CompTIA Security+ Get Certified Get Ahead - CH7 Review Flashcards

1
Q

An IDS has sent multiple alerts in response to increased traffic. Upon investigation, you realize it is due to a spike in Network traffic from several sources. Assuming this is malicious, which of the following is the MOST likely explanation?

An ARP Poisoning Attack
A DNS Poisoning Attack
A Domain Hijacking Attack
A DDoS Attack

A

A DDoS Attack (Distributed Denial of Service)

Explanation:
A distributed denial-of-service (DDoS) attack causes spikes in network traffic as multiple systems attempt to connect to a server and deplete the target’s resources.

An Address Resolution Protocol (ARP) poisoning attack attempts to mislead systems about the source media access control (MAC) address.
A Domain Name System (DNS) poisoning attack attempts to redirect web browsers to malicious URLs.
In a domain hijacking attack, an attacker changes a domain name registration without permission from the owner.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 722-723). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

While investigating performance issues on a Web Server, you verified that the CPU usage was about 10% five minutes ago. However, it now shows that the CPU usage has been averaging over 98% for the last two minutes. Which of the following BEST describes what the Web Server is experiencing?

Resource Exhaustion
DDoS
A Buffer Overflow Attack
A Memory Leak

A

Resource Exhaustion

Explanation:
CPU usage averaging 98 percent indicates resource exhaustion. The scenario doesn’t indicate the cause of the increased usage, so resource exhaustion is the best answer.

A distributed denial-of-service (DDoS) attack could cause this. However, a surge in traffic from an effective marketing campaign sent via email could also cause a surge in resource usage.
A buffer overflow attack is a type of DDoS attack, but the scenario doesn’t give enough information to indicate a buffer overflow attack has taken place.
The scenario only mentions CPU usage, so there isn’t any indication of a memory leak.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 723). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An administrator regularly connects to a Server using SSH without any problems. Today, he sees a message similar to the following:

WARNING: Remote Host Identification Has Changed!!
It is possible that someone is up to no good!
Someone could be eavesdropping on you right now (Man-in-the-Middle) attack!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is 12:34:56:78:9a:bc:de:f1:23:45:67:89:ab:cd:ef:12.
Please contact your system administrator.
Add correct hots key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /va/lib/sss/pubconf/known_hosts:4
RSA host key for ycda has changed and you have requested strict checking.
Host key verification failed.

Which of the following is the MOST likely reason for this message?

Rogue Access Point
On-Path Attack
MAC Flooding
ARP Poisoning

A

On-Path Attack

Explanation:
The message indicates a potential man-in-the-middle (MITM) attack, which is also known as an on-path attack. Specifically, it indicates that the key on the host system has changed, which may be due to the administrator connecting to the MITM system instead of the target system. None of the other answers are related to incorrect cryptographic keys.

A rogue access point is an unauthorized wireless access point.
Media access control (MAC) flooding is an attack on a switch, attempting to overload it with different MAC addresses.
An Address Resolution Protocol (ARP) poisoning attack misleads computers or switches about a system’s actual MAC address.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 723). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Homer complains that his system started acting erratically today. You discover that malware infected his system, but you discover he didn’t open any email during the day. He mentions that he has been browsing the Internet all day. Which of the following could you check to see where the malware MOST likely originated?

Web Server Logs
Mail Server Logs
PowerShell Logs
DNS Server Logs

A

DNS Server Logs

Explanation:
Domain Name System (DNS) logs will record DNS queries, such as what hostnames it resolved to IP addresses. The log entries would show all the domains that Homer visited during the day. One of these is most likely the one that downloaded malware onto his system.

A web server would show activity on the web server, but you wouldn’t have access to web servers controlled by others.
Homer didn’t open any email, so the mail server logs wouldn’t help.
PowerShell logs may show activity, but only if the malware used PowerShell. However, the PowerShell logs are unlikely to show who ran PowerShell scripts.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 723-724). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

While reviewing logs for a Web application, a Security analyst notices that it has crashed several times, reporting a memory error. Shortly after it crashes, the logs show malicious code that isn’t part of a known application. Which of the following is MOST likely occuring?

Buffer Overflow
ARP Poisoning
Privilege Escalation
Replay

A

Buffer Overflow

Explanation:
Buffer overflow attacks often cause an application to crash and expose system memory. Attackers then write malicious code into the exposed memory and use different techniques to get the system to run this code. None of the other attacks insert malicious code into memory.

An Address Resolution Protocol (ARP) poisoning attack attempts to mislead systems about the source media access control (MAC) address.
Privilege escalation techniques attempt to give an attacker more rights and permissions.
In a replay attack, the attacker intercepts data and typically attempts to use the intercepted data to impersonate a user or system.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 724). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Web developers are implementing error handling in a database application accessed by a Web Server. Which of the following would be the BEST way to implement this?

