WIXLIB

CompTIA Security PerformanceBased lusCopyright 2013 InfoSec Institute1 of 26

Question1. What rules should be added to the firewall to allow traffic to the web server which will beserving both secured, and unsecured web pages in the diagram below.Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressCopyright 2013 InfoSec InstituteSourcePortDestination IPDestinationPort2 of 26

Answer to Previous Page1. What rules should be added to the firewall to allow traffic to the web server which will beserving both secured, and unsecured web pages in the diagram below.Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressSourcePortDestination *192.0.2.9/32443Since the question specified that both secured and unsecured web pages would be served,then, you needed to allow both HTTP (port 80) and HTTPS (port 443) through the firewall. Sincethe traffic is coming from the internet, all source IP addresses should be allowed in.Copyright 2013 InfoSec Institute3 of 26

Question2. What rules should be added to the firewall to allow traffic to the mail server below.Assume that only internal clients will be connecting over both POP3 and IMAP4, buteveryone can send SMTP traffic.Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressCopyright 2013 InfoSec InstituteSourcePortDestination IPDestinationPort4 of 26

Answer to Previous Page2. What rules should be added to the firewall to allow traffic to the mail server below.Assume that only internal clients will be connecting over both POP3 and IMAP4, buteveryone can send SMTP traffic.Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressSourcePortDestination /24*192.0.2.10/32143Internal clients need to have access to both IMAP (Port: 143) and POP3 (Port: 110) ports. Sinceonly internal clients are allowed to have access, the source IP Address needs to be limited to theinternal network. Since the mail server would receive SMTP (Port: 25) from anywhere, thattraffic needs to be allowed from anywhere.Copyright 2013 InfoSec Institute5 of 26

Question3. An administrator wants to make it so that she can manage the mail server over SSH.She also wants to ensure that she doesn’t accidently use telnet to communicate with theserver. What changes does she need to make to the firewall in order to accommodatethat?Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressCopyright 2013 InfoSec InstituteSourcePortDestination IPDestinationPort6 of 26

Answer to Previous Page3. An administrator wants to make it so that she can manage the mail server over SSH.She also wants to ensure that she doesn’t accidently use telnet to communicate with theserver. What changes does she need to make to the firewall in order to accommodatethat?Use a “*” to indicate “Any”.Allow/DenyTCP/UDPSource IP AddressSourcePortDestination 0/3222DenyTCP203.0.113.45/32*192.0.2.10/3223Since SSH is on port 22, this is the port that must be allowed in. Also, since this is anadministrative tool, only traffic from the Administrator Computer should be let through, and notfrom the internal network as a whole.She denied traffic on port 23 (the Telnet port) since she doesn’t want non encrypted,administrative traffic to be going to the server. This is an admittedly somewhat artificial example,but it demonstrates how to prevent traffic from going through a firewall.Copyright 2013 InfoSec Institute7 of 26

Questions4. Match the port to the protocol.a.FTP Data Channelb.LDAPc.NetBIOS name serviced.DNS1. TCP/UDP:532. TCP/UDP:3893. TCP:204. TCP/UDP:1375. Match the port to the protocol.a.SSHb.FTP Control Channelc.TFTPd.HTTPS1. TCP:212. TCP:4433. TCP:224. UDP:696. Match the port to the protocol.a.POP3b.NetBIOS session servicec.SCPd.SNMP1. TCP:222. TCP:1103. UDP:1614. TCP/UDP:1397. Match the port to the protocol.a.Telnetb.HTTPc.NetBIOS datagram serviced.LDAP/SSL1. TCP:802. TCP/UDP:1383. TCP:6364. TCP:23Copyright 2013 InfoSec Institute8 of 26

Answer to Previous Page4. Match the port to the protocol.a. 3 FTP Data Channelb. 2 LDAPc. 4 NetBIOS name serviced. 1 DNS1. TCP/UDP:532. TCP/UDP:3893. TCP:204. TCP/UDP:1375. Match the port to the protocol.a. 3 SSHb. 1 FTP Control Channelc. 4 TFTPd. 2 HTTPS1. TCP:212. TCP:4433. TCP:224. UDP:696. Match the port to the protocol.a. 2 POP3b. 4 NetBIOS session servicec. 1 SCPd. 3 SNMP1. TCP:222. TCP:1103. UDP:1614. TCP/UDP:1397. Match the port to the protocol.a. 4 Telnetb. 1 HTTPc. 2 NetBIOS datagram serviced. 3 LDAP/SSL1. TCP:802. TCP/UDP:1383. TCP:6364. TCP:23When it comes to matching protocols to ports, there is no substitution for memorizing thecorrect port protocol mapping.Copyright 2013 InfoSec Institute9 of 26

Question8. The Engineering Team has asked you to set up a WAP for them so that only thosepeople who know about the network OURNETWORK, would be able to connect. Theywant everyone to use LOGINTOOURWAP for the password to log into the wirelessnetwork. What changes to the following configuration screens would need to be made toimplement this?Copyright 2013 InfoSec Institute10 of 26

Answer to Previous Page8. The Engineering Team has asked you to set up a WAP for them so that only thosepeople who know about the network OURNETWORK, would be able to connect. Theywant everyone to use LOGINTOOURWAP for the password to log into the wirelessnetwork. What changes to the following configuration screens would need to be made toimplement this?When people see the wireless networks, what they are seeing, is the SSID. Whether ornot it is visible, is determined by whether or not the SSID is broadcast or not. So for this,we want to set the SSID to OURNETWORK, and disable broadcasting of the SSID(since they only want people who know about it to be able to log into it).Of the various Security Modes, WPA2 provides the best encryption possible here. UsingPSK, or a Pre Shared Key, allows all users to connect using the same passphrase.Copyright 2013 InfoSec Institute11 of 26

Question9. After using this for a while, Engineering department realized that they wanted eachperson to log in using a unique username/password combination. How should theconfiguration be changed to accommodate this?Some ports:RADIUS Authentication: 1812RADIUS Accounting: 1813Copyright 2013 InfoSec Institute12 of 26

Answer to Previous Page9. After using this for a while, Engineering department realized that they wanted eachperson to log in using unique username/password combination. How should theconfiguration be changed to accommodate this?Radius servers are commonly used to provide authentication services for wirelessaccess points. Since we are using this for authentication (confirming that this is a personthe system recognizes), we need to use port 1812.Copyright 2013 InfoSec Institute13 of 26

Question10. Given the diagram above, what else could be implemented to improve the security on theWAP?11. After that is implemented, for this diagram, how many devices would have access to theWAP?Copyright 2013 InfoSec Institute14 of 26

Answer to Previous Page10. Given the diagram above, what else could be implemented to improve the security on theWAP?MAC address filtering.11. After that is implemented, for this diagram, how many devices would have access to theWAP?By implementing MAC address filtering, the devices with the MAC Address99 88 77 66 55 01 or 99 88 77 66 55 48 would have access to the system. Thus 2devices would have access.Copyright 2013 InfoSec Institute15 of 26

QuestionsBelow are diagrams of various types of attacks. Select the best option for each one.a. Man in the middleb. DDoSc. DoSd. Replaye. Evil Twin12.13.Copyright 2013 InfoSec Institute16 of 26

Answer to Previous PageBelow are diagrams of various types of attacks. Select the best option for each one.a. Man in the middleb. DDoSc. DoSd. Replaye. Evil Twin12. b .The use of multiple (distributed) machines with the goal is of making it so that the victim machineis not able to perform its tasks makes this a Distributed Denial of Service attack.13. c .As the key goal is making it so that the victim is not able to process its regular tasks, makes thisa Denial of Service attack.Copyright 2013 InfoSec Institute17 of 26

QuestionsBelow are diagrams of various types of attacks. Select the best option for each one.a. Man in the middleb. DDoSc. DoSd. Replaye. Evil Twin14.15.Copyright 2013 InfoSec Institute18 of 26

Answers to Previous PageBelow are diagrams of various types of attacks. Select the best option for each one.a. Man in the middleb. DDoSc. DoSd. Replaye. Evil Twin14. a .As one would expect from the name, the Man in the middle involves getting in the middle ofrequests going to and from the server. The attacker can then modify the traffic to suit his needs.15. e .An Evil Twin attack uses an access point which has duplicated the legitimate access point’sSSID, in order to entice machines to connect to them. At this point, the attacker can snoop thevictim’s traffic. While this is a type of Man In The Middle attack Evil Twin is a better choice, sincethe Evil Twin is a specific implementation of a Man In The Middle attack.Copyright 2013 InfoSec Institute19 of 26

Questions16. Which of the following can be used for limiting risks associated with using mobile devices.A.B.C.D.E.F.G.Remote WipeLocked CabinetEncryptionPasscodeSecured RoomsAutomatic LockingWipe after 10 Failed Security Code Entries17. Which of the following can be used for limiting risks associated with servers.A.B.C.D.E.F.G.Locked CabinetWipe after 10 Failed Security Code EntriesSecured RoomRemote WipeCCTVEnvironmental ControlsAccess LogsCopyright 2013 InfoSec Institute20 of 26

Answers to Previous Page (Correct Answers in Bold)16. Which of the following can be used for limiting risks associated with using mobile devices.A.B.C.D.E.F.G.Remote WipeLocked CabinetEncryptionPasscodeSecured RoomsAutomatic LockingWipe after 10 Failed Passcode EntriesA: Remote wipe allows a company to remove information from the device once it leavesits control.C, D, F: Encrypting the contents of a mobile device and securing it with a passcodereduces an attacker’s ability to get at the data on the device should she gain control ofthe device. Automatically locking the device reduces the chance an attacker will gaincontrol of an unlocked device.G: Wipe after 10 Failed Passcode Entries will reduce the chance of getting at a device’sdata should it be lost/stolen.B, E: All of these would eliminate the mobility of the device, and thus eliminate the abilityto use it effectively. Thus, they are not practical controls.17. Which of the following can be used for limiting risks associated with servers.A.B.C.D.E.F.G.Locked CabinetWipe after 10 Failed Security Code EntriesSecured RoomRemote WipeCCTVEnvironmental ControlsAccess LogsA, C: These help limit access to the server.E,G: Increases the likelihood that intruders would be noticed, and deters insiders frommalicious actions.F: Depending on the controls implemented these can reduce the risks associated withitems such EMI, humidity, and temperature.B,D: These could actually increase risks associated with server, as DoS attacks arepossible.Copyright 2013 InfoSec Institute21 of 26

Question18. For the following network, the network log files can be seen for the Router, Firewall, and EndUser Computer. Which device is not set up for Implicit Deny?RouterTime2013 11 1214:10:202013 11 1214:10:212013 11 1214:10:222013 11 1214:10:22Severity MessageSession permitted.InfoACL 3Session permitted.InfoACL 4.Session permitted.InfoNo ACL match.Source on ACL 3.Copyright 2013 InfoSec InstituteDestination IPDestinationPort216.34.181.458074.125.134.26 42563192.0.2.102522 of 26