Friday, February 26, 2010

Practice Question Virus Infection

A computer is infected with a virus.  The installed antivirus software didn't detect the problem.  What would be the first action to take?


  A. Notify an administrator

  B. Install new antivirus software
  C. Update the antivirus signature files
  D. Contain the problem.


Answer below.









Over 375 practice test questions in this book:













CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide


List of  Security+ Blogs
List of Security+ Questions


Answer: D. The first step in response to an incident to contain or isolate the problem. This can often be done by simply pulling the cable on the NIC. Notification should be done after containment, but policy would often dictate the notification of someone on an incident response team. Ensuring that a system has antivirus software and updated signature files are good steps to take, but not as a first step after an infection. You’d still want to contain the problem to a single system before installing the software and updating definitions.

This question is related to objective:
6.3 Differentiate between and execute appropriate incident response procedures.
  • Damage and loss control

Wednesday, February 24, 2010

Incident Response Practice Question

What documentation is needed to verify that the evidence collected is the same evidence that is presented in court?

  A. Affidavit of evidence
  B. Chain of custody
  C. Chain of forensics
  D. Access authorization

Answer below.

Over 375 practice test questions in this book:














CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide







Answer: B. A chain of custody verifies that evidence presented in court is the same evidence that was collected; a chain of custody should be established when seizing any evidence. The other documents listed won’t take the place of chain of custody documentation.

This question is related to objective :
   6.3 Differentiate between and execute appropriate incident response procedures.
  • Chain of custody

Thursday, February 18, 2010

Least Privilege

When studying for the CompTIA Security+ (SY0-201) exam, you'll come across this objective.

3.1 Identify and apply industry best practices for access control methods.

One of the praactices you should understand is: Least Privilege.

The principle of least privilege specifies that individuals or processes should be granted only the rights needed to perform assigned tasks or functions, but no more. For example, if Sally needs to print to a printer, you should grant her print permission for that printer but nothing else.
There's a subtle difference between Least Privilege and Need to Know.  Least Privilege focuses on rights or actions.  Need to Know focuses on permissions or access to data.

Good luck with your studies.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Thursday, February 11, 2010

Mandatory Vacations

When studying for the CompTIA Security+ (SY0-201) exam, you'll come across this objective.

  • 6.4 Identify and explain applicable legislation and organizational policies. One of the policies you should understand is: Mandatory Vacations.
In my years in the Navy, we often had events that were referred to as mandatory fun. This was often accompanied by the phrase "all leave and liberty will be cancelled until morale improves." This isn't quite the same thing.

Instead, mandatory vacations are designed to ensure that someone gets out of the office for a period of time requiring someone else to perform their job. The goal is to reduce the incidents of fraud or embezzlement.  If an employee knows that someone else will be covering their work for a period, they also know the risk of being discovered is much higher.

Mandatory vacations are frequently required in different banking institutions. Employees are often required to take a vacation of at least five consecutive workdays. 

Good luck in your studies.

Darril Gibson

Wednesday, February 10, 2010

Separation of Duties

When studying for the CompTIA Security+ (SY0-201) exam, you'll come across this objective.
  • 3.1 Identify and apply industry best practices for access control methods.
One of the praactices you should understand is: Separation of Duties.

The Separation of Duties principle ensures that no single person or entity controls all of the functions for a critical process. Instead of a single person or entity having all of the responsibility, the responsibilities are divided between two or more people or entities.

Consider an accounting department. They are responsible for accepting bills, identifying bills that will be paid and then paying them. Separation of Duties is commonly used to separate the functions into two separate divisions.

  • Accounts receivable. This division receives and approves the bills.
  • Accounts payable. This division pays the bills approved by accounts receivable.
If a single person did both functions, the potential for fraud is increased. This person may decide to submit a bogus bill, approve the bill, and pay the bill. The books look valid since an approved bill is paid, but it is still fraud.

The principle of separation of duties is designed to prevent fraud, theft, and errors.

Good luck in your studies.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Saturday, February 6, 2010

VOIP Risks

Voice Over IP (VOIP) is becoming more and more popular. Clients with broadband connections can use VOIP as a phone. You want to talk to your sister but you live in Virginia Beach and she lives in San Francisco. If you both have VOIP, you can do so without any long distance charges.

VOIP can also be used for video teleconferencing. You can lead a presentation to multiple users located in several cities around the world. Again, without the cost of long distance.


All of this sounds good, but VOIP does have some risks. The primary risks related to VOIP are:

  • Eavesdropping. When a VOIP connection is created, attackers can listen in on the phone calls. It’s relatively easy for an attacker on the source network, the destination network, or any connection points in between to eavesdrop on the conversation. It is possible to encrypt VOIP but that isn’t done very often.

  • Vishing. Vishing is similar in concept to phishing but VOIP connections are often used. The victim is tricked into calling a phone number attached to a VOIP account, or a robo-caller dials VOIP numbers until it receives an answer. The victim is informed of fraudulent activity on a credit card, PayPal account or some other banking institution and encouraged to call another phone number to resolve the problem. The other number is an automated system that requests the user’s credentials.
Good luck with your Security+ studies.
Darril Gibson

-- Edited February 11 2010

While working on another project I came across NIST's SP 800-58 which is titled: Security Considerations for Voice Over IP Systems

It lists two  specific disadvantages of VOIP
  • Security.  There are many more ways for intruders to attack a VOIP system than a conventional voice telephone system or PBX.  VOIP is flexible.  However it is much more complex to secure the voice and data sent over VOIP.
  • Startup cost. The initial installation can be complex and expensive for a business.
The SP 800 series of publications from the National Institute of Standards Security and Technology (NIST) is widely respected and considered authoritative.  In other words, this is an excellent source to identify disadvantages of VOIP in addition to the specific security risks mentioned earlier.

- Darril

Thursday, February 4, 2010

Vulnerability Assessments

When studying for the SY0-201 Security+ exam, you may come across the following objective:
4.2 Carry out vulnerability assessments using common tools.

• Vulnerability scanners

Vulnerabiltiy scanners are used to perform vulnerability assessments.  Vulnerabilties are weakenesses.

Vulnerability assessments are performed to determine if systems or networks are vulnerable to any known issues. The goal is to identify weaknesses so that they can be resolved before they are detected and exploited by attackers.

Most vulnerabilities tools including the following features.
  • Can check for weak passwords with a password cracking tool
  • Can check for open ports with port scanner
  • Can check for sensitive data (such as social security numbers or any desired matching pattern) being released on the network, or sent through the firewall
  • Can check for security policy settings 
  • Can check for the deployment of updates
Nessus is one of the popular vulnerability assessment tools in use today but many more exist.

After a vulnerability assessment identifies weaknesses, it's important to plug the holes.  If the deficiencies are not corrected the vulnerabilities remain.

Good luck with your studies.

Darril Gibson
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide