CompTIA Security+ Get Certified Get Ahead - CH1 Review Flashcards

1
Q

Management within your organization has defined a use case to support confidentiality of data stored in a database. Which of the following solutions will BEST meet this need?

Hashing
Disk Redundancies
Encryption
Patching

A

Encryption

Explanation:
Encryption is the best choice to provide confidentiality of any type of information, including data stored in a database.

Hashing supports a use case of supporting integrity.
Disk redundancies provide resilience and increase availability.
Patching systems increases availability and reliability.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 217). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You want to verify that the syslog file is being rotated successfully on a Linux System. Which of the following commands is the BEST choice to use?

logger
cat
tail
head

A

head

Explanation:
The head command shows the first 10 lines (by default) of a log file, and if the log is being rotated properly, one of the first log entries indicates the logrotate.service has succeeded. Rotating the log copies the current log, erases the log, and starts logging new entries at the beginning of every day.

The logger command is used to add entries into the syslog file. It doesn’t read the file.
The cat command (short for concatenate) displays the entire contents of a file but scrolls past the first entries very quickly making them difficult to catch.
The tail command shows the last 10 lines (by default) of a log file, and is unlikely to include the first entries showing that the logrotate.service succeeded.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 220). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You suspect that traffic in your Network is being rerouted to an unauthorized Router within your Network. Which of the following command-line tools would help you narrow down the problem?

ping
tracert
ipconfig
netstat

A

tracert

Explanation:
You can use tracert to track packet flow through a network, and if an extra router has been added to your network, tracert will identify it.

You can use ping to check connectivity with a remote system, but it doesn’t show the route.
The ipconfig command shows the network settings on a Windows computer, but it doesn’t identify failed routers.
Netstat shows active connections and other network statistics on a local system, but it doesn’t identify network paths.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 219). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a Cryptographic Algorithm that will create a fixed-length output from a data file but cannot be used to re-create the original data file?

MD5
AES
IDS
SIEM

A

MD5 (Message Digest 5)

Explanation:
Message Digest 5 (MD5) is a hashing algorithm that creates a fixed-length, irreversible output. Hashing algorithms cannot re-create the original data file from just the hash.

Advanced Encryption Standard (AES) is an encryption algorithm, and you can re-create the original data file by decrypting it.
An intrusion detection system (IDS) is not a cryptographic algorithm but is a detective control.
A security information and event management (SIEM) system provides centralized logging.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 217). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following describes the proper format of log entries for Linux Systems?

NXlog
logger
SIEM
syslog

A

syslog

Explanation:
The syslog protocol (defined in RFC 5424) identifies the format of Linux log entries and describes how to transport these log entries. Note that syslog is also the name of a log on Linux systems.

NXLog is a log management tool that can accept log entries from multiple sources, including Linux and Windows.
The logger command is used to add entries into the syslog file but it doesn’t describe the format.
A security information and event management (SIEM) system collects, aggregates, and correlates logs from multiple sources.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 221). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A Server in your Network’s DMZ was recently attacked. The Firewall logs show that the Server was attacked from an external IP Address with the following socket: 72.52.230.233:6789. You want to see if the connection is still active. Which of the following tools would be BEST to use?

tracert
arp
netstat
dig

A

netstat

Explanation:
The netstat command can be used to display a list of open connections, including both the IP address and the port (or a socket). None of the other commands display active connections.

The tracert command lists the routers between two systems.
The arp command shows the contents of the Address Resolution Protocol (ARP) cache.
The dig command can be used on Linux systems to query Domain Name System (DNS) servers.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 218). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are writing a script that will perform backups on a Linux System and you plan to schedule the script to run after midnight daily. You want to ensure that the script records when the backup starts and when the backup ends. Which of the following is the BEST choice to meet this requirement?

head
tail
grep
logger

A

logger

Explanation:
The logger command is used to add entries into the syslog file and can be called from scripts, applications, or the terminal.

