A.3.1 Security+ SY0-701 Domain 1: General Security

What is the primary use of the RACE Integrity Primitives Evaluation Message Digest (RIPEMD)?

It is primarily used in Bitcoin and other cryptocurrencies. RIPEMD, specifically the RIPEMD-160 variant, is used in the creation of Bitcoin wallet addresses. It is part of the process that converts a user's public key into a Bitcoin address. RIPEMD is a cryptographic hash function, not a compression algorithm. It is used to ensure data integrity and authenticity, not to reduce the size of data files. While cryptographic hash functions can be used in the creation of digital watermarks, this is not the primary use of RIPEMD. Digital watermarking typically involves embedding information into a digital signal, which is not the function of RIPEMD. While cryptographic hash functions are used in various aspects of email encryption, RIPEMD is not specifically designed or primarily used for this purpose. Other protocols and algorithms, such as RSA and AES, are more commonly used for email encryption.

A major technology company plans to renovate its headquarters, emphasizing both physical and digital security. The head of the security department is looking to enhance the building's main entry points and contemplates integrating advanced gateways with innovative locking mechanisms. In relation to securing a major technology company's main entry points, which approaches will BEST harness the potential of gateways and locks to ensure optimal security? (Select two.)

Network gateways that evaluate incoming traffic for potentially harmful activity effectively act as an organization's first line of digital defense, thereby safeguarding the company's internal network resources. Biometric locks enhance physical security by leveraging unique physiological traits, such as fingerprints or retina scans, thus reducing the likelihood of unauthorized access.

Which of the following BEST describes compensating controls?

Partial control solution that is implemented when a control cannot fully meet a requirement. Compensating controls are a partial control solution that is implemented when a control cannot fully meet a requirement.

When setting up a new server room for sensitive data storage, a tech company seeks to enhance preventive measures against unauthorized access. Which measure would be MOST effective for this purpose?

Physical Security Physical security is the first line of defense against unauthorized access to a server room. Physical security can include locked doors, access control systems, and security guards.

Which technology is primarily used by smart cards to store digital signatures, cryptography keys, and identification codes?

Public Key Infrastructure (PKI) is the technology primarily used by smart cards. It allows for the storage of digital signatures, cryptography keys, and identification codes, providing secure and encrypted communication.

You are a cybersecurity analyst at a large corporation. The company has recently received a series of suspicious emails containing encrypted messages. You suspect that the messages are using a combination of substitution and transposition algorithms for encryption. The most recent message reads: "HLOOLELWRD". Which of the following steps would you take to decrypt this message?

Rearrange the letters in blocks of two Rearrange the letters in blocks of two is the correct answer. The message appears to be encrypted using a simple columnar transposition cipher, where letters are written in columns and then concatenated in rows. Rearranging the letters in blocks of two (i.e., treating "HL", "OO", "LE", "LW", "RD" as separate blocks) would result in the plaintext message "HELLO WORLD".

Change management is not just for implementing software updates or hardware changes. For example, version control refers to capturing changes made to important documents a company needs. What are some documents that would utilize version control? (Select three.)

- Capturing implemented changes in code is important as it will allow for a quick reversion to a known good state of the code if a change causes problems. - Capturing changes within diagrams ensures only the most recent diagrams will be available while archiving the previous documents, but still having them available for reference. - Important data will vary from company to company, but tracking changes will allow references for only the most recent data and avoid confusion.

Which type(s) of key(s) are used in symmetric cryptography?

A shared key Symmetric cryptography uses a shared key. Both communication partners must be in possession of the same key in order to exchanged encrypted data. Asymmetric cryptography uses a unique key pair for each participant. This key pair consists of a public key and a private key.

The Active Directory structure includes the following components:

A tree is a group of related domains that share the same contiguous DNS namespace. A forest is a collection of related domain trees. A domain is an administratively defined collection of network resources that share security policies and a common directory database. An organizational unit (OU) is like a folder. An OU subdivides and organizes network resources within a domain. An object is a network resource as identified within Active Directory.

