CompTIA Part2 Lesson7 CML & CMP
A security engineer is attending a training session based on newer network security best practices. However, regarding Wi-Fi protected access (WPA), they learn that WPA3 replaced WPA2 with its accompanying encryption standard stack. With WPA3, what other cipher/protocol stack replaced them? A. AES GCMP B. RC4 C. RC4 TKIP D. AES
A. AES GCMP Explain Wi-Fi Protected Access version 3 (WPA3) replaces AES CCMP with the more robust Advanced Encryption Standard (AES) Galois Counter Mode Protocol (GCMP) mode of operation. Version 1 of WPA used the RC4 symmetric cipher to encrypt traffic but added a mechanism called the Temporal Key Integrity Protocol (TKIP) to mitigate the various attacks against Wired Equivalent Privacy (WEP). Rivest Cipher 4 (RC4) was used exclusively with WEP but no longer used from a security perspective. AES is a symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as WPA2, WPA3, and Transport Layer Security (TLS). For use with WP3, AES couples with GCMP.
A security analyst is looking at the overall security status of systems on the network. Which of the following represents the greatest risk? A. EOL system B. Unprotected system C. Zero-day D. Non-compliant system
A. EOL system Explain A legacy or end of life (EOL) system is one where the software vendor no longer provides support or fixes for problems. These represent the greatest risk to the network. An unprotected system is one where at least one of these controls is either missing or improperly configured. A vulnerability that is exploited before the developer knows about it or can release a patch is called a zero-day. A non-compliant system is one that has drifted from its hardened configuration. A vulnerability scanner is a class of software designed to detect non-compliant systems.
A technician is working on Home Router WAN configurations. What can a Wi-Fi Analyzer do to assist in the configurations? A. Changing a channel B. Updating firmware C. Encryption settings D. Screening the subnet
A. Changing a channel Explain Changing channels allows the access point to change bands to find the least congested channel for transmission. A Wi-Fi analyzer can identify which channel has the least congestion. Firmware updates keep router firmware and drivers up to date with the latest patches. The updates allow the user to fix security holes and support the latest security standards. The idea of a screened subnet is that some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the LAN. The encryption or security option allows the user to set the authentication mode. The user should set the highest standard supported by the client devices that need to connect.
A user wants to secure their home router. Which of the following are strong security practices? (Select all that apply.) A. Content filtering B. Disable 2.4 GHz Broadcast C. Firmware update D. AAA
A. Content filtering C. Firmware update Explain Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses with sites known to host various categories of content like malware, spam, or other threats. Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3. Disabling the 2.4 GHz frequency will not increase security. 2.4 GHz is one of the frequencies used and has a better range with slower speeds. An Authentication, Authorization, and Accounting (AAA) server is not typically set up on home networks.
A person visits a local library frequently with their laptop to use the Wi-Fi to complete school assignments and check social media. One day, the user notices that the wireless network name or the Service Set Identifier (SSID) is slightly different from normal. As a result, the user connects to the Wi-Fi and is automatically brought to a Facebook web page with fields to enter their Facebook username and password. What type of attack has occurred here? A. Evil twin B. On-path C. Phishing D. Spoofing
A. Evil twin Explain An evil twin attack uses a rogue wireless access point to harvest credentials. The evil twin might harvest authentication information from users. It might have a similar network name or SSID to the legitimate one. On-path is an attack where the threat actor makes an independent connection between two victims and can read and possibly modify traffic between them. Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit private information from the victim. This scenario is spoofing from a broad sense. Spoofing is an attack where the threat actor can masquerade as a trusted resource. Still, a rogue wireless access point vector categorizes this as an evil twin attack.
A senior-level government agency wants to implement multifactor authentication. However, they specifically do not want any user's mobile device to be a part of the solution as it could compromise them. What authentication method would be a possible solution? A. Hard token B. Authenticator app C. Logon script D. Short message service
A. Hard token Explain An administrator first registers a hard token with the service or network. When users need to authenticate, they connect the token and authorize it via various methods. An authenticator application features passwordless access or a two-factor authentication (2FA) mechanism. However, this authentication is not an option, as it runs on a mobile device. A security engineer can send a soft token in the form of a one-time password (OTP) via short message service (SMS), or a text message, to verify a user's identity. However, this would not work for the scenario involving a user's mobile device. A login script performs configuration or process activity when users sign into their computers. This would not have the capability to perform multi-factor authentication.
A small company has just set up a Windows domain environment and would like to add functionality for their users to save personal work-related documents on a designated file server to protect files from being lost on their PCs. What solution would allow this functionality? A. Home folders B. Workgroups C. Organizational unit D. Security groups
A. Home folders Explain A home folder is a private drive mapped to a network share that users can store personal files. An administrator configures the home folder location in Active Directory Users & Computers via the account properties, specifically on the Profile tab. An organizational unit (OU) is a way of dividing a domain up into different administrative realms. For example, the administrator might create OUs to delegate responsibility for administering company departments or locations. A workgroup is a peer-to-peer network model in which computers can share resources. Still, the individual computers manage each resource. A domain supports using security groups to assign permissions more efficiently and robustly. The administrator gives user accounts membership of security groups, assigning them permissions on the network.
A remote associate attempts to configure their home router firewall. What is the benefit of using IP filtering? A. It allows a user to control traffic within a network. B. It takes a request from an internet host for a particular service. C. It provides a framework in which networking protocols allow networked devices to discover the network. D. It downloads curated reputation databases that associate IP address ranges.
A. It allows a user to control traffic within a network. Explain Internet protocol (IP) filtering protects networks by allowing users to control what traffic to permit in and out of the networks. Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses with sites that host various content categories and those associated with malware, spam, or other threats. Port forwarding means that the router takes a request from an internet host for a particular service, like the TCP port 25565 associated with a Minecraft server, and sends the request to a designated host on the LAN. Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services.
A remote employee has installed a new router in their home and is setting up wide area network (WAN) configurations. What is the value of disabling SSID broadcasts? A. It masks the network from being seen. B. It disables access from a visitor network. C. It orients users to the correct network. D. It disables unused access to/from the router.
A. It masks the network from being seen. Explain Disabling broadcast of the service set ID (SSID) prevents any stations not manually configured to connect to the name the remote employee specifies from seeing the network. Disabling unused ports is a router hardening technique where the employee disables unused open ports for protective purposes. If the system needs a port-forwarding exception, the employee should disable it once if it no longer needs it. Most home routers automatically configure and enable a guest wireless network without a passphrase requirement. Disabling guest access will mitigate the risk of unauthorized access. The SSID is a simple, case-sensitive name for users to identify the wireless local area network (WLAN). The remote employee should change the SSID to something that users will recognize and not confuse with nearby networks.
Which protocol allows access points to use Remote Authentication Dial-in User Service (RADIUS), or Terminal Access Controller Access Control System Plus (TACACS+), and Extensible Authentication Protocol (EAP) to tunnel credentials and tokens that allow a domain user to connect via a wireless client to authenticate to a Windows domain controller and use single sign-on authorization? A. Kerberos B. CCMP C. AES D. TKIP
A. Kerberos Explain Kerberos, a single sign-on authentication and authorization service based on a time-sensitive ticket-granting system, allows a user account to authenticate to a Windows domain controller. Temporal Key Integrity Protocol (TKIP) is a mechanism used in the first version of Wi-Fi Protected Access (WPA) to improve wireless encryption mechanisms' security compared to the flawed Wired Equivalent Privacy (WEP) standard. Advanced Encryption Standard (AES) is a symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as WPA2, WPA3, and Transport Layer Security (TLS). Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol used for wireless local area networks (LANs) that address the vulnerabilities of the WEP protocol.
A systems administrator is auditing the settings of a group of web servers. The administrator notices that a few of the servers also have file services and database roles installed and are not in line with the documented configuration of the company's standard web servers. What vulnerability are these systems experiencing? A. Non-compliant system B. Unprotected system C. End of life OS D. Unpatched system
A. Non-compliant system Explain A non-compliant system is a system whose configuration is different from its secure baseline. The sysadmin should only configure these servers as web servers. However, they have other features installed that increase the overall attack surface of the systems. A legacy or end of life (EOL) system is where the software vendor no longer provides support or fixes for problems. An EOL operating system (OS) is a risk since the vendor does not mitigate discovered vulnerabilities. An unpatched system is one that its owner has not updated with the current operating system and application patches. An unprotected system is one or more required security controls (antivirus or firewall, for example) that are missing or misconfigured.
The security team at a company wants to limit access to certain office areas to prevent theft and improve safety for employees. They would like to utilize door locks with badge readers and software that centrally manages access yet is still accessible with a physical key in case of emergencies or system outages. What objects could the company use in conjunction with the badge readers to grant access? (Select all that apply.) A. Smart cards B. Motion sensors C. Key fobs D. Security guards
A. Smart cards C. Key fobs Explain Key fobs are a contactless cryptographic solution that works with more advanced types of locks and are much more difficult to clone than ordinary swipe cards. Smart cards are a contactless cryptographic solution that works with more advanced types of locks and are much more difficult to clone than ordinary swipe cards. Security guards would not be a viable solution, as the company would have to stage a human resource at each desired locked door. This would not be cost-effective. A motion-based alarm links to a detector, where it gets triggered by movement within a room or other area.
An attacker emailed many employees of a target company (that supports government organizations) with no success in gaining remote access through online social engineering. The attacker then scopes the company's corporate office to find an easy to manipulate employee. How may the attacker plan on infiltrating the office? (Select all that apply.) A. Tailgate into the offices. B. Spoof the software token. C. Become an insider threat. D. Impersonate an employee.
A. Tailgate into the offices. D. Impersonate an employee. Explain The attacker can manipulate a person and use other social engineering techniques to tailgate right through the front doors of the offices. The attacker can impersonate an employee by stealing an access card to scan or briefly show as having access to the building. Impersonation can occur in combination with a tailgating situation. An insider threat is an employee or other person with immediate access to internal components of the company or organization. However, the attacker will need to pass a background check to become an employee. Spoofing is an attack where the threat actor can masquerade as a trusted user or computer. An attacker can also obtain a logical token or software token to spoof.
A network security analyst works with a small business to properly secure their Wi-Fi network. The owner states that they use Wi-Fi Protected Access with Temporal Key Integrity Protocol to secure wireless network traffic. The analyst advises against this solution since a threat actor could easily find the encryption key. What would strengthen encryption with AES and CCMP for securing Wi-Fi traffic? A. WPA2 B. WEP C. WPA3 D. HTTPS
A. WPA2 Explain Wi-Fi Protected Access 2 (WPA2) uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES replaces RC4, and CCMP replaces TKIP. Wired Equivalent Privacy (WEP) is a legacy security algorithm for 802.11 wireless networks and is extremely vulnerable to attacks. WPA3 is the next generation of wireless data security intended to replace WPA2 by using the AES Galois Counter Mode Protocol (GCMP) mode of operation. HTTPS (HyperText Transfer Protocol Secure) delivers web pages and other resources securely using encryption to authenticate the server and protect the information transmitted.
A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability? A. WPA3 B. WPA2 C. WPA D. WEP
A. WPA3 Explain In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing. WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.
A manufacturing plant plans to have cash payments for products sent to their facility for processing. To provide a proper physical security entrance into the area where personnel will handle the cash, a security vendor may suggest what particular automated solution best ensures that only one employee can enter and exit this area at a time? A. Bollards B. Access control vestibule C. Magnetometers D. Security guards
B. Access control vestibule Explain An access control vestibule is where one gateway leads to an enclosed space protected by another barrier. This solution restricts access to one person at a time. The manufacturing plant can place human security guards in front of and around a location to protect it. However, having guards would not satisfy the automation portion of the desired solution. A magnetometer is a type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items. Bollards are a form of physical perimeter security to prevent vehicles from crashing into the building or exploding a bomb near it.
After carrying out a campaign to gather data via e-mail and other electronic means, what else can an attacker do to gather personal information about a company owner without being in that person's presence? A. Shoulder surf after delivering food to the target. B. Go dumpster-diving behind the corporate offices. C. Initiate a distributed denial of service (DDoS) attack. D. Use a structured query language (SQL) injection attack.
