CompTIA SEC+ SYO 701 Practice Exam
All of the following are steps in collecting digital evidence except which one? Verify the evidence. Seize the evidence. Acquire the evidence. Judge the evidence.
"Judge the evidence" is not a step in collecting digital evidence. The correct steps in collecting digital evidence typically include: Seize the evidence: Identify and secure the potential digital evidence. This involves physically or logically isolating the devices or data that may contain relevant information. Acquire the evidence: Create a forensic copy of the digital evidence to preserve the original state. This involves using forensically sound methods to extract and duplicate the data without modifying the original. Verify the evidence: Confirm the integrity of the acquired evidence by comparing hash values. This step ensures that the forensic copy is an exact replica of the original and has not been altered during the acquisition process. Analyze the evidence: Examine the digital evidence to identify relevant information and patterns. This step involves using forensic tools and techniques to interpret the data. Preserve the evidence: Safeguard the integrity of the evidence throughout the investigation process. This includes documenting the handling of the evidence, maintaining a chain of custody, and ensuring that proper security measures are in place.
Which two activities commonly result from hacker-controlled botnets consisting of many infected computers? DDoS Spyware Spam Ransomware
"What are two common activities that often happen when hackers control a network of infected computers, known as botnets?" DDoS SPAM "DDoS and spam are accurate. Botnets are groups of computers controlled by hackers. Because botnets involve many controlled computers, it's easy to send out spam messages or carry out distributed denial of service (DDoS) attacks. To counteract DDoS attacks, mitigators use techniques like keeping IP reputation databases updated for detecting these assaults."
What is a listing of systems or persons authorized to access an asset such as a network or file? Ruleset Policy Hosts file Access control list
"What do we call a list of approved systems or individuals who are allowed to access something like a network or a file?" Access control list is correct. An access control list (ACL) is a listing of systems or persons authorized to access a resource.
A Linux firewall administrator creates a rule allowing inbound packets from 148.34.99.17 destined for TCP port 22 on 206.2.4.45. Which of the following statements regarding this firewall rule are true, assuming default ports are in use? (Choose three.) The rule applies to layer 4 of the OSI model. The rule applies to layer 6 of the OSI model. The rule allows SSH administration of 206.2.4.45. Successful connections from 148.34.99.17 to 206.2.4.45 will be encrypted.
+Layer 4 of the OSI Model: The rule works like a guard at the door of a computer. It's looking at the type of traffic coming in, but not inside the actual messages. This is similar to a guard checking who's entering a building but not reading the letters they carry. -Layer 6 of the OSI Model: This part doesn't apply here. It's like saying our guard doesn't care about the fancy language or writing style in the messages. It's focused on the type of messages, not their content. +SSH Administration: The rule allows a specific person (148.34.99.17) to remotely manage another computer (206.2.4.45) using a secure method called SSH. It's like giving a special key to someone to access and manage a room securely. +Encrypted Connections: When the person (148.34.99.17) talks to the computer (206.2.4.45), the messages are like secret codes. It's as if they're speaking in a language only they understand. This is similar to having a private conversation that others can't easily understand. In simple terms, the firewall rule is like a guard checking specific types of messages. It allows a person to securely manage another computer, and their conversations are like secret codes, keeping things private. OSI (Open Systems Interconnection) model consists of seven layers. These layers, from the bottom to the top, are: Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer Each layer has its specific functions and responsibilities, and they work together to facilitate communication and data exchange in computer networks. In summary, TCP ports are like doors on a computer, and each door is associated with a specific service or application. They help direct data to the right place, allowing multiple services to operate simultaneously on the same device. 22=SSH
To increase response time to your public web site, you decide to purchase three network load-balancing appliances to match your three web servers. Your web site is registered with the name www.faroutwidets.com using IP address 216.76.0.55. What IP addresses should the public interface of each load balancer assume? 216.76.0.55, 216.76.0.55, 216.76.0.55 216.76.0.52, 216.76.0.53, 216.76.0.54 216.76.0.56, 216.76.0.57, 216.76.0.58 216.76.0.55, 216.76.0.56, 216.76.0.57
216.76.0.55, 216.76.0.55, 216.76.0.55 is correct. Network load balancers (NLBs) should accept client requests to the requested service (216.76.0.55); thus, they must all be configured to listen on the same virtual IP address.
You must secure a corporate wireless router. All wireless traffic must be encrypted and all connecting devices must be centrally authenticated. Which security mechanism will accomplish this? WPA PSK 802.1x WPA2 PSK WEP
802.1x This is a gate keeper for any device that wants to enter the network. Authentication of PKI certificate is verified and anything flowing thru the network becomes encrypted. The Central authenticator is 802.1x
A network technician has configured a wireless router so that stations must be authenticated before allowing network access. What did he configure? WEP WPA PSK WPA2 PSK 802.1x
802.1x requires authentication to a central authentication server before allowing network access. The client network connection, whether wireless or through a physical switch port, is not fully functional until successful authentication is achieved. 1. "configured a wireless router": This suggests that the configuration is related to a wireless network. 2. "stations must be authenticated": This indicates that some form of authentication is required for devices (stations) trying to connect to the network. Combining these key phrases, the answer is likely to involve a wireless security standard that deals with authentication, and 802.1x is a standard specifically designed for port-based network access control, making it the correct choice in this context.
Which of the following statements bests describes a Trusted Platform Module? A hardware module that performs cryptographic functions A secure logon module A code module that performs authentication A software module that prevents application attacks
A hardware module that performs cryptographic functions is correct. A Trusted Platform Module (TPM) is a hardware device, usually in the form of an embedded chip, that performs cryptographic functions, such as encrypting an entire hard drive. Imagine a Special Helper Chip: Think of a Trusted Platform Module (TPM) as a tiny, special helper chip that lives inside a computer. Its Superpower: This chip is like a superhero that knows secret codes and can keep things safe on the computer. Doing Secret Codes: One of its important jobs is to use secret codes (cryptographic functions) to lock up or hide information on the computer. Embedded Chip: When we say "embedded chip," it's like saying the superhero chip is built right into the computer, almost like a hidden treasure that stays inside. Encrypting a Hard Drive: Imagine the computer's brain is a treasure chest, and the superhero chip is putting a magical lock (encryption) on the chest so that only the computer can understand what's inside. So, a TPM is like a superhero chip inside a computer that knows secret codes to keep things safe by putting magical locks on the computer's treasures.
Which of the following methods is used to ensure data integrity? Signing Hashing Authentication Encryption
A hash created before sending data and after receiving data. If the codes match the data has maintained integrity. Codes are created with algorithms.
Which of the following are considered symmetric encryption algorithms? (Choose two.) MD5 RSA AES SHA 3DES
AES and 3DES are correct. AES and 3DES are considered encryption standards and use symmetric algorithms. Incorrect answers: SHA is incorrect. SHA is a hashing algorithm, not a symmetric encryption algorithm. RSA is incorrect. RSA is an asymmetric encryption algorithm. MD5 is incorrect. MD5 is a hashing algorithm.
In which order should the following items be conducted? ALE, business analysis, risk analysis ALE, risk analysis, business impact analysis Business impact analysis, ALE, risk analysis Risk analysis, ALE, business impact analysis
ALE, risk analysis, business impact analysis is correct. ALE stands for Annualized Loss Expectancy. It's like a dollar figure used in risk analysis to help prioritize which risks are most important to tackle first. The ALE is a dollar figure used in quantitative risk analysis to prioritize risks; therefore, it cannot be calculated after a risk analysis. The business impact analysis can occur only after risks have been identified. ALE is like a money calculator for risks, helping you focus on the ones that could cost the most. It's a key part of risk analysis.
An employee signs a document stating that company e-mail may be used only to conduct business; personal messages are forbidden. What type of policy is this? Disaster recovery E-mail retention Storage retention Acceptable use
Acceptable use
Which type of restriction requires an account to become unusable after a certain period of time or a certain date? Account lockout Account disablement Time-of-day restriction Account expiration
Account expiration Other options mentioned: Account Lockout: Account lockout is a security feature that temporarily disables an account after a certain number of unsuccessful login attempts. It is not related to time-based restrictions. Account Disablement: Account disablement involves manually or programmatically disabling an account. It may not necessarily be tied to a specific time period or date. Time-of-Day Restriction: Time-of-day restriction limits the hours during which a user can log in. It is not the same as setting an expiration date for the account. In summary, account expiration is the restriction that involves making an account unusable after a certain period of time or a specified date.
You are a web developer. Some customers report links on your web pages to unrelated offerings of various products. As the web developer, you check your web site code and verify that these links are not coded into your web pages. What can you tell your customers was the most likely reason for this? The customers' computers are infected with adware. The customers' computers are infected with a Trojan. The customers' computers are infected with a worm. The customers' computers are infected with a fileless virus.
Adware
All of the following are potential application security issues requiring attention except which one? Malware SQL injection Buffer overflows Cross-site scripting
Among the options listed, "Malware" is not typically considered an application security issue. Malware is more broadly associated with malicious software that can affect various aspects of a computer system, including applications, but it's not a specific application security issue like the others listed. On the other hand: SQL injection, Buffer overflows, and Cross-site scripting are indeed common application security issues that require attention. They involve specific vulnerabilities in applications that attackers could exploit to compromise security. Is it because Malware effects Sofware and not applications? Yes, that's a reasonable distinction. While "malware" can certainly affect software and applications, it is a broader term that encompasses various types of malicious software designed to harm or exploit computer systems. On the other hand, issues like "SQL injection," "Buffer overflows," and "Cross-site scripting" are specific vulnerabilities or attack techniques that target applications directly. These are more narrowly focused on the security of the software applications themselves. So, in the context of application security, the other options are more directly related to potential vulnerabilities within the applications, whereas "malware" can be a concern for the overall security of a system, including both applications and other software components.
You are configuring a remote connection for a user workstation. You must select an authentication protocol to complete the configuration. Which choice would be the most secure? PAP CHAP EAP-TLS MD5
Among the options provided, EAP-TLS (Extensible Authentication Protocol with Transport Layer Security) would be considered the most secure authentication protocol for configuring a remote connection. Here's a brief explanation of each option: --PAP (Password Authentication Protocol): PAP transmits passwords in clear text, making it less secure compared to other authentication protocols. It is not recommended for secure remote connections. --CHAP (Challenge Handshake Authentication Protocol): CHAP is more secure than PAP as it uses a challenge-response mechanism. However, it is still considered weaker than more modern and robust protocols. EAP-TLS (Extensible Authentication Protocol with Transport Layer Security): --EAP-TLS is a highly secure authentication protocol that uses certificates to establish a secure connection. It leverages the security features of TLS (Transport Layer Security) and is widely used in scenarios where strong security is required, such as in wireless networks or VPNs. MD5 (Message Digest Algorithm 5): --MD5 is a cryptographic hash function, not an authentication protocol. It is used for generating hash values and is not suitable for user authentication. In summary, EAP-TLS is the most secure choice among the options provided for configuring a remote connection, as it utilizes strong encryption and certificate-based authentication.
Marcel, a security specialist, configures a network appliance to detect and block suspicious network activity. What has Marcel configured? Host-based NIDS Anomaly-based NIDS Signature-based NIDS Anomaly-based NIPS
Anomaly-Based NIPS is correct. Imagine a guard for computers called Anomaly-based NIPS. It watches for weird computer behavior that doesn't look normal. When it spots something strange (an anomaly), it can stop the strange activity, like a superhero stopping a villain's plan. Key Points: Anomaly-based NIPS is like a computer guard. It stops weird computer behavior (anomalies). It can prevent the strange activity from causing problems. NIPSs (network intrusion prevention systems)
You have investigated a security incident involving users installing a free game downloaded from the Internet onto their desktop computers, only to find that the game is a virus. What could you do to prevent the users from installing and running the game? MDM Application deny list Playbook DLP
Application deny list Application deny list is correct. You could put the game on the application deny list to prevent it from running on systems.
A company server is used to store sensitive trade secrets and design plans. A port scan shows services listening on TCP ports 80 and 25. Server log files reveal no activity for these ports since the server upgrade project three years ago. What can you do to harden this server, assuming default ports are being used? (Choose two.) Store sensitive files on a different server. Generate file hashes for the design plans. Apply operating system patches. Disable the web and mail servers.
Apply operating system patches. Disable the web and mail servers. Apply operating system patches and Disable the web and mail servers are correct. Patching an OS is always a critical hardening procedure for devices and software that have not yet reached end-of-life, although some embedded devices do not support firmware patching. Patches can be applied to individual devices or from a centralized configuration tool such as Microsoft System Center Configuration Manager (SCCM). Since the web server (port 80) and mail server (port 25) have not been used in three years, they should be disabled to reduce the attack surface.
Supply Chain Attack
Attackers target the weakest link, or weaker links in supply chain in order to bring down main targets within the supply chain.
You are modifying the backup schedule for the thirteen Windows and seven Unix servers in your server room. Full backups will occur Saturdays at 9:00 A.M. and incremental backups will occur every weekday starting at 7:00 P.M. Each server contains an average of 400GB of data. Backup tapes are stored in a safe down the hall in the IT manager's office. What problems exist with this scenario? -There is not enough time to perform incremental backups if the start time is 7:00 P.M. -Backup tapes should be stored offsite. -Differential backups can be used only with full backups. -Incremental backups must be used with differential backups.
Backup tapes should be stored offsite. In case of damage to the same location where other backups are stored. An alternate location should be used.