A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize?

An access control vestibule is a two-door system where the first door must close before the second opens, effectively controlling and managing access to the building.

What do application control solutions use to identify specific applications?

Application signatures Application control implementations use application signatures to identify specific applications.

Computer Incident Response Team

CIRT

Which of the following is a mechanism for granting and validating certificates?

Certificates are obtained from a public key infrastructure (PKI). A PKI is a system that allows a trusted third party to vouch for user identities. A PKI is made up of certificate authorities (CAs), while a CA is an entity trusted to issue, store, and revoke certificates. Both RADIUS and TACACS+ are protocols used for centralized AAA with remote access. Kerberos is an authentication and authorization program that uses tickets.

Hashing algorithms are used to perform which of the following activities?

Creating a message digest. Hashing algorithms are used to create a message digest to ensure that data integrity is maintained. A sender creates a message digest by performing the hash function on the data files that are transmitted. The receiver performs the same action on the data received and compares the two message digests. If they are the same, the data was not altered. Symmetric algorithms are used to encrypt bulk data for communications exchange. Asymmetric algorithms provide a means for exchanging small amounts of data securely over a public network. Both symmetric and asymmetric algorithms provide non-repudiation.

Data Plane

Handles data traffic

A recently breached company tasks the cyber team to further restrict end-user permissions. What describes the use of an application allow list?

It enforces policies in computer systems and networks. An allow list (or approved list) will deny an execution unless it is a process that the organization explicitly authorizes.

A company's IT department has received a request from an employee who is currently working from home. The employee is unable to access the company's internal resources from their home network. As an IT professional, which type of Windows authentication would you recommend to resolve this issue?

Remote sign-in is the correct answer. Use remote sign-in when the user's device is not directly connected to the local network. Authentication can take place over a virtual private network (VPN), enterprise Wi-Fi, or web portal. These use protocols to create a secure connection between the client machine, the remote access device, and the authentication server. This would allow the employee to access the company's internal resources from their home network.

In the context of the NIST Cybersecurity Framework, which function involves identifying, analyzing, containing, and eradicating threats to systems and data security?

Respond is the correct answer. The Respond function involves taking action regarding a detected cybersecurity incident. The goal is to contain the impact of a potential cybersecurity event

Which of the following types of encryption is specifically designed to be used on Internet of Things (IoT) devices?

Lightweight cryptography In 2018, NIST began the process to standardize encryption algorithms called lightweight cryptography. Lightweight cryptography is meant to be used on Internet of Things (IoT) devices. Many symmetric encryption algorithms use the block cipher method. Instead of encrypting our data one bit at a time, a block cipher encrypts the data one chunk at a time. A stream cipher is a symmetric encryption method that encrypts data one bit at a time. The stream cipher is based on the one-time pad (OTP) concept, which was used extensively during World War 2.

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?

Mary's private key Mary should use her private key to create the digital signature. This proves that only Mary could have sent the message because only Mary has access to her private key. Sam would use Mary's public key to verify the digital signature. Use Sam's public key to encrypt a message that only Sam should be able to read. Only the corresponding private key, which only Sam has, can be used to decrypt the message. Mary cannot use Sam's private key because only Sam has that key. Anything encrypted with the private key can be decrypted by anyone with the public key. Encrypting the message with Mary's public key would mean that only Mary would be able to decrypt it using her private key. But she could not prove where the message came from because anyone has access to Mary's public key.

Which of the following are true concerning the one-time pad (OTP) concept on which a streaming cipher is based? (Select two.)

OTP demonstrates what is called perfect secrecy. OTP uses a symmetric encryption key that is the same length as the data being encrypted. The following is true concerning the OTP concept: OTP uses a symmetric encryption key that is the same length as the data being encrypted. OTP demonstrates what is called perfect secrecy. The encryption key is used to encrypt the data using a process called XORing. OTP only provides perfect secrecy if the secret key is only used once. OTP works well when dealing with small messages, but it becomes impractical when dealing with large data due to the keys being so extensive.

You have placed a File Transfer Protocol (FTP) server in your DMZ behind your firewall. The FTP server will distribute software updates and demonstration versions of your products. However, users report that they are unable to access the FTP server. What should you do to enable access?

Open ports 20 and 21 for outbound connections.

Which of the following algorithms are used in asymmetric encryption? (Select two.)

RSA and Diffie-Hellman are asymmetric algorithms. RSA, one of the earliest encryption algorithms, can also be used for digital signatures. The Diffie-Hellman Protocol was created in 1976 but is still in use today in technologies such as SSL, SSH, and IPsec. AES is the most the most commonly-used symmetric (not asymmetric) cipher. Twofish is a symmetric encryption algorithm that uses a single key to both encrypt and decrypt data and information. Blowfish is a variable-length, symmetric, 64-bit block cipher.

The department has requested a Subject Alternative Name (SAN) certificate to cover multiple domains. However, you notice that one of the domains listed in the CSR is not owned by your organization.

Reject the CSR and ask the department to submit a new one without the unowned domain. This ensures that the issued certificate only covers domains owned by your organization.

Listen to exam instructions Which of the following file transfer protocols uses SSH to provide confidentiality during the transfer? (Select two.)

SFTP SCP Secure Copy Protocol (SCP) and SSH File Transfer Protocol (SFTP) both use SSH to provide confidentiality. FTPS and HTTPS both use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to provide confidentiality. File Transfer Protocol (FTP) is an older TCP/IP protocol that's used for transferring files across systems.

Certificates can be invalidated by the trusted third party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?

CRL The CRL (certificate revocation list) is the mechanism that is used to distribute information about invalid certificates. Each time an application receives a certificate, that application checks the CRL from the certificate authority (CA) that issued the certificate. If the certificate is not on the CRL and its timestamp is still valid, the user is prompted whether or not to accept the certificate.

An organization changes its security posture after a breach and wants to enhance encryption by putting meaures in place to mitigate risk exposures that cannot be directly eliminated by the cyber security team. What type of control is being observed in this situation?

Compensating controls refer to measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible, such as additional monitoring or enhanced encryption.

After encountering a cyber attack, an organization uses a monitoring solution that automatically restarts services after it has detected the system has crashed. What type of functional security control is the company implementing?

Corrective control actively responds to an incident, fixes it, and prevents it from happening again. Antivirus software exemplifies a corrective control.

A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage. What category of security control BEST describes the function of this recent implementation?

Corrective controls eliminate or reduce the impact of a security policy violation. A corrective control occurs after an attack. For this scenario, segregating server space access from common access would be corrective.

There are several block cipher modes of operation that can be utilized depending on the application or use. Which of the following block cipher modes of operation uses a nonce combined with a counter that is encrypted?

Counter Mode (CTR) Instead of using an initialization vector, CTR uses a nonce combined with a counter that is encrypted. A nonce is a random string that is used for all blocks during the encryption process. The encrypted output of the nonce and counter is then XORed with the plaintext to create the ciphertext.

Which of the following encryption mechanisms offers the least security because of weak keys?

DES DES offers the least encryption security of all the cryptography systems in this list. DES has a limitation of 56-bit keys, the weakest of those listed here. The strength of a cryptosystem lies not only in long keys but in the algorithm, initialization vector or method, the proper use of the keyspace, and the protection and management of keys. AES (128-, 192-, and 256-bit keys) TwoFish (up to 256-bit keys) IDEA (128-bit keys) All support stronger keys than DES.

Which of the following algorithms are used in symmetric encryption? (Select two.)

DES Blowfish DES and Blowfish are symmetric encryption algorithms. RSA, Diffie-Hellman, and ECC are asymmetric encryption algorithms.

Which of the following are attributes of a certificate revocation list (CRL)? (Select two.)

Distribution point(s) Publish period The following are attributes of a certificate revocation list (CRL): Publish period - This is the date and time on which the CRL is published. Most CAs are set up to publish the CRL automatically. Distribution point(s) - These are the location(s) to which the CRL is published.

Listen to exam instructions You are creating a website for a financial investment company customers and are using a cryptography method that secures connections and data transmissions by generating smaller keys that are more secure than most other methods. Which of the following cryptography methods are you using?

Elliptic Curve Cryptography (ECC) You are using Elliptic Curve Cryptography (ECC). ECC is one of the newer methods being implemented. It is able to generate smaller keys that are more secure than most other methods. Many websites today use ECC to secure connections and data transmissions.

Combining encryption with steganography involves several steps.

Encrypt plaintext with a private key to generate ciphertext. The ciphertext is hidden inside of a media file, such as an image, using steganography. The recipient extracts the ciphertext and decrypts it using the matching public key. Because the ciphertext is hidden in the image file, someone intercepting the message would have to know its there before being able to decrypt it.

Which of the following statements about ephemeral keys is true?

Ephemeral keys are temporary and used for a single session only. Ephemeral keys are temporary keys used for a single session only. They are generated for each session and discarded after use, which provides an additional layer of security and perfect secrecy. Ephemeral keys are not long-term keys; they are temporary and used for a single session only. Ephemeral keys are used to provide both integrity and confidentiality. They ensure that the session's encryption key cannot be discovered even if the long-term private key is compromised. Ephemeral keys can be used in both symmetric and asymmetric encryption. In asymmetric encryption, they are often used in combination with long-term keys to provide perfect forward secrecy.

Which of the following is a secure alternative to FTP that uses SSL for encryption?

FTPS FTP Secure (FTPS) adds SSL or TLS to FTP to secure login credentials and encrypt data transfers. FTPS requires a server certificate. Secure Shell File Transfer Protocol (SFTP) is a file transfer protocol that uses Secure Shell version 2(SSHv2) to secure data transfers. SFTP is not FTP that uses SSH, but rather a secure transfer protocol that is different from FTP. Secure Copy Protocol (SCP) uses Secure Shell version 1 (SSHv1) to secure file transfers and login credentials. Remote Copy Protocol (RCP) is an unsecured protocol for file transfer.

Which of the following block cipher modes of operation provides both encryption and authentication?

Galois Counter Mode (GCM) The Galois Counter Mode (GCM) provides both encryption and authentication. All other block cipher modes of operation are unauthenticated forms of encryption.

What is the main function of a TPM hardware chip?

Generate and store cryptographic keys A Trusted Platform Module (TPM) is a hardware cryptoprocessor that resides on the motherboard. This hardware is used to store and generate cryptographic keys. These keys are used for encryption and authentication, but the TPM does not perform the actual encryption.

Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate?

HMAC Hash-based Message Authentication Code (HMAC) is a type of message authentication code. Like a digital signature, HMAC allows a user to verify that a file or message is legitimate

A cyber technician reduces a computer's attack surface by installing a cryptoprocessor that a plug-in PCIe adaptor card can remove. What type of cryptoprocessor can support this requirement?

HSM A hardware security module (HSM) meets the analyst's needs in this scenario. An HSM is a cryptoproccessor that implements hardware through a removable or dedicated form factor, such as plug-in peripheral component interconnect express (PCIe) adaptor cards.

How does understanding dependencies impact the change management process? (Select the three best options.)

Helps avoid unintended outages and disruptions during service restarts or downtime events. Incorrect answer: Guides the approval process to ensure proper assessment and approval of change proposals. Guides the development of effective backout plans and downtime contingencies.

Which of the following types of encryption is specifically designed to allow data to be worked on without decrypting it first?

Homomorphic encryption An inherent risk with all encryption is that for the data to be worked on (computation on ciphertexts), it must first be decrypted. Homomorphic encryption addresses this concern by allowing data to be worked on without decrypting it first.

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?

Implement BitLocker with a TPM. If you use BitLocker without a TPM, system integrity checks are not performed. The TPM is required for saving the startup file information that is used to verify system integrity. When using BitLocker without a TPM, you must use a startup key on a USB device. When using a TPM, this is an optional configuration.

When developing a robust and secure communication infrastructure for the implementation of blockchain technology, what factors should the IT professionals consider to maintain the integrity of the open public ledger and ensure the secure exchange of data across the network? (Select two.)

In a blockchain network, it is crucial to have: Secure, encrypted communication protocols to maintain data integrity during transport. Transparency to keep the open public ledger accountable to all network members.

Which of the following statements about hybrid cryptosystems is true?

In hybrid cryptosystems, the public key is used to encrypt the symmetric key which is then used for data encryption. In hybrid cryptosystems, the public key is used to encrypt the symmetric key. This encrypted symmetric key is then sent to the receiver who uses their private key to decrypt it. The decrypted symmetric key is then used for data encryption and decryption. Hybrid cryptosystems use asymmetric encryption for key exchange and symmetric encryption for data transmission. In hybrid cryptosystems, the public key is used to encrypt the symmetric key, not the other way around. While it's true that symmetric encryption uses the same key for encryption and decryption, hybrid cryptosystems also involve asymmetric encryption which uses different keys for encryption and decryption.

To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology?

In this instance, the organization would install infrared sensors commonly used in motion detection systems. They can detect changes in heat patterns caused by moving objects, such as a human intruder.

Which aspect of a certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the internet?

It is a trusted third party. The use of a trusted third party (called a certificate authority or CA) is what makes certificates a reliable and useful mechanism for proving the identity of a person, system, or service on the internet. The CA issues proof of identity to each organization in the form of a certificate. The fact that all entities trust the CA makes the certificates trusted and valuable.

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?

Sender's public key Digital signatures are created using the sender's private key. Therefore, only the sender's public key can be used to verify and open any data encrypted with the sender's private key. The recipient's private and public keys are not involved in this type of cryptography situation. Often, the hashing value of a message is protected by the sender's private key (their digital signature). The recipient must extract the original hashing value.

FTPS uses which mechanism to provide security for authentication and data transfer?

SSL File Transfer Protocol Secure (FTPS) uses Secure Sockets Layer (SSL) to provide security for authentication and data transfer. FTPS is an FTP replacement that brings reasonable security to an otherwise unsecured file transfer mechanism. FTP by itself is unsecured because FTP transmits logon credentials in cleartext and does not encrypt transmitted files. The following are protocols that are not designed to provide a mechanism to provide secure authentication and data transfer for FTPS: IPsec - IPsec is a protocol suite for encrypting network communications. Token devices - A token is a device that employs an encrypted key for which the encryption algorithm - the method of generating an encrypted password - is known to a network's authentication server. Multi-factor authentication - Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password.

Which protocol does HTTPS use to offer greater security in web transactions?

SSL HTTPS uses Secure Sockets Layer (SSL) to offer greater security in web transactions. Kerberos allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a data stream. Telnet is a tool for remote server management.

You want to allow traveling users to connect to your private network through the internet. Users connect from various locations, including airports, hotels, and public access points like coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would MOST likely be allowed through the widest number of firewalls?

SSL Ports must be opened in firewalls to allow VPN protocols. For this reason, using SSL for the VPN often works through firewalls when other solutions do not because SSL uses port 443. Port 443 is often already open to allow HTTPS traffic. In addition, some NAT solutions do not work well with VPN connections.

You are purchasing a hard disk from an online retailer over the internet. What does your browser MOST LIKELY use to ensure that others cannot see your credit card number on the internet?

SSL Your web browser uses SSL (Secure Sockets Layer) to ensure safe web transactions. URLs that begin with HTTPS:// trigger your web browser to use SSL.

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?

Sam's public key Sam's public key should be used to encrypt the message. Only the corresponding private key, which only Sam has, can be used to decrypt the message. Mary cannot use Sam's private key because only Sam has that key. Anything encrypted with the private key can be decrypted by anyone with the public key. Encrypting the message using Mary's private key would mean that anyone could read the data using Mary's public key. Encrypting with Mary's public key would mean that only Mary would be able to decrypt it using her private key.

SSL (Secure Sockets Layer) operates at which layer of the OSI model?

Session SSL (Secure Sockets Layer) operates at the Session layer of the OSI model. SSL operates over TCP port 443. SSL was developed by Netscape to secure internet-based client/server interactions. SSL authenticates the server to the client using public key cryptography and digital certificates, and this protocol encrypts the entire communication session between a server and a client. SSL can be used to protect web (HTTP) traffic as well as Telnet, FTP, and emails. SSL does not operate at the Application layer, as this is where human interaction takes place, or the Presentation level, where the data is ensured to be in a usable format. The Transport layer simply represents data being transmitted using various protocols, which is one layer below the Session layer.

Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?

Smart Cards Unlike proximity cards that only transmit the owner's identity, smart cards can contain and transmit many more pieces of information.

Match each smart card attack on the left with the appropriate description on the right.

Smart cards are subject to the following weaknesses: Microprobing is the process of accessing a chip's surface directly to observe, manipulate, and interfere with the circuit. Software attacks exploit vulnerabilities in the card's protocols or encryption methods. Eavesdropping captures transmission data produced by the card as it is used. Fault generation deliberately induces malfunctions in a card.

If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place?

Symmetric A symmetric key is when the sender uses a public key to encrypt a message and the recipient uses that same public key to decrypt it. An asymmetric key is where the sender's and receiver's keys are both different for the encryption and decryption processes. Using counter mode, both the sender and recipient access a reliable counter that computes a new shared value each time a ciphertext block is exchanged. A digital signature is a mathematical scheme for demonstrating the authenticity of digital message or document.

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

TLS SSL Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to add security. In addition, Secure Shell (SSH) can be used to add security when using unsecured protocols. HTTPS is the secure form of HTTP that uses SSL. SMTP is used for sending email. SNMP is a network management protocol.

Control Plane

The control plane ensures proper network configuration and management

When using SSL authentication, what does the client verify first when checking a server's identity?

The current date and time must fall within the server's certificate-validity period. An SSL client first checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period. SSL clients verify a server's identity using the following steps: 1. The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period. 2. The client verifies that the issuing certificate authority (CA) is on its list of trusted CAs. 3. The client uses the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. 4. To protect against man-in-the-middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate.

Which of the following is an example of a preventative control type? An advanced network appliance Intrusion detection systems Real-time monitoring alerts Network monitoring applications

The easiest prevention control is an advanced network appliance, which is sometimes called an adaptive security appliance (ASA).

blockchain cryptographic process.

The following (in order) are the steps each block goes through as part of the blockchain cryptographic process: User1 requests a transaction with User2. The request is made using User1's personal secret key and User2's public key. The transaction is represented online as a block. The block is distributed to everyone on a peer-to-peer network. The network users verify the transaction is valid. The block is added to the chain. This provides a indisputable and transparent record of the transaction. The contents of the transaction move to User2.

Which of the following are key benefits of using smart cards? (Select two.)

The following are key benefits of using smart cards: One of the key benefits of smart cards is that they provide tamper-resistant storage for a user's private key and other personally identifying information (PII). This makes them a secure method of storing sensitive information. Smart cards isolate security-related operations from the rest of the system. This means that even if a system is compromised, the operations carried out by the smart card remain secure.

Which of the following statements correctly describe the characteristics of generic containers in Active Directory? (Select two.)

The following are statements that correctly describe generic containers: Generic containers are created by default in Active Directory. Generic containers are used to organize Active Directory objects. Like organizational units, generic containers are used to organize Active Directory objects.

Which of the following statements about honeyfiles are true? (Select two.)

The following are true statements about honeyfiles: Honeyfiles are named in a way that makes them attractive to hackers, enticing them to open or execute them. Honeyfiles work with network intrusion detection systems (NIDs) and can help prevent false positives by providing a controlled environment for detecting malicious activity.

Which of the following statements accurately describes the root of trust model in a public key infrastructure (PKI)?

The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate. This is the core concept of the root of trust model, where the root certificate is self-signed by the CA, and installing the CA's root certificate means that hosts will automatically trust any certificates signed by that CA.

Your team is responsible for managing the cryptographic keys used for secure transactions. Recently, there has been an increase in attempted cyber attacks on your institution. Which of the following key management strategies would be MOST effective in maintaining the security of your cryptographic keys under these circumstances?

You decide to set an expiration date for all current keys and inform users that they will need to renew their keys after this date.

You are a cybersecurity architect at a tech company that is developing a new mobile payment application. The application will handle sensitive user data including credit card information and personal identification numbers (PINs). Which of the following strategies would best leverage the concept of secure enclaves to protect this sensitive data?

You decide to store all sensitive data in a secure enclave on each user's device, accessible only with the user's unique PIN.

A network administrator for a technology company is introducing a new cybersecurity model to limit data breaches. They wish to enforce a strategy where every system or user inside or outside the network perimeter must prove their legitimacy before accessing resources. What principle would be MOST effective in implementing their new strategy?

Zero trust verifies the authenticity of every system or user trying to connect to its resources, serving as the best strategy in this scenario.

Electronic Code Book (ECB)

is the simplest mode of operation. Each block of plaintext data is encrypted separately. Blocks of data can be encrypted simultaneously allowing for faster encryption.

Cipher Feedback Mode (CFB)

uses an IV, but instead of using it on the plaintext, the IV is encrypted first. That output is then XORed with the plaintext to create the block of ciphertext.

Cipher Block Chaining (CBC)

uses an initialization vector (IV). The IV is a starting variable that is XORed with the plaintext of the current block to encrypt the data.

An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have?

A directive control enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure (SOP).

Which of the following BEST describes the domain controller component of Active Directory?

A domain controller is a server that holds a writable copy of the Active Directory database. It is responsible for managing changes to the database and replicating these changes to other domain controllers to ensure consistency across the network.

Hashing is the process of converting one value into another using a mathematical algorithm like MD5 or SHA. This fixed length of data is called the hash. Which of the following are true statements about hashing? (Select two.)

A hash cannot be decrypted. Hashing is used on data that does not need to be decrypted, such as a password. The following are true statements about hashing: Hashing is used on data that does not need to be decrypted, such as a password. A hash cannot be decrypted. When a piece of data is run through a hashing algorithm, it always generates the same hash.

A company installed a new locking cabinet in the computer room to hold extra flash drives and other supplies. Which type of security control did the company configure?

A preventive control physically or logically restricts unauthorized access. A system password and physical door lock are examples of preventive controls.

Which option is a benefit of CCTV?

A primary benefit of CCTV is that it expands the area visible by security guards. This helps few guards oversee and monitor a larger area.

secure enclave

A secure enclave is a separate, isolated environment within the device's processor. It is designed to securely store and process sensitive data, even in the event that the rest of the device is compromised. While a secure enclave does provide a level of protection, it is not located within the application's code and it does not directly prevent users from making unauthorized transactions. Its primary function is to securely store and process sensitive data.

A PKI is an implementation for managing which type of encryption?

Asymmetric A public key infrastructure (PKI) is a hierarchy of computers that issue and manage certificates. Certificates use asymmetric encryption with a public and private key pair.

A newly launched online store wants to secure transactions between the store and customers. The store must guarantee the authenticity of transactions, provide confidentiality, and ensure that only authorized recipients can access the purchase details. Which cryptographic technique would best meet these requirements?

Asymmetric encryption Asymmetric encryption uses a pair of keys - public and private. The online store can encrypt the transaction details with the customer's public key, ensuring that only the customer, who holds the corresponding private key, can decrypt and access the details.

An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?

The CA's public key validates the CA's digital signature on the server certificate. Once an SSL client has identified a CA as trusted, it uses the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. SSL clients verify a server's identity using the following steps: The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period. The client verifies that the issuing certificate authority is on its list of trusted CAs. The client uses the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. To protect against man-in-the-middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate.