Security+ 601
Compare the characteristics of a rogue Access Point (AP) in wireless networks to determine which statements correctly summarize their attributes. (Select three.) -An evil twin is a rogue AP masquerading as a legitimate AP, and an attacker may form this by using a Denial of Service (DoS) to overcome the legitimate AP. -Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP. -An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities. -A Denial of Service (DoS) will bypass authentication security (enabled on the AP), so it is important to regularly scan for rogue APs on the network.
-An evil twin is a rogue AP masquerading as a legitimate AP, and an attacker may form this by using a Denial of Service (DoS) to overcome the legitimate AP. -Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP. -An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities.
Both Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control System (TACACS+) provide authentication, authorization, and accounting using a separate server (the AAA server). Based on the protocols' authentication processes, select the true statements. (Select three.) -TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. -RADIUS uses UDP and TACACS+ uses TCP. -TACACS+ encrypts the whole packet (except the header) an RADIUS only encrypts the password. -RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
-RADIUS uses UDP and TACACS+ uses TCP. -TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. -RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
Which of the following considerations is most important when employing a signature-based intrusion detection system? -The system may produce false positives and block legitimate activity. -The system must create a valid baseline signature of normal activity. -Signatures and rules must be kept up to date to protect against emerging threats. -Signatures and rules must be able to detect zero-day attacks.
-Signatures and rules must be kept up to date to protect against emerging threats.
A system administrator is configuring a new Dynamic Host Configuration Protocol (DHCP) server. Analyze the types of attacks DHCP servers are prone to and determine which steps the system administrator should take to protect the server. (Select three) -Use scanning and intrusion detection to pick up suspicious activity. -Disable DHCP snooping on switch access ports to block unauthorized servers. -Enable logging and review the logs for suspicious events. -Disable unused ports and perform regular physical inspections to look for unauthorized devices.
-Use scanning and intrusion detection to pick up suspicious activity. -Enable logging and review the logs for suspicious events. -Disable unused ports and perform regular physical inspections to look for unauthorized devices.
A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate? -26 hours -1 hour -23 hours -72 hours
26 hours
Analyze and compare the access control models in terms of how Access Control Lists (ACL) are written and determine which statement accurately explains the Discretionary Access Control (DAC) model. -A DAC model is the most flexible and weakest access control model. Administrative accounts have control of the resource and grants rights to others. -A DAC model is the least flexible and strongest access control model. The owner has full control over the resource and grants rights to others. -A DAC model is the least flexible and strongest access control model. Administrative accounts have control of the resource and grant rights to others. -A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.
A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.
Evaluate the functions of a Network-Based Intrusion Detection System (NIDS) and conclude which statements are accurate. (Select two.) -Training and tuning are fairly simple, and there is a low chance of false positives and false negatives. -A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. -Training and tuning are complex, and there is a high chance of false positive and negative rates. -A NIDS will identify attacks and block the traffic to stop the attack. The administrator will be able to review the reports for future prevention.
A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. & Training and tuning are complex, and there is a high chance of false positive and negative rates.
An Internet Service Provider's (ISP) customer network is under a Distributed Denial of Service (DDoS) attack. The ISP decides to use a blackhole as a remedy. How does the ISP justify their decision? -A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network. -A blackhole makes the attack less damaging to the ISP's other customers and continues to send legitimate traffic to the correct destination. -A blackhole routes traffic destined to the affected IP address to a different network. Here, the ISP can analyze and identify the source of the attack, to devise rules to filter it. -A blackhole is preferred, as it evaluates each packet in a multi-gigabit stream against an Access Control List (ACL) without overwhelming the processing resources.
A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network.
Assess the features and processes within biometric authentication to determine which scenario is accurate. -A company chooses to use a biometric cryptosystem due to the ease of revocation for a compromised certificate. -A company uses a fingerprint scanner that acts as a sensor module for logging into a system. -A company uses a fingerprint scanner that acts as a feature extraction module for logging into a system. -A company records information from a sample using a sensor module.
A company uses a fingerprint scanner that acts as a sensor module for logging into a system.
Analyze the following scenarios and determine which best simulates a content filter in action. (Select two.) -A system has broken down a packet containing malicious content, and erases the suspicious content, before rebuilding the packet. -A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter. -A system administrator builds a set of rules based on information found in the source IP address to allow access to an intranet. -A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.
A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter. & A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.
