Security Mini Course Handbook

CompTIASecurity+Performance
BasedQuestions
http://www.infosecinstitute.com/SecurityPlus
Copyright2013InfoSecInstitute
1of26
Question
1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
servingbothsecured,andunsecuredwebpagesinthediagrambelow.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
2of26
AnswertoPreviousPage
1. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothewebserverwhichwillbe
servingbothsecured,andunsecuredwebpagesinthediagrambelow.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
Allow
TCP
192.0.2.9/32
80
Allow
TCP
192.0.2.9/32
443
Sincethequestionspecifiedthatbothsecuredandunsecuredwebpageswouldbeserved,
then,youneededtoallowbothHTTP(port80)andHTTPS(port443)throughthefirewall.Since
thetrafficiscomingfromtheinternet,allsourceIPaddressesshouldbeallowedin.
3of26
Question
2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
everyonecansendSMTPtraffic.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
4of26
2. Whatrulesshouldbeaddedtothefirewalltoallowtraffictothemailserverbelow.
AssumethatonlyinternalclientswillbeconnectingoverbothPOP3andIMAP4,but
everyonecansendSMTPtraffic.
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
Allow
TCP
192.0.2.10/32
25
Allow
TCP
203.0.113.0/24
192.0.2.10/32
110
Allow
TCP
203.0.113.0/24
192.0.2.10/32
143
InternalclientsneedtohaveaccesstobothIMAP(Port:143)andPOP3(Port:110)ports.Since
onlyinternalclientsareallowedtohaveaccess,thesourceIPAddressneedstobelimitedtothe
internalnetwork.SincethemailserverwouldreceiveSMTP(Port:25)fromanywhere,that
trafficneedstobeallowedfromanywhere.
5of26
Question
3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
that?
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
6of26
3. AnadministratorwantstomakeitsothatshecanmanagethemailserveroverSSH.
Shealsowantstoensurethatshedoesntaccidentlyusetelnettocommunicatewiththe
server.Whatchangesdoessheneedtomaketothefirewallinordertoaccommodate
that?
Usea*toindicateAny.
Allow/
Deny
TCP/
UDP
SourceIPAddress
Source
Port
DestinationIP
Destination
Port
Allow
TCP
203.0.113.45/32
192.0.2.10/32
22
Deny
TCP
203.0.113.45/32
192.0.2.10/32
23
SinceSSHisonport22,thisistheportthatmustbeallowedin.Also,sincethisisan
administrativetool,onlytrafficfromtheAdministratorComputershouldbeletthrough,andnot
fromtheinternalnetworkasawhole.
Shedeniedtrafficonport23(theTelnetport)sinceshedoesntwantnonencrypted,
administrativetraffictobegoingtotheserver.Thisisanadmittedlysomewhatartificialexample,
butitdemonstrateshowtopreventtrafficfromgoingthroughafirewall.
7of26
Questions
4. Matchtheporttotheprotocol.
a. FTPDataChannel
b. LDAP
c. NetBIOSnameservice
d. DNS
1.TCP/UDP:53
2.TCP/UDP:389
3.TCP:20
4.TCP/UDP:137
a. SSH
b. FTPControlChannel
c. TFTP
d. HTTPS
1.TCP:21
2.TCP:443
3.TCP:22
4.UDP:69
a. POP3
b. NetBIOSsessionservice
c. SCP
d. SNMP
1.TCP:22
2.TCP:110
3.UDP:161
4.TCP/UDP:139
a. Telnet
b. HTTP
c. NetBIOSdatagramservice
d. LDAP/SSL
1.TCP:80
2.TCP/UDP:138
3.TCP:636
4.TCP:23
8of26
a. 3FTPDataChannel
b. 2LDAP
c. 4NetBIOSnameservice
d. 1DNS
1.TCP/UDP:53
2.TCP/UDP:389
3.TCP:20
4.TCP/UDP:137
a. 3SSH
b. 1FTPControlChannel
c. 4TFTP
d. 2HTTPS
1.TCP:21
2.TCP:443
3.TCP:22
4.UDP:69
a. 2POP3
b. 4NetBIOSsessionservice
c. 1SCP
d. 3SNMP
1.TCP:22
2.TCP:110
3.UDP:161
4.TCP/UDP:139
a. 4Telnet
b. 1HTTP
c. 2NetBIOSdatagramservice
d. 3LDAP/SSL
1.TCP:80
2.TCP/UDP:138
3.TCP:636
4.TCP:23
Whenitcomestomatchingprotocolstoports,thereisnosubstitutionformemorizingthe
correctportprotocolmapping.
9of26
Question
8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
implementthis?
10of26
8. TheEngineeringTeamhasaskedyoutosetupaWAPforthemsothatonlythose
peoplewhoknowaboutthenetworkOURNETWORK,wouldbeabletoconnect.They
wanteveryonetouseLOGINTOOURWAPforthepasswordtologintothewireless
network.Whatchangestothefollowingconfigurationscreenswouldneedtobemadeto
implementthis?
Whenpeopleseethewirelessnetworks,whattheyareseeing,istheSSID.Whetheror
notitisvisible,isdeterminedbywhetherornottheSSIDisbroadcastornot.Soforthis,
wewanttosettheSSIDtoOURNETWORK,anddisablebroadcastingoftheSSID
(sincetheyonlywantpeoplewhoknowaboutittobeabletologintoit).
OfthevariousSecurityModes,WPA2providesthebestencryptionpossiblehere.Using
PSK,oraPreSharedKey,allowsalluserstoconnectusingthesamepassphrase.
11of26
Question
9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
persontologinusingauniqueusername/passwordcombination.Howshouldthe
configurationbechangedtoaccommodatethis?
Someports:
RADIUSAuthentication:1812
RADIUSAccounting:1813
12of26
9. Afterusingthisforawhile,Engineeringdepartmentrealizedthattheywantedeach
persontologinusinguniqueusername/passwordcombination.Howshouldthe
configurationbechangedtoaccommodatethis?
Radiusserversarecommonlyusedtoprovideauthenticationservicesforwireless
accesspoints.Sinceweareusingthisforauthentication(confirmingthatthisisaperson
thesystemrecognizes),weneedtouseport1812.
13of26
Question
10.Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
WAP?
11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
WAP?
14of26
10. Giventhediagramabove,whatelsecouldbeimplementedtoimprovethesecurityonthe
WAP?
MACaddressfiltering.
11. Afterthatisimplemented,forthisdiagram,howmanydeviceswouldhaveaccesstothe
WAP?
ByimplementingMACaddressfiltering,thedeviceswiththeMACAddress
998877665501or998877665548wouldhaveaccesstothesystem.Thus2
deviceswouldhaveaccess.
15of26
Questions
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone.
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
12.___
13.____
16of26
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
12.b.
Theuseofmultiple(distributed)machineswiththegoalisofmakingitsothatthevictimmachine
isnotabletoperformitstasksmakesthisaDistributedDenialofServiceattack.
13.c.
Asthekeygoalismakingitsothatthevictimisnotabletoprocessitsregulartasks,makesthis
aDenialofServiceattack.
17of26
Questions
Belowarediagramsofvarioustypesofattacks.Selectthebestoptionforeachone..
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
14.____
15.____
18of26
AnswerstoPreviousPage
a. Maninthemiddle
b. DDoS
c. DoS
d. Replay
e. EvilTwin
14.a.
Asonewouldexpectfromthename,theManinthemiddleinvolvesgettinginthemiddleof
requestsgoingtoandfromtheserver.Theattackercanthenmodifythetraffictosuithisneeds.
15.e.
AnEvilTwinattackusesanaccesspointwhichhasduplicatedthelegitimateaccesspoints
SSID,inordertoenticemachinestoconnecttothem.Atthispoint,theattackercansnoopthe
victimstraffic.WhilethisisatypeofManInTheMiddleattackEvilTwinisabetterchoice,since
theEvilTwinisaspecificimplementationofaManInTheMiddleattack.
19of26
Questions
16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
A.
B.
C.
D.
E.
F.
G.
RemoteWipe
LockedCabinet
Encryption
Passcode
SecuredRooms
AutomaticLocking
Wipeafter10FailedSecurityCodeEntries
17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
A.
B.
C.
D.
E.
F.
G.
LockedCabinet
SecuredRoom
RemoteWipe
CCTV
EnvironmentalControls
AccessLogs
20of26
AnswerstoPreviousPage(CorrectAnswersinBold)
16.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithusingmobiledevices.
A.
B.
C.
D.
E.
F.
G.
RemoteWipe
LockedCabinet
Encryption
Passcode
SecuredRooms
AutomaticLocking
Wipeafter10FailedPasscodeEntries
A:Remotewipeallowsacompanytoremoveinformationfromthedeviceonceitleaves
itscontrol.
C,D,F:Encryptingthecontentsofamobiledeviceandsecuringitwithapasscode
reducesanattackersabilitytogetatthedataonthedeviceshouldshegaincontrolof
thedevice.Automaticallylockingthedevicereducesthechanceanattackerwillgain
controlofanunlockeddevice.
G:Wipeafter10FailedPasscodeEntrieswillreducethechanceofgettingatadevices
datashoulditbelost/stolen.
B,E:Allofthesewouldeliminatethemobilityofthedevice,andthuseliminatetheability
touseiteffectively.Thus,theyarenotpracticalcontrols.
17.Whichofthefollowingcanbeusedforlimitingrisksassociatedwithservers.
A.
B.
C.
D.
E.
F.
G.
LockedCabinet
SecuredRoom
RemoteWipe
CCTV
EnvironmentalControls
AccessLogs
A,C:Thesehelplimitaccesstotheserver.
E,G:Increasesthelikelihoodthatintruderswouldbenoticed,anddetersinsidersfrom
maliciousactions.
F:Dependingonthecontrolsimplementedthesecanreducetherisksassociatedwith
itemssuchEMI,humidity,andtemperature.
B,D:Thesecouldactuallyincreaserisksassociatedwithserver,asDoSattacksare
possible.
21of26
Question
18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
UserComputer.WhichdeviceisnotsetupforImplicitDeny?
Router
Time
20131112
14:10:20
20131112
14:10:21
20131112
14:10:22
20131112
14:10:22
Severity Message
Sessionpermitted.
Info
ACL3
Sessionpermitted.
Info
ACL4.
Sessionpermitted.
Info
NoACLmatch.
SourceIP
Source
Port
203.0.113.42
23896
203.0.113.21
23323
17.178.96.59
69
Info
203.0.113.21
23323
17.178.96.59
80
SessionACL3.
DestinationIP
Destination
Port
216.34.181.45
80
74.125.134.26 42563
192.0.2.10
25
22of26
Firewall
Time
20131112
14:10:20
20131112
14:10:20
20131112
14:10:21
20131112
14:10:21
20131112
14:10:22
Severity Message
Session
Info
established.
SessionDenied.No
Info
ACLmatched
Session
Info
established.
Session
Info
established.
Info
EndUserMachine
Time
2013111214:10:15
2013111214:10:25
2013111214:10:30
SourceIP
Source
Port
DestinationIP
Destination
Port
203.0.113.42
23896
216.34.181.45
80
203.0.113.41
43512
74.125.225.230
69
203.0.113.44
32355
74.125.225.230
80
192.0.2.10
25
17.178.96.59
80
74.125.134.26 42563
Sessionestablished 203.0.113.21
23323
Severity Message
Sessionestablished.ACLRule2match.DestinationIP192.0.2.10,Port:
Info
143.
Error
SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
Info
SessionEstablished.ACLRule1match.74.125.225.230,Port:80
23of26
AnswertoQuestion18
18.Forthefollowingnetwork,thenetworklogfilescanbeseenfortheRouter,Firewall,andEnd
UserComputer.WhichdeviceisnotsetupforImplicitDeny?
WhencheckingforafailureofImplicitDeny,thequestioniswhichdeviceletstraffic
throughifnoruleismatched.Thekeypiecesfromthelogsarehere:
Router
20131112
14:10:22
Info
Sessionpermitted.
NoACLmatch.
203.0.113.21
23323
17.178.96.59
69
Info
SessionDenied.No
ACLmatched
203.0.113.41
43512
74.125.225.230
69
Firewall
20131112
14:10:20
EndUserMachine
2013111214:10:25
Error
SessionDenied.Norulematch.DestinationIP:192.0.2.10,Port:69
WhenthereisnotanACLmatch,thentrafficmustbedeniedforImplicitDenytobein
place.InthiscasetheRouterissetuptopermittrafficthroughwhennoruleismatched,
soitisnotsetupproperlyforImplicitDeny.
24of26
Questions
19.Ofthefollowingfourstoragetypes,rankthemfrommostvolatiletoleastvolatile.
____PageFile
____CacheMemory
____NetworkDrive
____HardDrive
____RAM
____CDRarchivemedia
____PageFile
____HardDrive
____RAM
____CacheMemory
____NetworkDrive
____CDRarchivemedia
Bonus:Identifyallofthedifferentstoragetypespresented,andrankthemaccordingly.
25of26
AnswerstoPreviousPage
2PageFile
1CacheMemory
4NetworkDrive
3HardDrive
1RAM
4CDRarchivemedia
2PageFile
3HardDrive
2RAM
1CacheMemory
3NetworkDrive
4CDRarchivemedia
Hereisabriefsummaryofthedifferenttypesofstorage,andtheiroverallorderofvolatility.
1. CacheMemoryAcacheisusedtostorefrequentlyorrecentlyaccessedmemory.Itis
fasterforaCPUtoaccessdatastoredinthecachethanallotherformsofmemory.Itis
overwrittenbydatafromRAMfrequentlyaspartofthestandardoperationoftheoperating
system.Itisnotpersistentonpowerdown.
2. RAMRAM,orRandomAccessMemoryisusedbythesystemaspartoftheregular
operationofthecomputer.Itisnotpersistentonpowerdown.
3. PageFileOperatingsystemswilltemporarilystoredatathatwouldbekeptinRAMina
fileontheharddisk.Thisfile,calledapagefile,pagingfile,orswapfile.Thisfilecan
survivethesystempoweringdown,howeversomeoperatingsystemswilldeletethefile
whengoingthroughacleanshutdown.
4. HardDriveDatastoredonaharddriveismaintainedthroughoutasystemshutdown.
5. NetworkDrive/RemoteSystemDatastoredonanetworkdrivewouldsurviveevenifthe
targetsystemisentirelyinoperableorincapableofbeinginvestigated.
6. CDRopticalmediaArchivemediasuchCDRnotonlycansurviveasystempower
down,oncethedataiswrittentothemedia,andthemediadisconnectedfromthe
system,itcannotbemodifiedinanywaybythetargetsystem.
26of26

Security Mini Course Handbook

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Security Mini Course Handbook

Загружено:

Авторское право:

Доступные форматы

CompTIASecurity+Performance

Вам также может понравиться