|
Home > Archive > Security+ > March 2004 > Privileged accounts are most vulnerable immediately after a:
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Privileged accounts are most vulnerable immediately after a:
|
|
| Lucky13 2004-01-20, 6:35 pm |
| A. Successful remote login.
B. Privileged user is terminated.
C. Default installation is performed.
D. Full system backup is performed.
ANSWER?
My guess is C, but maybe B??
This question is hard... | |
| Freddy 2004-01-20, 8:04 pm |
| After a default installation, theoretically, the server has to be "hardened" before security is in place on that server leaving the server most vulnerable to attack. Any other thoughts? | |
| Supertech 2004-01-20, 8:06 pm |
| Privileged accounts are most vulnerable immediately after a:
C. Default installation is performed. | |
| Lucky13 2004-01-20, 8:17 pm |
| What scares me about this question is the question.... "Privileged accounts are most vulnerable immediately after a"
i'm still digging though my books to find 100% answer. | |
| genocyber 2004-01-20, 9:22 pm |
| My answer would be B. Privileged user is terminated.
After a privileged user is terminated there account should be disabled.
Page 424 in the Sybex security+ book explains this.
I think that this question is in a very grey area and the answer would vary depending on the situation. | |
| RussS 2004-01-21, 12:25 am |
| A. Successful remote login ... No problem there as long as the remote ling is correctly configured - if not the admin needs the sack.
B. Privileged user is terminated ... Immediately on termination the users login rights should be ended - preferably even before they are terminated - therefore no big deal.
C. Default installation is performed ... This is the answer due to default admin having no password and usually policies have not been set - for this reason we do not connect a system to the network until the correct policies have been installed.
D. Full system backup is performed ... No biggie as a full backup restores security settings. | |
|
| C. Default installation is performed ... | |
| smrkdown 2004-01-23, 10:30 pm |
| Default installations of server class OS's such as Solaris or Windows Server 2003 do not allow blank admin or root passwords. Server 2003 even has password complexity requirements enabled by default for Administrator.
I chose B because there is usually nothing more destructive or costly than a disgruntled ex-employee with network access. | |
|
| Forget Win server 2003 as it wasn't out when this exam was developed.
Admin passwords are not the issue here though - What really is the issue here is the default settings, and all of the services that are run as default. | |
| everetjo 2004-01-26, 3:58 pm |
| C makes the most sense. But comptia could have something up their sleeve. | |
| Tarzanboy 2004-01-26, 7:16 pm |
| Since you seemed to be concerned about the terminology used in the question, might I inquire as to the source of the question?
Cheers,
TB | |
| B4yaman3 2004-01-26, 8:48 pm |
| BTW..Lots of talk about this Exam being very poorly worded. So you have to take your time and read the question very carefully. | |
| B4yaman3 2004-01-26, 8:57 pm |
| But if I have to choose and answer I am going with B. Default installations only have 1 priveldge user which is the admin. But when a privilege user is terminated and his rights not being delete he can always VPN or RAS into the server because his righs are still enabled.. | |
| genocyber 2004-01-26, 10:11 pm |
| I still standby my answer. You need to ask yourself, What is comptia testing me on? I think that this question is testing you on security policies and procedures and in general termination policies.
When a system is built it is a clean install. Therefore if anything happens you can just reinstall everything. If a system has been carefully setup and if an administrator is terminated then they can do the most damage as more information can be lost or compromised. | |
| Lucky13 2004-01-27, 6:49 am |
| default installs are ripe with holes/poor passwords
and it doesn't say this terminated "privleged" user was bad.
best answer... default | |
| Luchnia 2004-01-27, 8:15 am |
| Depending on the exact wording of the question it is up between two possible answers and both are correct. We know the successful remote login and full system backup can be tossed for now due to the general concept.
I think the key to this question is "account(s)" plural and not "account" singular. B is a privileged USER. In theory a terminated user is a PRIME security risk. A terminated USER is an ACCOUNT and not ACCOUNTS. They can reak major havock on a network, but in this case we are looking at privileged accounts-multiple accounts. When do you have multiple accounts at risk and what are privileged accounts-Administrators, Enterprise Admins, Power Users, etc., or higher level company accounts? However, it still remains this could be primarily dealing with a user that is fired and wants to strike back at the company.