Analyze each scenario and determine which best describes the authentication process in an Identity and Access Management (IAM) system. -An account is created that identifies a user on the network. -A user logs into a system using a control access card (CAC) and PIN number. -An Access Control List (ACL) is updated to allow a new user access to only the databases that are required to perform their job. -A report is reviewed that shows every successful and unsuccessful login attempt on a server.
A user logs into a system using a control access card (CAC) and PIN number.
Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation? -A weak number generator leads to many published keys sharing a common factor. -A weak number generator creates numbers that are never reused. -A strong number generator creates numbers that are never reused. -A strong number generator adds salt to encryption values.
A weak number generator leads to many published keys sharing a common factor.
Identify the attack that can launch by running software such as Dsniff or Ettercap from a computer attached to the same switch as the target. -ARP poisoning attack -MAC spoofing -MAC flooding -Man-in-the-Middle (MitM)
ARP poisoning attack
Given knowledge of load balancing and clustering techniques, which configuration provides both fault tolerance and consistent performance for applications like streaming audio and video services? -Active/Passive clustering -Active/Active clustering -First in, First out (FIFO) clustering -Fault tolerant clustering
Active/Passive clustering
Which of the following are types of log collection for SIEM? (Select two.) -Log aggregation -Packet capture -Agent-based -Listener/Collector
Agent-based & Listener/Collector
Which statement best describes the purpose of an acceptable use policy (AUP)? -An AUP governs how employees may use company equipment and internet services. -An AUP establishes ethical standards for employee behavior. -An AUP communicates a company's values and expectations to its employees and customers. -An AUP defines security roles and training requirements for different types of employees.
An AUP governs how employees may use company equipment and internet services.
An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices in the field. What type of threat intelligence source is the IT manager most likely accessing? -Open Source Intelligence (OSINT) -An Information Sharing and Analysis Center (ISAC) -A vendor website, such as Microsoft's Security Intelligence blog -A closed or proprietary threat intelligence platform
An Information Sharing and Analysis Center (ISAC)
Compare and contrast the characteristics of the various types of firewalls and select the correct explanation of a packet filtering firewall. -An administrator configures an Access Control List (ACL) to deny access to IP addresses. -A firewall that maintains stateful information about the connection. -A firewall that analyzes HTTP headers and the HTML code to identify code that matches a pattern. -A stand-alone firewall implemented with routed interfaces or as a virtual wire transparent firewall.
An administrator configures an Access Control List (ACL) to deny access to IP addresses.
An organization routinely communicates directly to a partner company via a domain name. The domain name now leads to a fraudulent site for all users. Systems administrators find incorrect host records in DNS. What do the administrators believe to be the root cause? -A server host has a poisoned arp cache. -Some user systems have invalid hosts file entries. -An attacker masquerades as an authoritative name server. -The domain servers have been hijacked.
An attacker masquerades as an authoritative name server.
Artificial intelligence (AI) and machine learning are especially important during which security information and event management (SIEM) task? -Packet capture -Analysis and report review -Data aggregation -Log collection
Analysis and report review
Security information and event management (SIEM) collect data inputs from multiple sources. Which of the following is NOT one of the main types of log collection for SIEM? -Agent-based -Listener/collector -Sensor (sniffer) -Artificial intelligence (AI)
Artificial intelligence (AI)
Which of the following statements best describes the trade-off when considering which type of encryption cipher to use? -Asymmetric encryption is the strongest hashing algorithm, which produces longer and more secure digests than symmetric encryption. -Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data. -Symmetric encryption requires substantially more overhead computing power than asymmetric encryption. Symmetric encryption is inefficient when transferring or encrypting large amounts of data. -Symmetric encryption is not considered as safe as asymmetric encryption, but it might be required for compatibility between security products.
Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data.
Analyze the features of behavioral technologies for authentication, and choose the statements that accurately depict this type of biometric authentication. (Select all that apply.) -Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. -Signature recognition is popular within this technology because everyone has a unique signature that is difficult to replicate. -Obtaining a voice recognition template for behavioral technologies is rather easy and can be obtained quickly. -Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.
Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. & Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.
Which statement most accurately describes the mechanisms by which blockchain ensures information integrity and availability? -Blockchain ensures availability by cryptographically linking blocks of information, and integrity through decentralization. -Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping. -Blockchain ensures availability through cryptographic hashing and timestamping, and integrity through decentralization. -Blockchain ensures both availability and integrity through decentralization and peer-to-peer (P2P) networking.
Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping.
