4.4.7 Practice Questions
You're the security administrator for a small consulting firm. To ensure that clients' information is secure when emailing, you require that all emails be encrypted. To accomplish this, each consultant has a public encryption key that they share with their clients. The clients are instructed to use that key to encrypt any electronic communications. The consultants then use their private keys to decrypt the communication. Which type of encryption are you using in this scenario? Asymmetric Symmetric Certificate authorities Digital certificates
Asymmetric Asymmetric encryption uses two keys instead of one. A user's public key is used to encrypt the data, and a private key is used to decrypt the data. The private key decrypts only data that was encrypted using its matching public key. Symmetric encryption uses one key to both encrypt and decrypt the data. This method isn't being used in this scenario. Digital certificates can be used to share public keys, but this isn't a type of encryption. Certificate authorities issue and validate digital certificates; they aren't a type of encryption.
You're the security administrator for the local hospital, and you've discovered that the hospital's network was the target of a recent cyberattack. During the investigation, you discover that the hacker gained initial access to the network through a user account. Now you need to continue your forensics investigation to discover where else the hacker gained access to and what damage they may've caused. You decide to enlist the help of some IT personnel. You give them temporary administrator access to help with the investigation and to secure any affected systems. Which type of user account are you creating? Domain administrator account Emergency account Privileged user account Service account
Emergency account (temp admin access)
You're the security administrator for a small consulting firm, whose network has been the victim of a ransomware attack. They've decided to pay the ransom to regain their data, but you've been tasked with investigating the attack so that the vulnerabilities can be patched to hopefully prevent future scenarios like this one. During your investigation, you discover that the hacker gained initial access to the network through a user account. From there, the hacker was able to gain access to a domain service account. From this account, the hacker ran some custom scripts that exploited vulnerabilities in the network that gave them access to a domain administrator account. With this privileged account, the attacker was able to execute their ransomware attack. Which type of attack was carried out by the hacker? Phishing attack Human-operated ransomware Data theft Commodity ransomware
Human-operated (gain access, encrypt data, black mail for money)
You're the security administrator for a small consulting firm, whose network has been the victim of a ransomware attack. The firm decided to pay the ransom to regain their data, but you've been tasked with investigating the attack so that the vulnerabilities can be patched to hopefully prevent scenarios like this in the future. During your investigation, you discover that the hacker gained initial access to the network through a user account. From there, the hacker was able to gain access to a domain service account. From this account, they ran some custom scripts that exploited vulnerabilities in the network and gave them access to a domain administrator account. With this privileged account, the attacker was able to execute their ransomware attack. You've decided to implement a zero-trust policy to help prevent this type of attack from occurring in the future. You need to make sure that you apply the policy across all six foundational elements. Which of the following elements includes users, services, applications, and IoT devices? Networks Endpoints Identities Infrastructure
Identities (includes users, services, apps & loT)
You're the network administrator for a small research firm that's based in Alaska. Your office consists of 20 users and 35 Windows 10 machines. The firm relies on specialized software to perform the needed tasks. When this software is installed, a special account is created that grants the software the required permissions, which uses a digital certificate to validate itself with Windows. The firm has just renewed the software subscription, and you need to update the certificates on each Windows device using the Certificate Manager tool. Which of the following would you perform to open the correct Certificate Manager tool? In Computer Management, select current user certificates and edit as needed. Select Run from the Start menu and type certlm.msc. In Computer Management, select local device certificates and edit as needed. Select Run from the Start menu and type certmgr.msc.
Select Run from the Start menu and type certlm.msc.
You're the network administrator for a small research firm based in Alaska. Your office consists of 20 users and 35 Windows 10 machines. The firm relies on specialized software to perform the needed tasks. When this software is installed, a special account is created that grants the software the required permissions, which uses a digital certificate to validate itself with Windows. The firm has just renewed the software subscription, and you need to update the certificates on each Windows device. Which certificate store are these certificates most likely stored in?
Service Account store
Which of the following standards defines digital certificates' attributes and guidelines? Certificate authority X.509 PKI 802.11
X.509 The X.509 standard defines digital certificates' attributes and guidelines. 802.11 is the standard for wireless networks. Public key infrastructure (PKI) isn't a standard that defines digital certificates' attributes and guidelines. The digital certificates and certificate authority make up the PKI. Certificate authorities are reputable organizations that issue public certificates to organizations that want to communicate securely over the internet. They don't define digital certificates' attributes and guidelines.
You're the security administrator for a small consulting firm, whose network has been the victim of a ransomware attack. The firm decided to pay the ransom to regain their data, but you've been tasked with investigating the attack so that the vulnerabilities can be patched to hopefully prevent scenarios like this one in the future. During your investigation, you discover that the hacker gained initial access to the network through a user account. From there, they were able to gain access to a domain service account. From this account, the hacker ran some custom scripts that exploited vulnerabilities in the network and gave them access to a domain administrator account. With this privileged account, the attacker was able to execute their ransomware attack. You've decided to implement a zero-trust policy to help prevent this type of attack from occurring in the future. Which of the following security measures should you implement for the identities across the network? Device health enforcement Abnormal behavior monitoring End-to-end encryption Multi-factor authentication
multi-factor auth You should apply multi-factor authentication to identities when you implement a zero-trust policy. Device health enforcement is applied to endpoints when you implement a zero-trust policy. Abnormal behavior monitoring applies to applications when you implement a zero-trust policy. End-to-end encryption applies to networks when you implement a zero-trust policy.
You're the security administrator for Contoso Inc., a small consulting firm. Part of your responsibilities include managing the organization's digital certificates. Contoso Inc. is getting ready to launch a new website. As part of the certificate signing request (CSR), you want to include the hostnames: Sales.contoso.com Login.contoso.com Support.contoso.com Which section of the CSR should you include these in? Incorrect response: Organizational unit Correct Answer: Common name Correct Answer: Subject alternative name Correct Answer: Organization
subject alternative name The subject alternative name (SAN) is an optional field. The SAN allows the organization to have multiple hostnames covered in one certificate. The common name is the website's fully qualified domain name (FQDN). The organization field is the organization's legal name. The name can't be abbreviated, and any suffixes (such as LLC) must be included. The organizational unit is the division that's handling the certificate.
You're the security administrator for a small consulting firm, whose network has been the victim of a ransomware attack. The firm decided to pay the ransom to regain their data, but you've been tasked with investigating the attack so that the vulnerabilities can be patched to hopefully prevent scenarios like this one in the future. During your investigation, you discover that the hacker gained initial access to the network through a user account. From there, they were able to gain access to a domain service account. From this account, the hacker ran some custom scripts that exploited vulnerabilities in the network and gave them access to a domain administrator account. With this privileged account, the attacker was able to execute their ransomware attack. To prevent this type of attack from occurring again, you've decided to implement a new security policy. Which of the following should you implement to protect your network? Privileged user accounts Zero-trust security model Emergency user accounts Trust-by-default security model
zero-trust security