Display a detailed error message but log generic information on the error.
Display a generic error message but log detailed information on the error.
Display a generic error message and log generic information on the error.
Display a detailed error message and log detailed information on the error.

A

Display a generic error message but log detailed information on the error.

Explanation:
You should display a generic error message but log detailed information on the error.

Detailed error messages to the user are often confusing to them and give attackers information they can use against the system.
Logging generic information makes it more difficult to troubleshoot the problem later.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 724). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

** A Web developer is adding input validation techniques to a website application. Which of the following should the developer implement during this process?

Validation on the Server-side
Validation on the Client-side
Normalization techniques
Memory management techniques

A

Validation on the Server-side

Explanation:
At a minimum, input validation should be performed on the server-side.

Client-side validation can be combined with server-side validation, but attackers can bypass client-side input validation if it is used alone.
Normalization techniques organize tables and columns in a database to reduce redundant data but have nothing to do with input validation.
Memory management is a secure coding technique that helps prevent memory errors.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 724-725). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Developers in the YCDA organization have created an application that users can download and install on their computers. Management wants to provide users with a reliable method of verifying that the application has not been modified after YCDA Released it. Whch iof the following methods provides the BEST solution?

Code signing
Input validation
Obfuscation
Stored procedures

A

Code signing

Explanation:
Code signing provides a digital signature for the code, verifies the publisher of the code, and verifies that it hasn’t been modified since the publisher released it. None of the other answers verify the application hasn’t been modified.

Input validation verifies data is valid before using it.
Code obfuscation or code camouflage techniques make the code more difficult to read.
Stored procedures are used with SQL databases and can be used for input validation.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 725). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

** Your organization is preparing to deploy a Web-based application, which will accept user input. Which of the following will BEST test the reliability of this application to maintain availability and data integrity?

Static code analysis
Input validation
Error handling
Dynamic code analysis

A

Dynamic code analysis

Explanation:
Dynamic code analysis techniques test an application during its execution and is the best choice of the available answers to verify the application can maintain availability and data integrity.

Static code analysis (such as a manual code review) is done without executing any code, but it won’t test its reliability.
Input validation is the practice of checking data for validity before using it, but this is done within the application, not as a method to test the application.
Error-handling techniques are also done within the application.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 725). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Several developers in your organization are working on a software development project. Recently, Bart made an unauthorized change to the code that effectively broke several modules. Unfortunately, there isn’t any record of who made the change or details of the change. Management wants to ensure it is easy to identify who makes any changes in the future. Which of the following provides the best solution for this need?

Dynamic code analysis
Version control
Static code analysis
Use of third-party SDKs

A

Version control

Explanation:
A version control system will track all changes to a software project, including who made the change and when.

Dynamic code analysis techniques test an application during its execution.
Static code analysis examines the code without executing it as a method of code testing.
The use of third-party software development kits (SDKs) is a secure coding technique, but it won’t detect unauthorized changes.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 725). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Database administrators have created a database used by a Web application. However, testing shows that application queries against the database take a significant amount of time. Which of the following actions is MOST likely to improve the overall performance of the database?

Normalization
Client-side input validation
Server-side input validation
Obfuscation

A

Normalization

Explanation:
Normalization techniques organize tables and columns in a database and improve overall database performance. None of the other answers improve the database performance.

Input validation techniques help prevent many types of attacks, and server-side input validation techniques are preferred over client-side input validation techniques.
Obfuscation techniques make code more difficult to read.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 725-726). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

** Looking at logs for an online Web application, you see that someone has entered the following phrase into several queries: ‘ or ‘1’=’1’;–

Which of the following provides the BEST protection against this attack?

Normalization
Proper error handling
Removing dead code
Stored procedures

A

Stored procedures

Explanation:
Attackers commonly use the phrase ’ or‘1’=’1’;– in SQL injection attacks, and stored procedures are an effective method of preventing SQL injection attacks.

Normalization techniques organize tables and columns in a database to reduce redundant data but don’t block SQL injection attacks.
This phrase won’t cause an error, so proper error-handling techniques won’t help.
Dead code is code that is never executed, and it should be removed, but dead code is unrelated to a SQL injection attack.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 726). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are examining logs generated by an online Web application. You notice that the following phrase is appearing in several queries ‘ or ‘1’=’1’;–

Which of the following is the MOST likely explanation for this?

A Buffer Overflow Attack
A DLL Injection Attack
A SQL Injection Attack
A Race Condition

A

A SQL Injection Attack

Explanation:
Attackers use the character string ’ or‘1’=’1’;- - in SQL injection attacks to query or modify databases.

A buffer overflow attack sends more data or unexpected data to an application with the goal of accessing system memory.
A dynamic link library (DLL) injection attack attempts to inject DLLs into memory, causing DLL commands to run.
A race condition is a programming conflict when two or more applications or application models attempt to access a resource at the same time.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 726). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your organization has created a Web application that will go live after testing is complete. An application tester sees the following URL:
https://gcgapremium.com/info.php?sessionID=10123&acct=homer

The tester resends the following URL to the website:
https://gcgapremium.com/info.php?sessionID=32101&=homer

Which of the following attacks is the tester checking?

Pass the Hash
Buffer Overflow
Cross-Site Request Forgery
Race Condition

A

Cross-Site Request Forgery

Explanation:
This indicates an attempt to launch a cross-site request forgery attack. The question mark (?) in the URL is the giveaway here.

A pass the hash attack is a password attack.
A buffer overflow attack sends unexpected data, but the URLs are primarily the same, so it isn’t unexpected data.
A race condition occurs when a system attempts to do two or more operations simultaneously instead of in a specific order.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 726). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your SIEM sent an alert after detecting the following script was run on a system within your Network.

invoke-command {
$a = net localgroup administrators |
where {$-AND $-notmatch “command completed”}|
select -skip 4 }

What BEST describes this script?

A Python script to list local administrators
A script used to create a Logic Bomb
A PowerShell script to list local administrators
A script used to create a Backdoor

A

A PowerShell script to list local administrators

Explanation:
This is a PowerShell script using the invoke-command cmdlet and it lists members of the local Administrators group.

This is not a Python script.
This is not a logic bomb because it isn’t taking any action other than creating a list.
It is not creating a backdoor either.

Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 727). YCDA, LLC. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker has captured a database filled with Hashes of randomly generated passwords. Which of the following attacks is MOST likely to crack the largest number of passwords in this database?

Dictionary Attack
Birthday Attack
Brute Force Attack
Rainbow Tables

A

Rainbow Tables

17
Q

You are overseeing a large software development project. Ideally, developers will not add any unauthorized changes to the code. If they do, you want to ensure that it is easy to identify the developer who made the changes. Which of the following provies the BEST solution for this need?

Agile SDLC
Version Control
Secure DevOps
Static Code Analysis

A

Version Control

Explanation:
The version control system will track all changes to a system, including who made the change and when. Change management processes (not available as a possible answer) typically provide the same solution.

An agile software development life cycle (SDLC) model focuses on interaction from all players in a project, but doesn’t necessarily include a version control system.
Secure DevOps is an agile-aligned software development methodology that focuses on security throughout the process.
Static code analysis examines the code without executing it as a method of code testing.

18
Q

Your organization is preparing to deploy a Web-Based Application, which will accept user input. Which of the following will BEST test the reliability of this application to maintain availability and data integrity?

Model Verification
Input Validation
Error Handling
Dynamic Analysis

A

Dynamic Analysis

Explanation:
Dynamic analysis techniques (such as fuzzing) can test the application’s ability to maintain availability and data integrity for some scenarios. Fuzzing sends random data to an application to verify the random data doesn’t crash the application or expose the system to a data breach.

Model verification ensures that the software meets specifications and fulfills its intended purpose, but it doesn’t focus on reliability or integrity.
Input validation and error-handling techniques protect applications, but do not test them.

19
Q

Your organization recently purchased a new hardware-based Firewall. Administrators need to install it as part of a DMZ within your Network. Which of the following references will provide them with the MOST appropriate instructions to install the Firewall?

Regulatory Framework
Non-Regulatory Framework
General-Purpose Firewall Guide
Vendor-Specific Guide

A

Vendor-Specific Guide

Explanation:
A vendor-specific guide for the new hardware-based firewall will have the most appropriate instructions for installing it.

Frameworks (regulatory or non-regulatory) provide structures that can be followed for different purposes, but they wouldn’t be available for a specific firewall.
A general-purpose guide will provide general instructions, but not instructions for a specific vendor’s firewall.

20
Q

Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:

<body> <form id="myForm" action="gcgapremium.com/purchase.php" method="post"
<input></input> </form> </body>

Which of the following is the MOST likely explanation?

XSRF
Buffer Overflow
SQL Injection
Dead Code

A

XSRF (Cross-Site Request Forgery)

Explanation:
A cross-site request forgery (XSRF) attack causes users to perform actions without their knowledge. This scenario indicates the user visited a web site, most likely through a malicious link, and the link initiated a purchase. None of the other attacks cause unsuspecting users to make purchases.

A buffer overflow attacks a web site and attempts to access system memory.
A SQL injection attack attempts to access data on a database server.
Dead code is code that never executes and is unrelated to this scenario.