B. Go dumpster-diving behind the corporate offices. Explain Dumpster diving refers to combing through an organization's (or an individual's) garbage to find useful documents. Attackers may even find files stored on discarded removable media. A shoulder surfing attack means that the threat actor learns a password or PIN (or other secure information) by watching the user type it. A denial of service (DoS) attack would flood a server with bogus requests. Distributed DoS (DDoS) means that the attacks launch from multiple compromised systems referred to as a botnet to a target. In an SQL injection attack, the threat actor modifies SQL functions by adding code to some input accepted by the app, causing it to execute the attacker's own set of SQL queries or parameters.
A penetration tester gains access to a regular user's box. The tester wants to escalate privileges, so they call into the help desk, as the regular user, and sets up a script that will capture the help desk user's Kerberos token to be able to replay. What is this social engineering technique called? A. Dumpster diving B. Impersonation C. Shoulder surfing D. Tailgating
B. Impersonation Explain Impersonation means that the penetration tester develops a pretext scenario to give themselves an opportunity to interact with an employee. Dumpster diving refers to combing through an organization's (or individual's) garbage to try to find useful documents. A shoulder surfing attack means that the threat actor learns a password or PIN (or other secure information) by watching the user type it. Tailgating is a means of entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.
A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What is the administrator helping to prevent? A. Default password B. Power off C. Firmware update D. Evil twin
B. Power off Explain A non-malicious threat actor could damage or power off an appliance by accident. A malicious threat actor could use physical access to tamper with an appliance or attach unauthorized devices to network or USB ports or use the factory reset mechanism and log on with the default password. The home router management software will prompt users to change the default password to secure the administrator account. Users should keep the firmware and driver for the home router up to date with the latest patches. An evil twin attack is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials.
A help center technician assists an employee set up a home network. What can be auto or manually configured to follow the service provider's instructions to configure the correct address on the router's interface? A. Screened subnet B. Static WAN IP C. Port forwarding D. Physical placement
B. Static WAN IP Explain Some internet access packages assign static IPs or an option to pay for one. A static address can be auto-configured as a Dynamic Host Configuration Protocol (DHCP) reservation. A manual configuration follows the service provider's instructions to configure the correct address on the router's wide area network (WAN) interface. A screened subnet occurs when some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN). In port forwarding, the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN. The physical placement of any type of router or network appliance should be to a secure location.
An IT support intern attends a local IT security conference. The intern attends a breakout session that focuses on common security vulnerabilities when managing multiple endpoints. What security vulnerabilities can the session point out? (Select all that apply.) A. Underperforming system B. Unprotected system C. Unpatched system D. End of life OS
B. Unprotected system C. Unpatched system D. End of life OS Explain An unpatched system is one that its owner has not updated with the current operating system (OS) and application patches. An unprotected system is one or more required security controls (antivirus or firewall, for example) that are missing or misconfigured. A legacy or end of life (EOL) system is where the software vendor no longer provides support or fixes for problems. EOL operating systems are a risk since the vendor does not mitigate discovered vulnerabilities. Though an underperforming system may be due to an infection, this likely is just a limitation in hardware resources.
An employee receives a phone call from someone in the IT department informing them that their computer has a virus. In a panic, the employee quickly follows the instructions from the caller to grant remote access to their workstation. Unfortunately, the employee notices that the application used for remote access is not the same as the application used in the past when someone from IT has remotely worked on their workstation. What kind of attack has the user just experienced? A. SQL injection B. Vishing C. Phishing D. Brute-force
B. Vishing Explain Vishing occurs through a voice channel, like a telephone or Voice over Internet Protocol (VoIP). For example, someone purporting to represent the victim's bank could call, asking them to verify a recent purchase by requesting their security details. Brute-force is a password attack. An attacker uses an application to try every possible alphanumeric combination to crack encrypted passwords. A Structured Query Language (SQL) injection attack occurs when a threat actor modifies basic SQL functions by adding code to some input accepted by an application, causing it to execute the attacker's own set of SQL queries or parameters. Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit a victim's private information.