What type of attack executes code by overwriting areas of memory that should not be overwritten? Buffer overflow Pointer dereference Integer overflow DLL injection
Buffer Overflow Alright, let's imagine your computer is like a toy box, and different toys inside the box are like different programs or apps. These programs need some space in the toy box (memory) to play and do their jobs. Now, when you play with your toys, you have specific places for each toy, right? It's like having certain spots in your memory for each program to do its work. These spots are called "buffers." But, sometimes, someone might try to be tricky and use a special kind of toy or code to sneak into the toy box and mess with the toys in places they're not supposed to go. This can cause some big problems. Imagine if a toy could do something special, like turn on a robot (execute code) from far away (remote system) and even make the robot do things it's not supposed to (elevated privileges). That's not good! Additionally, when you're done playing with a toy, it's a good idea to put it back where it belongs, right? Well, in computer talk, sometimes the memory doesn't get put back properly, and that's called a "memory leak." If this happens a lot, it's like forgetting to clean up your toys, and your toy box could get too full. Eventually, there won't be enough room for new toys, and the toy box (computer) might not work as well. So, in simple terms, it's like making sure your toys stay in their places, not letting any tricky toys mess things up, and always cleaning up after you're done playing to keep your toy box running smoothly!
While discussing incident response policies during a meeting, your boss requests a dollar figure and the amount of downtime the company would suffer if a worm infected the corporate LAN. What type of study should you conduct? Packet analysis Business impact analysis Vulnerability analysis Risk analysis
Business impact analysis
Your manager asks you to identify the amount of time and personnel required to address a worm virus infection on the corporate WAN. You estimate it would take six technicians two days to remove the infection, at a total cost of $2800. Which type of analysis would this dollar figure best relate to? Business impact analysis ARO analysis ALE analysis Quantitative risk analysis
Business impact analysis
You are performing an internal computer forensics investigation. You have seized the phone, laptop, and desktop PC of one of the employees in the company. What is the first thing you should complete after seizing the evidence? Tabletop exercise Containment Chain of custody Order of volatility
Chain of Custody- is a documentation process that records the chronological sequence of individuals who have had possession of the evidence. It is crucial for maintaining the integrity and admissibility of the digital evidence in legal proceedings. Establishing a clear chain of custody helps demonstrate that the evidence has not been tampered with, altered, or mishandled during the investigation.
A router has two interfaces named E0 and E1. E0 connects to the Internet and has an IP address of 211.1.1.1/24. E1 connects to an LAN and has an IP address of 172.16.45.88/16. The administrator uses either SSH at TCP port 2222 or the address http://172.16.45.88 to administer the router. The router is configured with a complex password. What can be done to further secure this router? Configure SSH to use TCP port 22. Configure an SSL certificate for the web administration address. Disable SSH and enable Telnet. Change the subnet mask of interface E1 to /24.
Configure an SSL certificate for the web administration address is correct. HTTPS (Hypertext Transfer Protocol Secure) should be configured with a Secure Sockets Layer (SSL) certificate to secure the web administration of the router. Router Interfaces (E0 and E1): Think of the router as a magical castle with two doors - E0 is like the main gate facing the Internet, and E1 is like a secret door to the castle's inner chambers (LAN). E0's address (211.1.1.1/24) is like the castle's address for sending and receiving messages from the big wide world. E1's address (172.16.45.88/16) is like the address for messages within the castle. Administering the Router: Administering is like being the castle wizard! To do this, the administrator has two magical methods:SSH (Secure Shell): It's like a secret spell (TCP port 2222) that only the wizard knows to enter the castle.HTTP (Web Access): This is like a magical website (http://172.16.45.88) that the wizard visits for castle management. Complex Password: The castle wizard doesn't want any unauthorized wizards sneaking in, so a complex password is like a powerful enchantment on the castle doors. Only the wizard with the correct password can enter.
Unused switch ports are disabled on your Ethernet switches. You are asked to ensure that only the appropriate employee computers can be used when plugged into Ethernet wall jacks in employee cubicles. How can this be accomplished? Configure each switch port to allow a specific MAC address. Configure each switch port to allow a specific UDP port address. Configure each switch port to allow a specific TCP port address. Configure each switch port to allow a specific IP address.
Configure each switch port to allow a specific MAC address. A MAC address is a unique identifier assigned to each network interface, like a computer's network card. By setting up the switch to only allow specific MAC addresses, you restrict access to only the approved devices. This ensures that only the authorized employee computers can connect to the network through the Ethernet wall jacks in their cubicles.
You are asked to configure network security appliances to detect abnormal activities that could indicate a network attack or worm. What must you first do? Patch the operating system. Establish a configuration schedule. Patch the network appliances. Establish a network baseline.
Configuring network security appliances to detect abnormal activities starts with establishing a network baseline. Network Baseline-- in simple terms is like creating a normal behavior profile for your network. It involves monitoring and analyzing the typical or "normal" traffic, activities, and patterns that occur on your network when it's functioning normally. This baseline includes information about the volume of data, types of applications used, user behaviors, and more. Here's an analogy: Imagine you're a security guard at a museum. Before you can identify suspicious activities, you need to know what normal behavior looks like. If people are usually walking around, looking at exhibits, and taking photos, that's the baseline. If someone starts running or acting strangely, it might indicate a potential issue. In the context of network security: Establishing a Network Baseline: Monitor and analyze your network's normal behavior over a period of time. This involves understanding the usual traffic patterns, communication between devices, and typical application usage. Configuring Security Appliances: Once you have a baseline, configure your network security appliances to detect deviations from this norm. These appliances can then alert you if there are abnormal activities that might indicate a network attack or worm. Establishing a network baseline helps the security appliances differentiate between regular activities and potential security threats. It's like giving them a reference point to recognize when something unusual is happening, allowing for more effective detection and response to abnormal events on the network.
A hacker has compromised your web server and triggered an alarm when they opened the password.txt file that you placed on the desktop. What deception techniqueterm-64 best describes how your company detected the attack? Honeypot Honeynet Honeyfile DNS sinkhole
Correct Answer: Honeyfile is correct. A honeyfile is a document placed on a system that, when accessed, will trigger alarms. Incorrect Answers: Honeypot is incorrect. A honeypot is a system that is set up to lure the attacker to that system. It will have security protections in place to make it hard for the hacker, but also will log all activity to track what the attacker is doing.
What potential benefits does a penetration test provide? (Choose two.) Identifying vulnerabilities Identifying wasted IPv4 addresses Reducing single points of failure Preventing financial loss
Correct answers: Identifying vulnerabilities and Preventing financial loss are correct. Penetration tests are conducted to identify vulnerabilities and to prevent financial loss due to those intrusions. For example, financial loss can be incurred through the theft of trade secrets or shattered public, investor, and customer faith. Incorrect answers: Reducing single points of failure and Identifying wasted IPv4 addresses are incorrect. These are not penetration testing considerations.
What type of attack uses an application vulnerability in which a web page has code that references another site and the attack automatically uses the target's cookie data for authentication if the cookie is present and has not expired? SQL injection Buffer overflow Cross-site request forgery Cross-site scripting
Cross-site request forgery is correct. Cross-site Request Forgery (XSRF) in simpler terms: Cross-site Request Forgery (XSRF): This is a type of cyber attack. Application Vulnerability: It exploits a weakness or flaw in a website or web application. Web Page Code: On a webpage, there is some programming code. References Another Site: This code includes a link or reference to another website. Automatic Use of Cookie Data: If you are logged into a particular website and visit the malicious webpage, the code there automatically uses the login information stored in a small piece of data called a cookie. Authentication: It uses this stolen cookie data to pretend that it's you, gaining unauthorized access to the targeted website. Cookie Presence and Expiry: The attack works if your login cookie is present and hasn't expired. In simpler terms, XSRF tricks a website into thinking you are someone you're not, by using your login information without your knowledge when you visit a specific web page. It does this by taking advantage of how websites store and use your login details (in the form of cookies).
Which security role addresses who controls access to data? Server administrator End user Custodian Data owner
Data Owner:T he data owner is responsible for making decisions about access controls, permissions, and overall security policies related to specific sets of data. The data owner is typically an individual or a group within an organization that has the authority and accountability for a particular dataset. In the context of the other roles mentioned: Server Administrator: Focuses on the management and maintenance of servers but may not have the same level of decision-making authority over specific data access controls.
A malicious user uses an Internet chat room to issue commands to 700 compromised computers around the world. The zombies are instructed to execute a smurf attack against a web site. What type of attack is this? Exploitation framework Distributed denial of service Distributed Gargamel-ElGamel attack Distributed cracker
Distributed denial of service Distributed denial of service (DDoS) attacks flood victim networks with traffic in an attempt to prevent legitimate service access. Using a botnet to execute a smurf attack does just this.
Tanya wants to impress her computer science friends by gaining access to a server housed in a nearby central office owned by the local telephone carrier. She begins by researching the local telephone carrier on the Internet. Later that evening, Tanya sifts through the garbage bins on the local telephone carrier's premises and discovers printed memos and server configuration documentation. Tanya succeeds in gaining access to a local telephone carrier's server. What led to her success? Shoulder surfing Impersonation Tailgating Dumpster diving
Dumpster diving
During which incident response phase would a malware outbreak be limited in order not to infect other devices? Eradication Identification Containment Recovery
During the incident response process, the phase in which a malware outbreak would be limited to prevent it from infecting other devices is the CONTAINMENT phase. Containment involves taking immediate actions to prevent the further spread of the incident within the organization's network. In the case of a malware outbreak, containment measures may include isolating affected systems, blocking communication channels used by the malware, and implementing network segmentation to restrict its movement. The sequence of incident response phases typically includes: Identification: Recognizing and confirming the incident, in this case, the malware outbreak. Containment: Implementing measures to prevent the incident from spreading and causing further damage. Eradication: Eliminating the root cause of the incident, such as removing the malware from affected systems. Recovery: Restoring systems and services to normal operations while ensuring that they are secure.
A technician would like to employ the existing PKI infrastructure with the new wireless network. Which wireless security options require the use of PKI certificates? EAP-TLS WPA PSK WEP WPA2 PSK
EAP-TLS EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) can use PKI certificates to secure communications. Incorrect answers: WEP is incorrect. WEP (Wired Equivalent Privacy) is a deprecated Wi-Fi security protocol that does not use PKI certificates. WPA PSK is incorrect. Wi-Fi Protected Access (WPA) with pre-shared keys (PSK) does not use PKI; the pre-shared key is a passphrase. WPA2 PSK is incorrect. WPA2 PSK, like WPA PSK, uses a passphrase to secure the wireless network, not PKI certificates.
Which of the following are considered benefits of server virtualization? (Choose two.) Faster network access Efficient application of software updates Cheaper software licensing Centralized data storage
Efficient application of software updates Centralized data storage Efficient Software Updates: Imagine many virtual servers running on one big computer (physical host). When you need to update software on all these virtual servers, it's efficient because you can do it all at once on the main computer. This is like updating all your apps on your phone with one click instead of going to each app separately. Centralized Data Storage: Think of virtual servers as having their files stored in one central place, like a shared folder on a computer. Because all the virtual servers share this storage, it's easier to manage and back up the data. It's similar to having all your important documents in one folder on your computer, making it organized and easy to make copies for backup. So, in simple terms, when you have virtual servers on one big computer, updating software and managing data becomes more efficient and organized.
If a removable USB drive is lost, which of the following protection mechanisms could help prevent data loss or disclosure? Remote wipe Encryption Permissions Strong authentication
Encryption-- is the most effective protection mechanism among the options provided. Encryption involves converting the data on the USB drive into a secure, unreadable format that can only be accessed with the correct decryption key. If the encrypted USB drive is lost or stolen, the data remains protected because unauthorized individuals would need the encryption key to make sense of the information. While strong authentication is indeed important, encryption is specifically designed to safeguard the actual data, providing an additional layer of security in case the physical device is lost or falls into the wrong hands. Strong authentication measures, such as passwords or biometrics, can complement encryption by controlling access to the decryption key.
Your manager has asked that you create a forensics image of an employee's hard drive. What tool would you use? Autopsy WinHex Nessus FTK Imager
FTK Imager is correct. FTK Imager is a free tool you can use to create an image of a drive or an image of memory. In simple terms, FTK Imager is a tool that helps you take complete pictures (images) of computer drives or memory. It's useful for backup, investigations, and understanding what's happening in a computer at a specific moment. Forensic Toolkit
After downloading and attempting to install a video driver you downloaded from a vendor web site, your virus scanner reports that the file is suspicious. You update your virus scanner and scan the file but no viruses are found. What term describes this situation? Infection False compromise False positive False negative
False Positive
Which of the following are examples of spyware? (Choose three.) Changing the web browser home page Gathering entered user keystrokes Broadcasting ARP cache updates to network hosts Flooding a host with network traffic Manipulating search engine results
Gathering entered user keystrokes, Manipulating search engine results, and Changing the web browser home page are correct. Simple Summary: Spyware is like a sneaky computer spy. It can record what you type, trick you with fake search results, and even change the starting page of your web browser to show things you might not want. Key Points: Spyware records what you type. It tricks with fake search results. It can change your web browser's starting page. Stay safe from sneaky spyware!
You are responsible for the Wi-Fi network at your company. How can you prevent the discovery of your WLAN from war drivers? Enable WEP. Disable SSID broadcasting. Enable MAC address filtering. Enable WPA2.
Hide Your Treasure (SSID): Your Wi-Fi network has a name, called an SSID. You can make it invisible, like a hidden treasure chest. This way, war drivers won't easily see it when they're searching for Wi-Fi networks.
Which of the following devices is intentionally left nonsecure, with the hopes of luring a hacker away from the network and observing them? IDS IPS Bastion host Honeypot
Honeypot is correct. A honeypot is a host that has been left with some vulnerabilities open to lure a hacker away from attacking the network and to observe their attack methods. A honeypot is like a decoy computer intentionally set up with vulnerabilities to attract hackers. The idea is to divert the hackers' attention away from the real network and observe how they try to attack the decoy. It's like a trap that helps cybersecurity professionals study and understand the tactics and methods that hackers use. The honeypot is not a real part of the network with important data; instead, it's a tool to learn more about potential threats and improve overall security.
Your company has a salesperson who travels a lot and will be connecting to hotel networks. What security recommendation would you make for her laptop? Unencrypted drive FDE Host-based firewall Null password
Host-based firewall is correct. A host-based firewall should be used when connecting to untrusted networks, such as one in a hotel. Firewall for Local Protection: The host-based firewall primarily focuses on protecting your device from threats at the local level, controlling what goes in and out of your device. VPN for Secure Communication: The VPN, on the other hand, ensures that your communication over the network is secure by encrypting the data, preventing unauthorized access or monitoring. In summary, while a host-based firewall offers local protection on your device, a VPN provides secure communication over the network. When connecting to untrusted networks, using both a host-based firewall and a VPN can provide a more comprehensive and layered approach to enhance the security of your data and device.
Which authentication method allows a user to authenticate to the network once and access multiple systems without needing to provide additional credentials? Multifactor PKI Single sign-on Kerberos
Imagine having a magic key for your computer. With Single Sign-On (SSO), you use this key once to unlock your computer. Once unlocked, you can go into different rooms (systems) without needing to use the key again. SSO makes it easy - you sign in once, and then you're free to move around without more passwords. It's like having a special key that opens many doors!
You would like to ensure that an authentication server is always available. Two authentication servers are clustered together with the authentication data stored on shared disk storage. What must be done to eliminate any single points of failure? (Choose two.) Configure the shared disk storage with RAID 1. Enable all CPU cores. Enable a second NIC in each cluster node. Add a third server to the cluster. (adding third computer)
Imagine you have two computers working together to make sure your secret codes (authentication data) are safe. They store these codes on a special shared drive, like a big digital safe. Now, we want to make sure that if something goes wrong, we don't lose the codes or access to them. Shared Drive with RAID 1: Think of the shared drive like a magical mirror. Everything stored on one side is also mirrored on the other side. So, even if one side breaks, the other side still has all the important codes. It's like having a backup mirror to make sure we don't lose anything. Adding a Third Computer: Now, we have two friends (computers) working together, but to make it even safer, we invite a third friend to join them. So, if one friend needs a break or has a problem, the other two can still do the job and keep everything running smoothly. In simpler terms, we're using special tricks like mirrored drives and having more friends to make sure our secret codes stay safe and our computers keep working, even if something tries to mess things up. It's like having backup plans and extra help to make sure everything stays secure!
Which type of scan sends a packet to each port with the PSH, URG, and FIN flags set? TCP XMAS ACK SYN
Imagine your computer wants to check if the doors (ports) on another computer are open or closed. Each door can be open, closed, or maybe just a bit open. 1. TCP Scan: It's like knocking on each door politely and asking, "Are you open?" This is a normal and polite way to check. 2. XMAS Scan: This one is a bit different. It's like sending a special message with all the holiday lights blinking (PSH, URG, and FIN flags set). It's a more sneaky way to check if the doors are open, like using a special secret code. 3. ACK Scan: This is like sending a message saying, "I acknowledge your presence." It's a formal way of checking without giving away too much information. 4. SYN Scan: Imagine sending a brief message saying, "Are you there?" It's a quick and common way to check if the doors are open without revealing too much. So, the scan that sends a packet with the PSH, URG, and FIN flags set is the XMAS Scan. It's a bit like a special, flashy message to see if the doors are open in a sneaky way! TCP RST Response: If the door is closed (port is not open), the receiving system responds with a TCP RST packet. It's like saying, "Nope, this door is closed, and I'm resetting the connection."
You are the security administrator for a small company and would like to limit clients that can connect to the wireless network by hardware address. What would you do? Implement WEP. Implement NAC. Implement MAC filtering. Enable SSID cloaking.
Implement MAC filtering. Imagine you have a club, and you want to control who gets in. To do this, you decide to use a guest list, and only people whose names are on the list are allowed entry. In the context of a wireless network, the "guest list" is like MAC address filtering. In a wireless network, each device (like a laptop or smartphone) has a unique identifier called a MAC address, similar to a person having a unique name. MAC address filtering works by creating a list of approved MAC addresses (like names on a guest list), and only devices with MAC addresses on that list are allowed to connect to the Wi-Fi network. However, just like having a guest list doesn't make your club completely secure (someone could still sneak in with an approved name), MAC address filtering alone is not foolproof for securing a wireless network. It's a basic measure and can be easily bypassed by someone who knows how to change their device's MAC address. So, it's often recommended to use MAC address filtering in combination with other security measures for better protection.
Evidence must meet all of the following requirements to be admissible in court except which one? Incriminating Competent Sufficient Relevant
Incriminating While evidence is often presented in court to establish facts or support a legal argument, evidence does not need to be incriminating to be admissible. Evidence can be both inculpatory (supporting guilt) or exculpatory (supporting innocence). Admissibility generally depends on factors such as relevance, competence, and sufficiency, but it's not a requirement that evidence must incriminate someone to be considered admissible.
All of the following are classes of controls except which one? Detective Inhibitive Corrective Preventative
Inhibitive
Which of the following goals of information security deals with identifying modifications to data? Confidentiality Nonrepudiation Availability Integrity
Integrity Always make sure of Data integrity when dealing with modifications to data.
What is governance?
Is a system of rules and guidelines that help an organization align its IT infrastructure with its business goals.
What purpose does data labeling serve in a computing environment? It allows for quick retrieval of documents from filing cabinets. It identifies the sensitivity level of digital data. It makes finding spare hardware easier. It makes audit logs easier to read.
It identifies the sensitivity level of digital data. Effective data labeling contributes to better data management, security, and compliance. It enables organizations to apply appropriate access controls, encryption, and other security measures based on the sensitivity level of the data, helping to protect valuable information and mitigate potential risks.
You must distribute the network traffic among a collection of mirrored servers. Which device should you use?
LOAD BALANCER Imagine a load balancer as a traffic manager for websites. Its job is to make sure that when people visit a website, the load balancer distributes the visitors evenly among multiple servers, like having multiple cashiers at a store.
What type of malware is triggered by a condition or date? Conditionware Logic bomb Dateware Spyware
Logic bomb is correct. A logic bomb waits until a specific condition is met (for example, a date) before the code runs.
In the past, your company has experienced malware unleashed on your LAN through users clicking malicious web site links in e-mail messages. What can you do to prevent this occurrence? Install a personal firewall on all computers. Provide malware training to users. Encrypt the contents of hard disks. Enable e-mail digital signatures.
Malware Training involves educating users about the risks associated with clicking on links in emails, recognizing phishing attempts, and adopting safe browsing habits.
Which of the following security controls is designed to prevent tailgating? Least privilege Separation of duties Multifactor authentication Mantrap
Mantrap is correct. A mantrap—an area between two locked doors, where the second door cannot be opened until the first door is locked—is designed to allow only one person at a time to enter a facility, effectively preventing tailgating. Note that mantraps are covered as "access control vestibules" in the Security+ objectives so watch for that on the real exam.