C seems to hit the closest. Usually after a default installation there are accounts that should be removed, renamed, and often there are generic passwords that site analyst use. Now if they decide to go get coffee and a donut the network can be comprimised. Although, a company default installation should have already taken care of this?
If this is a CompTIA question, this could be argued somewhat and both sides could win the issue because both b and c are security risk. B does not state user's account was disabled properly. I have found accounts still working after over two weeks that someone was terminated! I would probably choose C because of the word "accounts."
A. Successful remote login.
B. Privileged user is terminated.
C. Default installation is performed.
D. Full system backup is performed.
Why do they use such poorly worded answers? This could have been avoided by the answers being worded better.
A Successful remote login (this could mean a ton of things!)
If B stated: Privileged user is terminated and all account access and privileges disabled or discarded as per company policy.
If C stated: Default installation was performed but policies have not been set up.
If D stated: Successful full system backup is performed by fully authorized agent.
I have really grown to hate poor test questions! In this case a few words can be changed and change which answer is right.
Personally I think B is the greatest security danger and probably more correct because I have seen this become security risk. Default installs IF handled correctly really don't pose much of a security risk.
Peace  | |
|
| Work with me here guys. You may see questions of this type that are poorly worded on the exam. I ought to know. Its questions like this that will get you. I would go with C. | |
| RussS 2004-01-27, 12:46 pm |
| Good analysis Luchnia
I was waiting for someone to bring up that exact thing. The (s) is the part of this question that will trip one up every time. | |
| B4yaman3 2004-01-27, 2:47 pm |
| Thinking about it.. I am going with C..Because they are saying is that the default password is something easy to get.
Accounts in general. NT/Windows is only one account.
SQL admin, SMS admin, Lotus Notes Admin.
It's not just one OS. | |
| GeekDogMo 2004-02-23, 3:21 pm |
| Like Bill Cosby always said. The Proof is in the pudding, or was it someone else who said it?
Anywho.. Lets look at the question shall we?
Privileged accounts are most vulnerable immediately after a: 1st the "Kew word #1" Priveliaged account.
2nd Key phrase, Immediatly AFTER:
The choice is a obvious one. It's B. I have seen several references also where they speak about deleting accounts upon termination of employment. | |
| B4yaman3 2004-02-25, 8:45 am |
| GeekDogMo you have it wrong. If a Privileged account is terminated how can it be of any danger..All it's rights is removed what can he do..??? | |
| Tarzanboy 2004-02-25, 11:38 am |
| He's saying that it is incredibly rare that HR and IT/IS are on the same page, with accounts often either prematurely nixed (something undesireable) or delays often counted in days or weeks before account termination.
Cheers,
TB | |
| GeekDogMo 2004-02-25, 12:54 pm |
| BF your scaring me. I don't think your reading THE QUESTION.
Priveliaged Accounts are most VULNERABLE TO....
The question does NOT say, PRIVELIAGED ACCOUNT IS TERMINATED......
HR Fires a Super Admin with all the GOODY PRIVELIAGES...
Same day he goes home, That network is at his mercey, WHY because A default WINDOWS instalation or unix with root admin capabilities is NOT the only thing on networks.
What about NETWORK DEVICES such as Routers, Manages Switches which he ALSO has admin rights too.
I am not Sec+ but it is rather OBVIOUS the choice is b.
I have 9 years in the field which is cake walk compared to TCAT and the other gods who come here as well. But I do have the experience to easily pick B as the right answer.
After a privileged user is terminated there account should be disabled. | |
| GeekDogMo 2004-02-25, 12:57 pm |
| I'm starting to see that alot of the people here are Paper Certs, What good is a Cert if you don't have your own knowledge to back it up.
And I also do notice alot of the guys here are also very knowledgable. It's just sad when I see all these certs next to their names and they can't hold thier own.
Besides the Money issue, it is a good reason why jobs are being shifted overseas. | |
| madfacker 2004-02-29, 6:16 am |
| GeekDogMo,
First let me state that you are an XXX and obviously a retard for you last two posts.
Further, the best answer to this question would with out a doubt be C. Answer C specifically states "default installation". Default is bad, bad, and bad in every way. The word default is absoultely the key. Without this word, then you could continue to argue.
You can 't assume that the scenerio in answer B is the most vulnerable be cause it dosen't mention wether or not the account have been locked/disable. In fact, you could safely assume that B is less vulnerable because the account of the priviledged user would surely have been disabled. Because that is what we would all do, right.
Anyway, it's like you said you're not Sec+ certified.
LOLOLOLOLOLOLOLOLOLOLOL you paper certed retard. | |
| GeekDogMo 2004-02-29, 12:02 pm |
| Working on CCNP? Retard? How many years do you have in the field? Do you have the certifications and no experience? It seems that way. This question is clearly for people who understand ENGLISH.
If you don't understand the English Language and the methodology behind COMPTias testing then don't take the test.
The answer is b.
By the way as for the paper cert. What's your email so I can show you my resume.
I worked at United Nations for 1 Year, successfully did 2 terms with security clearance before 9/11. You want to verify, Please do. I've worked for 2 years at AOL Time-Warner as a Network Engineer, and now I am the Security Analyst for McKesson corp where I manage 11 hospitals.
I don't come here to have a pissing contest, but don't try to be at your level until you have a resume like mine.
FYI I am Sec+ and studying for my CISSP.
Get your experience young buck, then address me again. | |
| B4yaman3 2004-02-29, 1:00 pm |
| I just spoke to someone who's being a security admin for years..more than you GeekDogMo plus and MCT and he said the answer is C.
I am taking the exam soon and I will tell you the story.. | |
| GeekDogMo 2004-02-29, 1:14 pm |
| Who ever says C is just not Thinking,
OFCOURSE a default instillations are vulnerable, everyone knows this, It's common knowlege, not rocket science.
But the questions is asking IMMEDITALY AFTER.
Do you see that in the question? If so, then you KNOW B would best fit the question.
It is not asking WHAT is the most vulnerable. It is asking IMMEDIATLY AFTER.
That is the KEY word you dont even need to be a security expert friends. YOu just need to understand the question.
Further more in the Sybex book it even REFERS to this question. I WISH i had here to i can show u guys the page. | |
|
| Working in IT for 15+ years in the financial industry with much of it in security.
Better go with C.
Regards, | |
| GeekDogMo 2004-02-29, 1:17 pm |
| Give your explanation why. But I'll tell u what, WHO cares its one question. When i took the exam, I never even got this question. Is it really worth the fuss?
Ask mr tcat. | |
|
| Before passing judgment on the The "B" verses "C" question, I want to grab an important quotation from this thread.
"OFCOURSE a default instillations are vulnerable, everyone knows this, It's common knowlege, not rocket science."
This is an important point, when considering a CompTIA test. Typically, that is Exactly what the test is looking for. Do you have common knowledage?
In other words, do you understand the CompTIA mantra for security+: "test patches before installing on a production environment. Patch Early, Patch often." In that order.
While I will agree, this is common knowledge... just look at the headlines... (pick any given month). I am sorry to say is not a common enough of a practice.
So while I am very unhappy at the poor grammar of SY0-101, if you read between the lines, The answer is C.
Until we collectively get our poop in a scoop, and become religious about quickly applying tested patches, this will remain a valid question on Security+. | |
| GeekDogMo 2004-02-29, 2:30 pm |
| Said by the Master himself. I must admit I stand corrected. The battle between Poor wording VS Common knowlegge and experience, we must face while taking these COMPTia Exams.
I've taken many cisco exams, wordy microsoft exams, Wireless Security exams, and I must say, Comptia's methedology is a big turn off.
Perhaps that's why this cert is not well respected. I also would like to mention people heading towards the security field should at LEAST prepare for the CCNA Exam. Where else can you stretch the knowledge of TCP/IP and all that other good stuff.
A+ to N+ maybe, but a+ to n+ to s+? I don't think so. The Network + examn does not cover half of the half of everything you need to learn about networking concepts and tcp/ip before jumping in to security.
And that is purely said in my own humble opinion. | |
|
| GeekDogMo...