An employee is working on a team to build a directory of systems they are installing in a classroom. The team is using the Lightweight Directory Access Protocol (LDAP) to update the X.500 directory. Utilizing the standards of an X.500 directory, which of the following distinguished names is the employee most likely to recommend? -OU=Univ,DC=local,CN=user,CN=system1 -CN=system1,CN=user,OU=Univ,DC=local -CN=user,DC=local,OU=Univ,CN=system1 -DC=system1,OU=Univ,CN=user,DC=local
CN=system1,CN=user,OU=Univ,DC=local
Which type of employee training utilizes gaming and/or scenario-based techniques to emphasize training objectives? (Select all that apply.) -Capture the flag (CTF) -Computer-based training (CBT) -Phishing campaigns -Role-based training
Capture the flag (CTF) & Computer-based training (CBT)
Compare the types of Distributed Denial of Service (DDoS) attacks and select the best example of a synchronize (SYN) flood attack. -A group of attackers work together to form an attack on a network. -An attack consumes all of the network bandwidth resulting in denial to legitimate hosts. -Client IP addresses are spoofed to misdirect the server's SYN/ACK packet increasing session queues. -A client's IP address is spoofed and pings the broadcast address of a third-party network with many hosts.
Client IP addresses are spoofed to misdirect the server's SYN/ACK packet increasing session queues.
The _____ requires federal agencies to develop security policies for computer systems that process confidential information. -Sarbanes-Oxley Act (SOX) -Computer Security Act -Federal information Security Management Act (FISMA) -Gramm-Leach-Bliley Act (GLBA)
Computer Security Act
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred? -Familiarity/liking -Consensus/social proof -Authority and intimidation -Identity fraud
Consensus/social proof
After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address? -Compensating -Deterrent -Corrective -Detective
Corrective
During the planning/scoping phase of the kill chain, an attacker decides that a Distributed Denial of Service (DDoS) attack would be the best way to disrupt the target website and remain anonymous. Evaluate the following explanations to determine the reason the attacker chose a DDoS attack. -A DDoS attack can launch via covert channels -DDoS attacks utilize botnets -A DDoS attack creates a backdoor to a website -DDoS attacks use impersonation
DDoS attacks utilize botnets
An authoritative server for a zone creates an RRset signed with a Zone Signing Key. Another server requests a secure record exchange and the authoritative server returns the package along with the public key. Evaluate the scenario to determine what the authoritative server is demonstrating in this situation. -Domain Name System (DNS) -DNS Security Extension -DNS Footprinting -Dynamic Host Configuration Protocol (DHCP)
DNS Security Extension
Compare the features of static and dynamic computing environments and then select the accurate statements. (Select two.) -Embedded systems are typically static computing environments, while most personal computers are dynamic computing environments. -Dynamic computing environments are easier to update than static computing environments. -Dynamic computing environments give less control to users than static computing environments. -Dynamic computing environments are easier to secure than static computing environments.
Embedded systems are typically static computing environments, while most personal computers are dynamic computing environments. & Dynamic computing environments are easier to update than static computing environments.
Which statement describes the mechanism by which encryption algorithms help protect against birthday attacks? -Encryption algorithms utilize key stretching. -Encryption algorithms use secure authentication of public keys. -Encryption algorithms add salt when computing password hashes. -Encryption algorithms must utilize a blockchain.
Encryption algorithms add salt when computing password hashes.
An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access. -Valid from/to -Extended key usage -Serial number -Public key
Extended key usage
In which of these situations might a non-credentialed vulnerability scan be more advantageous than a credentialed scan? (Select two.) -When active scanning poses no risk to system stability -External assessments of a network perimeter -Detection of security setting misconfiguration -Web application scanning
External assessments of a network perimeter & Web application scanning
Many Internet companies, such as Google and Facebook, allow users to share a single set of credentials between multiple services providers. For example, a user could login to Amazon using their Facebook credentials. Which term correctly defines this example? -Federation -Single sign-on -Permission -Access control
Federation
A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs? -Blockchain -Quantum computing -Perfect forward security (PFS) -Homomorphic encryption
Homomorphic encryption
An employee recently retired, and the employee received an exit interview, returned a company-issued laptop, and had company-specific programs and applications removed from a personal PC. Evaluate this employee's offboarding process and determine what, if anything, remains to be done. -The offboarding process is complete; no further action is necessary. -IT needs to disable the employee's user account and privileges. -IT needs to delete any company data encrypted with the employee's key. -The employee must sign a nondisclosure agreement (NDA).
IT needs to disable the employee's user account and privileges.
Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing? -A black box pen tester acts as a privileged insider and must perform no reconnaissance. A white box pen tester has no access, and reconnaissance is necessary. A gray box actor is a third-party actor who mediates between a black box and white box pen tester. -A black box pen tester acts as the adversary in the test, while the white box pen tester acts in a defensive role. A gray box pen tester is a third-party actor who mediates between a black box pen tester and a white box pen tester. -In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance. In a white box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a black box pen tester has complete access and skips reconnaissance. -A gray box tester has some, but not all information, and requires partial reconnaissance.
In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.
A user presents a smart card to gain access to a building. Authentication is handled through integration to a Windows server that's acting as a certificate authority on the network. Review the security processes and conclude which are valid when using Kerberos authentication. (Select two.) -Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. -The smart card generates a one-time use Ticket Granting Service (TGS) session key and certificate. -The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority. -The Authentication Server (AS) is able to decrypt the request because it has a matching certificate.
Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. & The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority.
One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select two.) -Education -Socioeconomic status -Intent -Motivation
Intent & Motivation
A company security manager takes steps to increase security on Internet of Things (IoT) devices and embedded systems throughout a company's network and office spaces. What measures can the security manager use to implement secure configurations for these systems? (Select two.) -Isolate hosts using legacy versions of operating systems (OSes) from other network devices through network segmentation. -Use wrappers, such as Internet Protocol Security (IPSec) for embedded systems' data in transit. -Increase network connectivity for embedded systems so they receive regular updates. -Maintain vendor-specific software configuration on Internet of Things (IoT) devices that users operate at home and in the office.
Isolate hosts using legacy versions of operating systems (OSes) from other network devices through network segmentation. & Use wrappers, such as Internet Protocol Security (IPSec) for embedded systems' data in transit.
A company has a critical encryption key that has an M-of-N control configuration for protection. Examine the examples and select the one that correctly illustrates the proper configuration for this type of protection of critical encryption keys. -M=1 and N=5 -M=3 and N=5 -M=6 and N=5 -M=0 and N=5
M=3 and N=5
A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately demonstrates the purpose of the audit. -Managerial -Technical -Physical -Compensating
Managerial
Which security related phrase relates to the integrity of data? A. Availability is authorized B. Modification is authorized C. Knowledge is authorized D. Non-repudiation is authorized
Modification is authorized
A system administrator wants to install a mechanism to conceal the internal IP addresses of hosts on a private network. What tool can the administrator use to accomplish this security function? -NAT gateway -Reverse proxy server -Virtual firewall -Access Control List (ACL)
NAT gateway
Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning? -National Institute of Standards and Technology (NIST) -International Organization for Standardization (ISO) -Control Objectives for Information and Related Technologies (COBIT) -Sherwood Applied Business Security Architecture (SABSA)
National Institute of Standards and Technology (NIST)
A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice? (Select Two.) -Open Source Intelligence (OSINT) -Scanning -Social engineering -Persistence
Open Source Intelligence (OSINT) & Social engineering
Examine the tradeoff between traditional password policy complexity requirements and updated practical suggestions from the National Institute of Standards and Technology (NIST) and select the statement that fits both practical password management and traditional complexity requirements. -Passwords should be easy to remember and can include spaces and repetitive strings of numbers (like 987654). -Passwords should be easy to remember, but should never use spaces. -Passwords should be written in a common password repository held secure by a member of the IT staff. -Passwords should not contain dictionary words or contextual information, such as a username or the company name.
Passwords should not contain dictionary words or contextual information, such as a username or the company name.
A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as? -Weaponization -Persistence -Reconnaissance -Pivoting
Persistence
An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.) -Boot sector -Program -Script -Trojan
Program & Script
An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take. -Revoke the keys. -Recover the encrypted data. -Generate a new key pair. -Generate a new certificate.
