Test questions for Sec+

I'm reviewing my knowledge on Darril's website (member's area) and this is one of the questions (I hope he won't mind me posting this here, but I really need assistance):

After browsing the internet, a user notices the computer is running slowly. An antivirus scan with updated signatures doesn't report any problems. What is the MOST likely cause?

A Zero day attack
B Spyware
C LDAP injection
D Known virus

I answered A, but the correct answer is B. Now I don't understand why is that the correct answer. Wouldn't 0day be more logical? You update your antivirus software but you still get attacked, that's 0day in my book. What's your take on this?

Find more posts tagged with

Comments

dpsmooth15

Well I will say again the Security+ Exam is 93% process of elimination. now that I got that out the way
A zero day attack is used BEFORE a patch can come out for a unknown--known vulnerability, .….So a zero day attack would of been FIRST to scratch off my list. Next would of been LDAP. Knowing/reading up on them will benefit YOU. on exam day. Research, use more resource, to help you understand.
A virus has to be executed in some way, fashion, or form and the antivirus did not pick it up, which basically eliminated virus from the list, talking about antivirus and updated signatures is another question you might want to remember…so personally I would of picked Spyware also.

linuxlover

But 0day means there is no patch for the vulnerability, so if you update your antivirus software with all patches and you still get attacked, why is that not 0day?

proph21

linuxlover wrote: »

I'm reviewing my knowledge on Darril's website (member's area) and this is one of the questions (I hope he won't mind me posting this here, but I really need assistance):

I answered A, but the correct answer is B. Now I don't understand why is that the correct answer. Wouldn't 0day be more logical? You update your antivirus software but you still get attacked, that's 0day in my book. What's your take on this?

I see your reasoning for picking the 0day. Darril's book does mention that spyware often results in systems running slower and can also affect a system through a drive-by download (from web browsing). From personal experience, I have learned that antivirus software doesn't always catch certain types of malware such as spyware and sometimes a second program such as a specific antispyware or anti-malware is needed to find it in a scan

dpsmooth15

quick break down, antivirus is not going to pick up a zero day attack. Just because it is a "patch" does not insinuate is was for a "virus".

P.S. I am sure if I or anyone was to devote the time and effort for a zero day attack….It would not be to slow the computer down, and let you know I was there. That is like Breaking in your house and knocking on the door first

dpsmooth15

take my word on this, there is nothing tricky about the Security+ Exam. If I say what colors make BROWN. either you know it or not. But if RED and GREEN is listed and PINK and PURPLE you can use the process of elimination to figure it out. Honestly, I would suggest you figure out WHY spyware is right and the others are wrong.You need to get the "easier" questions on the exam right, so you can miss one or two for Crypto, BIA, DRP.. which are not really hard either. Have 10 people give you 10 explanations worded 10 different ways will confuse you

linuxlover

Yes. Well I wanted to click on B Spyware, because I know spyware causes your PC to run slowly, but the "with updated signatures" confused me and I took that as a hint. It was wrong of me to do that, I can see now. Thanks both for clarifying that.

linuxlover

There are a few more answer that I don't understand.

Security technician wants to gather and analyze all web traffic during a specific time period. What's the best way to gather data?

a) configure VPN concentrator to log traffic for 80 and 443
b) configure proxy server to log traffic for 80 and 443
c) configure switch to log traffic for 80 and 443
d) configure NIDS to log traffic for 80 and 443

How is proxy server better than NIDS to log all traffic on a network? I don't understand.

Company has requested that the VPN system authenticate their team based on username, password and certificate and only allow access from US. How many factors are in use?

a) 1
b) 2
c) 3
d) 4

Why 3? I don't understand.

Admin wants to implement AAA. Network infrastructure is a mix of several different vendors. Admin needs a method to secure centralized access to the company's network. What is best to implement?

a) RADIUS
b) LDAP
c) SAML
d) TACACS+

How is RADIUS better than TACACS+?

101010

How is proxy server better than NIDS to log all traffic on a network? I don't understand.

The question wasn't what device is best used to gather all data on the network, just all web traffic, so a proxy server would be the best choice.

Why 3? I don't understand

Unless the question is just asking how many individual factors are being used. I am only seeing two different authentication factors here, username/password (something you know) and the certificate (something you have).

How is RADIUS better than TACACS+?

Like the first question, the key is to under stand what the question is asking. It is not asking what AAA technology is "better", it is asking which is better to implement given the parameters of the question. "Network infrastructure is a mix of several different vendors" is the key, as TACACS+ is a Cisco proprietary technology and RADIUS is an open standard and therefore more interoperable.

proph21

linuxlover wrote: »

There are a few more answer that I don't understand.

How is proxy server better than NIDS to log all traffic on a network? I don't understand.

Why 3? I don't understand.

How is RADIUS better than TACACS+?

Question 1: This is one of those questions where the context gives the clues to what it is asking. An NIDS only logs stuff that it considers sketchy by analyzing all network traffic. To collect + analyze ALL traffic of a specific type (80, 443), the proxy server would be the better choice.

Question 2: I guess they consider physical location something you are? I would have chosen 2 as the answer as well. I would have seen this question and thought, "ah yeah they are trying to trick me by having me think being in the U.S is something you are"

Question 3:The main thing I looked at in this is that the infrastructure has several different vendors and RADIUS is a protocol that works with many vendors, while in the book it says TACAS+ is commonly used on Cisco systems and is a proprietary of Cisco

linuxlover

Thanks to both of you, you cleared some of my doubts. Although being an American is something you are is new to me, that one was tricky.

new2ITSecurity

hey there….were the second set of questions on Darrill's website? I don't remember seeing those questions...

linuxlover

No, the second set I copied from a file I received from my friend.