certamster security 1.4
Within the confines of available resources, the concept of resource versus security constraints involves a tradeoff between employing the best possible security. Which of the following is an important consideration balancing cryptography use and the quality of real-time streaming voice and video?
Low latency
During testing, an application demonstrates poor performance in the amount of time a function to the database retrieves results. What should developers ensure in the database, to improve performance?
Normalization
A vein matching scanner uses an infrared light source and camera to distinguish a unique pattern of blood vessels in an employee's palm for identification purposes. Which of the following does this BEST describe?
Vascular Biometrics
A system engineer enhances the security of a network by adding firewalls to both the external network and the internal company network. The firewalls are products of two separate companies. This is an example of what type of security control practice?
Vendor diversity
A developer checks code out of the central repository to adjust a looping SQL statement. The repository system annotates the change and who made the change and applies a new coordinating number to the software code. What category does this type of secure coding practice represent?
Version control
A company's computer has a mobile device tethered to it, which creates a remote backdoor into the network. What does this device become?
A rogue access point (AP)
Developers are working on a password vault application. The application will add salt to the password and create a hash of it in several rounds. This process is known as which of the following?
https://kf1.amplifire.com/amp/#s/learn-app/hf/assignment/4EG6MDR5W:~:text=THE%20CORRECT%20ANSWER-,Key%20stretching,-YOUR%20ANSWER
What are the differences between RC4 and 3DES ciphers? (Select all that apply.)
3DES block sizes are 64-bit RC4 is a stream cipher
A buffer overflow occurred in an application, exposing system resources and allowing an attacker to inject malicious code. The ability for this to happen is a direct result of which of the following secure coding principles?
Poor memory management
A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run?
PowerShell script
A social engineer convinced a victim to visit a malicious website, which allowed the attacker to exploit vulnerabilities on the victim's web browser. Which of the following best describes this type of attack?
A Man-in-the-Browser (MitB) attack
A penetration tester performed a vulnerability assessment. The tester had logon rights to different hosts with certain elevated permissions to check security setting misconfigurations. What type of scan did the pen tester perform?
A credentialed scan
Which of the following can perform a Denial of Service (DoS) attack against a wireless network? (Select all that apply.)
A deauthentication attack A disassociation attack
Which of the following is an example of standard naming conventions?
A developer creates code using rules such as: Class must be uppercase and in color, method must be lowercase and refer to a city, and functions must be lowercase verbs.
A penetration tester performed a vulnerability assessment. Although the tester used default passwords for service accounts and device management interfaces, the tester did not have any privileged access to the network. What type of scan did the pen tester perform?
A non-credentialed scan
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
A rogue access point (AP)
Which of the following use symmetric algorithms? (Select all that apply.)
AES 3DES
A network engineer is securing communication between two applications on a private network. The applications will communicate using Internet protocol security (IPSec). Recommend the settings that will provide IP header integrity and encrypted data payload. (Select all that apply.)
AH protocol ESP protocol Transport mode
Analyze and apply the strengths and weaknesses of location-based authentication to conclude which is the most ideal deployment for employee remote access anywhere in a country.
Activating location-based technology to operate a Virtual Private Network (VPN) gateway to restrict access to users from foreign countries
Which of the following implementations best employs the advantages of location-based authentication, while minimizing its disadvantages?
Activating location-based technology to operate a Virtual Private Network (VPN) gateway to restrict access to users from foreign countries
An organization that uses PII has a sensitive network that needs physical isolation from the unsecured network. Which of the following practices would meet this requirement?
Airgap
A nation state developed cyber weapons to achieve military influence, and has the ability to obtain and maintain access to compromised networks. What type of threat actor does this describe?
An Advanced Persistent Threats (APT)
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
An On-path attack
An attacker is preparing to perform what type of attack when the target vulnerabilities include headers and payloads of specific application protocols?
Application attack
Which System on Chip (SoC) boards that were initially devised as educational tools but are now widely used for hacking? (Select all that apply.)
Arduino Raspberry Pi
Which of the following is NOT a concept in a Secure DevOps project?
Attestation
Along with running the latest operating system, security patches, and updates, which of the following tools or applications should any Windows 10 client build include for security threats?
Antivirus
A stratum 1 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Atomic Clock
Multifactor authentication can be executed in many different ways. Which of the following company policies engage multifactor authentication? (Select all that apply.)
Authenticate to the server using username, password, and security key fob token. If a security token is lost, it must be immediately reported to the security manager. Upon entering building C, all personnel must present their common access card (CAC) to the security officer for scanning against the biometric identity database. At each work terminal, the CAC must be inserted into a valid card reader and the user must present a PIN.
