CompTIA Security+ Test questions on their Website.

WizardofWar

Ugh. Why cant they tell you which questions you got wrong so you know what to study on. They forced me to print each one out so I can find if the answer was correct elsewhere.

Edit: What a pain, I had to go into each one and score the test to check which ones I got wrong and right. I wanted to know since they were straight from CompTIA.

WizardofWar

What kinds of attacks involve intercepting and modifying network packets? (Choose two.)


Null Session
x man-in-the-middle
DNS poisoning
Spoofing
DoS
x TCP/IP hijacking

I dont understand how this is correct. This is a sample question from the CompTIA sample questions. I would have never got this correct on the test if it came up. man-in-the-middle does not modify the packets according to what I have read.

I guess it could be looking for something that did one or the other but it sure isn't worded that way. To me it sounded like the answer should have had both attacks do both of what they were asking.

earweed

man in the middle MAY be altering the information.

WizardofWar

According to Darrils book there is no modifying of packets in the man-in-the-middle attacks.

earweed

The sybex book says that it may modify data. That's usually not the purpose though, the purpose is usually to get and record data for later use.

WizardofWar

OK, thanks, then its really Darrils book that doesn't explain that it can be changed.

erpadmin

Let's take this a different way...

Explain to me (us) what you would have chosen and how they are correct?

WizardofWar

lol, I didn't think it through enough and I really have to read the questions better I think as well, I was just thrown by the fact that Darrils book stated that the man-in-the-middle doesn't modify the packet so I was thinking it has to be something else. I didnt do that well on the sample test but I have only been studying for about 8 or so days now and not hard. I got 19/30 of the questions right and I still have 2 chapters of Darrils book to go so I guess I shouldn't get to excited that I didn't know all the material. That question still would have thrown me as I have read that info. I did get some wrong that I have read though so that bothers me.

erpadmin

WizardofWar wrote: »

lol, I didn't think it through enough and I really have to read the questions better I think as well, I was just thrown by the fact that Darrils book stated that the man-in-the-middle doesn't modify the data so I was thinking it has to be something else. I didnt do that well on the sample test but I have only been studying for about 8 or so days now and not hard. I got 19/30 of the questions right and I still have 2 chapters of Darrils book to go so I guess I shouldn't get to excited that I didn't know all the material. That question still would have thrown me as I have read that info. I did get some wrong that I have read though so that bothers me.

You are right, Darril pretty much says that it doesn't modify traffic in a man-in-the-middle attack. But as Earweed stated, it's really used for eavesdropping or to be used in a replay attack later on.

I don't see how you would have been tripped though if you knew the other answers weren't involved in interception or modifying data. You may need to do some more reading until stuff clicks (and trust me, Darril is still good....my 870/900 isn't exactly terrible....and while I did have other help, Darril was still the primary resource).

One thing that helped me out was Transcender's flashcards (part of their practice exams) of cryptography....one I got that down, I stopped being nervous about the exam and everything "flowed" right.

Also, you'll still pass the exam if you read his book twice. It may not be with a 900, but that's when I ask "who gives a ----?"

You'll be fine.

dynamik

Modifying data (packet payload) and modifying packets are not the same thing. You guys are not being consistent with your terminology. Unless you're somehow able to passively capture traffic (hub, SPAN port, Ethernet tap, etc. -- also, you're not in the "middle" in these scenarios), you're always going to be modifying the packets. Tools like ettercap also allow you to easily modify the data as well.

erpadmin

dynamik wrote: »

Modifying data (packet payload) and modifying packets are not the same thing. You guys are not being consistent with your terminology. Unless you're somehow able to passively capture traffic (hub, SPAN port, Ethernet tap, etc. -- also, you're not in the "middle" in these scenarios), you're always going to be modifying the packets. Tools like ettercap also allow you to easily modify the data as well.

I'm just going by how I understood the material to answer the OP's question in his second post.

