Chapter 11 Security+ 601
Command Line Command: cat
(Concatenate) Can be used to append or used to output files to your console (terminal) EXAMPLE: cat cample.txt or cat more.txt > example.txt
Amanda is assessing a vehicle's internal network. What type of bus is the most likely to discover connecting its internal sensors and controllers
A Controller area Network (CAN) is a vehicle-specific standard designed to allow microcontrollers, sensors and other components to communicate
Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused? A. Use a degausser B. Wipe the type by writing a random pattern of 1s and 0s D. Wipe the type by writing all 1s or 0s to it.
A Degausser
Which of the following is not a typical reason to use an IP addressing schema in an enterprise? A) Avoiding use of other organizations' IP address B) Avoiding IP address exhaustion in a subnet C) Asset and system inventory D. Consistency of practice with gateway and other IP addresses
A) Avoiding use of other organizations' IP address
What term is used to describe tool focused on detaining and responding to suspicious activities occurring on endpoints like desktop,, laptops, and mobile devices. A. EDR (Endpoint Detection Response) B. IAM ( Identity Management) C. FDE D. ESC
A. EDR (Endpoint Detection Response)
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution? A. SCADA B. AVAD C. SIM D. HVAC
A. SCADA
Chris wants systems that connect to his network to report their boot process to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations? A. UEFI / Trusted Boot B. BIOS / Trusted Boot C. UEFI / Measured Boot D. BIOS / Measured Boot
A. UEFI / Trusted Boot
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine LEAST vulnerable to having data stolen from it? A. When the machine is off B. When the machine is booted and logged in but is locked C. When the machine is booted and logged in but is unlocked D. When the machine is botted and logged in but is asleep.
A. When the machine is off BitLocker is enabled machine is booted, the drive is unlocked and could be accessed.
The company that Theresa works for has deployed IoT sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
Attackers may steal the SIM cards from the devices and use them for their own purposes.
Michelle wants to prevent unauthorized application from being installed on a system. What type of tool can she use to allow only permitted applications to be installed. A. A hardening Application B. An allow list application C. A deny list application D. a HIPS
B. An allow list application
Which of the following is not common constraint of an embedded system? A. Compute B. Form Factor C. Network D. Authentication
B. Form Factor Embedded systems are available in broad ranges of physical form factors, allowing them to be places in many different types of system and devices.
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network but does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement? A. A host Firewall B. A host IDS C. A host IPS D. A DLP tool
B. Host IDS
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it? A. An FPGA, Network Security B. A microcontroller, Physical Security C. A GPU, Network Security D. an ICS, Physical Security
B. Microcontroller, Physical Security
What scripting environment is native to windows systems? A. Python B. PowerShell C. Bash D. CMD
B. PowerShell
Port 179
Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks that make up the Internet (these large networks are called autonomous systems). Autonomous systems use BGP to broadcast which IP addresses they control.
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solution should he use? A. Arduino B. FPGA (Field-programmable gate array) C. Raspberry Pi D.. None
C. Raspberry Pi
Which of the following is NOT a typical security concern with MFP (Multifunctional Printer)? A. Exposure of sensitive data from copies and scans B. Acting as a reflector for network attacks C. Acting as an amplifier for network attacks D. Use of weak encryption
D. Use of weak encryption
Endpoint
Devices connected to the network in any organization
Command Line Command: head
Displays the first 10 lines of a file by default, -n to show more lines EXAMPLE: head -n 10 example.txt
Command Line Command: tail
Displays the last 10 lines of a file by default, using -n you can show more lines or -f to follow changes EXAMPLE: tail -f example.txt
Port 53
Domain Name Systems (DNS) essnetial process for modern internet; it matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and application
What is a port?
Each port is associated with a specific process or service. Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages
EDR
Endpoint Detection and Response
Port 20/21
FTP (File Transfer Protocol) used for transferring files between a client and a server
Port 443
HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port 443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
HIPS
Host Based Intrusion Prevention System. Can block attack traffic that is entering or leaving the systems, and host systems
HIDS
Host-based Intrusion Detection System. Alerts or alarm malicious or unwanted traffic but cannot stop it.
Port 80
Hypertext Transfer Protocol (HTTP) protocol that makes the World Wide Web possible
Franks organization is preparing to deply a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
Implement and use a data classification Scheme
ICS
Industrial control system. A system that controls large systems such as power plants or water treatment facilities. A SCADA system controls the ICS.
Port 500
Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting up secure IPsec connections.
SCADA (supervisory control and data acquisition)
Large-scale, industrial-control systems.
Port 123
Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential for encryption.
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes into the device without processing delays or other interruptions. What type of solution does Lynn's Company need to deploy? A. An SoC B. An RTOS
Real-time operating system (RTOS) is an OS that is designed to handle data as it is fed to the operating system. an SoC is hardware, which might run RTOS but the answer does not mention what type of OS the SoC is running
Port 3389
Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from another device.
Port 22
SSH (Secure Shell) Tunneling protocol that create secure network connections
Command Line Command: grep
Search tool that allows you to search using provided key term EXAMPLE: grep 'word' /file/location
How do you secure endpoints from the moment they boot up?
Secure Boot Techniques to preserve boot integrity
Port 25
Simple Mail Transfer Protocol (SMTP) is used for email
Which of the following is not typically part of SoC (System on a Chip) ? A CPU B Memory C Display D Input/Output
SoC typically has most of the functions of a complete computer built into it. Adding a display to the chip is unlikely.
Port 23 (TCP)
Telnet (Remote Login Service) - This is a terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of files.
Embedded Systems have what Unique Security Constraints?
Usually have less: Computational Power, less memory, and less storage. Limited resources mean that they do not have the resources to provided up to date security.
Command Line Command: logger
appends whatever information you provide as input to the system. IT can also be used to add information from other commands or files to the syslog file by calling that command or file via logger.
DLP
data loss prevention - a systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, or destruction
Command Line Command: chmod
lets you set permissions on files and directories using symbols or numeric representation of the permissions we want to set.
Charles wants to monitor changes to a log file via command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
tail
