A security team received reports of increased latency on a highly utilized e-commerce server. This led to eventual service unavailability as a result of internal scanning activity. The following web-server log was shared with the team to support this claim:
Which of the following actions would BEST address the service impact caused by scanning?

• A.Enable proper error handling on the web server
• B.Stop scanning the affected servers
• C.Run scans during off peak hours
• D.Disable directory enumeration in the scanning policy

Comment: *

Name: *

Email: *

Verification: *

An organization is concerned that Its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

• A.nmap comptia.org -p 80 -sv
• B.nc -1 -v compria.org -p 60
• C.hping3 -s compwia.org -p 80
• D.nslookup -port-80 compcia.org

Comment: *

Name: *

Email: *

Verification: *

A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?

• A.Separation of duties
• B.Mandatory vacations
• C.Security awareness training
• D.Background checks

Comment: *

Name: *

Email: *

Verification: *

A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

Correct Answer:

Explanation
1/1/2017 3:30:00 7813a82384cbaeb45bd12943a9234df3

Comment: *

Name: *

Email: *

Verification: *

The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. 2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port 3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Correct Answer:

Explanation:

Section: Network Security
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Comment: *

Name: *

Email: *

Verification: *