CompTIA Security+ Final Assessment (real)
A new systems administrator at an organization has a difficult time understanding some of the configurations from the previous IT staff. It appears many shortcuts were taken to keep systems running and users happy. Which weakness does the administrator report this configuration as?
Availability over confidentiality and integrity
After news of a breach at a competitor, IT at a manufacturer looks to harden server systems. Which system properties should IT disable if they are not in use? (Select all that apply.)
Network interfaces System services Service ports
An engineering firm provisions microwave technology for a wide area communications project. When using point-to-multipoint (P2M) mode, which technologies does the firm put in place? (Select all that apply.)
Sectoral antennas Multiple sites connected to a single hub
Analyze the following statements and select the one that describes key differences between internet protocol security (IPSec) modes.
Tunnel mode allows communication between virtual private networks (VPNs), while transport mode secures communications between hosts on a private network.
An organization requires that a file transfer occurs on a nightly basis from an internal system to a third-party server. IT for both organizations agree on using FTPS. Which configurations does IT need to put in place for proper file transfers? (Select all that apply.)
A. Configure the use of port 990 C. Negotiate a tunnel prior to any exchanged commands
Identify the type of attack where malware forces a legitimate process to load a malicious link library.
A. DLL injection
A threat actor infiltrates a company's server. Engineers fail while trying to stop the attacker from stealing data. The attacker achieves which final phase of the Lockheed Martin kill chain?
Actions on objectives
An engineering firm wants to bolster the security measures implemented on their servers. Evaluate the proposed solutions for the best type of security control to fit the firm's needs.
Advanced firewalls and access control lists should be configured.
Based on knowledge of identity and authentication concepts, select the true statement.
An account consists of an identifier, credentials, and a profile.
Examine each of the following attack scenarios to determine which vulnerabilities can be mitigated by changing firewall configurations.
An attacker used a domain name server (DNS) lookup from a network host.
Compare and evaluate the main components in an Extensible Authentication Protocol (EAP). Which scenarios accurately differentiate between these components? (Select all that apply.)
An authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using EAP. A supplicant requests authentication and the authentication server performs the authentication.
Systems administrators configure an application suite that uses a collection of single hash functions and symmetric ciphers to protect sensitive communication. While the suite uses these security features collectively, how is each instance recognized?
As a cryptographic primitive
Which statement best illustrates the advantages and disadvantages of using asymmetric encryption?
Asymmetric encryption is ideal for proving identity, but it requires significant computing overhead and is inefficient for bulk encryption.
A cloud engineer configures a virtual private cloud. While trying to create a public subnet, the engineer experiences difficulties. The issue is that the subnet remains private, while the goal is to have a public subnet. What does the engineer conclude the problem might be?
The Internet gateway is not configured as the default route.
A national intelligence agency maintains data on threat actors. If someone intercepted this data, it would cause exceptionally grave damage to national security. Analyze the risk of exposure and determine which classification this data most likely holds.
Top secret
An engineer considers blockchain as a solution for record-keeping. During planning, which properties of blockchain does the engineer document for implementation? (Select all that apply.)
Using a peer-to-peer network Using cryptographic linking
What type of phishing attack targets upper-level management?
Whaling
A security manager configures an access control list (ACL) to enumerate permissions to data resources. Evaluate the control measure and determine to what state of data the control applies.
Data at rest
A hacker remotely gains unauthorized access to a company's system and makes a copy of proprietary business data. Which of the following summarizes the event that has taken place?
Data exfiltration
Which of the following statements most accurately describes the function of key stretching?
Key stretching adds entropy to a user-generated password.
Evaluate the differences between hardware- and software-based key storage and select the true statement.
HSM may be less susceptible to tampering and insider threats than software-based storage.
A cooperative group of farmers and ranchers consider network options for embedded systems that operate automated irrigation and feeding processes. The cooperative is most likely to be concerned with which embedded network features? (Select all that apply.)
High reliability Low latency
A company deploys an active defense strategy designed to detect insider malpractice. To record the malicious insider's actions, the security team creates a convincing, yet fake, data file with a tracker that records any data exfiltration attempts. Analyze the security tool and determine what method the security team employed.
Honeyfile
An organization prepares for an audit of all systems security. While doing so, staff perform a risk management exercise. Which phase does the staff consider first?
Identify essential functions
Analyze the following security information and event management (SIEM) functions and determine which event is NOT conducted during data aggregation.
