CompTIA Academic/E2C Security Certification Exam Voucher Only
Question No: 491 – (Topic 3)
A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?
Answer: B Explanation:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the quot;phisherquot; counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on quot;fishing,quot; the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Question No: 492 – (Topic 3)
Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe’s browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?
Answer: D Explanation:
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session-sometimes also called a session key-to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim#39;s computer.
Question No: 493 – (Topic 3)
Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?
Answer: A Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing the packets sent from two systems that are not communicating properly could help determine the cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network
Monitor) from Microsoft and Wireshark (formerly Ethereal).
Question No: 494 – (Topic 3)
Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?
Rogue access point
Zero day attack
Explanation: A directory service is accessed by using LDAP (Lightweight Directory Access Protocol). LDAP injection is an attack against a directory service.
Just as SQL injection attacks take statements that are input by users and exploit weaknesses within, an LDAP injection attack exploits weaknesses in LDAP (Lightweight Directory Access Protocol) implementations. This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits.
One of the most common uses of LDAP is associated with user information. Numerous applications exist-such as employee directories-where users find other users by typing in a portion of their name. These queries are looking at the cn value or other fields (those defined for department, home directory, and so on). Someone attempting LDAP injection could feed unexpected values to the query to see what results are returned. All too often, finding employee information equates to finding usernames and values about those users that could be portions of their passwords.
Question No: 495 – (Topic 3)
A security administrator looking through IDS logs notices the following entry: (where email@example.com and passwd= ‘or 1==1’)
Which of the following attacks had the administrator discovered?
Answer: A Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1==1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application#39;s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Question No: 496 – (Topic 3)
Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
[00: 00: 01]Successful Login: 015 192.168.1.123 : local
[00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124
Monitor system logs
Answer: D Explanation:
We can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124.
Someone successfully logged in locally. This is probably an authorized login (for example, Joe logging in).
Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections.
Question No: 497 – (Topic 3)
Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?
Initial baseline configuration
Management of interfaces
Answer: C Explanation:
The initial baseline configuration of a computer system is an agreed configuration for the computer. For example, the initial baseline configuration will list what operating system he computer will run, what software applications and patches will be installed and what configuration settings should be applied to the system.
In this question, we are installing a new software application on a server. After the installation of the software, the “configuration” of the server (installed software, settings etc) is now different from the initial baseline configuration.
Question No: 498 – (Topic 3)
The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?
A. cd ../../../../bin/bash
sudo -u root
Answer: A Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess basis. The chroot utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process cannot access any files above the root directory (because they do not exist). If, for example, you run a program (process) and specify its root directory as /home/sam/jail, the program would have no concept of any files in /home/sam or above: jail is the program#39;s root directory and is labeled / (not jail).
By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from accessing or modifying-possibly maliciously-files outside the directory hierarchy starting at its root. You must set up a chroot jail properly to increase security: If you do not set up the chroot jail correctly, you can actually make it easier for a malicious user to gain access to a system than if there were no chroot jail.
The command cd.. takes you up one level in the directory structure. Repeated commands would take you to the top level the root which is represented by a forward slash /. The command /bin/bash is an attempt to run the bash shell from the root level.
Question No: 499 – (Topic 3)
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
Answer: C Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed.
The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Question No: 500 – (Topic 3)
Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?
Answer: D Explanation:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may
take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.
Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures-and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|