It could be how the OP paraphrased the question as well to make it sound like it made no sense.

WizardofWar

erpadmin wrote: »

You are right, Darril pretty much says that it doesn't modify traffic in a man-in-the-middle attack. But as Earweed stated, it's really used for eavesdropping or to be used in a replay attack later on.

I don't see how you would have been tripped though if you knew the other answers weren't involved in interception or modifying data. You may need to do some more reading to do until stuff clicks (and trust me, Darril is still good....my 870/900 isn't exactly terrible....and while I did have other help, Darril was still the primary resource).

One thing that helped me out was Transcender's flashcards (part of their practice exams) of cryptography....one I got that down, I stopped being nervous about the exam and everything "flowed" right.

Also, you'll still pass the exam if you read his book twice. It may not be with a 900, but that's when I ask "who gives a ----?"

You'll be fine.

Yea I noticed that after reading it here a few times that the answer couldn't have been anything else. That's the one thing compTIA questions seem to do to me, it seems to make you second guess the answers at times. I think I now just need more time for some of the info to sink in and stay with me. My plan at this point is to take the test somewhere around Oct 12th. so still quite a bit of time to get this stuff down.

earweed

That's plenty of time. Good luck on your studies!

Devilsbane

WizardofWar wrote: »

According to Darrils book there is no modifying of packets in the man-in-the-middle attacks.

What if it is an advanced MITM that is intercepting packets in a SSL session? Then the MITM would have to have a SSL session with each of the parties, decrypt the information and then re-encrypt it to deliver it to the host.

erpadmin

WizardofWar wrote: »

Yea I noticed that after reading it here a few times that the answer couldn't have been anything else. That's the one thing compTIA questions seem to do to me, it seems to make you second guess the answers at times. I think I now just need more time for some of the info to sink in and stay with me. My plan at this point is to take the test somewhere around Oct 12th. so still quite a bit of time to get this stuff down.

While you generally don't necessarily need it, it may behoove you to invest in a practice exam like Transcenders or uCertify. You just need to be comfortable taking the test so you don't focus so much on the trivialities. Believe me, I can relate and that's why I think I did "overprepare" for this exam. Really, you can never overprepare for anything, but when I saw how high my score was, I was floored.

Darril's book is an excellent resource, but it also depends on how well you understand the concepts. Once you get over that fear (and believe me, I had it too when I heard how "difficult" this exam was compared to A+, Net+), you will pass. You do have enough time to do what you gotta do. Just keep at it. Darril's guide is all you need to pass, but an extra practice exam in your case might help you out.

demonfurbie

yea i didnt quite get his chapter on crytpo so im gonna have to find a diff source for that

WizardofWar

Thanks all, just finished reading chapter 9 of Darrils book this morning. One more to go and then to see where I am weak on the content. Still a long way off on taking it so I got a good head start on knowing the info. I agree that taking practice tests are a big plus in figuring out where you are weak. I liked the one from CompTIA's website but they have that so poorly implemented that it really is not usable unless you get all the questions right. Went to a lot of trouble last night getting all the correct answers for their 30 questions.

WizardofWar

demonfurbie wrote: »

yea i didnt quite get his chapter on crytpo so im gonna have to find a diff source for that

I just finished that one this morning. I understand the material for the most part but there is a lot of material in this chapter to remember.

WizardofWar

Devilsbane wrote: »

What if it is an advanced MITM that is intercepting packets in a SSL session? Then the MITM would have to have a SSL session with each of the parties, decrypt the information and then re-encrypt it to deliver it to the host.

I would think modifying packets in this scenario would be highly unlikely.

Devilsbane

WizardofWar wrote: »

I would think modifying packets in this scenario would be highly unlikely.

They have to be modified. Addressing information needs to change as does the encryption. If I encrypt a file and you encrypt a file, technically the files are different (If you were to run a hash on them). Once they are decrypted then they would be the same again.