All of the following are considered potential cloud computing security issues except which one? Security management Legal issues Many customers sharing service Hardware footprint
Many customers sharing service is not typically considered a potential security issue in cloud computing. Here's a brief explanation of the other options: Security Management: This refers to the challenge of effectively managing security in a cloud environment, ensuring that proper controls, policies, and configurations are in place to protect data and resources. Legal Issues: Legal concerns include issues related to data privacy, compliance, jurisdiction, and contractual agreements between cloud service providers and their customers. Many Customers Sharing Service: Cloud computing involves multiple customers sharing the same infrastructure. While this is a fundamental characteristic of cloud services, it's not typically considered a security issue. Cloud providers implement measures to isolate customer environments and ensure security. Hardware Footprint: The physical hardware footprint of cloud providers can be a security consideration, especially if it is not adequately secured. However, this is typically managed by the cloud provider as part of their infrastructure security.
You are researching network vulnerability assessment tools to find one that can identify operating system-specific weaknesses. What type of tool should you use? netstat Wireshark Nessus Nmap
Nessus: Nessus is a widely used vulnerability scanner. It actively scans systems for vulnerabilities and can provide detailed reports on weaknesses it discovers. It can identify operating system-specific vulnerabilities among other types.
You are performing a security assessment of the network and would like to send output to a system where you have set up a custom port for the system to receive the data on. What tool would you use? Netcat arp ifconfig nmap
Netcat Netcat is a versatile networking tool that can establish connections to other systems. It allows you to send and receive data over the network. One of its features is the ability to specify custom ports for communication.
Vendor Assesment
Organizations evaluate the security, reliability and performance of external entities.
You are installing a wireless router on the first floor of a commercial building. What should you do to minimize the possibility of Wi-Fi users connecting from the street? (Choose two.) Set the SSID to "Floor 1." Disable DNS on the wireless router. Place the wireless router in the center of the building. Disable DHCP on the wireless router.
Place the wireless router in the center of the building and Disable DHCP on the wireless router are correct. Placing the wireless router in the center of the building reduces the signal strength outside of the building. Disabling DHCP (Dynamic Host Configuration Protocol) means connecting clients must manually configure an appropriate IP address, subnet mask, default gateway, and DNS server.
Which of these is a technique used to execute malicious code, to social-engineer unsuspecting users, or just to generally annoy a user? Static HTML code Pop-ups Tabbed browsing Certificate warnings
Pop-ups
What type of policy outlines how customer data is acquired, used, and stored? Encryption Privacy Secret Acceptable use
Privacy
You would like to use caching to optimize the amount of HTTP and HTTPS network traffic to the Internet from your internal network. Which solution should you use? Proxy server Packet filtering firewall NAT VPN
Proxy Server Caching-A caching proxy server sits between the users in your internal network and the Internet. When users request web content, the proxy server checks if it already has a local copy of that content. If it does, it serves the content directly from the cache, saving the need to retrieve it from the Internet. A proxy server is like a helper between your computer and the internet. It keeps a local copy of web content. So, when you ask for something from the internet, it checks if it already has it. If yes, it gives it to you from its storage, saving time and internet usage. It's like having a quick-access library for web pages!
Which type of risk analysis weighs potential threats based on dollar figures? Qualitative ALE Quantitative ARO
Quantitative Risk Analysis: This type of risk analysis involves assigning numerical values to various aspects of risks, such as the potential financial impact (in dollars) and the likelihood of events occurring. It often involves calculating metrics like Annualized Loss Expectancy (ALE), which is the estimated monetary loss expected from a risk in a year.
Administrators who grant access to resources by assigning users to job roles and then assigning the job role permissions is known as which type of access control model? Rule-based access control Role-based access control Discretionary access control Mandatory access control
Role-based access control
What type of system would be used for monitoring and notification of real-time data at a manufacturing site? SNMP Virtualization Cloud computing SCADA
SCADA Supervisory Control and Data Acquisition (SCADA) is a system that uses both hardware and software to collect and manage information in real-time. It's commonly used in industrial settings to keep an eye on equipment, gather data, and alert people about any potential dangers. Essentially, SCADA helps control and monitor various processes in industries to ensure everything is running smoothly and safely. Incorrect answers: SNMP is incorrect. Simple Network Management Protocol (SNMP) is used to monitor specific values, or counters, for network devices. Cloud computing is incorrect. Cloud computing offers IT services over a network. These services can be rapidly provisioned and deprovisioned from a self-service web portal, and usage is metered. Virtualization is incorrect. Virtualization enables multiple operating system to run concurrently on a single set of computing hardware.
Which of the following algorithms is the stronger hashing algorithm? SHA-1 AES-256 3DES MD5
SHA-1 SHA-1 (Secure Hash Algorithm) generates a 160-bit hash.
You have an Internet-facing web server that only serves static web pages to users. Recently you have discovered that someone has been using your server as a mail relay. Which service and port should you remove to stop this type of attack? HTTP, port 80 SMTP, port 25 SMTP, port 110 HTTP, port 443
SMTP, port 25 sending emails Simple Mail Transport Protocol (SMTP) is like a postman for emails. It's a set of rules that computers follow to send emails from one place to another. Think of it as the system that allows your email to be sent from your computer to the recipient's computer. SMTP (port 25): Primarily used for sending emails from a client to a server. POP3 (port 110): Primarily used for receiving emails from a server to a client.
Which type of tool is commonly used to automate incident response? PKI MDM SOAR SIEM
SOAR is correct. Security orchestration, automation, and response (SOAR) solutions use runbooks to automate incident response thus reducing incident response time. Imagine a Superhero Helper: SOAR is like a superhero helper for computer security. It stands for Security Orchestration, Automation, and Response. Runbooks are like Superhero Plans: In SOAR, there are things called runbooks. Think of runbooks like plans that superheroes follow to tackle problems. These plans help them know what to do when there's trouble. Super Speedy Incident Response: SOAR makes these plans super fast! It automates responses to computer problems, making it quicker to fix things when there's a security issue. It's like having a superhero who can solve problems in a blink! So, SOAR is the Super Sidekick for Computer Security: In simple terms, SOAR is like a sidekick that helps computers stay safe. It follows fast plans (runbooks) to fix things quickly when there's a problem, making sure everything is secure. It's like having a superhero buddy for computer safety!
Chandra is a software developer. She has just completed a web application for a hardened e-commerce web site. What should be done before the application goes live? Patch the web server. Use security fuzzing. Test the PKI code in the web application. Ping the web site to ensure it is functional.
Security fuzzing is testing the website or Sofware employed after security protocols have been installed to make sure it is secure and functional. The main goal of security fuzzing is to uncover hidden bugs, security vulnerabilities, or flaws in software that could be exploited by attackers. By inputting unexpected and potentially malicious data, fuzzing helps to identify how the software reacts under stress or with unexpected inputs, which may reveal points of failure or susceptibility to attacks. Input parsing refers to the process of interpreting and extracting meaningful information from input data. In the context of software development, input parsing is a crucial step where a program takes in raw data, often in the form of user inputs or external data, and processes it to extract relevant information that the program can use.
