Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/SY0-401.html

CompTIA Security Certification

Question No: 601 – (Topic 3)

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

  1. Honeypot

  2. Port scanner

  3. Protocol analyzer

  4. Vulnerability scanner

Answer: C Explanation:

A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. By capturing and analyzing the packets sent between the systems on the network, Ann would be able to quantify the amount of traffic on the network.

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Question No: 602 – (Topic 3)

The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the

MOST information?

  1. Implement a honeynet

  2. Perform a penetration test

  3. Examine firewall logs

  4. Deploy an IDS

Answer: A Explanation:

A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker#39;s activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and quot;trapquot; people who attempt to penetrate other people#39;s computer systems. Although the primary purpose of a honeynet is to gather information about attackers#39; methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn#39;t actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as quot;Financesquot; or quot;Human Servicesquot; to make them sound appealing to the attacker.

A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.

Question No: 603 – (Topic 3)

Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?

  1. Near field communication

  2. IV attack

  3. Evil twin

  4. Replay attack

Answer: B Explanation:

An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session.

An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack.

A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to each letter.

Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter “a” to be represented by a particular sequence in the first instance, and then represented by a completely different binary sequence in the second instance.

WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.

Question No: 604 – (Topic 3)

Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?

  1. Rootkit

  2. Logic bomb

  3. Worm

  4. Botnet

Answer: B

Explanation:

This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the company.

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company.

Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool#39;s Day. Trojans that activate on certain dates are often called quot;time bombsquot;.

To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.

Question No: 605 – (Topic 3)

A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

  1. Replay

  2. DDoS

  3. Smurf

  4. Ping of Death

Answer: A Explanation:

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a

hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice#39;s password (or hash) read from the last session, which Bob accepts thus granting access to Eve.

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob#39;s computation.

Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication.

One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems.

Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check.

Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough

i.e. within that #39;reasonable#39; limit, could succeed.

Question No: 606 – (Topic 3)

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

  1. Security logs

  2. Protocol analyzer

  3. Audit logs

  4. Honeypot

Answer: D Explanation:

A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:

The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.

The hacker can be caught and stopped while trying to obtain root access to the system.

By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

There are two main types of honeypots:

Production – A production honeypot is one used within an organization#39;s environment to help mitigate risk.

Research – A research honeypot add value to research in computer security by providing a platform to study the threat.

Question No: 607 – (Topic 3)

Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?

  1. Baseline Reporting

  2. Capability Maturity Model

  3. Code Review

  4. Quality Assurance and Testing

Answer: C Explanation:

A buffer overflow attack attacks a vulnerability caused by poor coding in an application. Reviewing the code of the application will enable you to identify code that is vulnerable to

buffer overflow.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user#39;s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

Question No: 608 – (Topic 3)

Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

  1. Cross-site scripting

  2. Buffer overflow

  3. Header manipulation

  4. SQL injection

Answer: B Explanation:

Data Execution Prevention (DEP) is a security feature included in modern operating systems. It marks areas of memory as either quot;executablequot; or quot;nonexecutablequot;, and allows only data in an quot;executablequot; area to be run by programs, services, device drivers, etc. It is known to be available in Linux, OS X, Microsoft Windows, iOS and Android operating systems.

DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user#39;s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

Question No: 609 – (Topic 3)

Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe’s computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?

  1. Impersonation

  2. Dumpster diving

  3. Tailgating

  4. Shoulder surfing

Answer: D Explanation:

Ann was able to see the Spreadsheet on Joe’s computer. This direct observation is known as shoulder surfing.

Shoulder surfing is using direct observation techniques, such as looking over someone#39;s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it#39;s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.

Question No: 610 – (Topic 3)

Which of the following would be used to identify the security posture of a network without

actually exploiting any weaknesses?

  1. Penetration test

  2. Code review

  3. Vulnerability scan

  4. Brute Force scan

Answer: C Explanation:

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.

Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Comments are closed.