A network engineer wants to implement a strong EAP-TLS method using multifactor authentication in an enterprise environment. The engineer must configure the Remote Authentication Dial-in User Service (RADIUS) server and the wireless supplicant with which of the following components? (Select all that apply.) A. Pre-shared key B. Simultaneous authentication of equals C. Digital certificate D. Encryption key pair
C. Digital certificate D. Encryption key pair Explain Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) method uses multifactor authentication. A trusted platform module (TPM) or USB key securely stores the private encryption key on the wireless device. The Authentication, Authorization, and Accounting (AAA) server also has the same encryption key. The server and supplicant have a digital certificate installed and it is used in the session handshake process. With a valid certificate, the server trusts and authenticates the supplicant. Simultaneous authentication of equals (SAE) is a personal authentication mechanism for Wi-Fi networks introduced with Wi-Fi Protected Access 3 (WPA3) addressing vulnerabilities in the WPA-PSK method. A pre-shared key (PSK) is a wireless network authentication mode where a passphrase-based mechanism allows group authentication to a wireless network.
A growing company has just recently implemented a Windows domain and is building out its Active Directory structure. They have asked a network services company if they can manage access to their wireless network using permissions in the new domain. A network engineer tells them this is certainly achievable using this particular protocol. A. RADIUS B. WEP C. EAP D. AES
C. EAP Explain Extensible Authentication Protocol (EAP) allows different mechanisms to authenticate against a network directory. This protocol would be the foundation of managing Wi-Fi access based on Active Directory user objects. Advanced Encryption Standard (AES) is a symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as Wi-Fi protected access 2 (WPA2), WPA3, and Transport Layer Security (TLS). AES is not for enterprise implementations. Wired Equivalent Privacy (WEP) is a legacy security algorithm for personal 802.11 wireless networks and is highly vulnerable to attacks. Remote Authentication Dial-in User Service (RADIUS) is one type of Authentication, Authorization, and Accounting (AAA) server. RADIUS would utilize the EAP protocol for checking credentials against Active Directory.
After switching a medium-sized office to a Windows domain, a systems administrator has had trouble getting buy-in from users when it comes to saving documents in redundant network shares. Users are adamant that they want to work out of the local Documents folder of their profile. What can the administrator implement to accomplish the goal of getting data to reside on network shares? A. Smart cards B. Video cameras C. Folder redirection D. Roaming profiles
C. Folder redirection Explain Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share. A smart card is one type of hard token. When users need to authenticate, they connect the token and authorize it via various methods. Video surveillance is typically the second layer of security designed to improve the resilience of perimeter gateways. Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff. The main drawback is that if a profile contains many large data files, sign-in/sign-out performance will be slow.
A technician is working on the organization's network and connecting to corporate devices. What is a benefit of UPnP? A. It allows a user to control traffic within a network. B. It downloads curated reputation databases that associate IP address ranges. C. It provides a networking protocol framework, allowing networked devices to discover the network. D. It takes a request from an internet host for a particular service.
C. It provides a networking protocol framework, allowing networked devices to discover the network. Explain Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services. Internet protocol (IP) filtering protects networks by allowing users to control what traffic to permit in and out of the networks. Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses with sites that host various content categories and those associated with malware, spam, or other threats. Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.
A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use? A. XSS B. SQL injection C. Plaintext D. DoS
C. Plaintext Explain A plaintext password can be captured by obtaining a password file or by sniffing unencrypted traffic on the network. A cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit. In a SQL injection attack, the threat actor modifies one of four basic functions by adding code to some input accepted by the app, causing it to execute the attacker's own set of SQL queries or parameters. A denial of service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users.
A jewelry chain has just discovered how to make a new form of jewels that has never been created before. They want to set up some sort of alarm if the jewels are taken out of their designated area. What type of alarm should the jewelry chain set up specific to the jewels? A. Motion sensors B. Circuit C. RFID D. Duress
C. RFID Explain Radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment. A motion-based alarm is linked to a detector triggered by movement within an area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR), which detects moving heat sources. A circuit-based alarm sounds when the circuit is opened or closed. This could be caused by a door or window opening or by a fence being cut. A duress alarm could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.