Which type of log would list failed logon attempts? Event log Security log Access log Application log
Security log is correct. The Windows Security log shows auditing entries related to activity such as logon attempts or file access.
A retail salesclerk is not allowed to maintain related bookkeeping records for accounting purposes. Which security principle does this apply to? Least privilege Due diligence Job rotation Separation of duties
Separation of Duties
Rachelle is a server administrator. During her required monthly server maintenance duties, Rachelle clears all server logs to increase usable disk space. Her job also requires her to create user accounts and grant permissions to network shared folders and printers. What is the security violation in this scenario? Least privilege Incident management Acceptable use Separation of duties
Separation of duties Rachelle is taking on too many duties and creates a risk, separating duties helps create more secure system. Rachelle is a server administrator, and she has the ability to erase all server logs—the potential exists for Rachelle to abuse server administrative privileges and clear any audit trails.
Your boss asks you to calculate the ALE value related to database server downtime. Which two numeric values do you need? Total cost of ownership Annual rate of occurrence Return on investment Single loss expectancy
Single Loss Expectancy (SLE): The SLE represents the expected financial loss from a single occurrence of a specific event. In the context of database server downtime, this would be the estimated monetary loss for each instance of downtime. Annual Rate of Occurrence (ARO): The ARO represents the expected number of occurrences of the event within a year. Once you have the SLE and ARO, you can calculate the Annual Loss Expectancy (ALE) using the formula: ALE=SLE×ARO Annual Loss Expectancy (ALE): The estimated monetary loss expected per year due to the specific event, in this case, database server downtime. Your boss will need to provide or help determine the Asset Value (AV) and Exposure Factor (EF) for the database server, and you'll need to estimate the Annual Rate of Occurrence (ARO) based on historical data, industry trends, or other relevant factors.
Which of the following commonly result from spyware infections? (Choose three.) Slower computer Money stolen through online banking Identity theft Reformatted hard disk
Slower computer Money stolen through online banking Identity theft Reformatted hard disk is incorrect. Spyware would not reformat your hard disk, although many viruses could.
With asymmetric encryption, which of the following is used to encrypt a message sent from Bob to Sue? Sue's private key Sue's public key Bob's public key Bob's private key
Sue's public key Public Key: This key is used for encryption and can be freely distributed. Anyone can use the public key to encrypt a message. Private Key: This key is kept secret and is used for decryption. Only the recipient, who possesses the private key, can decrypt the message that was encrypted with the corresponding public key. So, if Person A wants to send a secure message to Person B: Person B shares their public key with Person A. Person A uses Person B's public key to encrypt the message. Person B, with their private key, decrypts the message.
Your company uses FTP servers to enable remote user access to sensitive corporate contracts. Which options will secure the FTP server communication? (Choose three.) IPSec VPN TLS TPM
Sure, let's break it down in simpler terms: VPN (Virtual Private Network): Think of a VPN as a secret tunnel for your data. When you access the FTP server, a VPN creates a secure and private pathway, like a secret road, so nobody else can see or tamper with your sensitive contracts. It's like having your own private route to the FTP server. TLS (Transport Layer Security): TLS is like a protective shield for your data. It wraps your sensitive contracts in a secure layer, making sure they are safe while traveling to and from the FTP server. It's like putting your contracts in a special, secure envelope so nobody can peek inside. IPSec (Internet Protocol Security): IPSec is like a guard that stands at the entrance of the secret tunnel (VPN). It ensures that only the right people with the correct keys can enter and exit the tunnel. It's like having a trustworthy guard to check everyone's credentials before they use the secret road. These measures work together to create a secure and private pathway for your sensitive contracts. The VPN creates a secret tunnel, TLS adds a protective layer to your data, and IPSec ensures that only authorized users can access the secret tunnel. It's like having a well-guarded, secure route for your important information!
Which of the following algorithms produces a 128-bit hash? MD5 3DES AES SHA-1
The algorithm that produces a 128-bit hash is MD5 (Message Digest Algorithm 5). MD5 is a widely used cryptographic hash function that produces a fixed-size (128-bit) hash value. However, it's important to note that MD5 is considered cryptographically broken and unsuitable for further use in security-sensitive applications. It is vulnerable to collision attacks, where two different inputs can produce the same hash value, compromising its integrity. For more secure applications, it is recommended to use newer hash functions like SHA-256 or SHA-3, which offer stronger security properties.
Under what circumstance might a risk be acceptable? (Choose the best answer.) The ARO is less than the cost of mitigating the risk. The ALE is less than the cost of mitigating the risk. The SLE is less than the cost of mitigating the risk. The ALE is more than the cost of mitigating the risk.
The circumstance under which a risk might be considered acceptable is when The ALE (Annualized Loss Expectancy) is less than the cost of mitigating the risk. Explanation: ARO (Annualized Rate of Occurrence): This represents how often a specific risk event is expected to occur in a year. SLE (Single Loss Expectancy): This is the expected financial loss for a single occurrence of a specific risk event. ALE (Annualized Loss Expectancy): ALE is the calculated annual financial impact of a specific risk, taking into account both the ARO and SLE. When the ALE is less than the cost of mitigating the risk, it suggests that the financial impact of the risk, considering its likelihood and potential loss, is lower than the cost of implementing risk mitigation measures. In such cases, organizations might decide that the risk is acceptable, and the cost of mitigation outweighs the potential financial impact. In contrast, if the ALE is more than the cost of mitigating the risk, it may be more prudent to invest in risk mitigation to reduce the overall financial impact.
A Linux administrator enables hardware disk encryption for data drives used by a Linux server. The operating system disk is physically located in the Linux server but the data drives exist on a SAN (storage area network). Which of the following statements is true? Disk encryption is not possible for SAN disks. Linux cannot use SAN disks. The confidentiality of the data is being protected. The integrity of the data is being protected.
The confidentiality of the data is being protected. Operating System Disk: The operating system disk, often referred to as the "system disk" or "OS disk," is the storage device where the operating system is installed. The operating system (e.g., Windows, Linux, macOS) is the software that manages the computer's hardware and allows users to interact with it. The OS disk contains system files, software applications, and the files necessary for the operating system to function. In simple terms, it's like the brain of the computer. When you turn on your computer, the operating system loads from the OS disk, and it enables you to use the computer and run various programs. VS Data Drives: Data drives, on the other hand, are storage devices dedicated to holding user data, files, documents, and applications. Unlike the OS disk, which primarily contains the operating system and system-related files, data drives store the information and content that users create and use. In simple terms, data drives are like the storage spaces where you keep your documents, photos, videos, and other files. They provide additional space for users to store and organize their data separate from the operating system. The hardware disk encryption is like a superhero power that guards your toys (data) on the special shelf (data drive) in the big safe room (storage area network). It makes sure they stay the same and nobody can change them without permission. That's how the integrity, or the safety and honesty of your toys (data), is protected!