Link observables into a meaningful indicator of risk, or Indicator of Compromise (IOC).
Management looks to IT for a solution to identify successful and failed login attempts. Which solution will IT provide to management?
Logs
A new IT administrator accidently causes a fire in the IT closet at a small company. Consider the disaster types and conclude which types this event might classify as. (Select all that apply.)
Man-made Internal
The Human Resources department works with the IT department at an organization to develop employee security training. Which security control type and function describes the training program? (Select all that apply.)
Operational Deterrent
A customer responds to an email advertisement that appears to link to mystore.com. The customer logs into the website with their username and password. The website has the same homepage the customer is familiar with, but it is actually a page set up by an attacker to gain credentials. The attacker can then login to mystore.com with the user's credentials, and shop using the saved credit card on file. Which type of attack has occurred in this scenario?
Pharming
Which type of workplace surveillance includes recording employees' movement, location, and behavior within the workplace?
Physical
The IT director at a financial institution grants account permissions using an access control list (ACL). This illustrates what type of security control?
Preventative
A company tells the IT department that user access needs to be changed so privileges are only granted when needed, then revoked as soon as the task is finished or the need has passed. Based on Account Management practices, what is the company asking the IT department to implement?
Privilege bracketing
A power outage disrupts a medium-sized business, and the company must restore systems from backups. If the business can resume normal operations from a backup made two days ago, what metric does this scenario represent?
Recovery Point Objective (RPO)
While preparing a disaster recovery plan, management at a company considers how far back it can allow for the loss of data. Which metric does management use to describe this business essential data in terms of recovery?
Recovery point objective
A company without an internal IT team hires a service provider to monitor a computer network for security issues. Before the service provider is given access, which agreement is put in place to establish expectations?
SLA
After attending a security seminar, management inquired about ways to secure directory services. If the company uses Microsoft's Active Directory, which of the following implementations is the IT team most likely to suggest?
Simple Authentication and Security Layer (SASL)
What exploitation method targets near field communication (NFC) devices?
Skimming
The U.S. Department of Defense (DoD) awards an IT contract to a tech company to perform server maintenance. The servers are colocated at a third-party storage facility. The DoD and the tech company enter into what type of agreement which commits the tech company to implement the agreed upon security controls?
Interconnection security agreement (ISA)
A security information and event management (SIEM) handler's dashboard provides graphical representations of user profile trends. The graphic contrasts standard user activity with administrative user activity and flags activity that deviates from these clusters. This graphical representation utilizes which trend analysis methodology?
Statistical deviation analysis
A suspected network breach prompts an engineer to investigate. The engineer utilizes a set of command line tools to collect network routing data. While doing so, the engineer discovers that UDP communications is not working as expected. Which tool does the engineer experience difficulty with?
traceroute
What type of attack replays a cookie?
D. Session hijacking
There are a variety of methods for indicating a potential security breach during the identification and detection phase of incident response. Two examples are Intrusion Detection System (IDS) alerts and firewall alerts. Evaluate the following evidence and select the alternate methods that would be of most interest to the IT department during this phase. (Select all that apply.)
A daily industry newsletter reports on a new vulnerability in the software version that runs on the company's server. An anonymous employee uses an "out of band" communication method to report a suspected insider threat.
Which of the following authentication procedures effectively employs multifactor authentication?
A system login requires a user to insert a smart card and enter a PIN.
Simulate the installation of a bare metal virtual platform.
A. A type 1 hypervisor is installed directly onto a host machine and manages access to the host hardware directly.
Evaluate which of the following solutions would most effectively mitigate vulnerabilities that might arise when outsourcing code development.
A. Have one vendor develop the code, and a different vendor perform vulnerability and penetration testing.
An engineer pieces together the clues from an attack that temporarily disabled a critical web server. The engineer determines that a SYN flood attack was the cause. Which pieces of evidence led the engineer to this conclusion? (Select all that apply.)
ACK packets were missing from the client SYN/ACK packets from the server were misdirected
A junior engineer suspects there is a breached system based on an alert received from a software monitor. The use of the alert provides which information to the engineer?
C. IoC
An administrator provisions both a new cloud-based virtual server and an on-premises virtual server. Compare the possible virtualization layer responsibilities for the implementation and determine which one applies to this configuration.
CSP is responsible for the cloud, the administrator is responsible for the on-premise.
Which of the following policies support separation of duties? (Select all that apply.)