Recover the encrypted data
Select the options that can be configured by Group Policy Objects (GPOs). (Select two.) -Registry settings -Code signing -Software deployment -Baseline deviation
Registry settings & Software deployment
A system administrator uses a Graphical User Interface (GUI) remote administration tool over TCP port 3389 to manage a server operating Windows 2016. Evaluate the types of remote administration tools to conclude which protocol the administrator is using. -Secure Shell -Telnet -Dynamic Host Configuration Protocol -Remote Desktop
Remote Desktop
Biometric authentication methods have different error rates, with some methods being easier to fool than others. An unauthorized user is unlikely to fool which of the following methods? -Fingerprint scan -Retinal scan -Facial recognition -Voice recognition
Retinal scan
An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise. -Certificate generation -Key generation -Expiration and renewal -Revocation
Revocation
A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which is being used. -Spyware -Keylogger -Rootkit -Trojan
Rootkit
Consider the role trust plays in federated identity management and determine which models rely on networks to establish trust relationships. (Select three.) -SAML -OAuth -OpenID -LDAP
SAML, OAuth, OpenID
Given that layer 2 does not recognize Time to Live, evaluate the potential problems to determine which of the following options prevents this issue. -ICMP -L2TP -NTP -STP
STP
There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone. -DMZ -Screened host -Wireless -Guest
Screened host
A system administrator needs secure remote access into a Linux server. Evaluate the types of remote administration to recommend which protocol should be used in this situation. -Telnet -Secure Shell (SSH) -Remote Desktop Protocol (RDP) -Kerberos
Secure Shell (SSH)
Which of the following solutions best addresses data availability concerns that may arise with the use of application-aware next-generation firewalls (NGFW) and unified threat management (UTM) solutions? -Signature-based detection system -Secure web gateway (SWG) -Network-based intrusion prevention system (IPS) -Active or passive test access point (TAP)
Secure web gateway (SWG)
If an administrator in an exchange server needs to send digitally signed and encrypted messages, what messaging implementation will best suit the administrator's needs? -Secure/Multipurpose Internet Mail Extensions (S/MIME) -Secure Post Office Protocol v3 (POP3S) -Internet Message Access Protocol v4 (IMAP4) -Simple Mail Transfer Protocol (SMTP)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation? -Key management -Encryption -Obfuscation -Steal confidential information
Steal confidential information
A system administrator needs to implement a secure remote administration protocol and would like more information on Telnet. Evaluate and select the features of Telnet that the administrator should consider to accomplish this task. (Select all that apply.) -Telnet does not support direct file transfer. -Telnet uses TCP port 23. -Telnet is a secure option. -Telnet uses encryption to send passwords.
Telnet does not support direct file transfer. & Telnet uses TCP port 23.
A system administrator is deploying a new web server. Which hardening procedures should the administrator consider? (Select two.) -The administrator should use SFTP to transfer files to and from the server remotely. -Any guest accounts that exist on the webserver should be disabled or removed. -The administrator should assign a digital certificate and enable the use of TLS 1.3. -The configuration templates contain vulnerabilities, and the administrator should not utilize them.
The administrator should use SFTP to transfer files to and from the server remotely. & The administrator should assign a digital certificate and enable the use of TLS 1.3.
Compare and evaluate the various levels and types of security found within a Trusted OS (TOS) to deduce which scenario is an example of a hardware Root of Trust (RoT). -A security system is designed to prevent a computer from being hijacked by a malicious operating system. -The boot metrics and operating system files are checked, and signatures verified at logon. -Digital certificates, keys, and hashed passwords are maintained in hardware-based storage. -The industry standard program code that is designed to operate the essential components of a system.
The boot metrics and operating system files are checked, and signatures verified at logon.
Analyze the methods for authentication to a Secure Shell (SSH) and determine which statement best summarizes the host-based authentication method. -The user's private key is configured with a passphrase that must be input to access the key. -The client submits credentials that are verified by the SSH server using RADIUS. -The client submits a Ticket Granting Ticket (TGT) that is obtained when the user logged onto the workstation. -The client sends a request for authentication and the server generates a challenge with the public key.
The client sends a request for authentication and the server generates a challenge with the public key.
Select the explanations that accurately describe the Ticket Granting Ticket (TGT) role within the Authentication Service (AS). (Select all that apply.) -The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. -The AS responds with a TGT that contains information about the client, to include name and IP address, plus a timestamp and validity period. -The AS responds with a TGT key for use in communications between the client and the Ticket Granting Service (TGS). -The TGT responds with a service session key for use between the client and the application server.
The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. & The AS responds with a TGT that contains information about the client, to include name and IP address, plus a timestamp and validity period.
A network manager is installing a new switch on the network. Which option does the manager use to harden network security after installation? -A Group Policy Object (GPO) should be configured to deploy custom settings. -The Server Core option should be used to limit the device to only using Hyper-V and DHCP. -Microsoft Baseline Security Analyzer (MBSA) is used on Windows networks and validates the security configuration of a Windows system. -The network manager should ensure all patches are applied and it is appropriately configured.