Which type of planning relates to the recovery of a specific system? Disaster recovery plan Risk assessment Business impact analysis Communication plan
The type of planning that relates to the recovery of a specific system is Disaster Recovery Plan. Explanation: Disaster Recovery Plan:A Disaster Recovery Plan is a set of procedures and strategies designed to recover and restore IT systems and data after a disruptive event. This plan specifically focuses on the recovery of systems, applications, and data in the aftermath of a disaster, whether it's a natural disaster, a cyberattack, or any other disruptive incident.
You are performing a penetration test for your company and would like to collect publicly available information about your company using an OSINT tool. What tool would you use? theHarvester netcat nmap nslookup
TheHarvester -is a powerful OSINT tool that gathers information from public sources, including search engines, PGP key servers, and more. It helps in collecting email addresses, subdomains, employee names, and other relevant information.
All of the following are valid types of Windows event logs except which one? Process Security System Application
There is no specific "process" type of log, although processes can be logged in Windows and usually appear in one of the other log types. There are several types of Windows Event Logs, each serving a specific purpose: Application Log: Records events generated by applications or programs. This log often contains information about application crashes, errors, and warnings. System Log: Captures events related to the Windows system components. It includes information about device drivers, system services, and other system-level events. Security Log: Focuses on security-related events, such as login attempts, user authentication, and resource access. It is crucial for monitoring and auditing security-related activities on the system. Setup Log: Contains information about the installation of software and updates. It's particularly useful for troubleshooting installation issues. Forwarded Events: Allows the forwarding of events from one computer to another in a network. Custom Logs: Users and applications can create custom logs to record specific events tailored to their needs.
Leslie is projecting timelines to complete various analysis reports. Which list presents the correct order in which each analysis should be performed? Risk, threat Threat, risk Business impact, risk Threat, vulnerability
Threat, risk By first identifying threats and then assessing the associated risks, you can better understand what potential dangers exist and how likely they are to cause harm.
You would like to perform a vulnerability scan on the network. What tool would you use? Nessus nmap hping chmod
To perform a vulnerability scan on the network, you would typically use a dedicated vulnerability scanning tool. Among the options provided, Nessus is a well-known and widely used vulnerability scanning tool. Explanation: Nessus:Nessus is a comprehensive vulnerability scanning tool that helps identify security vulnerabilities in a network or system. It conducts scans to detect potential weaknesses and provides detailed reports to assist in remediation efforts. The other options: nmap: While nmap is a powerful network scanning tool, it is primarily used for discovering hosts and services on a network. It can provide information about open ports but may not provide the same depth of vulnerability assessment as Nessus. hping: hping is a packet crafting tool and can be used for various network-related tasks, but it is not specifically designed for vulnerability scanning. chmod: chmod is a command used in Unix-like operating systems to change file permissions and is not related to network scanning or vulnerability assessment. For a dedicated vulnerability scan, Nessus is a suitable choice.
You are investigating an incident involving one of your employees and want to ensure that they do not delete e-mail messages that can be used for evidence. What can you do to prevent the deletion of e-mail messages? Legal hold Application approve list Order of volatility Hashing
To prevent the deletion of email messages for the purpose of preserving evidence, you can implement a Legal Hold. Explanation: Legal Hold:Legal hold, also known as a litigation hold or preservation order, is a process by which organizations retain and secure potentially relevant electronic data, including email messages, to ensure its preservation for legal or regulatory purposes. It involves suspending the normal data deletion policies for the specified data in question. Other options mentioned: Application Approval List: This term is not commonly associated with preventing the deletion of email messages for evidence preservation. It seems unrelated to this specific context. Order of Volatility: Order of volatility refers to a principle in digital forensics that guides the preservation of evidence by focusing on capturing volatile data first. It does not directly address preventing the deletion of specific email messages. Hashing: Hashing is a process of generating a fixed-size hash value from data, often used for data integrity verification. It is not a method for preventing the deletion of email messages but rather a technique for ensuring data integrity through checksums. In summary, for evidence preservation, implementing a legal hold is the appropriate measure to prevent the deletion of email messages. This ensures that potentially relevant data is retained and protected from deletion during the investigation.
Social engineering breaches which of the following? Intimidation Authority Trust Familiarity
Trust: Social engineering relies on the establishment of trust, tricking individuals into believing that the attacker is someone they can rely on or someone with authority.
Which type of security testing does not provide any information at all to testers? Unknown environment Laterally known environment Partially known environment Known environment
Unknown Enviroment
A company requires that traveling users have secure access to the corporate LAN across the Internet. Which technology provides this solution? Packet filtering firewall VPN Proxy server NAT
VPN VPN technology establishes an encrypted tunnel between a traveling user's computer and a VPN concentrator on a corporate network over an untrusted network, such as the Internet. Any data transmitted through the encrypted tunnel is secure and is decrypted by the other endpoint device. VPN split tunneling enables user access to corporate resources while still allowing access to Internet resources through the user's Internet connection.
James, a programmer, drives through downtown Vancouver and uses his laptop with a high-gain antenna to detect wireless networks. Which term best describes this activity? War chalking War driving Rogue access point Bluesnarfing
War Driving
Your NIDS alerts you of excessive network traffic spreading through each of your five VLANs. The problem seems to stem from malicious software that keeps replicating itself across the network. You react according to your incident response plan by turning off the affected switches. What caused the problem? Worm Spyware Trojan Fileless virus
Worm or Malware Outbreak: Malicious software, such as a worm, may have infected one or more systems on the network. Worms are known for self-replicating and spreading rapidly across networks. KEY WORDS Excessive Network Traffic: This suggests an abnormal amount of data moving through the network, which can be indicative of a self-replicating malware or worm. Malicious Software: The mention of "malicious software" indicates that the problem is not accidental but is caused by software with harmful intent. Replicating Itself: The fact that the issue involves replication indicates a self-propagating nature, which is a common characteristic of malware, especially worms. NIDS Alerts: The intrusion detection system alerts about the excessive traffic, suggesting that the abnormal behavior has been detected by a security monitoring system. Incident Response Plan: The reference to an incident response plan indicates a structured approach to handling security incidents, reinforcing the seriousness of the situation. Turning Off the Affected Switches: This action is part of an incident response strategy to contain the issue by isolating the affected part of the network.
What does Thrid party Vendor Risk Mean?
Your security is comprised by outside parties, like vendors, suppliers and business that do business with you.
Which of the following answers can be used to describe technical security controls? (Select 3 answers) a Focused on protecting material assets b Sometimes called logical security controls c Executed by computer systems (instead of people) d Also known as administrative controls e Implemented with technology f Primarily implemented and executed by people (as opposed to computer systems)
b. Sometimes called logical security controls c. Executed by computer systems (instead of people) e. Implemented with technology *Any control that is implemented and executed with technology
Supply Chain Risk with hardware manufacturing.
devices must be vetted to be used by the a low risk appetite like the DOD.