Employees must take at least one, five-consecutive-day vacation each year. A principle of least privilege is utilized and critical tasks are distributed between two employees. Standard Operating Procedures (SOPs) are in effect in each office.
Which scenario best illustrates effective use of industrial camouflage as a security control?
Entry control measures for a secure facility begin inside a main entry point, rather than outside the building.
A large data facility just experienced a disaster-level event, and the IT team is in the process of reconstituting systems. Which statement illustrates the appropriate first step the team should take in this process?
First, the team should enable and test power delivery systems, including grid power, power distribution units (PDUs), uninterruptible power supplies (UPS), and secondary generators.
Analyze the factors associated with performing a Business Process Analysis (BPA) and select the statement that aligns with the output factors.
The data or resources a function produces
Which of the following defines key usage with regard to standard extensions?
The purpose for which a certificate was issued
Which command can help a security professional conducting an organizational security assessment identify a spoofing attack?
arp
Xander sends a malicious file via email attachment to employees at a target company, hoping at least one employee will open the malicious file that will propagate through the company's network and disrupt the company's operations. If Xander's goal is disruption of company operations, what does this describe?
intent
Analyze the following scenarios and determine which constitutes an external threat.
Abram uses a quiz on a popular social media platform to solicit answers to online banking consumers' login security questions.
An individual contacts a company's IT department, threatening to exploit a vulnerability found in the company's security infrastructure if the company does not pay a bounty. Upon further investigation, the IT team discovers that the individual threatening the company used crude scripts in the hacking attempt, which they easily managed. Which statement best describes the disparity between the hacker's claim and the hacker's real capability?
The hacker presents as a black hat, but the individual's capabilities indicate the hacker is a script kiddie.
A security investigator compiles a report for an organization that lost data in a breach. Which ethical approach does the investigator apply while collecting data for the report?
Using repeatable methods
Examine the features of different virtual platform implementations and select the statement that best describes the difference between a Type I and a Type II hypervisor.
A Type II hypervisor installs on a host OS, that manages virtual machines. A Type I (or "bare metal") hypervisor interfaces directly with the host hardware.
Select the correct simulation of a Virtual Desktop Infrastructure (VDI) deployment.
A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server.
Examine the use of software diversity in infrastructure development and assess which statement describes the advantages of using a diverse range of development tools and application vendors over a monoculture environment.
A diverse environment can provide security by diversity, making attack strategies more difficult to research and implement.
An administrator plans a backup and recovery implementation for a server. The goal is to have a full backup every Sunday followed by backups that only include changes every other day of the week. In the event of a catastrophe, the restore time needs to be as quick as possible. Which scheme does the administrator use?
Full followed by differentials
During weekly scans, a system administrator identifies a system that has software installed that goes against security policy. The system administrator removes the system from the network in an attempt to limit the effect of the incident on the remainder of the network. After the system administrator removes the unauthorized software and completes additional scans, the system administrator places the system back on the network. Applying information from the Computer Security Incident Handling Guide, determine the next step the system administrator should take to mitigate the effects of the incident and restore the network to optimal functionality.
The system administrator should determine how the unauthorized software was installed and identify what security to modify to prevent future incidents, then fully document the incident.
Which of the following key storage solutions exercises M-of-N control?
While four administrators have access to the system, it takes two administrators to access the system at any given time.
A penetration tester directs test packets to the host using a variety of default passwords against service and device accounts, gaining a view of the vulnerabilities the network exposes to unprivileged users. Given this situation, what type of test did the penetration tester use?
A non-credentialed scan
A user attempts to use a smart card for Kerberos authentication. If the user is successfully authenticated, how does the authentication server respond?
A session key is issued
A security analytics team is threat hunting on a Windows network. What type of activity is most likely to alert the team to an insider attack?
A. A user without privileged access executes PowerShell Invoke-Command cmdlet.
Sal, an IT specialist for a large tech firm, pays for a subscription to a threat data feed to stay updated on the latest blogs, white papers, and webinars in his field. What term(s) best describes this type of feed? (Select all that apply.)
A. Closed B. Proprietary
A user at a realtor's office contacts their IT department to report that they are not able to copy contract files to a USB flash drive to take home. Which explanation does the IT representative share with the user?
A. Data loss prevention prevents file copying.
A retail establishment experiences an attack where whole number values have been exploited. As a result, some credit values are manipulated from positive values to negative values. Which type of attack is the establishment dealing with?
A. Integer overflow
Analyze the following scenarios and determine which attacker used piggy backing.