The network manager should ensure all patches are applied and it is appropriately configured.
Based on the known facts of password attacks, critique the susceptibility of the password "DogHouse23" to an attack. -This is a sufficient password. It is ten characters and contains uppercase characters, lowercase characters, and numbers. -This is an insufficient password. There are not enough uppercase characters within the password. -This is a sufficient password. The password is easy for the user to remember yet long enough to meet character requirements. -This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.
This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.
A security engineer investigates a recent system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector? -Threat -Vulnerability -Risk -Exploit
Threat
An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation. -Credentialed scan -Configuration review -Penetration testing -Threat hunting
Threat hunting
Which situation would require keyboard encryption software be installed on a computer? -To set up single sign-on privileges -To comply with input validation practices -For the purpose of key management -To protect against spyware
To protect against spyware
Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)? -HOTP is not configured with a shared secret. -The server is not configured with a counter in HOTP. -Only the HOTP server computes the hash. -Tokens can be allowed to continue without expiring in HOTP.
Tokens can be allowed to continue without expiring in HOTP.
A technician is configuring Internet Protocol Security (IPSec) for communications over a Virtual Private Network (VPN). Evaluate the features of available modes and recommend the best option for implementation. -Tunnel mode because the whole IP packet is encrypted, and a new IP header is added. -Transport mode because the whole IP packet is encrypted, and a new IP header is added. -Tunnel mode because the payload is encrypted. -Transport mode because the payload is encrypted.
Tunnel mode because the whole IP packet is encrypted, and a new IP header is added.
What is Open Source Intelligence (OSINT)? -Obtaining information, physical access to premises, or even access to a user account through the art of persuasion. -The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources. -Using web search tools and social media to obtain information about the target. -Using software tools to obtain information about a host or network topology.
Using web search tools and social media to obtain information about the target.
Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options. -Vulnerability scanning is conducted by a "white hat" and penetration testing is carried out by a "black hat." -Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active. -Penetration testing and vulnerability scanning are considered "black hat" practices. -Vulnerability scanning is part of network reconnaissance, but penetration testing is not.
Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.
A team is building a wireless network, and the company has requested the team to use a Wired Equivalent Privacy (WEP) encryption scheme. The team has developed a recommendation to utilize a different encryption scheme based on the problems with WEP. Analyze the features of WEP to determine what problems to highlight in the recommendation. -WEP only allows the use of a 128-bit encryption key and is not secure. The Initialization Vector (IV) is too large to provide adequate security. -WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm. -WEP has the option to use either a 64-bit or a 128-bit key, which is not secure enough for the company. Packets use a checksum to verify integrity that is too difficult to compute. -WEP only allows the use of a 64-bit key, which is not secure enough for the company. The Initialization Vector (IV) is often not generated using a sufficiently random algorithm.
WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm.
A company is reviewing the options for installing a new wireless network. They have requested recommendations for utilizing WEP, WPA, or WPA2. Differentiate between Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Determine which of the following statements accurately distinguishes between the options. (Select two.) -WEP uses RC4 with a Temporal Key Integrity Protocol (TKIP) and WPA, while WPA2 uses a 24-bit Initialization Vector (IV). WPA2 combines the 24-bit IV with an Advanced Encryption Standard (AES) to add security. -WEP is the strongest encryption scheme, followed by WPA2, then WPA. WEP is difficult to crack when protected by a strong password, or if deploying enterprise authentication. WPA2 is more vulnerable to decryption due to replay attack possibilities. -WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption. -WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.
WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption. & WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.
A website with many subdomains has been issued a web server certificate for domain validation. This certificate verifies the parent domain and subdomains (to a single level). This certificate is also known as which of the following? -SAN certificate -Wildcard certificate -Root certificate -Code signing certificate
Wildcard certificate
Which statement best describes the difference between session affinity and session persistence? -With persistence, once a client device establishes a connection, it remains with the node that first accepted its request, while an application-layer load balancer uses session affinity to keep a client connected by setting up a cookie. -Session affinity makes node scheduling decisions based on health checks and processes incoming requests based on each node's load. Session persistence makes scheduling decisions on a first in, first out (FIFO) basis. -With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie. -Session persistence makes scheduling decisions based on traffic priority and bandwidth considerations, while session affinity makes scheduling decisions based on which node is available next.
With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie.