Crytography, Hashing, Encryption ...

fieldmonkey · October 2010

my head is hurting now... lol ... I think I"m starting to see some of the big picture though... now I just need to put it altogether so I can get back to the basic stuff before the test.

Paperlantern · October 2010

Tel me about it, i just hit Crypto yesterday for a little while and i was smacked back to reality about where i stood as far as ready or not... and im opting for the OR NOT. Gonna relax a little bit, pick up Darril's book from amazon, not sure if i'll do Kindle or Actual but I'll get it, and go from there.

xenodamus · October 2010

I just hit that section yesterday for the first time. It's a lot of acronyms to digest. But honestly, my S+ studies are really making sense of alot of terms that I've heard over the years, but never truly understood. There's lot more value to this material than I anticipated.

I'm going through the Labsim first btw. Darril's book is next, followed by the nuggets. Hoping to test next month.

Unforg1ven · October 2010

Any questions, post 'em here. Never hurts to ask when clearing up a fuzzy spot.

erpadmin · October 2010

xenodamus wrote: »

I'm going through the Labsim first btw. Darril's book is next, followed by the nuggets. Hoping to test next month.

You will not need Nuggets if you're using LabSim. I only viewed a few videos in LabSim and depended mostly on Darril's book. But seriously, if you are going to supplement Darril's book with CBT training, just use the LabSim.

Trust me....there are folks with less experience than you that have passed this exam with less. You won't need two CBTs.

fieldmonkey · October 2010

Test is in two days... reviewed all the hashing, authentication mechanisms, and attacks... Today I'm going to start on reviewing the tunneling protocols, buidling a chart for myself to help me memorize it, as I've done with alot of it... So far I have built 7 pages worth of study notes, but times ticking down.

I took the assessment test in the front of the book last night before studying and scored an 80, then reviewed my answers... as usual the answer made entire sense to me once I read the explanation, but some I just straight up didn't know the answer and that is where I studied.

Doing the practice test in the back of the book today after I study the tunneling protocols.

fieldmonkey · October 2010

Ok ... got a question... I came across this question on the CompTIA site... I don't think there is anything wrong with posting it here, but wanted to find out if I got it right. The practice test doesn't tell you what you got wrong just like the real exam.

You are peparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be put in promiscuous mode? (Choose two).

A. Password Cracker
B. Network Mapper
C. Protocol Analyzer
D. Port Scanner
E. Vulnerability Scanner

(C) is definitely one, as its illustated in Darrills book, but what is the second one and why?

I suspect (E), but cannot find anything to support my answer or any of the other choices. I threw out (A)

Paperlantern · October 2010

Hmmm I'm not entirely sure, Promiscuous mode just allows the adapter to accept all packets/frames even if not intended for it. If I understand it correctly. I know sniffers would need it, but they dont use that as one of the options. Like you said, A would def, be thrown out. I agree with you on C being correct.

I would probably guess B, a network mapper, that sort fo thing would need all traffic to map out a network.

I just dont see a port scanner needing Prom mode do do its thing. Vulnerability scanner, MAYBE if its a Network vulnerability scanner, but most vulnerability scanners are aimed at a system itself looking for patch weaknesses and other things that are open on the local system, not necessarily needing network access.

WizardofWar · October 2010

Ugh! I went through alot of trouble getting the correct answers on their practice test as they dont give them to you, I went one by one through them.

And guess what I tossed them out after I passed so now I cant tell you with all certainty.

Edit: On a side note you can do the same thing, Just go to that question and answer it and end the test to see if you got it right.

fieldmonkey · October 2010

[EMAIL="D@mn"]D@mn[/EMAIL]!... lol

Actually there were a couple of others I printed off because I just really wasnt sure which one was the correct answer. Heres' another one.

Question #2

You need to ensure that a critical server has minimal downtime. You need to ensure data fault tolerance for the server.

What would you do?

A. Configure a redundant server
B. Provide spare parts
C. Use RAID
D. Deploy a UPS

So throwing out B and C, I choose RAID, but it seems to me A would be a correct answer also.

Another one I couldn't find either was:

Question #3

The 802.11i standard specifies support for which encryption algorithms? (Choose two)

A. TKIP
B. AES
C. RSA
D. ECC
E. DES

So AES is mentioned in some of the material I have been reading, and I toss out D and E, so would it be A or C? I might google this one again.

WizardofWar · October 2010

The answer is RAID on the first one.
And the second one is TKIP and AES.

superman859 · October 2010

Tough practice questions!

For #1, I'd say network mapper for the other. I've used several port scanners and they don't rely on prom. mode at all simply because of how they function. Vuln. scanner really works similarly (vuln. scanner's tend to start off with a port scan anyways, and then just get more detailed on open ports).

For #2, all 4 options sound like good ideas for a critical server, but I'd have to go with RAID. A redundant server would be good to limit downtime, but it made no mention of backing up the data to the redundant server. UPS is good for short power outages, but it's critical so anything more than a minute or so would require a backup generator. Spare parts are good to have in case one goes out and you need identical parts to ensure the machine gets back on it's feet quickly and remains stable.

But then again, RAID alone isn't much info. Is it RAID 0, RAID 1? RAID 5? etc. They all provide different levels of fault tolerance

#3 is TKIP and AES - more straight forward.

Chris:/* · October 2010

Question #1 I would go with Vulnerability Scanner and Packet Analyzer. Though it is not required this will allow you to do a complete check. Otherwise you are only reading traffic destined for that machine andthe Vulnerability Scanner can be placed in a passive over a period of time to injest as much information as possible.

Question #2 should be redundant server but as it was pointed out this does nothing for the data. At the same time RAID does not specify external or internal so if the server is DOWN the RAID does not matter. I would go with redundant server for MINIMAL downtime.

Question #3 I do not like this question because it is actually wrong. TKIP is the protocol used with the RC4 algorithm and CCMP is the protocol used with the AES algorithm. Though with the information provided it is the most correct answer.

sthompson86 · October 2010

Chris:/* wrote: »

Question #2 should be redundant server but as it was pointed out this does nothing for the data. At the same time RAID does not specify external or internal so if the server is DOWN the RAID does not matter. I would go with redundant server for MINIMAL downtime.

Thats what I was thinking. I hate these vauge questions. lol

cbsharpe0824 · October 2010

I am one chapter away from reading Crypto.....

let the fun begin...:D

thisguy85 · May 2011

fieldmonkey wrote: »

Ok ... got a question... I came across this question on the CompTIA site... I don't think there is anything wrong with posting it here, but wanted to find out if I got it right. The practice test doesn't tell you what you got wrong just like the real exam.

You are peparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be put in promiscuous mode? (Choose two).

A. Password Cracker
B. Network Mapper
C. Protocol Analyzer
D. Port Scanner
E. Vulnerability Scanner

(C) is definitely one, as its illustated in Darrills book, but what is the second one and why?

I suspect (E), but cannot find anything to support my answer or any of the other choices. I threw out (A)

A. Password Cracker (tools such as Air Crack)
C. Protocol Analyzer (such as Wireshark)

slo_cope · April 2012

Sorry for drudging up such an old thread, but it was a question I had to google because I wasn't able to find the answer in any of the sources I've been using to study for the Sec+ exam.

fieldmonkey wrote: »

Ok ... got a question... I came across this question on the CompTIA site... I don't think there is anything wrong with posting it here, but wanted to find out if I got it right. The practice test doesn't tell you what you got wrong just like the real exam.

You are peparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be put in promiscuous mode? (Choose two).

A. Password Cracker
B. Network Mapper
C. Protocol Analyzer
D. Port Scanner
E. Vulnerability Scanner

(C) is definitely one, as its illustated in Darrills book, but what is the second one and why?

I suspect (E), but cannot find anything to support my answer or any of the other choices. I threw out (A)

For the record, according to the results of the test, the correct answer is

C. (Protocol Analyzer)
E. (Vulnerability Scanner)

Based on what I've found it's kind of a tricky question since "vulnerability scan" is a generic term that describes a process, a procedure. Furthermore, from what I've read, the protocol analyzer isn't placed in promiscuous mode; it places the NIC card in promiscuous mode. Based on my limited knowledge it just seems to be a poorly worded question...but hey, what do I know lol.

paul78 · April 2012

slo_cope wrote: »

Sorry for drudging up such an old thread, but it was a question I had to google because I wasn't able to find the answer in any of the sources I've been using to study for the Sec+ exam.

For the record, according to the results of the test, the correct answer is

C. (Protocol Analyzer)
E. (Vulnerability Scanner)

Based on what I've found it's kind of a tricky question since "vulnerability scan" is a generic term that describes a process, a procedure. Furthermore, from what I've read, the protocol analyzer isn't placed in promiscuous mode; it places the NIC card in promiscuous mode. Based on my limited knowledge it just seems to be a poorly worded question...but hey, what do I know lol.

I read this thread with interest. One of the problems with certifications is that the certifying body would like you to belief that their body of knowledge is the one and only. But then reality creeps in

A couple of comments:

A network adapter is generally accepted as synonmous as a network interface card (NIC). Network adapter is probably more accurate these days as far as PC/laptops are concerned since interface cards are rarely used these days as an ethernet interface is commonly built onto the motherboard.

But I do agree with you about the choice of answers - especially if you wanted to dig into the nuances.

#1 - Password cracker - a password cracker is a class of applications that is used to brute-force attack a password file - usually by using a word-list and its permutations to match the password hash. So this is not a correct answer. The exampe if AirCrack although it does place the network interface into promiscious mode is true, AirCrack is really a sniffer or protocol analyser.
#2 - Network mapper - a network mapper is like a glorified port-scanner that can be used to perform reconissance on a network. I.e. figure out what is there.

#3 - Protocol analyzer - this is the obvious answer. A protocol analyzer (also called sniffer, network probe) like Wireshark, tcpdump, etc. - works by capturing all the network traffic that flows over the segment and analyzes the traffic.

#4 - Port scanner - there really aren't any more simple port scanners out there. Most tools used for network reconaisance will also map the network and even scan for vulnerabilities.

#5 - Vulnerability scanner - that's really a network mapper that also checks for vulnerabilities. Tools like Nessus and Qualsys are vulnerability scanning tools.

You are correct that vulnerability scaning is a process. A vulnerability scanner aids in that process. Just like a network mapper aids in mapping a network or a sniffer aids in protocol analysis.

What's most interesting to me is the nuance that a vulnerability scanner places the network interface into promiscious mode. Technically speaking, that is not necessary. However, a vulnerability scanner may place a network interface into promiscious mode in order to see if a network/server responds to spoofed source ip addresses. But that is a subtle reason and not all vulnerability scanners need to operate in promiscous mode.

If we use the logic that I just used - it can be said that network mappers also place the network interface into promiscious mode. One of the most well used network mapper (it started as a port-scanner but it actually has very powerful vulnerability scanning) capabilities) is nmap. Nmap for example can run in promiscious mode so that it be used to evade detection. For example, imagine if I am port-scanning the servers on the same segment, I can spoof a different source IP address and pretend that I'm a different server on that segment, but if I am in promiscious mode, I can watch for the packets coming back at the spoofed source IP.

My opinion but the only real right answer is C.

If E is considered correct due to some nuance - then B and D could be argued to be correct as well. But because a vulnerabily scanner can still operate without being in promiscious mode. I argue that Comptia is mistaken.

Just my 2 cents.

Jake. · April 2012

fieldmonkey wrote: »

Ok ... got a question... I came across this question on the CompTIA site... I don't think there is anything wrong with posting it here, but wanted to find out if I got it right. The practice test doesn't tell you what you got wrong just like the real exam.

You are peparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be put in promiscuous mode? (Choose two).

A. Password Cracker
B. Network Mapper
C. Protocol Analyzer
D. Port Scanner
E. Vulnerability Scanner

(C) is definitely one, as its illustated in Darrills book, but what is the second one and why?

I suspect (E), but cannot find anything to support my answer or any of the other choices. I threw out (A)

From page 285 or (9913 on a Kindle) of Darril Gibson's Sec+ SYO-301, I would understand the answer to be B. NMAP and D. Port Scanner to fingerprint systems.

My 2 cents...

paul78 · April 2012

Jake. wrote: »

From page 285 or (9913 on a Kindle) of Darril Gibson's Sec+ SYO-301, I would understand the answer to be B. NMAP and D. Port Scanner to fingerprint systems.

My 2 cents...

That's an interesting twist. I can also see why that could be valid. But it's a odd answer. It kinda depends on when the question was written and how Comptia defines those terms.

It would be interesting to see how Comptia defines a network mapper or a port scanner. Also - perhaps Comptia definition of promiscious mode is different - the common definition is to place a network interface into a mode where all network packets are processed and available for inspection by the OS.

Network mappers like Nmap can actually operated just fine without ever placing a network interface into promiscious mode. In fact, earlier version of nmap was a simple port scanner. One of the simplest network mappers could be traceroute - I.e. it maps the network between the source and destination and helps determine topology. But traceroute doesn't place a network interface into promiscious mode at all. A while back, I had modified a custom version of traceroute for my own needs to use tcp packets and there is no need to have a network interface in promiscious mode.

Similarly - the common definition of port scanner is an application that is used to determine if a device on a network has listeners on tcp and udp ports. Saying that a port scanner can be used to fingerprint systems is a stretch. A simple tcp port-scanner is just by using telnet to determine if a system has tcp ports which respond to a SYN packet. You could even come up with a simple script that uses telnet to scan a system for open tcp ports - no need to place the network interfaces into promiscious mode. Even a modified version of ping like hping can be used.

That's the problem with certifying bodies. They tend to have their own ideas of what's right. Ultimately, you need to go by what the certifying body believes even if in the real world there are shades of grey.

If Comptia omitted protocol analyser as a valid choice, they must have a really narrow definition for a protocol analyser, pretty much all protocol analysers support real-time analysis which requires that the network interface be in promiscious mode. The only time I ever use a protocol analyser (I use Wireshark) offline is for analysis packet **** from a network tap or another packet capture application.

But if that's the reason why procotol analyser was omitted as an answer, I sure we can all come up with different reasons why the other answers can be right or wrong

I still believe that port analyzer is the best correct answer.

Crytography, Hashing, Encryption ...

Comments