A. On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range.
When monitoring API usage on a system, an engineer notices a very high error rate. The application's latency and thresholds appear to be normal. What does the engineer determine to be the cause? (Select all that apply.)
A. Overloaded system B. Security issues
A hacker gains access to a database of usernames for a target company and then begins combining common, weak passwords with each username to attempt authentication. The hacker conducts what type of attack?
A. Password spraying
The Human Resources department issues a policy at an organization to govern the use of company owned computer equipment. Which behavior type does this policy address?
Acceptable use
Which statement describes a key distinction between an intentional and unintentional threat actor?
B. An intentional threat actor has intent and motivation to attack; whereas, an unintentional threat actor acts out of negligence.
Examine the differences between authentication factors and authentication attributes and select the statement that most effectively summarizes the differences between authentication factors and authentication attributes.
B. Authentication factors verify an account holder's credentials, while authentication attributes are either non-unique or cannot independently authenticate a user's credentials.
Analyze and select the statements that accurately describe both worms and Trojans. (Select all that apply.)
B. Both worms and Trojans can provide a backdoor. D. A worm is self-contained while a Trojan is concealed within an application package.
A hacker places a false name:IP address mapping in an operating system's HOSTS file, redirecting traffic from a legitimate IP address to a malicious IP address. What type of attack did the hacker perform?
B. Domain name system client cache (DNS) poisoning
A security team uses passive scanning to gather information and data related to a suspected rogue system on a network. By using passive scanning, what type of information does the team gather?
B. Indirect evidence
A dissatisfied employee has discreetly begun exfiltrating company secrets to sell to a competitor. The employee sets up a malware script that will run in the event of the employee's firing and account deletion. Analyze the attack and determine what type of attack the employee has emplaced.
B. Logic bomb
Users at a company report that web browsing to their own website is not working. Upon further investigation, it is found that HTTP sessions are being hijacked. Any requests to replace a resource during a TCP connection are being altered. Which HTTP method is not working properly?
B. PUT
The IT staff at a large company review numerous security logs and discover that the SAM database on Windows workstations is being accessed by a malicious process. What does the staff determine the issue to be?
C. Credential dumping
During a cyber incident response exercise, a blue team takes steps to ensure the company and its affiliates can still use network systems while managing a simulated threat in real-time. Based on knowledge of incident response procedures, what stage of the incident response process is the blue team practicing?
Containment
An organization installs embedded systems throughout a manufacturing plant. When planning the install, engineers had to consider system constraints related to identification. As a result, which areas of the main systems are impacted? (Select all that apply.)
Crypto Authentication
A web server receives data from an application. It appears that passing this data causes an issue that evolves into an overflow at the destination. What process on the receiving server should be investigated?
D. Input validation
IT staff reviews security alerts received for a monitoring system and discovers that uncommon firewall ports on several Windows workstations and a server have been opened and are being accessed by a malicious process. What does the staff determine the issue to be?
D. Lateral movement
A security engineer configures a digital key to encrypt sensitive data. There is an overall fear of losing the key. Which methods might the engineer consider as a backup management solution? (Select all that apply.)
Escrow M-of-N control
Which statement correctly differentiates between file transfer protocol (FTP), secure shell file transfer protocol (SFTP), and file transfer protocol over secure socket layer (FTPS)?
FTP has no encryption. FTPS adds transport layer security (TLS), and SFTP is an entirely different protocol based on the network protocol SSH (secure shell).
Security solutions providers and academics conduct primary research to produce outputs on threat intelligence that takes three main forms. Which of these selections is NOT one of the three main outputs?
Information Sharing and Analysis Centers (ISACs)
Apply knowledge of load balancing technologies to select the statement that best explains an advantage of a layer 7 load balancer over a layer 4 load balancer.
Layer 4 load balancers can only check connectivity, while layer 7 load balancers can test an application's state.
Management at a financial firm assembles an incident response team. This team is responsible for handling certain aspects of recovery and remediation following a security incident. Which roles are appropriate to include on the team? (Select all that apply.)
Legal HR PR
A defense contractor must configure a new server in a site where several other companies maintain server equipment. The contractor's security requirements specify that other companies' personnel cannot gain access to the contractor's servers, and the area must be impervious to eavesdropping from electromagnetic leaks. What site security configuration will best meet the contractor's requirements?
Locked Faraday cage
Which features distinguish a next-generation endpoint detection and response (EDR) product from traditional EDR solutions? (Select all that apply.)