A student is interning for a security team at a major company and wants to practice on their home network. They want to make sure devices are easily identified when traffic is examined. Which of the following will help them accomplish this? A. Port forward B. UPnP C. Reservation D. Port triggering
C. Reservation Explain One option is to create a reservation (DHCP) for the device on the Dynamic Host Configuration Protocol (DHCP) server. This means that the DHCP server always assigns the same IP address to the host. If users want to run some sort of server application from the network and make it accessible to the internet, the user must configure a port forwarding rule. Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters. Port triggering is used to set up applications that require more than one port, such as file transfer protocol (FTP) servers.
A vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching? A. Vulnerability B. Threat C. Risk D. MFA
C. Risk Explain Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. This is the most important aspect of the prioritization of patches. Vulnerability is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach. Threat is the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor. An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.
After a recent data breach, a company's IT department has concluded that the breach started with a laptop that accessed the Wi-Fi to gain access to its resources. The company uses a passphrase and media access control (MAC) address filtering to restrict access to Wi-Fi. What type of attack gained access to the company's wireless network? A. Denial of service B. Phishing C. Spoofing D. On-path
C. Spoofing Explain Spoofing is an attack where the threat actor can masquerade as a trusted resource. It can mean cloning a valid MAC or IP address or using a false digital certificate. The attacker obtained the passphrase and spoofed a valid MAC address to gain access. On-path is an attack where the threat actor makes an independent connection between two victims and can read and possibly modify traffic between them. A denial of service (DoS) attack causes a service at a given host to fail or become unavailable by bombarding it with spoofed requests. Phishing is an email-based social engineering attack. The attacker sends an email from a supposedly reputable source to elicit private information from the victim.
A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure? A. Active directory B. WPA3 C. TACACS+ D. MFA
C. TACACS+ Explain The network administrator will need to set up a TACACS+ server for an Authentication, Authorization, and Accounting (AAA) server. When the user has been authenticated, the AAA server transmits a master key (MK) to the wireless PC or laptop. The active directory itself is not an AAA server. However, Kerberos can compare against the active directory database to validate if a user is able to log on. WPA3 is not an AAA server. The main features of WPA3 are Simultaneous Authentication of Equals (SAE), updated cryptographic protocols, protected management frames, and Wi-Fi enhanced open. Authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.
Network engineers are talking at a conference, reminiscing about legacy Wi-Fi security standards. Unfortunately, they could not remember the cipher that replaced Rivest Cipher 4 (RC4) at the advent of WPA2. What cipher are they attempting to remember? A. TKIP B. CCMP C. WEP D. AES
D. AES Explain Advanced Encryption Standard (AES) is a symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as Wi-Fi Protected Access 2 (WPA2), WPA3, and Transport Layer Security (TLS), which replaced RC4 starting with WPA2. Wired Equivalent Privacy (WEP) is a legacy security algorithm for 802.11 wireless networks and is highly vulnerable to attacks. Temporal Key Integrity Protocol (TKIP) is a mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol for wireless local area networks (LANs) addressing WEP vulnerabilities. CCMP replaced TKIP at the advent of WPA2.
A server administrator wants to secure a whole row of servers. What would be the best way to secure access to the servers? A. Kensington locks B. Chassis locks C. Fingerprint readers D. Cabinet locks
D. Cabinet locks Explain Lockable rack cabinets control access to servers, switches, and routers installed in standard network racks. These can be supplied with key-operated or electronic locks. Kensington locks are used with a cable tie to secure a laptop or other device to a desk or pillar and prevent theft. Chassis locks and faceplates prevent the covers of server equipment from being opened. These can prevent access to external USB ports and prevent someone from accessing the internal fixed disks. Fingerprint readers are not commonly used to secure rack cabinets. The technology is also non-intrusive and relatively simple to use, although moisture or dirt can prevent readings, and there are hygiene issues at shared-use gateways.
