CompTIA Security+ Hot Items

Hot Items for CompTIA Security+

August 7, 2015

New Simulations/Exhibits

Device Defenses: A simulation wherein you must look at a diagram with user workstations, routers, switches and other items.  Then, you have a list of defense-related items: AV, 802.1x, ACLs, rules.  You must place all of them on the appropriate items.  Fairly do-able.  It is much like the placement of physical defenses already in the quiz system.

Cisco-style NAT: The test taker is presented with a diagram showing inside machines, FW/NAT device and the outside, including specific destination IPs.  You have to select the correct NAT configurations  and addresses using Cisco terms, like Inside-local, Outside-local and Outside-global.  You have to know Cisco-style terminology.

All these items are being represented in the quiz as exhibits.  NAT will be in Domain 1 and Device Defenses are in Domain 4.

 

July 8, 2015

New Simulations/Exhibits

RAID: A very bad simulation has been added that can only be 1/2 done correctly.  It is RAID.  You are presented with a diagram showing 4 devices with up to 4 slots a piece wherein you may add disks.  The type of disk is either: Stripe or Mirror.  Each of the devices is labeled as RAID 0, RAID 1, RAID 5 or RAID 6. You must then drag the appropriate number and types of disks to each device.  E.g.: RAID 0 gets 2 stripes, RAID 1, gets 2 Mirror.  How about RAID 5?

RAID does not mirror; it uses parity.  But, of course, there is no disk type parity; mirror is as close as it gets.  So, you would add 2 stripe disks and one mirror. And so on for RAID 6, too.  But it gets worse.

There are 4 types of computers in a list near the head of the diagram.  Something like: Authentication server, database server, workstation and Domain controller.You are supposed to drag each one to the correct RAID.  Well, OK. Maybe A PC can be RAID 0 as it might not be so critical, but without knowing the operating characteristics of these imaged computers and their importance, it is impossible to choose between RAID 1, 5 and 6.  Our advice, drag anything to anywhere, so you will likely get one or so right and move on.  The disk type selections will still earn you a fair number of points and it is do-able.

 

New Simulations/Exhibits

Forensics/Logs: Another poor exhibit has been added.  The test-taken is challenged to look at logs from: IDS, Web server, PC and a database.  You can see in the IDS and WWW logs that there is likely OS command injection going on against WWW, causing it to SCP some files off to the attacker. Nothing wild seems to show on the PC or DB.

So, identify the attacker, the victim and maybe something else. But, then you have to choose the correct forensic steps to use on each system.  The options are something like: image the machine, digital signature, re-image the machine. As far as I can see, you want to collect the IDS logs and digitally sign them, but that is not an option. You can only digitally sign the whole machine.  Much the same is true of the victim.  The victim had stuff stolen but was not altered.  So, you likely want to image it, digitally sign.

Just figuring out the victim and attacker is worth some points.  Good luck with the specific forensic steps.  Move on and start racking up points with other questions.