Next-generation endpoint agents use cloud management, rather than reporting to an on-premises server. Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA).
Identify the true statements about supervisory control and data acquisition (SCADA) systems. (Select all that apply.)
SCADA systems typically run as software on ordinary computers, gathering data from and managing field devices. SCADA systems serve primarily industrial, manufacturing, utility, and logistics sectors.
A systems engineer looks to monitor a network for security purposes. The engineer places sensors throughout the building in appropriate places. Fortunately, the engineer thought ahead and purchased appropriate network switches. Which sensor type does the engineer use? (Select all that apply.)
SPAN Mirror
A technology firm suffers a large-scale data breach, and the company suspects a disgruntled former IT staff member orchestrated the breach to exfiltrate proprietary data. During the forensic investigation, a hard disk was not signed out when handled. Examine the scenario and determine what issue this oversight is most likely to cause in the investigative process.
The chain of custody is under question.
Two companies enter into an agreement that if one data center suffers a disaster-level event, it can failover to the other company's data center with minimal disruption in service. Which statement most accurately describes the companies' site resiliency postures?
The companies have a reciprocal arrangement for mutual hot site support.
When a company first installed its computer infrastructure, IT implemented robust security controls. As the equipment ages, however, those controls no longer effectively mitigate new risks. Which statement best summarizes the company's risk posture?
The company's aging infrastructure constitutes a control risk.
After a break-in at a government laboratory, some proprietary information was stolen and leaked. Which statement best summarizes how the laboratory can implement security controls to prevent future breaches?
The laboratory needs to take corrective action and should implement both physical and preventative controls in the future.
A server administrator configures symmetric encryption for client-server communications. The administrator configured it this way to utilize which mechanism?
The same secret key is used to perform both encryption and decryption.
A security engineer configures a passcode to a data center by using a cipher. The engineer uses a substitution cipher on the string hocuspocus. Which result does the engineer produce with this cipher type?
The string: krfxvsrfxv
A company's IT department pushes system updates and configures user permissions from the same shared account. Which statement best describes how this practice is problematic?
This practice breaks non-repudiation.
An engineer configures a proxy to control access to online content for all users in an organization. Which proxy type does the engineer implement by using an inline network appliance? (Select all that apply.)
Transparent Intercepting
A network administrator needs to implement a firewall between nodes on the same subnet, without reconfiguring subnets and reassigning IP addresses across the network. Considering firewall configurations, which implementation is the best choice?
Transparent firewall
A company follows a bring your own device (BYOD) mobile implementation. What is an ideal solution the company can use to overcome some of the security risks involved with employee-supplied devices?
Virtual desktop infrastructure (VDI)
An engineer configures hosts on a network to use IPSEC for secure communications. The engineer decides between Encapsulation Security Payload (ESP) or Authentication Header (AH). If the engineer chooses transport mode over tunnel mode, which specifics of operation should be expected? (Select all that apply.)
With ESP the IP header for each packet is not encrypted AH can provide integrity for the IP header
An engineer implements a security solution to protect a domain. The engineer decides on DNS Security Extensions (DNSSEC) to prevent spoofing. Which features does the engineer rely on for protection? (Select all that apply.)
Zone Signing Key RRset package Key Signing Key
A primary target for a hacker gaining access to a network is user passwords. Consider the file locations where Windows and Linux each store passwords and determine which of the following is NOT used for password storage.
%SystemRoot%\System32\Drivers\etc\hosts
Which of the following sequences properly orders forensic data acquisition by volatility priority?
1. System memory caches 2. Data on mass storage devices 3. Remote monitoring data 4. Archival media
Compare the advantages and disadvantages of certificate revocation versus suspension and select the scenario that presents the best argument for certificate revocation.
A banking website's private key may have been compromised.
Compare the characteristics of service account types and determine which statement accurately describes the characteristics of a local service account.
A local service account has the same privileges as the standard user account and can only access network resources as an anonymous user.
A security engineer implements a secure wireless network. In doing so, the engineer decides to use EAP with Flexible Authentication via Secure Tunneling (EAP-FAST). Which authentication approach does the engineer implement?
A. Protected Access Credential (PAC) instead of a certificate
Several businesses operating on a federated network allow access to each other's resources through enterprise connections. When this type of federated network employs Security Assertion Markup Language (SAML), how are authorization tokens secured?
A. SAML tokens are signed with an eXtensible Markup Language (XML) digital signature.
An engineer routinely provides data to a source that compiles threat intelligence information. The engineer focuses on behavioral threat research. Which information does the engineer provide?
B. Descriptions of example attacks
A security information and event management (SIEM) manager analyzes logs from a network RADIUS server. When the SIEM manager analyzes this data, what is the manager looking for as an indicator of possible malicious activity?
Authentication attempt errors
An unauthorized person gains access to a restricted area by claiming to be a member of upper management and bullying past the door guard's verbal attempts to stop the unauthorized visitor. What type of policy could help mitigate this type of social engineering attack?
B. ID badge policy
An IT engineer looks to practice very rigid configuration management. The primary goal is to ensure very little deviation from an initial install of systems. Which method does the engineer utilize to accomplish this?
Baselines
An intrusion prevention system (IPS) generates an incident report for some suspicious user activity, which prompts a system administrator to investigate a possible insider attack. Analyze the scenario and determine what type of IPS profile led to this discovery.
Behavioral-based detection
After a company moves on-premise systems to the cloud, engineers devise to use a serverless approach in a future deployment. What type of architecture will engineers provision in this deployment? (Select all that apply.)
C. Containers D. Microservices
Consider an abstract model of network functions for an infrastructure as code (IaC) implementation and determine which plane describes how traffic is prioritized.
C. Control
An organization hires a pen tester. The tester achieves a connection to a perimeter server. Which technique allows the tester to bypass a network boundary from this advantage?
C. Pivoting
A banking institution considers cloud computing options for use across multiple locations. Comparing cloud deployment models, which implementation is most likely to suit the company's needs?
C. Private
A guard station deploys a new security device to use to access a classified data station. The installation technician tests the device's sensitivity to speed and pressure. Which type of behavioral technology is the technician testing for?
D. Signature recognition
Which statement draws a true comparison between full, differential, and incremental backups? (Select all that apply.)
If a system performs backups every day, an incremental backup includes only files changed that day, while a differential backup includes all files changed since the last full backup. Compared to a differential backup, both full backups and incremental backups clear the archive attribute.
A company located in the western United States that uses cloud computing relies on redundant systems in adjacent availability zones for data backup and storage. Analyze the configuration and determine which level of high availability service the company utilizes.
Regional replication
Consider the process of obtaining a digital certificate and determine which of the following statements is NOT correct.
Registration is the process where end users create an account with the domain administrator.
Which of the following statements best contrasts between a service-oriented architecture (SOA) model and a microservices-based model?
SOA can build services from other services, while an implementation of microservices develops, tests, and deploys microservices independently.
A systems administrator uses a disk image to provision new workstations. After installing several workstations, it is found that they no longer boot. It is possible that the disk image in use included malicious code. Which specific method has stopped the systems from starting?
Secure boot
An investigator needs to analyze all data on a system. Which file does the investigator review if it contains data while in use when physical RAM in a system is exceeded?
Swap file
A junior engineer investigates a systems breach. While documenting network information, the engineer uses the arp command. What useful information will this command provide?
The MAC address of systems the host has communicated with.
A suspected malicious insider at a company conducted a network attack. A security manager conducting forensic analysis looks for evidence of misconduct on the employee's workstation and in system logs. Examine the scenario and determine what argument a defense attorney might bring up concerning the forensic investigative process. (Select all that apply.)
The examiner conducted analysis with bias. The examination did not follow ethical procedures.
Which statement best describes how a hierarchical certificate authority (CA) trust model mitigates the weakness in a single CA model and guards against the compromise of the root CA?
The hierarchical CA model still uses a single root CA, but delegates certificate granting authority to intermediate CAs, so the root CA may go offline in a secure configuration.
A banking firm's IT team discovers a possible man-in-the-middle attack. Which of the following statements describes an assessment tool that would result in this discovery? (Select all that apply.)
This tool sends probes to report the round trip time (RTT) for hops between the local host and a host on a remote network. This tool displays the local machine's Address Resolution Protocol (ARP) cache.
In the containment phase of incident response, the Cyber Incident Response Team (CIRT) faces complex issues that need to be addressed quickly. During this phase, a member of the CIRT would be concerned about all EXCEPT which of the following issues?
Which password policy will prevent this in the future?
Which statements describe why devices on an enterprise network should disable Wi-Fi tethering? (Select all that apply.)
Wi-Fi tethering functionality can circumvent data loss prevention measures. Wi-Fi tethering functionality can circumvent web content filtering policies.