You bring up a really interesting point. I have been a CompTIA watchdog since the ABCD days (A Better Computer Dealer).
IMO, CompTIA is under going radical sugery. I had my suspicions before. A+ 301/302 (2003 objectives) removed all doubt.
I am not passing judgement, one way or another.
I am stating observed facts.
The concept of "entry level" and CompTIA has gone out with the 80386 CPU. They may still call it "entry level", and the bar, either through design or accident, is becoming much higher.
Has anyone noticed that with that change, other firms are accepting CompTIA in their programs? Not just MS and Novell, but now even the health care industry?
As long as we have discussion forums we can decode the vague wording on test questions now written by good geeks who are not experienced test writers.  | |
| GeekDogMo 2004-02-29, 3:07 pm |
| Coming from the Health Care Sector I will tell you this, and it is the same for all the other companies I have worked for.
The ONLY NOTABLE Comptia Certification is the A+ THAT's IT. When you think of COMPTia you think of PC TECH nothing more.
WHY take the Sec+ you might ask? Very simple. I believe Sec+ is only a stepping stone for the real Security + exams. If you are able to PASS the Sec+ exam then you are prepared to begin PREparing for the CISSP.
If you will consider this.
Say You want to become a CCNP or CCIE. Before one goes that route you have to pass the CCNA. By the end of the course of your studies for the CCNA YOU'LL KNOW whether or not CISCO is for you, whether or not you have what it takes to succeed in that field of it.
My point is that the same goes for Sec+. I'ts almost embarrasing to tell others your studying for the this exam. I don't even have that in my resume. I actually think it hurts you. I certainly don't respect it. WHY?
The common script kiddie knows half of the material for this exam with out knowing.
The script kiddie knows, MITM attacks, DDOS attacks, Viruses, Knows about Port scanning and default admin accounts like ROOT and Administrator, rootkits and all the other good stuff.
A CCNA is much more respected in my eyes. When there is a new higherEE at my job and I know he's a CCNA, I'm already aware he knows how to trouble shoot JUST by using the OSI MODEL, He KNOWS the osi model layer by layer. Why is that important? It is when u need to know what is the difference between Proxy firewall and a Statefull inspection. You know this because it is KNOWLEDGE not because your reading some TECH book that just skims the topic with just enough info for you to pass the test. I'll stop here cause I'll never stop if I don't lol.
And btw, It is a great honor to even share this thread with you Mr. Tcat. | |
|
| If I seem to understand things, it is because I stand on the shoulders of giants. (and I'm an old fart ;-)
I do *not* FULLY grok HIPPA (right spelling?)
I know that "they" are accepting Security+ towards the HIPPA security cert... Can you enlighten me and the other here on what HIPPA really means to us mere non-medical mortals (beyond stand behind the line at the pharmacy so we cannot hear what the patient is being told about possible side effects of taking X medication).
I get the impact of HIPPA is BIG. I don't fully understand the ramifcations to US in the IT world.
Seems to me, you would have a unique and powerful insight, given you have a foot on each world. (That has always been my 'leg up ' in my career). | |
| GeekDogMo 2004-02-29, 3:45 pm |
| HIPAA SHMIPAA, Hospital will ONLY take them seriously if and when a Violation occurrs. Perhaps a breach in Private Patient information or just a hospital being hacked.
You see hospitals implementing 802.11x standards with out even the simplest of WEP encryptions. Machines not being patched accordingly, and my PERSONAL favorite, ROUTERS with thier DEFAULT MANUFACTURERS PASSWORDS.
So you asked Where does Sec+ stand with HIPAA? Hipaa just announced some form of paternership with comptia stating if they pass the sec+ exam one of thier exams is waived. I believe it is somewhere along those lines. HIPAA in a nutshell is just PRIVACY INFORMATION. Lock your machines when a nurse is not using it (yea right, Picture a BUSY nurse locking and unlocking her workstation), Use encryption methods when using outsourced medical billing companies, the use of strong passwords. I have seen, password as the password and the client use the acount name as the password also. I believe it is 100% ALL ABOUT MARKETING when it comes to that partnership.
