1.1 - 2.8 sec+ tes
Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation?
A cryptanalyst can test for the presence of common factors and derive the whole key much more easily. The TRNG or PRNG module in the cryptographic implementation is critical to its strength.
A security engineer is using several virtual servers accessible from the company network to lure in potential attackers. What has the security engineer created?
A honeynet is a group of honeypots that mimic the functionality of a network. Once the honeynet has been penetrated by the attacker, administrators can observe the actions and gather information on the event.
An attacker compromises a Linux host, installing a web shell as a backdoor. If the attacker gained access to the host through a connection the host established, what type of attack has occurred?
A reverse shell is a common attack vector against a Linux host, where a victim host opens a connection to the attacking host through a maliciously spawned remote command shell.
A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which is being used.
A rootkit is characterized by its ability to hide itself by changing core system files and programming interfaces and to escalate privileges. The gaming company accomplished this.
An attacker finds a way to exploit a vulnerability in a target application that allows the attacker to bypass a password requirement. Which method did the attacker most likely use?
An attacker could exploit the vulnerability with an LDAP injection attack, inserting the (&) operator to return a condition that is always true, dropping the password filter for a name=value pair.
An attacker modifies the HOSTS file to redirect traffic. Consider the types of attacks and deduce which type of attack has likely occurred.
An attacker modifies the HOSTS file to redirect traffic. Consider the types of attacks and deduce which type of attack has likely occurred.
An organization stores data in different geographic locations for redundancy. This data replicates so that it is the same in all locations. Engineers discover that some replicas are lagging with updates. What configuration do the engineers discover as the cause?
Asynchronous replication is not a good choice for a solution that requires data in multiple locations to be consistent. Asynchronous replication writes data to the primary storage first and then copies the data to the replicas at scheduled intervals. The engineers need to look into the schedules.
Evaluate the features and vulnerabilities found in medical devices and then select the accurate statements. (Select all that apply.)
Attackers may attempt to gain access in order to kill or injure patients, or hold medical units ransom. Many portable devices, such as cardiac monitors and insulin pumps, run on unsupported operating systems.
Analyze each scenario and determine which best describes the authentication process in an Identity and Access Management (IAM) system.
Authentication proves that a subject is who or what it claims to be when it attempts to access the resource. A CAC and pin login are examples of authentication.
An organization configures both a warm site and a hot site for disaster preparedness. Doing so poses which difficulties for the organization? (Select all that apply.)
Creating a duplicate of anything doubles the complexity of securing that resource properly. Having multiple sites increases the complexity of the infrastructure.Providing redundancy on a scale that includes multiple locations can be very expensive. Businesses often lease sites from service providers to reduce costs.
A system has a slight misconfiguration which could be exploited. A manufacturing workflow relies on this system. The admin recommends a trial of the proposed settings under which process?
Change management involves careful planning, with consideration for how the change will affect dependent components. For most significant or major changes, organizations should attempt to trial the change first.
A company has many employees that work from home. The employees obtain data and post data to a shared file they access through a link on the Internet. Consider the types of virtualization and conclude which the company is most likely utilizing.
Cloud computing is a service that provides on-demand resources such as server instances, data storage, databases, or applications. The service is typically provided over the Internet.
A systems engineer decides that security mechanisms should differ for various systems in the organization. In some cases, systems will have multiple mechanisms. Which types of diversity does the engineer practice? (Select all that apply.)
Control diversity means that the layers of controls should combine different classes of technical and administrative controls with the range of control functions.Vendor diversity means that security controls are sourced from multiple sources. A vulnerability in solutions from a single vendor approach is a security weakness.
Compare and contrast the modes of operation for block ciphers. Which of the following statements is true?
Counter Mode (CTR) combines each block with a counter value. This allows each block to be processed individually and in parallel, improving performance.
An organization routinely communicates directly to a partner company via a domain name. The domain name now leads to a fraudulent site for all users. Systems administrators find incorrect host records in DNS. What do the administrators believe to be the root cause?
DNS server cache poisoning aims to corrupt the records held by the DNS server itself. A DNS server queries an authoritative server for domain information. An attacker can masquerade as an authoritative name server and respond with fraudulent information.
A business has implemented a series of websites that collect customer information for marketing and sales purposes. The sites are mirrored in a number of countries. What should be considered when implementing data retention for archival purposes?
Data sovereignty describes the sociopolitical outlook of a nation concerning computing technology and information. Some nations may respect data privacy more or less than others. Care needs to be considered when storing such data.
During a training event, an executive at a large company asks the security manager trainer why pushing automatic updates as a patch management solution is not ideal for their Enterprise network. How will the security manager most likely respond?
Enterprise networks need to be cautious about automated deployment, as a patch that is incompatible with an application or workflow can cause availability issues. If multiple applications run update clients on the same host, performance issues may also arise.
One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select all that apply.)
From the choices provided, the two most critical factors to profile for a threat actor are intent and motivation. Greed, curiosity, or grievance may motivate an attacker.
A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs?
Homomorphic encryption is used to share privacy-sensitive data sets. It allows a recipient to perform statistical calculations on data fields, while keeping the data set as a whole encrypted, thus preserving patient privacy.
Evaluate the differences between stream and block ciphers and select the true statement.
In a block cipher, if there is not enough data in the plaintext, it's padded to the correct size. Padding is not an issue with streaming, where each byte or bit of data in the plaintext is encrypted one at a time, but it is problematic in dealing with block size.
When provisioning application services in a network architecture, an engineer uses a microservices approach as a solution. Which description best fits the engineer's implementation?
Microservice-based development uses a philosophy that each program or tool should do one thing well. Each microservice should be capable of developing, testing, and deploying independently, and said to be highly decoupled, rather than just loosely decoupled.
A cybersecurity department received alerts about browser pop-ups on users' computers. After further investigation, the security analysts discovered that websites they visit on the compromised machines redirect them to malicious websites due to modified DNS (Domain Name System) queries. Which of the following most likely infected the computers?
One spyware technique is to spawn browser pop-up windows, as well as modify DNS queries attempting to direct the user to other websites, often of dubious provenance.
A few end-users contacted the cybersecurity department about browser pop-ups on their computer and explained that some websites they visit redirect them to other sites they did not intend to navigate. The security team confirmed the pop-ups and noted modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users' computers?
One spyware technique is to spawn browser pop-up windows, as well as modify DNS queries attempting to direct the user to other websites, often of dubious provenance.
When using a digital envelope to exchange key information, the use of what key agreement mitigates the risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means?
Perfect forward secrecy (PFS) mitigates the risk from RSA key exchange, using Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key.
A systems engineer configures a disk volume with a Redundant Array of Independent Disks (RAID) solution. Which solution does the engineer utilize when allowing for the failure of two disks?
Redundant Array of Independent Disks (RAID) Level 6 has double parity or Level 5 with an additional parity stripe. This allows the volume to continue when two disks have been lost.
A system administrator has received new systems to deploy within a work center. Which of the following should the system administrator implement to ensure proper hardening without impacting functionality? (Select all that apply.)
Remove all third-party software. Disable any network interfaces that are not required. Disable all unused services.
Considering how to mitigate password cracking attacks, how would restricting the number of failed logon attempts be categorized as a vulnerability?
Restricting logons can become a vulnerability by exposing a user to Denial of Service (DoS) attacks. The attacker keeps trying to authenticate, locking out valid users.
An attacker uses a sniffer to gain session cookies a client sends over an unsecured network. What type of attack can the malicious actor now use the session cookies to conduct?
Session hijacking typically means replaying a cookie in some way. Attackers can sniff network traffic to obtain session cookies sent over unsecured networks.
A systems administrator configures several subnets within a virtual private cloud (VPC). The VPC has an Internet gateway attached to it, however, the subnets remain private. What does the administrator do to make the subnets public?
The administrator must configure the Internet gateway as the default route for each public subnet. If the admin does not configure a default route, the subnet remains private, even if the VPC has an Internet gateway attached to it.
An outside security consultant updates a company's network, including data cloud storage solutions. The consultant leaves the manufacturer's default settings when installing network switches, assuming the vendor shipped the switches in a default-secure configuration. Examine the company's network security posture and select the statements that describe key vulnerabilities in this network. (Select all that apply.)
Weaknesses in products or services in a supply chain can impact service availability and performance, or lead to data breaches. Suppliers and vendors in the chain rely on each other to perform due diligence.
When a network uses Extensible Authentication Protocol (EAP) as the authentication method, what access control protocol provides the means for a client to connect from a Virtual Private Network (VPN) gateway?
Where EAP provides the authentication mechanisms, the IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to a VPN gateway.
A user facing a tight deadline at work experiences difficulties logging in to a network workstation, so the user activates a smartphone hotspot and connects a personal laptop to save time. Which of the following vulnerabilities has the user potentially created for the enterprise environment?
Wi-Fi hotspot functionality should typically be disabled when a device is connected to an enterprise network, as it might circumvent security mechanisms, such as data loss prevention or web content filtering policies.
A user's PC is infected with a virus that appears to be a memory resident and loads anytime an external universal serial bus (USB) thumb drive is attached. Examine the following options and determine which describes the infection type.
With a boot virus, code is written to the disk boot sector or the partition table of a fixed disk or USB media. The code executes as a memory resident process when the OS starts.
A developer considers using an API for service integration and automation. If choosing Representational State Transfer (REST) as the API, which features can the developer expect? (Select all that apply.)
he ability to submit a request as an HTTP operation/verb It is a looser architectural framework
Analyze the features of a Full Disk Encryption (FDE) to select the statements that accurately reflect this type of security. (Select all that apply.)
vFDE means that the entire contents of the drive, including system files and folders, are encrypted. The cryptographic operations performed by the OS reduces performance.FDE normally utilizes a Trusted Platform Module (TPM) to secure the storage of the key used to encrypt the drive contents.