The head command can be used to view the first lines in the syslog file and can view the logger entry, but it doesn’t add any entries into the syslog file.
The tail command shows the last 10 lines (by default) of a log file, but it doesn’t write into a log file.
The grep command (short for globally search aregularexpressionandprint) is used to search files but it doesn’t write into files.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 220). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Lisa is manually searching through a large log file on a Linux System looking for Brute Force Attack indicators. WHich of the following command will simplify this process for her?

grep
head
tail
cat

A

grep

Explanation:
The grep command (short for globally search aregularexpressionandprint) is used to search for a specific string or pattern of text within a file and simplifies the search. None of the other answers listed search the entire file.

The head command shows only a specific number of lines at the beginning of a file, and the tail command shows only a specific number of lines at the end of a file.
The cat command (short for concatenate) is used to display the entire contents of a file but doesn’t narrow the search for specific text strings found in a brute force attack.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 219-220). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your troubleshooting a connectivity issue with a Server that has an IP Address of 192.168.1.10 from your Linux System. The Server does not respond to the ping command, but you suspect that a Router is blocking the ping traffic. Which of the following choices would you use to verify the Server is responding to traffic?

hping
ipconfig
netstat
arp

A

hping

Explanation:
The hping command can be used in place of the ping command when network devices are blocking ping commands using Internet Control Message Protocol (ICMP) traffic. It can send packets using TCP and other protocols instead of ICMP.

The ipconfig command is used to view TCP/IP configuration information.
Netstat shows active connections and network statistics.
The arp command shows the contents of the arp cache and does not use echo commands.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 219). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Maggie works in the Security section of the IT department. Her primary responsibilities are to monitor Security logs, analyze trends reported by the SIEM, and validate alerts. Which of the following choices BEST identifies the primary Security Control she’s implementing?

Compensating
Preventative Control
Detective Control
Corrective Control

A

Detective Control

Explanation:
Monitoring security logs, analyzing trend reports from a security information and event management (SIEM), and validating alerts from a SIEM are detective controls. Detective controls try to detect security incidents after they happened.

A compensating control is an alternative control used when a primary security control is not feasible or is not yet deployed.
Preventative controls attempt to prevent incidents, but the scenario doesn’t specifically describe any preventative controls.
A corrective control attempts to reverse the impact of a security incident after it has happened.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 218). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Maggie needs access to the project.doc file available on a Linux Server. Lisa, a System Admin responsible for this Server, sees the following permissions for the file:

rwx rw- —

What should Lisa use to grant Maggie read access to the file?

chmod
jounralctl
cat
LAMP

A

chmod

Explanation:
Details about the chmod command:
□ READ = 4
□ WRITE = 2
□ EXECUTE = 1
□ Read + Write = 6
□ Read + Execute = 5
□ Read + Write + Execute = 7
□ Owner / Group / All Users
chmod 760 filename

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An administrator recently installed an IDS to help reduce the impact of Security incidents. Which of the following BEST identifes the control type of an IDS?

Preventative
Physical
Deterrent
Detective

A

Detective

Explanation:
IDS = Intrusion DETECTION System
IDS = Detects, that’s all.

An intrusion detection system (IDS) is a detective control. It can detect malicious traffic after it enters a network.

A preventative control, such as an intrusion prevention system (IPS), prevents malicious traffic from entering the network.
An IDS uses technology and is not a physical control.
Deterrent controls attempt to discourage a threat, but attackers wouldn’t know if a system had an IDS, so the IDS can’t deter attacks.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 218). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your organization hosts an e-commerce Web Server selling digital products. The server randomly experiences a high volume of sales and usage, which causes spikes in resource usage. These spikes occasionally take the Server down. Which of the following should be implemented to prevent these outages?

Elasticity
Scalability
Normalization
Stored Procedures

A

Elasticity

Explanation:
Elasticity is the best choice because it allows the server to dynamically scale up or out as needed in response to high resource usage.

