phishing attacks. Which of the following terms describes this type of phishing?
Whaling (sometimes called spear phishing) is a phishing attack targeted at high level employees of a company or organization.
Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Centre reporting more incidents of phishing than any other type of computer crime.The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600. It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures. The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% to 86% from 2017 to 2020.
Phishing - Wikipedia, the free encyclopediaYour organization has a web server that must be accessible by external users. Which of the following options is the best location for the server?
A Demilitarized Zone (DMZ), sometimes called a Perimeter Network , is a separate area of a network designated for externally facing systems and servers. It is the logical place for a web server that requires external access.
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.This is not to be confused with a DMZ host, a feature present in some home routers which frequently differs greatly from an ordinary DMZ. The name is from the term demilitarized zone, an area between states in which military operations are not permitted.
DMZ_(computing) - Wikipedia, the free encyclopediaUSB mass storage devices are commonly used in Data Loss Prevention (DLP) as a backup medium.
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. How many authentication factors are in use by the VPN system?
The three types of authentication factors are something you know, something you have, and something you are. In this case 2 factors are used: 1. The user must know the username and password. 2. The user must have a valid client side certificate.
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
Multi-factor_authentication - Wikipedia, the free encyclopediaAfter a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?
War chalking is the drawing of sybmols to advertise an open WiFi network.
Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them. Within days of Jones publishing a blog entry about warchalking, articles appeared in dozens of publications and stories appeared on several major television news programs around the world.The word is formed by analogy to wardriving, the practice of driving around an area in a car to detect open Wi-Fi nodes. That term in turn is based on wardialing, the practice of dialing many phone numbers hoping to find a modem.Having found a Wi-Fi node, the warchalker draws a special symbol on a nearby object, such as a wall, the pavement, or a lamp post. Those offering Wi-Fi service might also draw such a symbol to advertise the availability of their Wi-Fi location, whether commercial or personal.
Warchalking - Wikipedia, the free encyclopediaIn asymmetric encryption, there are two keys (generally public and private keys), anything encrypted with one key, can only be decrypted with the opposite key.
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.For example, a journalist can publish the public key of an encryption key pair on a web site so that sources can send secret messages to the news organization in ciphertext. Only the journalist who knows the corresponding private key can decrypt the ciphertexts to obtain the sources' messages—an eavesdropper reading email on its way to the journalist cannot decrypt the ciphertexts. However, public-key encryption does not conceal metadata like what computer a source used to send a message, when they sent it, or how long it is. Public-key encryption on its own also does not tell the recipient anything about who sent a message—it just conceals the content of a message in a ciphertext that can only be decrypted with the private key. In a digital signature system, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the
Public-key_cryptography - Wikipedia, the free encyclopediaDatacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
Tailgating is the act of following another person through an access point, or passing through an access point while it is temporarily open. Another term for this is Piggy Backing.
In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint. It can be either electronic or physical. The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies no consent (similar to a car tailgating another vehicle on a road), while "piggybacking" usually implies consent of the authorized person.Piggybacking came to the public's attention particularly in 1999, when a series of weaknesses were exposed in airport security. A study showed that the majority of undercover agents attempting to pass through checkpoints, bring banned items on planes, or board planes without tickets, were successful. Piggybacking was revealed as one of the methods that was used in order to enter off-limits areas.
Piggybacking_(security) - Wikipedia, the free encyclopediaThe three types of authentication are something you KNOW, something you HAVE, and something you ARE. A multifactor authentication uses 2 or more of these factors. A credit card is something you HAVE while a PIN is something you know.
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
Multi-factor_authentication - Wikipedia, the free encyclopediaYou are a network administrator for a large business. Recently, you've noticed a large amount of unusual traffic and you suspect they are SYN attacks. What choice will help you defend against these attacks?
Flood Guards defend against DoS, DDoS, SYN floods, and other flooding type network attacks.
A SYN flood is a form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough resources to make the system unresponsive to legitimate traffic.The packet that the attacker sends is the SYN packet, a part of TCP's three-way handshake used to establish a connection.
SYN_flood - Wikipedia, the free encyclopediaDENY UDP ANY SERVER eq 67 is the proper way of formatting an Access Control List (ACL) rule. The rule states that the firewall should deny any packet using UDP equal to port 67. You may also use the protocol name instead of port like so, DENY TCP ANY SERVER EQ TELNET.
SHA and MD5 are hashing algorithms, used for one way encryption and data integrity.
A hash function is any function that can be used to map data of arbitrary size to fixed-size values, though there are some hash functions that support variable length output. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes. The values are usually used to index a fixed-size table called a hash table. Use of a hash function to index a hash table is called hashing or scatter storage addressing. Hash functions and their associated hash tables are used in data storage and retrieval applications to access data in a small and nearly constant time per retrieval. They require an amount of storage space only fractionally greater than the total space required for the data or records themselves. Hashing is a computationally and storage space-efficient form of data access that avoids the non-constant access time of ordered and unordered lists and structured trees, and the often exponential storage requirements of direct access of state spaces of large or variable-length keys. Use of hash functions relies on statistical properties of key and function interaction: worst-case behaviour is intolerably bad with a vanishingly small probability, and average-case behaviour can be nearly optimal (minimal collision).: 527 Hash functions are related to (and often confused with) checksums, check digits, fingerprints, lossy compression, randomization functions, error-correcting codes, and ciphers. Although the concepts overlap to some extent, each one has its own uses and requirements and is designed and optimized differently. The hash function differs from these concepts mainly in terms
Hash_function - Wikipedia, the free encyclopediaSara, an application developer, has just implemented error and exception handling in an application. Which of the following does this help prevent?
The use of error and exception handling will allow the application to properly handle errors, reducing the chance of buffer overflows from occurring.
In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes. Exploiting the behavior of a buffer overflow is a well-known security exploit. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code and replace it with malicious code, or to selectively overwrite data pertaining to the program's state, therefore causing behavior that was not intended by the original programmer. Buffers are widespread in operating system (OS) code, so it is possible to make attacks that perform privilege escalation and gain unlimited access to the computer's resources. The famed Morris worm in 1988 used this as one of its attack techniques. Programming languages commonly associated with
Buffer overflow - Wikipedia, the free encyclopediaA security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
Both IPSec and NAT were created to address problems in the native IPv4. IPv6 no longer needs NAT, and has IPSec built directly into the protocol.
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the IETF had formalized the successor protocol. IPv6 uses 128-bit addresses, theoretically allowing 2128, or approximately 3.4×1038 total addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this. IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for
IPv6 - Wikipedia, the free encyclopediaLooks like thats it! You can go back and review your answers or click the button below to grade your test.