Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)

Previous Topic/Section
1.9  Success Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
Chapter 2:  Communication Security (Domain 2.0; 20%)
Next Topic/Section

1.10  Success Answers

1. Enforcing minimum privileges for general system users can be easily achieved through the use of:

A. RBAC

B. PRVMIN

C. TSTEC

D. IPSEC

Explanation: Ensuring least privilege requires identifying what the user's job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with those privileges and nothing more. By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges couldn't be used to circumvent the organizational security policy. Although the concept of least privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system administrator. Through the use of RBAC (role based access control), enforced minimum privileges for general system users can be easily achieved.

& Section 1.1.3: MAC/DAC/RBAC

 

2. What process determines who is trusted for a given purpose?

A. Authorization

B. Authentication

C. Identification

D. Accounting

Explanation: Authentication and identification are both related to determining who a user is. Typically authentication is performed prior to authorization, since except for cases of authorizing the activities of anonymous users (such as those viewing a web site), the system needs to know who the user is, before it is able to test for what the user is allowed to do. Accounting provides for the logging of system events, user activities, etc.

& Section 1.2: Authentication

 

3. Which of the following tools can you use to assess your network's vulnerability?

A. ISS

B. Ballista

C. SATAN

D. No Answer is Correct

Explanation: ISS, Ballista and SATAN are all vulnerability scanning tools. These tools look for the same sorts of system information and system vulnerabilities that crackers look for, when analyzing potential intrusion targets. They are often used during penetration tests, in which technicians attempt to carry out an intrusion on a network or a particular system.

& Section 1.4.2: Backdoors

& Section 1.5.2: Trojan Horses

 

4. Which of the following services should be logged for security purpose?

A. bootp

B. tftp

C. sunrpc

D. No Answer is Correct

Explanation: Requests for the following services should be logged on all systems: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs. This list is rather UNIX-centric, nevertheless, it's possible for many of those services to be running on Windows as well (if you're running them, log them!).

& Section 1.7: Auditing

 

5. An attack in which a duplicate MD5 hash to a message or document is known as a

A. Hash attack

B. Birthday attack

C. PGP attack

D. All choices are correct

E. No choice is correct

Explanation: This refers to the math paradox that as few as 23 or more people are gathered in a room, there are better than even odds that some pair of them will share a common birthday. MD5 attacks appear most often in searches.

& Section 1.4.10: Birthday Attack

 

6. An attack against an authentication server can be accomplished by

A. Brute force attack

B. Dictionary attack

C. A server without a failed login attempt counter enabled

D. Teardrop attack

Explanation: Password guessing is easily accomplished with software programs (Asmodeus or L0phtCrack) designed for this exploit. The two common approaches are brute force and dictionary.

& Section 1.4.11: Password Guessing

 

7. Select the types of malicious code from the choices given

A. Viruses

B. Trojan Horses

C. Logic Bombs

D. Worms

E. Foxes

Explanation: Viruses, Trojan Horses, Logic Bombs and Worms are all forms of malicious code. Keep in mind that each of these terms has a specific sub-domain in the Security+ objectives.

& Section 1.5: Malicious Code

 

8. What is the name of the attack that masquerades as one type of program but has hidden functions?

A. Worm

B. Logic Bomb

C. Virus

D. Trojan Horse

E. All are correct choices

Explanation: Trojan horses are difficult to detect with IDS. They can be used for DDoS attacks. Sub Seven is a popular Trojan horse. A trojan horse tricks the user into installing the program when they think it is something else.

A worm is a virus which can replicate across the network. A logic bomb is a program with additional features that trigger at a certain point in the future. A virus is a program which can replicate itself on a system, and is spread by something the user does, such as emailing a file or giving a coworker a disk.

& Section 1.5: Malicious Code

 

9. What is the name of malicious code that does not require a host program and can replicate itself across a network?

A. Logic Bomb

B. Trojan Horse

C. Virus

D. Worm

E. No choice is correct

Explanation: Unlike viruses and Trojan horses, a worm does not need a host. The most famous worms are the Morris worm and Code Red.

A logic bomb is a program which triggers at some point in the future. A Trojan Horse is a program which piggybacks on a legitimate (or seemingly legitimate) program. A virus is a program which replicates within a system.

& Section 1.5.4: Worms

 

10. The type of attack that cannot be detected with any technology is

A. Robbery

B. Social engineering

C. Trojan Horse

D. Worm

E. DoS attack

Explanation: Since social engineering is an attack on human nature against an authorized user it is not possible to detect with technology.

& Section 1.6: Social Engineering


Previous Topic/Section
1.9  Success Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
Chapter 2:  Communication Security (Domain 2.0; 20%)
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.