Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week: Chapter 2 Questions Lab 1.1 Review Questions 1.) The smallest percentage of the exam is devoted to Access Control and Identity Management True or False? Answer: False. Reason: Access Control and Identity Management is 13% of the grade, while Cryptography is 11%. 2.) Which of the following is a protocol used to facilitate wireless network security? Answer: (B) LEAP, (C) WPA Reason: (A) TFTP and (D) ICMP are not part of wireless infrastructure 3.) Which of the following is considered an application attack? Answer: (A) Buffer overflow, (D) Header manipulation Reason: (B) Vishing – Criminal social engineering using telephones. (C) pie thrust – made up? 4.) Which of the following is a port security practice or procedure? Answer: (C) MAC filtering, (D) 802.1x Reason: (A) lease privilege – has nothing to do with port security (B) disabling unnecessary accounts – ports don’t use accounts. 5.) Which of the following tools is used to discover security threats and vulnerabilities? Answer: (A) Port scanner, (B) Honeypot, (C) Protocol analyzer, (D) Sniffer Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week: Chapter 2 Questions Lab 1.2 Review Questions 1.) In the article “Information Security Employment: An Empirical Study,” the authors found that in the advertised information security jobs, entry-level workers were most commonly required to have ____. Answer: (D) one to two years of experience 2.) In the article “Information Security Employment: An Empirical Study,” the authors found that in the advertised information security jobs, manager-level works were most commonly required to have ____. Answer: (C) Five to seven years of experience 3.) In the article “Information Security Employment: An Empirical Study,” the authors found that in the advertised information security jobs, the most common requirements was ____. Answer: (A) A bachelor of science or bachelor of arts degree 4.) Many information technology job descriptions include some aspect of information security. True or False? Answer: True 5.) In the article “Information Security Employment: An Empirical Study,” the authors found that the most commonly held mid- to high-level information security certification was ____. Answer: (C) CISSP Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week: Chapter 2 Questions Lab 1.3 Review Questions 1.) What is the definition of social engineering according to Ian Mann? Answer: Ian Mann indicates that social engineering is “To manipulate people by deception, into giving out information or performing an action” (Hacking the Human, Ian Mann). 2.) According to the article, information obtained by a survey-based social engineering attack could overcome the ____ component of a financial institution’s security measures. Answer: (A) Authentication 3.) Which of the following attacks could be based on information obtained in a survey-based social engineering attack? Answer: (A) in-person, (D) spear phishing Reason: (B) man-in-the-middle – cannot be performed with a survey-based attack. (C) Smurf is not applicable. 4.) A survey-based social engineering attack is more likely to represent an unstructured threat because the attacker ____. Answer: (D) Is more likely to be a recreational cracker trolling for information 5.) Which of the following actions is a recommended measure to counter a survey-based social engineering attack? Answer: (A) Educate users not to give out information that could be used to attack the user, the user’s family, or the company for which the user works. (B) Block social networking Web Sites. Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week: Chapter 2 Questions Lab 1.4 Review Questions 1.) According to Mike Bailey, who was quoted in the article “In Their Words: Experts Weigh in on Mac vs. PC Security,” ____. Answer: (A) OS X and Windows 7 are about equally secure 2.) According to Robert G. Ferrell, who was quoted in the article “In Their Words: Experts Weigh in on Mac vs. PC Security,” ____. Answer: (C) the comparison of Mac and Windows security is irrelevant 3.) According to Marius Oiaga, who wrote the article “Microsoft Does It Again: Vista Is the Safest – Linux and Mac OS X Bite the Dust,” Windows Vista is more secure than Linux and OS X because ____. Answer: (B) More vulnerabilities have been reported in Linux and OS X system than in Vista system 4.) According to Jacob West, who wrote the article “Windows vs. Linux Security Strengths and Weaknesses,” ____. Answer: (D) the User Account Control in Windows 7 is less secure than the User Account Control in Windows Vista. 5.) According to Dino Dia Zovi, who was quoted in the article “In Their Words: Experts Weigh in on Mac vs. PC Security,” ____. Answer: (A) Apples iPad is significantly more secure than Linux, Mac, or a PC. Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week: Chapter 2 Questions Lab 1.5 Review Questions Paper Activity After researching these five terms, write a one-page paper in which you define each term and give an example of each in an information security context. See: Next Page 1.) Using two firewalls by different vendors is an example of ____. Answer: (B) Diversity 2.) Allowing only those who must use data to have access to it is called ____. Answer: (D) Limiting 3.) A layered security approach refers to placing your weakest security controls closer to potential attackers and placing your strongest security controls closer to the assets being protected. True or False? Answer: False Reason: Does not fit the definition of layering, which does not elaborate on the strength of each layer. 4.) An example of ____ is avoiding clear patterns of behavior, thus making attacks from outside more difficult. Answer: (C) Obscurity 5.) Decreasing the chance that security personel inadvertently misconfigure a system and decrease its protection is accomplished by ____. Answer: (C) Simplicity