Security+ CertMaster
Analyze the features of behavioral technologies for authentication, and choose the statements that accurately depict this type of biometric authentication. (Select all that apply.)
- Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. - Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.
In which of these situations might a non-credentialed vulnerability scan be more advantageous than a credentialed scan? (Select all that apply.)
- External assessments of a network perimeter - Web application scanning
A user presents a smart card to gain access to a building. Authentication is handled through integration to a Windows server that's acting as a certificate authority on the network. Review the security processes and conclude which are valid when using Kerberos authentication. (Select all that apply.)
- Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. - The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority
If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key management and select the true statements. (Select all that apply.)
- It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. - If a private key, or secret key, is not backed up, the storage system represents a single point of failure.
Both Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control System (TACACS+) provide authentication, authorization, and accounting using a separate server (the AAA server). Based on the protocols' authentication processes, select the true statements. (Select all that apply.)
- RADIUS uses UDP and TACACS+ uses TCP. - TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. - RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
A contractor has been hired to conduct penetration testing on a company's network. They have decided to try to crack the passwords on a percentage of systems within the company. They plan to annotate the type of data that is on the systems that they can successfully crack to prove the ease of access to data. Evaluate the penetration steps and determine which are being utilized for this task. (Select all that apply.)
- Test security controls - Exploit vulnerabilities
Select the explanations that accurately describe the Ticket Granting Ticket (TGT) role within the Authentication Service (AS). (Select all that apply.)
- The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. - The AS responds with a Service Ticket that contains information about the client. This includes the name and IP address of the client, plus a timestamp and validity period.
An outside security consultant updates a company's network, including data cloud storage solutions. The consultant leaves the manufacturer's default settings when installing network switches, assuming the vendor shipped the switches in a default-secure configuration. Examine the company's network security posture and select the statements that describe key vulnerabilities in this network. (Select all that apply.)
- The network is open to third-party risks from using an outside contractor to configure cloud storage settings. - The default settings in the network switches represent a weak configuration.
Select the appropriate methods for packet capture. (Select all that apply.)
- Wireshark - tcpdump
A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate?
26 hours
Evaluate the differences between stream and block ciphers and select the true statement.
A block cipher is padded to the correct size if there is not enough data in the plaintext.
Assess the features and processes within biometric authentication to determine which scenario is accurate.
A company uses a fingerprint scanner that acts as a sensor module for logging into a system
Analyze the following attacks to determine which best illustrates a pharming attack
A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.
Select the statement which best describes the difference between a zero-day vulnerability and a legacy platform vulnerability.
A legacy platform vulnerability is unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it.
When exploring the deep web, a user will need which of the following to find a specific and hidden dark web site?
A specific URL
Evaluate how identification and authentication are distinct in their functions. Which of the following scenarios best illustrates a user being authenticated?
A user accesses a system by having their face scanned.
Which of the following options represents Two-Factor Authentication (2FA)?
A user logs in using a password and a smart card.
Analyze each scenario and determine which best describes the authentication process in an Identity and Access Management (IAM) system.
A user logs into a system using a control access card (CAC) and PIN number.
Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration?
A weak cipher
Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation?
A weak number generator leads to many published keys sharing a common factor.
Which of the following statements summarizes a disadvantage to performing an active vulnerability scan? (Select all that apply.)
Active scanning consumes more network bandwidth. Active scanning runs the risk of causing an outage.
An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices in the field. What type of threat intelligence source is the IT manager most likely accessing?
An Information Sharing and Analysis Center (ISAC)
Analyze the types of password cracker attacks to determine which scenario best describes a brute force attack.
An attacker attempts every possible combination in the key space in order to derive a plaintext password from a hash
Which of the following statements best describes the trade-off when considering which type of encryption cipher to use?
Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data.
A manufacturing company hires a pentesting firm to uncover any vulnerabilities in their network with the understanding that the pen tester receives no information about the company's system. Which of the following penetration testing strategies is the manufacturing company requesting?
Black box
Which statement most accurately describes the mechanisms by which blockchain ensures information integrity and availability
Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping.
Which of the following password cracker attacks are combined to create a typical hybrid password attack? (Select all that apply.)
Brute force Dictionary
Compare and contrast the modes of operation for block ciphers. Which of the following statements is true?
CTR mode allows block ciphers to behave like stream ciphers.
A security team is in the process of selecting a cryptographic suite for their company. Analyze cryptographic implementations and determine which of the following performance factors is most critical to this selection process if users primarily access systems on mobile devices.