A cyber consultant assists a contracted employee with setting up their home router firewall. What occurs when the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses with sites that host various categories? A. IP filtering B. UPnP C. Port forwarding D. Content filtering
D. Content filtering Explain Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses, with sites that host various content categories and those associated with malware, spam, or other threats. Internet protocol (IP) filtering protects networks by allowing users to control what traffic to permit in and out of the networks. Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services. Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.
A hotel manager notices that a wireless access point with the same service set identifier (SSID) is broadcasting with higher power. What attack could this indicate? A. Whaling B. Phishing C. Footprinting D. Evil twin
D. Evil twin Explain An evil twin attack is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials. Whaling is an attack directed specifically against upper levels of management in the organization (CEOs and other "big catches"). Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. Footprinting is an information-gathering threat in which the attacker attempts to learn about the configuration of the network and security systems. A threat actor will perform reconnaissance and research about the target, gathering publicly available information, scanning network ports, and websites, and using social engineering techniques to try to discover vulnerabilities and ways to exploit the target.
This type of alarm system utilizes either microwave radio reflection or passive infrared to trigger an alert threshold. A. Fences B. Proximity C. Circuit D. Motion sensor
D. Motion sensor Explain A motion-based alarm links to a detector, where it gets triggered by movement within a room or other area. The sensors in these detectors are either microwave radio reflection (radar, for example) or passive infrared (PIR), which detects moving heat sources. A proximity alarm uses radio frequency ID (RFID) tags and readers to track the movement of tagged objects within an area. A circuit-based alarm sounds when the circuit opens or closes, depending on the type of alarm. The alarm can sound off by a door or window opening or a fence getting cut. Fencing is adequate for physical access control, but the drawback is that it gives a building an intimidating appearance. A fence would not provide alarm capability.
A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use? A. Kerberos B. TACACS+ C. OU D. RADIUS
D. RADIUS Explain Rather than storing and validating user credentials directly, wireless access points can forward authentication data between the Remote Authentication Dial-in User Service (RADIUS) server and the supplicant without being able to read it. Active Directory itself is not an Authentication, Authorization, and Accounting (AAA) server. However, Kerberos can compare against the Active Directory database to validate if a user is able to log on. Terminal Access Controller Access Control System Plus (TACACS+) is another way of implementing AAA. An organizational unit (OU) is a way of dividing a domain up into different administrative realms. Administrators might create OUs to delegate responsibility for administering company departments or locations.
A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up? A. Content filtering B. UPnP C. Port forward D. Screened subnet
D. Screened subnet Explain A screened subnet can also be referred to by the deprecated terminology demilitarized zone (DMZ). The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the LAN. Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses. Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters. Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.
An organization has asked a network engineer why a particular wireless access point is not allowing users to authenticate to the company's network. Users can connect to other access points without issue. The engineer finds that the problem access point can find and connect to the Remote Authentication Dial-in User Service (RADIUS) server, but they do not trust each other. What is most likely NOT configured on the access point? A. EAP B. CCMP C. Multifactor authentication D. Shared secret
D. Shared secret Explain A shared secret allows the RADIUS server and access point to trust one another. Given that other access points are working without issue, the shared secret is configured on the RADIUS server and not on the problem access point. Extensible Authentication Protocol (EAP) allows different mechanisms to authenticate against a network directory. Some components of EAP are proving to work, as the access point can find the RADIUS server. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol used for wireless local area networks (LANs) that address the vulnerabilities of the Wired Equivalent Privacy (WEP) protocol. Multifactor authentication means that the user or supplicant must submit at least two different credentials.
A new local coffee shop would like to provide customers with free Wi-Fi access. In addition, they would like to provide a secured wireless connection without using a pre-shared passphrase. Which type of protected access should the coffee shop use to meet these requirements? A. WPA B. WPA2 C. WEP D. WPA3
D. WPA3 Explain One main feature of Wi-Fi Protected Access 3 (WPA3) is Wi-Fi Enhanced Open, which allows supplicants to connect without a passphrase. This feature means that any station can still join the network, but traffic is encrypted. Wired Equivalent Privacy (WEP) is a legacy security algorithm for 802.11 wireless networks and is extremely vulnerable to attacks. WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). The first version of WPA was to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.