Test questions for Sec+

linuxloverlinuxlover Banned Posts: 228
I'm reviewing my knowledge on Darril's website (member's area) and this is one of the questions (I hope he won't mind me posting this here, but I really need assistance):
After browsing the internet, a user notices the computer is running slowly. An antivirus scan with updated signatures doesn't report any problems. What is the MOST likely cause?

A Zero day attack
B Spyware
C LDAP injection
D Known virus

I answered A, but the correct answer is B. Now I don't understand why is that the correct answer. Wouldn't 0day be more logical? You update your antivirus software but you still get attacked, that's 0day in my book. What's your take on this?

Comments

  • dpsmooth15dpsmooth15 Banned Posts: 155
    Well I will say again the Security+ Exam is 93% process of elimination. now that I got that out the way
    A zero day attack is used BEFORE a patch can come out for a unknown--known vulnerability, .….So a zero day attack would of been FIRST to scratch off my list. Next would of been LDAP. Knowing/reading up on them will benefit YOU. on exam day. Research, use more resource, to help you understand.
    A virus has to be executed in some way, fashion, or form and the antivirus did not pick it up, which basically eliminated virus from the list, talking about antivirus and updated signatures is another question you might want to remember…so personally I would of picked Spyware also.
  • linuxloverlinuxlover Banned Posts: 228
    But 0day means there is no patch for the vulnerability, so if you update your antivirus software with all patches and you still get attacked, why is that not 0day?
  • proph21proph21 Member Posts: 34 ■■■□□□□□□□
    linuxlover wrote: »
    I'm reviewing my knowledge on Darril's website (member's area) and this is one of the questions (I hope he won't mind me posting this here, but I really need assistance):



    I answered A, but the correct answer is B. Now I don't understand why is that the correct answer. Wouldn't 0day be more logical? You update your antivirus software but you still get attacked, that's 0day in my book. What's your take on this?

    I see your reasoning for picking the 0day. Darril's book does mention that spyware often results in systems running slower and can also affect a system through a drive-by download (from web browsing). From personal experience, I have learned that antivirus software doesn't always catch certain types of malware such as spyware and sometimes a second program such as a specific antispyware or anti-malware is needed to find it in a scan
  • dpsmooth15dpsmooth15 Banned Posts: 155
    quick break down, antivirus is not going to pick up a zero day attack. Just because it is a "patch" does not insinuate is was for a "virus".

    P.S. I am sure if I or anyone was to devote the time and effort for a zero day attack….It would not be to slow the computer down, and let you know I was there. That is like Breaking in your house and knocking on the door first
  • dpsmooth15dpsmooth15 Banned Posts: 155
    take my word on this, there is nothing tricky about the Security+ Exam. If I say what colors make BROWN. either you know it or not. But if RED and GREEN is listed and PINK and PURPLE you can use the process of elimination to figure it out. Honestly, I would suggest you figure out WHY spyware is right and the others are wrong.You need to get the "easier" questions on the exam right, so you can miss one or two for Crypto, BIA, DRP.. which are not really hard either. Have 10 people give you 10 explanations worded 10 different ways will confuse you
  • linuxloverlinuxlover Banned Posts: 228
    Yes. Well I wanted to click on B Spyware, because I know spyware causes your PC to run slowly, but the "with updated signatures" confused me and I took that as a hint. It was wrong of me to do that, I can see now. Thanks both for clarifying that.
  • linuxloverlinuxlover Banned Posts: 228
    There are a few more answer that I don't understand.
    Security technician wants to gather and analyze all web traffic during a specific time period. What's the best way to gather data?

    a) configure VPN concentrator to log traffic for 80 and 443
    b) configure proxy server to log traffic for 80 and 443
    c) configure switch to log traffic for 80 and 443
    d) configure NIDS to log traffic for 80 and 443

    How is proxy server better than NIDS to log all traffic on a network? I don't understand.
    Company has requested that the VPN system authenticate their team based on username, password and certificate and only allow access from US. How many factors are in use?

    a) 1
    b) 2
    c) 3
    d) 4

    Why 3? I don't understand.
    Admin wants to implement AAA. Network infrastructure is a mix of several different vendors. Admin needs a method to secure centralized access to the company's network. What is best to implement?

    a) RADIUS
    b) LDAP
    c) SAML
    d) TACACS+

    How is RADIUS better than TACACS+?
  • 101010101010 Member Posts: 94 ■■□□□□□□□□
    How is proxy server better than NIDS to log all traffic on a network? I don't understand.

    The question wasn't what device is best used to gather all data on the network, just all web traffic, so a proxy server would be the best choice.
    Why 3? I don't understand

    Unless the question is just asking how many individual factors are being used. I am only seeing two different authentication factors here, username/password (something you know) and the certificate (something you have).
    How is RADIUS better than TACACS+?

    Like the first question, the key is to under stand what the question is asking. It is not asking what AAA technology is "better", it is asking which is better to implement given the parameters of the question. "Network infrastructure is a mix of several different vendors" is the key, as TACACS+ is a Cisco proprietary technology and RADIUS is an open standard and therefore more interoperable.
    2017 Goals:
    [x] GCIH

    "Well if you're going to have delusions of grandeur, may as well go for the really satisfying ones." - Marcus, Babylon 5
  • proph21proph21 Member Posts: 34 ■■■□□□□□□□
    linuxlover wrote: »
    There are a few more answer that I don't understand.



    How is proxy server better than NIDS to log all traffic on a network? I don't understand.



    Why 3? I don't understand.



    How is RADIUS better than TACACS+?

    Question 1: This is one of those questions where the context gives the clues to what it is asking. An NIDS only logs stuff that it considers sketchy by analyzing all network traffic. To collect + analyze ALL traffic of a specific type (80, 443), the proxy server would be the better choice.

    Question 2: I guess they consider physical location something you are? I would have chosen 2 as the answer as well. I would have seen this question and thought, "ah yeah they are trying to trick me by having me think being in the U.S is something you are"

    Question 3:The main thing I looked at in this is that the infrastructure has several different vendors and RADIUS is a protocol that works with many vendors, while in the book it says TACAS+ is commonly used on Cisco systems and is a proprietary of Cisco
  • linuxloverlinuxlover Banned Posts: 228
    Thanks to both of you, you cleared some of my doubts. Although being an American is something you are is new to me, that one was tricky.
  • new2ITSecuritynew2ITSecurity Member Posts: 25 ■■■□□□□□□□
    hey there….were the second set of questions on Darrill's website? I don't remember seeing those questions...
  • linuxloverlinuxlover Banned Posts: 228
    No, the second set I copied from a file I received from my friend.
Sign In or Register to comment.