CompTIA Academic/E2C Security Certification Exam Voucher Only
Question No: 471 – (Topic 3)
Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
Answer: B Explanation:
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver#39;s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker#39;s computer (or any other computer).
A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn#39;t know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the
other server again.
When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the server hosting the web page with derogatory content).
Question No: 472 – (Topic 3)
Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?
Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers
Ensure the vulnerability scanner is configured to authenticate with a privileged account
Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers
Ensure the vulnerability scanner is conducting antivirus scanning
Answer: A Explanation:
The vulnerability scanner is returning false positives because it is trying to scan servers that it doesn’t have access to; for example, servers on the Internet.
We need to ensure that the local network servers only are scanned. We can do this by locating the vulnerability scanner in a segmented VLAN that has access to the company’s servers.
A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected.
In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE -unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam – whether correctly or incorrectly – may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail.
One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all.
False positives are also common in security systems. A host intrusion prevention system
(HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range – for example, a remote application attempting to open a normally closed port – an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high.
False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent.
Question No: 473 – (Topic 3)
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).
Answer: B,C,F,J Explanation:
The question states that Jane was able to establish a connection to an internal router. Typical ports and protocols used to connect to a router include the following:
B, F: Port 22 which is used by SSH (Secure Shell). C, J: Port 23 which is used by Telnet.
SSH and Telnet both provide command line interfaces for administering network devices such as routers and switches.
Question No: 474 – (Topic 3)
A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?
Answer: A Explanation:
Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).
The typosquatter#39;s URL will usually be one of four kinds, all similar to the victim site address:
(In the following, the intended website is quot;example.comquot;)
鈥 common misspelling, or foreign language spelling, of the intended site: exemple.com
鈥 misspelling based on typing errors: xample.com or examlpe.com
鈥 differently phrased domain name: examples.com
鈥 different top-level domain: example.org
Once in the typosquatter#39;s site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.
Question No: 475 – (Topic 3)
Which of the following BEST describes the type of attack that is occurring? (Select TWO).
Answer: A,E Explanation:
We have a legit bank web site and a hacker bank web site. The hacker has a laptop connected to the network. The hacker is redirecting bank web site users to the hacker bank web site instead of the legit bank web site. This can be done using two methods: DNS Spoofing and ARP Attack (ARP Poisoning).
A: DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver#39;s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker#39;s computer (or any other computer).
A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn#39;t know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it
receives another request for the same translation, it can reply without having to ask the other server again.
When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the hacker bank web site server).
E: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer#39;s ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker#39;s known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker#39;s computer first instead of sending it to the original destination. As a result, both the user#39;s data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user.
ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).
Question No: 476 – (Topic 3)
Which of the following tests a number of security controls in the least invasive manner?
Answer: A Explanation:
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for
communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security.
Question No: 477 – (Topic 3)
Which of the following BEST describes a SQL Injection attack?
The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.
The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.
The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
Answer: A Explanation:
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application#39;s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Question No: 478 – (Topic 3)
Using proximity card readers instead of the traditional key punch doors would help to mitigate:
Answer: D Explanation:
Using a traditional key punch door, a person enters a code into a keypad to unlock the door. Someone could be watching the code being entered. They would then be able to open the door by entering the code. The process of watching the key code being entered is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone#39;s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it#39;s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Question No: 479 – (Topic 3)
A new security analyst is given the task of determining whether any of the company’s servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?
Answer: B Explanation:
B: Banner grabbing looks at the banner, or header information messages sent with data to find out about the system(s). Banners often identify the host, the operating system running on it, and other information that can be useful if you are going to attempt to later breach the security of it. Banners can be snagged with Telnet as well as tools like netcat or Nmap. In other words Banner grabbing looks at the banner, or header, information messages sent with data to find out about the system(s). Thus a quick way to check which version of SSH is running on your server.
Question No: 480 – (Topic 3)
A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?
Training staff on security policies
Establishing baseline reporting
Installing anti-malware software
Disabling unnecessary accounts/services
Answer: B Explanation:
The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline.
A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).
100% Free Download!
–Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|