Computational overhead
The _____ requires federal agencies to develop security policies for computer systems that process confidential information.
Computer Security Act
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred?
Consensus/social proof
After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address?
Corrective
A security team has just added iris scanners to two access control points in a secure facility. They are in the process of making adjustments to ensure authorized users have access, while unauthorized users cannot get through. Analyze the scenario and determine what metric the team is in the process of fine-tuning.
Crossover error rate (CER)
The IT department head returns from an industry conference feeling inspired by a presentation on the topic of cybersecurity frameworks. A meeting is scheduled with IT staff to brainstorm ideas for deploying security controls by category and function throughout the organization. Which of the following ideas are consistent with industry definitions? (Select all that apply.)
Deploy a technical control to enforce network access policies. Schedule quarterly security awareness workshops as a preventive control to mitigate social engineering attacks. Deploy agents to file servers to perform continuous backups to cloud storage as a corrective control to mitigate the impact of malware.
Which of the following utilizes both symmetric and asymmetric encryption?
Digital envelope
An employee works on a small team that shares critical information about the company's network. When sending emails that have this information, what would be used to provide the identity of the sender and prove that the information has not been tampered with?
Digital signature
When a network uses Extensible Authentication Protocol (EAP) as the authentication method, what access control protocol provides the means for a client to connect from a Virtual Private Network (VPN) gateway?
EEE802.1X
Which statement describes the mechanism by which encryption algorithms help protect against birthday attacks?
Encryption algorithms add salt when computing password hashes.
Digital certificates are based on the X.509 standard that defines the fields (or information) about a subject (or entity using the certificate) and the certificate's issuer. Which of the following fields would not be included in a standard public certificate?
Endorsement key
An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access
Extended key usage
A network administrator uses two different automated vulnerability scanners. They regularly update with the latest vulnerability feeds. If the system regularly performs active scans, what type of error is the system most likely to make?
False positive
Consider biometric methods that are used to authenticate a user. Knowing that errors are possible, which of the following would most likely result in a security breach?
False positive
Which of the following is mostly considered an insider threat? (Select all that apply.)
Former employee Contractor
What is the purpose of a web server certificate?
Guarantee the identity of a website.
A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs?
Homomorphic encryption
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the "respond" function?
Identify, analyze, and eradicate threats.
Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing?
In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.
Analyze and eliminate the item that is NOT an example of a reconnaissance technique.
Initial exploitation
An Identity and Account Management (IAM) system has four main processes. Which of the following is NOT one of the main processes?
Integrity
One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select all that apply.)
Intent Motivation
A web administrator visits a website after installing its certificate to test the SSL binding. The administrator's client computer did not trust the website's certificate. The administrator views the website's certificate from the browser to determine which certificate authority (CA) generated the certificate. Which certificate field would assist with the troubleshooting process?
Issuer
Which situation would require keyboard encryption software be installed on a computer?
Keyboard encryption software is used to protect against keyloggers, which record keystrokes for the purpose of stealing data. Keyloggers are spyware.
A company has a critical encryption key that has an M-of-N control configuration for protection. Examine the examples and select the one that correctly illustrates the proper configuration for this type of protection of critical encryption keys.
M=3 and N=5M=3 and N=5
A client contacts a server for a data transfer. Instead of requesting TLS1.3 authentication, the client claims legacy systems require the use of SSL. What type of attack might a data transfer using this protocol facilitate?
Man-in-the-middle
How might the goals of basic network management not be well-aligned with the goals of security?
Management focuses on availability over confidentiality.
A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately demonstrates the purpose of the audit.
Managerial
Which security related phrase relates to the integrity of data?
Modification
Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning?
National Institute of Standards and Technology (NIST)
An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the "detect" function, what does the engineer focus on?
Ongoing proactive monitoring
A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice?
Open Source Intelligence (OSINT) Social engineering
Examine each attack vector. Which is most vulnerable to escalation of privileges?
Operating System (OS)
When using a digital envelope to exchange key information, the use of what key agreement mitigates the risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means?
Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key.
A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as?
Persistence
Which of the following depict ways a malicious attacker can gain access to a target's network?
Phishing Shoulder surfing
Examine each statement and determine which most accurately describes a major limitation of quantum computing technology.
Presently, quantum computers do not have the capacity to run useful applications.
An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.)
Program Script
Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message?