Scalability isn’t the best answer because it is done manually, however, the high resource usage is random and manually adding resources can’t respond to the random spikes quick enough.
Normalization refers to organizing tables and columns in a database to reduce redundant data and improve overall database performance.
Stored procedures are a group of SQL statements that execute as a whole and help prevent SQL injection attacks.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 217-218). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

As the CTO, Marge is implementing a Security program. She has included Security controls to address Confidentiality and Availability. Of the following choices, what else should she include?

Ensure critical systems provide uninterrupted service.
Protect data-in-transit from unauthrozied disclosure.
Ensure systems are not susceptible to unauthorized changes.
Secure data to prevent unauthorized disclosure.

A

Ensure systems are not susceptible to unauthorized changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are considering rebooting a Database Server and want to identify if it has any active Network connections. Which of the following commands will list active Network connections?

arp
ipconfig
ping
netstat

A

netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Management has mandated the use of Digital Signatures by all personnel within your organization. Which of the following use cases does this primarily support?

Supporting Confidentiality
Supporing Availability
Supporting Obfuscation
Supporting Non-Repudiation

A

Supporting Non-Repudiation

17
Q

Your organization is considering virtualization solutions. Management wants to ensure that any solution provides the best ROI. Which of the following situations indicate that virtualization would provide the best ROI to the organization?

Most physical Servers within the org are currently utilized at close to 100%.

The org has many Servers that do not require failover services.

Most desktop PCs require fast processors and a high amount of memory.

Most physical Servers within the org are currently underutilized.

A

Most physical Servers within the org are currently underutilized.

18
Q

You have configured a Firewall in your Network to block ICMP traffic. You want to verify that it is blocking the traffic. Which of the following commands would you use?

arp
ipconfig
netstat
ping

A

ping

19
Q

Apu manages Network devices in his store and maintains copies of the configuration files for all the managed Routers and Switches. On a weekly basis, he creates Hashes for these files and compares them with the Hashes he created on the same files the previous week. Which of the following use cases is he MOST likely supporting?

Supporting Confidentiality
Supporting Integrity
Supporting Encryption
Supporting Availability

A

Supporting Integrity

Explanation:
He is most likely using a use case of supporting integrity. By verifying that the hashes are the same on the configuration files, he is verifying that the files have not changed.

Confidentiality is enforced with encryption, access controls, and steganography.
Encryption is a method of enforcing confidentiality, and it doesn’t use hashes.
Availability ensures systems are up and operational when needed.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 217). YCDA, LLC. Kindle Edition.

20
Q

Homer is complaining that he frequently has trouble accessing files on a server in the network. You determine the server’s IP address is 172.16.17.11, but ping doesn’t show any problem. You decide to use pathping and see the following results:

C:>pathping 172.16.17.11
Tracing route to 172.16.17.11 over a maximum of 30 hops:
0 192.168.7.34
1 192.168.7.1
2 192.168.5.1
3 10.5.48.1
4 10.80.73.150
5 172.16.17.11
Computing statistics for 125 seconds…
Source to Here This Node/Link Hop RTT Lost/Sent=Pct // Lost/Sent=Pct Address 0 192.168.7.34 0/100 = 0% |
1 45 ms 0 / 100 = 0% 0/100 = 0% 192.168.7.1 14/100 = 14% |
2 25 ms 15 / 100 = 15% 0/100 = 0% 192.168.5.1 0/100 = 0% |
3 22 ms 16 / 100 = 16% 0/100 = 0% 10.5.48.1 0/100 = 0% |
4 — 100 / 100 = 100% 100/100 = 100% 10.80.73.150 0/100 = 0% |
5 23 ms 16 / 100 = 16% 0/100 = 0% 172.16.17.11

Which of the following is the MOST likely problem?

The Router with the IP Address of 10.80.73.150
The Router with the IP Address of 192.168.5.1
The Segment between 192.168.7.1 and 192.168.5.1
The Router with the IP Address 192.168.7.1

A

The Segment between 192.168.7.1 and 192.168.5.1

Explanation:
The segment between 192.168.7.1 and 192.168.5.1 is most likely the problem. The results show packet loss of 14 percent on this segment.