A company has workstation drives encrypted with BitLocker. Employees use a Common Access Card (CAC) to log in to those computers. Public Key Infrastructure (PKI) is available on the network and digital signatures are a requirement on company emails. Which of the following cases do these technologies support? (Select all that apply.)
Authentication Non-repudiation Confidentiality
A complex control system for a utility company has been developed. It includes workstations, servers, sensors, control boxes and some operating logic. It is designed to use cryptography so that a compromise of a small part of the system does not compromise the rest of the system. How does cryptography assist with this level or resiliency?
Authentication and integrity of messages
A system administrator identified an issue in the cloud infrastructure where storage continues to fill, and system latency occurs. Which is the best solution to stop the drive space from reaching capacity and causing failure?
Automated scripting
A malicious actor is preparing a script to run with an Excel spreadsheet as soon as the target opens the file. The script includes a few macros designed to secretly gather and send information to a remote server. How is the malicious actor accomplishing this task?
By using VBA code
A risk assessment resulted in the discovery that company-owned computers contained unauthorized software. To address the situation, IT implemented a new policy, along with which technique to enforce application control?
Blacklisting
Which of the following defeats a jamming attack and prevents disruption of a wireless network when a hacker uses an illegal access point (AP) with a very strong signal in close proximity? (Select all that apply.)
Boost the signal of the legitimate equipment Locate the offending radio source and disable it.
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption? (Select all that apply.)
Boost the signal of the legitimate equipment. Locate the offending radio source and disable it.
A company would like to implement a method of authentication that records who entered a controlled area and when. What is the best security control to implement?
Biometrics
When implementing the security control that addresses "something you are," what is the most probable solution?
Biometrics
During which type of penetration test does the tester specifically include the reconnaissance phase of the test?
Black box
A company directed a security administrator to prevent the use of certain applications on company assets. Which of the following should the security administrator implement?
Blacklisting
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. The mobile device is vulnerable to which of the following attacks?
Bluesnarfing
A company is temporarily transmitting plaintext Application Programming Interface (API) keys to migrate data to an off-prem environment using a web application. The destination platform is Microsoft Azure. This temporary solution makes it open to which attack vector?
Cloud
What is the best security control to ensure laptops do not get removed from their workstations without prior approval?
Cable locks
Which of the following metrics should be considered when determining efficacy rates of biometric pattern suitability? (Select all that apply.)
CER FRR FAR
There are several company assets missing from the IT department. The company has multiple physical layers of security. Which of the following provide the most reliable proof of a person's location and activities?
Cameras
Steganography is a technique for hiding data within other data. Typically, information embeds in the least expected places. Which of the following are examples of steganography? (Select all that apply.)
Change a bit of pixels Embed a watermark on bank notes Encode message within TCP packet data
Which input validation method in a client-server architecture can improve application performance by catching deformed input on the front-end and is not used as the only form of security?
Client side
While developing an online service application for a grocery store, a programmer implements an open source application programming interface. This implementation reduces the testing effort and speeds up the programming effort. What technique did the programmer execute?
Code reuse
Employees have the ability to download certain applications onto their workstations to complete work functions. The CIO installed a reliable method to ensure that no modifications to the application have occurred. What method of validation did the CIO implement?
Code signing
A company is considering using an alternate site of operations in the event of a disaster. The plan is to acquire equipment at the time of the incident in order to avoid using dated hardware and software. What type of alternate site would best meet the company's needs?
Cold site
During a recent risk assessment, a municipality has decided an alternate site of operations is needed. This site would be used in the event of a severe incident. When the need arises, they plan to utilize spare equipment currently being held in secure storage. What type of alternate site should be used?
Cold site
A bank manager fired a security engineer. The engineer changed companies, working for another bank, and brought insider knowledge, which broke a Non-disclosure Agreement (NDA) with the previous employer. The security engineer used this knowledge to damage the previous company's reputation. What classification of threat actor is the engineer?
Competitor
A shipping company uses internal custom applications that integrate with a customer relationship management (CRM) system for customer analysis and retention, and a cloud service provider (CSP) for cloud storage of customer data. Two different companies manage the CRM and the CSP. What are the risks involved when working with these outsourced companies? (Select all that apply.)
Compliance impacts storing customer data in the cloud. Lack of vendor support when an incident occurs.
A retail company outsourced its online business to a company that uses a cloud service provider to store e-commerce applications and all business data, including customer information. The business that manages the e-commerce system and the company that provides cloud services are two different entities. What are the risks involved when working with these companies? (Select all that apply.)