Now in the eyes of employers, I bet my CIO has no clue who COMPtia is nevertheless Security +. Employers cut cost EVERYWHERE they dont give a rats but about Certs, they just want to fill the position. The LESS YOU KNOW the LESS they will pay you, NOW THATS great news for the CIO. CISSP there are more CISSPs now than positions to be filled. Everyone is jumping on the security bandwagon. First A+, then Microsoft, Then CISCO, now its security.
We have to start picking specialties, like CITRIX (excellent cert to have), Lotus Notes (pays big bucks) My buddies in aol and UN made over 120k just doing Notes, You have exchange. There really should be some Committee out there governing who can take what cert, if there are TOO many MCSEs then lets move on to something else. We need to balance our certifications.
And what ReALLY kills me is this.
I just took the Security+ exam and now they think they are Security Professionals, and no longer feel the NEED to read up on the Newer security standards, practices, policies and procedures.
Your bored? Read the Frame Relay White Paper, Read the standards themselves rather than getting book definitions on PPP. I read in one of these posts a user asked how many processes are there in the SSL handshake. DON'T KNOW? Know problem READ the STANDARD itself til you understand it, The proof is in the pudding. There is ALWAYS more to learn.
A man I respect (Besides TCAT) is steve from GRC.com. He has a PASSION for technology. It's people like him and TCAT who not only study when the time comes for studying but also adds to the table. Writes white papers for others to read, and does it because he is a GEEK and enjoys it. I will say, I am the ONLY one on staff of 72 IT personell that has this state of mind. Everyone else just goes about thier day with out the desire to learn more. | |
|
| 1st, Thanks for the HIPPA insight. It looked to me like typical Govt. "answers" to an issue. Imperfect addressing, heavy on bloat, light on reality. ( So we are all clear on my opinion of the "other Washington --- as in DC) 11 sq. mile of real estate, surrounded by reality.
Also I appreciate your insiders' information that many managers lead by the Dilbert Playbook, even in the medical industry.
You are quite correct about Steve. While not everyone agrees with his style, no one can argue his passion. I have been a follower of his since he wrote in BYTE magazine so many decades ago. Don't forget Bob Metcafe. To me they we're the dynamic duo championing the case to get computing out of the "glass house".
It is passion that is the fuel when you must be going through log files, after already working 11 hrs. | |
| GeekDogMo 2004-03-01, 11:00 am |
| TCAT I'm sure you appreciate good reads since your responsible for writting some yourself. Have you ever checked out the book Troubleshooting Campus Networks?
I believe this book IS A MUST READ for anyone doing security, or networking just in general. I am also buddies with Joe the Co-Author of the book, and have Chatted with Precilla from Cisco, the Author...
Are there any good reads you recomend? | |
|
| I do not OWN the book, but did go through it at the physical location of http://www.nerdbooks.com (I visit there 3-4 times a year and spend a day or two). The book is excellent. Hits things I have talked about in instructor-led classes...
Too many authors don't have enterprise experience... (I got a lot of hard lessions when IBM was paying me)...
Good books. Jezz... If you could narrow the topic range a little... Currently, superglued to my hands is "Security Warrior" from O Reilly. It is a Security book, and it is from a Code persective. (Don't tell anyone I grok code or I'll have to kill you ;-) My life is too hectic already to offically add development questions to my life ;-)
The Art of Deception from Kevin is a MUST READ for EVERYONE. A movie about social engineering is "Catch Me If You Can" about Frank's life. I have never met a person with more balls in my life. Makes Bill G. look like a wimp.
Social Engineering only makes up 1 or 2 questions on SY0-101. At least they touch it. In the real world, the hole is so big you could drive a freight train through it. | |
| GeekDogMo 2004-03-01, 11:43 am |
| Yes from a Security Analyst standpoing it is a VERY SCARY BOOK. You can have the most SECURE NETWORK in the world but 1 simple Conversation from an UN-suspicious employee can offer a ton of information.
I used to say when i was a pc tech eons ago, your machine is as your SLOWEST COMPONENT.
Same goes for Security, You are secure as your weakest Link. You can have VLANs, Encryption, but with 1 conversation your network can be 0wn3d.
Catch me if you can is an excellent social engineering movie. So is hackers 2 I happen to love that movie. | |
|
| I haven't watched Hackers 2... will put it on the wish list. Amazing that we can find "down-time" and still learn if we are open to alternative learning. Thank you for the suggestion.
It appears that "on the horizon" 802.11 A-Z standards will close the ethernet jack in the parking lot syndrome and our #1 issue will still become End-User education.
A couple years ago I did security+ as a training video... (too bad it was for a unscrupulous firm) I had an old friend who is an attractive woman and psychologist join me for the production.
We did a real life example on the shoot of social engineering. It was the PBX stuff... She was delivering the intro to social engineering and PBX. I came in from off-camera and ask for the telecom manager by name. she asks my name, I mumble "Beelzebub". When she offers to call the telecom manager I start nervously shifting my weight on my feet and explain: "that's OK he is waiting for me. Just point me in the right direction and I'll get to them. I have to get this fixed before your phone system dies."
Even the O'Reilly Code Warriors book takes on social engineering in Chapter 7.
the Monday morning articles in the business sections of the newspapers I have read today suggests that tech is back as a "shortage" industry. However, what firms are looking for is a geek who can communicate on a social level with some understanding of business. In other words, a well rounded person.
This does not mean I think everyone should get their CTT+... Everyone should however learn some communication skills, and diplomacy. These are soft skills that are tested in CTT+, brought over from the original CTT tests.
Tcat -- An old CTT. | |
| GeekDogMo 2004-03-01, 12:20 pm |
| As I'm reading your post I just came to a realization. You know about social engineering, I know, Everyone here knows, but what good is that? By the time our word gets heard to the hire ups (CIOs,Management, etc) We could have been compromised by an Social Engineer many times over.
I think before we speak on educating USERS, which will NEVER happen. We need to Educate Management on the IMPORTANCE of social engineering. Articles on management magazines, management forums, THERE is where we should educate them.
If we dont, It will be very difficult to get on the ball with educating the USERS. Management needs to rekon the IMPORTANCE of training users the HIGH RISK these artist pose. A successfull enginering attack is the same as leaving the data center door wide open with cookies and milk waiting for them inside. | |
|
| Quite accurate. We have work to do. I am a big fan of Ken's IP3Seminars.com on the matter. He has enough of a CFO background to show that addressing Social Engineering issues (along with Tech issues) has a Positive ROI from the CFO standpoint. Not to neglect the fact that not many want 3 squares a day and orange clothing from the Iron Bar Motel. Add Ken to my 'must watch and listen to' group. | |
| GeekDogMo 2004-03-01, 1:57 pm |
| I will somehow forward that to the HIGHER UPS... Thanks for the insight. | |
|
| grrrr - don't talk about Social Engineering and Sec+ in the same breath ... lol
Some of the worst worded questions on the exam are those in this particular area  | |
| Luchnia 2004-03-01, 4:18 pm |
| I cannot help but ask this question. When we set forth to take an exam like Sec+, are we even going to be thinking "common knowledge" in our heads when we are asked questions like the one in this thread? I mean really? Exactly WHAT defines one's common knowledge of the subject? Is it the defined objectives? Is it the environment the test is aimed at? You see the dilemma?
Let us face it, if we have a decent knowledge of the English language we indeed know at least TWO of the answers are correct and this can be proved with clarification from both sides with "common" knowledge! This poses a serious problem for CompTIA's test questions. Even one with a somewhat elementary grammar will have trouble with these types of questions.
Maybe my biggest problem is that I tend to OVERTHINK things and end up ripping the questions apart, but I have found that I have to do that in order to pass the stupid test. When all is said and done, I am no smarter for security, but much more "test question saavy," if you know what I mean.
Why are test designed to make you test smarter, but subject matter dumber? Oh well, one can only imagine what is in the future of test. Just think, "common" knowledge they say! Maybe, just maybe, there should be some "marginal" or "grey" areas that CompTIA should consider for various question? Any thoughts here?
Don't get me wrong, I think CompTIA's questions are decent and in some ways ahead of the MS slob of questions. When I take an MS test, I feel I am setting up for a two day reading and either real estate or insurance workshop.
I say BUNK to the way these questions are set up! There HAS to be a better way! I just wish we knew what that better way is! |
|
|
|
|