The router at 10.80.73.150 (hop 4) is showing 100 percent packet loss but traffic is still getting to the server at 172.16.17.11 (hop 5).
This indicates the router at 10.80.73.150 is not responding to ICMP traffic.
The packet loss between the source and 192.168.5.1 is due to the packet loss on the previous network segment.
There is no packet loss to 192.168.7.1.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 219). YCDA, LLC. Kindle Edition.

21
Q

Match the following term with the correct definition - Managerial Controls?

Definitions:
- Likelihood that a threat will happen.
- Ensures that day-to-day operations comply with Policy.
- An administrative function.
- Reduces vulnerabilities using things like - Hardware, Software, Firmware.
- Reduces the chance that a threat will exploit a vulnerability.

A
  • An administrative function.
22
Q

Match the following term with the correct definition - Operational Controls?

Definitions:
- Likelihood that a threat will happen.
- Ensures that day-to-day operations comply with Policy.
- An administrative function.
- Reduces vulnerabilities using things like - Hardware, Software, Firmware.
- Reduces the chance that a threat will exploit a vulnerability.

A
  • Ensures that day-to-day operations comply with Policy.
23
Q

Match the following term with the correct definition - Technical Controls?

Definitions:
- Likelihood that a threat will happen.
- Ensures that day-to-day operations comply with Policy.
- An administrative function.
- Reduces vulnerabilities using things like - Hardware, Software, Firmware.
- Reduces the chance that a threat will exploit a vulnerability.

A
  • Reduces vulnerabilities using things like - Hardware, Software, Firmware.
24
Q

Match the following term with the correct definition - RISK?

Definitions:
- Likelihood that a threat will happen.
- Ensures that day-to-day operations comply with Policy.
- An administrative function.
- Reduces vulnerabilities using things like - Hardware, Software, Firmware.
- Reduces the chance that a threat will exploit a vulnerability.

A
  • Likelihood that a threat will happen.
25
Q

Match the following term with the correct definition - Risk Management?

Definitions:
- Likelihood that a threat will happen.
- Ensures that day-to-day operations comply with Policy.
- An administrative function.
- Reduces vulnerabilities using things like - Hardware, Software, Firmware.
- Reduces the chance that a threat will exploit a vulnerability.

A
  • Reduces the chance that a threat will exploit a vulnerability.
26
Q

Match the following term with the correct definition - Preventative Controls?

Definitions:
- Reverse the impact of an incident.
- Controls you can touch.
- Discourage individuals from causing an incident.
- Keeping an incident from occuring.
- Identifying incidents after they have happened.

A
  • Keeping an incident from occuring.
27
Q

Match the following term with the correct definition - Detective Controls?

Definitions:
- Reverse the impact of an incident.
- Controls you can touch.
- Discourage individuals from causing an incident.
- Keeping an incident from occuring.
- Identifying incidents after they have happened.

A
  • Identifying incidents after they have happened.
28
Q

Match the following term with the correct definition - Corrective Controls?

Definitions:
- Reverse the impact of an incident.
- Controls you can touch.
- Discourage individuals from causing an incident.
- Keeping an incident from occuring.
- Identifying incidents after they have happened.

A
  • Reverse the impact of an incident.
29
Q

Match the following term with the correct definition - Deterrent Controls?

Definitions:
- Reverse the impact of an incident.
- Controls you can touch.
- Discourage individuals from causing an incident.
- Keeping an incident from occuring.
- Identifying incidents after they have happened.

A
  • Discourage individuals from causing an incident.
30
Q

Match the following term with the correct definition - Physical Controls?

Definitions:
- Reverse the impact of an incident.
- Controls you can touch.
- Discourage individuals from causing an incident.
- Keeping an incident from occuring.
- Identifying incidents after they have happened.

A
  • Controls you can touch.