Public key cryptography and hashing
An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take.
Recover the encrypted data.
Biometric authentication methods have different error rates, with some methods being easier to fool than others. An unauthorized user is unlikely to fool which of the following methods?
Retinal scan
An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise.
Revocation
A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which is being used. (Select all that apply)
Rootkit Trojan
An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering
SMiShing
During a penetration test, an adversary operator sends an encrypted message embedded in an attached image. Analyze the scenario to determine what security principles the operator is relying on to hide the message. (Select all that apply.)
Security by obscurity Confidentiality
Which of the following is NOT a use of cryptography?
Security through obscurity
Before leaving for lunch, an employee receives a phone call, but there is no one on the line. Distracted by the odd interruption, the employee forgets to log out of the computer. Earlier that day, a person from the building across the street watched the employee entering login credentials using high-powered binoculars. Which form of social engineering is being used in this situation?
Shoulder surfing
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation?
Steal confidential information
An attacker uses a cryptographic technology to create a covert message channel in transmission control protocol (TCP) packet data fields. What cryptographic technique does this attack strategy employ?
Steganography
Which statement best describes key differences between symmetric and asymmetric cryptographic ciphers?
Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption.
Any external responsibility for an organization's security lies mainly with which individuals?
The owner
Following a data breach at a large retail company, their public relations team issues a statement emphasizing the company's commitment to consumer privacy. Identify the true statements concerning this event. (Select all that apply.)
The privacy breach may allow the threat actor to sell the data to other malicious actors. Data exfiltration by a malicious actor may have caused the data breach.
During a penetration test, systems administrators for a large company are tasked to play on the white team for an affiliated company. Examine each of the following roles and determine which role the systems admins will fill.
The systems admins will arbitrate the exercise, setting rules of engagement and guidance.
A security technician needs to transfer a large file to another user in a data center. Which statement best illustrates what type of encryption the technician should use to perform the task?
The technician should use asymmetric encryption to verify the data center user's identity and agree on a symmetric encryption algorithm for the data transfer.
Considering how to mitigate password cracking attacks, how would restricting the number of failed logon attempts be categorized as a vulnerability?
The user is exposed to a DoS attack.
Based on the known facts of password attacks, critique the susceptibility of the password "DogHouse23" to an attack.
This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.
A security engineer investigates a recent system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector?
Threat
An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation.
Threat hunting
Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)?
Tokens can be allowed to continue without expiring in HOTP.
A Department of Defense (DoD) security team identifies a data breach in progress, based on some anomalous log entries, and take steps to remedy the breach and harden their systems. When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely, using standardized language for other government agencies to use. The team will transmit threat data feed via which protocol?
Trusted Automated eXchange of Indicator Information (TAXII)
A user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action.
Unintentional insider threat
What is Open Source Intelligence (OSINT)?
Using web search tools and social media to obtain information about the target
A system administrator downloads and installs software from a vendor website. Soon after installing the software, the administrator's computer is taken over remotely. After closer investigation, the software package was modified, probably while it was downloading. What action could have prevented this incident from occurring?
Validate the software using a checksum
Consider the life cycle of an encryption key. Which of the following is NOT a stage in a key's life cycle?
Verification
A company technician goes on vacation. While the technician is away, a critical patch released for Windows servers is not applied. According to the National Institute of Standards and Technology (NIST), what does the delay in applying the patch create on the server?
Vulnerability
Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options.
Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.
A website with many subdomains has been issued a web server certificate for domain validation. This certificate verifies the parent domain and subdomains (to a single level). This certificate is also known as which of the following?
Wildcard certificate
A user's PC is infected with a virus that appears to be a memory resident and loads anytime an external universal serial bus (USB) thumb drive is booted to. Examine the following options and determine which describes the infection type.
Written to the partition table of a disk.
Evaluate the following controls that have been set by a system administrator for an online retailer. Determine which statement demonstrates the identification control within the Identity and Access Management (IAM) system.
control is set to ensure that billing and primary delivery addresses match.
A system administrator must scan the company's web-based application to identify which ports are open and which operating system can be seen from the outside world. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line.
nmap -O webapp.company.com
A network manager needs a map of the network's topology. The network manager is using Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP address is 192.168.1.1, determine the command within Nmap that will return the necessary data to build the visual map of the network topology.
nmap -sn --traceroute 192.168.1.1
Identify the command that can be used to detect the presence of a host on a particular IP address.
ping