Compliance impacts storing customer data in the cloud. Lack of vendor support when incident occurs.
What constraints make traditional desktop systems inferior to an embedded system? (Select all that apply.)
Compute Power Cost
The CIO at a firm no longer allows employees to wear smartwatches in the briefing room. Most briefings contain sensitive information regarding clients. The employees must place their device in a bin before entering. What is the CIO most likely concerned with?
Confidentiality
User A sends an encrypted email to User B. That email is also signed by User A. The email includes a link to a file server to download the latest Windows image with a text file saved with the image's hash value. Which of the following are supported in this scenario? (Select all that apply.)
Confidentiality Non-repudiation Integrity
The security content automation protocol (SCAP) allows compatible scanners to determine whether a computer meets a security baseline when performing which of the following?
Configuration review
A development team considers software quality and cybersecurity analysis both early and throughout the software lifecycle. It enables building, testing, and releasing of software faster and more frequently. Which of the following objectives does this most likely provide the customer?
Continuous delivery
A capability delivery team (CDT) reduces software development risk and cost while increasing the speed of delivery to the customer with updated software. What is the CDT providing the customer?
Continuous deployment
What development practice requires developers to incorporate code into a collective repository, where they compile and test the code every time they check code into the environment?
Continuous integration
A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?
Control diversity
Which cloud infrastructure provides computing services offered either over the Internet or within an internal network?
Private
A security team added iris scanners to two access control points in a secure facility. They are in the process of making adjustments to optimize the system. Which metric are they fine-tuning?
Crossover Error Rate (CER)
The security team for a large company performed a risk assessment and identified three main entry points for biometric scanner installation. They install an iris scanner and are engaged in fine-tuning the system. Which metric is the security team currently adjusting?
Crossover Error Rate (CER)
Installing and manage embedded systems and Internet of Things (IoT) come with a set of operational constraints. What are some of those constraints that would affect the security of those devices and the network they are on? (Select all that apply.)
Crypto Authentication Implied trust
The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator execute?
S/MIME
Which of the following use asymmetric algorithms? (Select all that apply.)
DSA RSA
What provides an automatic method for network address allocation?
DHCP
When setting up a security information and event management (SIEM) system, the administrator must consider how to collect data and from what sources. Which of the following would be appropriate data inputs to determine the health and/or security of individual client computers? (Select all that apply.)
DLP systems Vulnerability scanners Windows 10 hosts
A system administrator implements a web server that both the internal employees and external vendors can access. What type of topology should the administrator implement?
DMZ
An authoritative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. Analyze Domain Name System (DNS) traits and functions and conclude what the scenario demonstrates.
DNS Security Extensions
An attacker used Open Source Intelligence (OSINT) to gather information about a target's Internet Protocol (IP) address registration records for the victim's servers. What type of technique did the attacker use?
DNS harvesting
An HR representative reported that an email containing an employee's personal information was sent out by accident to the HR representative's friend's Gmail account. The user asked to retract the email, but the IT department explained that it could not be done. In what way can the IT department prevent a mistake like this from happening again?
Data Loss Prevention
A federal agency is digitizing years of written documents. These archives will be encrypted and stored in a vault. There may be the occasional need for these documents that will require approval from authorized personnel. What is the state these archives will most likely be in for the remainder of their time in the vault?
Data at rest
Which term describes when data is in some sort of persistent storage media?
Data at rest
A hacker takes contents from a local system, encrypts it with a variation of Advanced Encryption Standard (AES), and sends it to the attacker's server via HTTP over the port 80. Once the PowerShell code executes, the system sends the HTTP POST request to the attacker's server. Analyze the options to determine what this represents.
Data exfiltration
What type of attack takes content from a local system, encrypts it, and sends it to the attacker's server via HTTP over the port 80?
Data exfiltration
An employee installed an application from home onto a work computer and suddenly lost access to the computer. The screen was demanding payment to unlock the encrypted hard drive. What might occur if the employee does not send payment? (Select all that apply.)
Data loss Availability loss
An employee just realized that ransomware was installed on a company computer after the desktop screen attempts to ask for payment to unlock an encrypted hard drive. What is most likely to happen if the employee does not pay the ransom? (Select all that apply.)
Data loss Availability loss
A business has implemented a series of websites that collect customer information for marketing and sales purposes. The sites are mirrored in a number of countries. What should be considered when implementing data retention for archival purposes?
Data sovereignty
In order to reduce waste, a company is reusing old data tapes being donated for backup purposes. The tapes are first being electro-magnetically erased for security purposes. Which media sanitization process is this?
Degaussing
Several old computers are being given to employees. The company decided the hard disk drives do not need to be removed, but all data should be erased. Which media sanitization process effectively meets these requirements?
Degaussing
An updated protocol replaces an application used to calculate retained earnings. Employees will no longer need access to the outdated application. What should the system administrator do to the older application to preserve resources?
Deprovision
A full backup of a system is completed every Sunday at 12:00 noon. Three times during the week, the same backup type is used to capture any files that have changed since the last full backup. Which backup scheme is used during the week?
Differential
An application uses the distinguished name (DN) as a unique identifier for user authentication for access to a system. The DN is used to determine the user's role as Admin, SysAdmin, or Planner. Which of the following management access processes is the application using?
Directory services
An employee can authenticate to any client on the network and have shared files available for viewing. What function will provide this capability?
Directory services
An employee logs into the network with credentials, and then the network provides an access key. This key accesses network resources, such as shared files and printers, which the employee uses to complete tasks. Based on this scenario, what does the employee utilize?
Directory services
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following?
Directory services
An organization implements Directory Services as a management access control. Which of the following attributes will be used for authentication and role identification?
Distinguished name
A hacker corrupted the name:IP records held on the HOSTS file on a server, to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) server cache poisoning
By modifying query traffic, an attacker compromised a legitimate site's web server via a Denial of Service (DoS) attack and redirected traffic intended for the legitimate domain, to go instead, to the attacker's malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) server cache poisoning
An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?
Domain hijacking
External hackers have some access to a company's website and made some changes. Customers have submitted multiple complaints via email for wrong orders and inappropriate images on the website. The Chief Information Officer (CIO) is now worried about the distribution of malware. The company should prepare for which of the following other issues or concerns? (Select all that apply.)
Domain reputation URL redirections
A corporate research and development lab is built on a property that includes a large outside space used for R&D testing. Recommend a physical security control that can be purchased or contracted from a third party that can most efficiently cover a large outside space as quickly as possible.
Drones/UAVs
A security assessor uses a technique to test for vulnerabilities and code quality during the development phase. Which of the following is most likely happening during this phase?
Dynamic analysis
During the functional testing phase of application development, an application tests for vulnerabilities against the running code. What type of code testing is this?
Dynamic analysis
Developers are testing an application in the lab where two servers are communicating in a very secure manner. Each session is encrypted using perfect forward secrecy. How is this secured communication possible? (Select all that apply.)
ECDHE Ephemeral key
Devices strategically placed where servers may deliver functionality to consumers quickly and where data is pulled to the center for processing is considered which of the following?
Edge computing
Which of the following describes the ability of a system to adapt to current demands by provisioning and deprovisioning resources as needed?
Elasticity
A mobile application communicates with a central web server and sends blocks of data of 128 bits. The software developer wants to use an optimal cypher algorithm that will support confidentiality in the fastest way possible. Which cipher and mode should be used in this situation? (Select all that apply.)
Electronic Code Book Block cipher
A software developer wants to create an application that utilizes Advanced Encryption Standard (AES) for encrypting data, and send the data to a central server using Transport Layer Security (TLS). The developer wants the app to operate as fast as possible. Which cipher and mode should be used in this scenario? (Select all that apply.)
Electronic Code Book Block cipher
A software engineer needs to incorporate asymmetric encryption into a custom application; however, the code does not work well with large keys. Ideally, the engineer does not want to sacrifice the application's encryption and security. Which of the following would best fit the needs of the application?
Elliptical curve
A client browser does not support secure connections to web server. A Transport Layer Security (TLS) connection is being established with Diffie-Hellman Ephemeral (DHE) mode. Why does the browser not support DHE?
Ephemeral key
A client browser has difficulty securely connecting with a server via TLS. The browser does not appear to support the cipher suite used by the server. The cipher suite used is written as ECDHE-RSA-AES128-GCM-SHA256. Which of the following may be the reason the cipher suite is unsupported?
Ephemeral key
A systems administrator is setting up a new Windows file server and will create a share folder with default settings for regular users. Which of the following sufficiently describes how open this share folder is to the network?
Everyone has read access.
Which of the following attacks do security professionals expose themselves to if they turn the power output down on a wireless access point (AP)?
Evil twin attacks
A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin used. (Select all that apply.)
FTPS FTPES
Management plans for a purple team exercise where attackers and defensive personnel collaborate during the exercise, to improve incident response at each phase. What is the purple team's responsibility?
Facilitating
When considering installing a biometric recognition system in a company facility, which of the following considerations is least relevant to managing traffic control?
False negative rate or false rejection rate (FRR)
When reviewing logs, which of the following describes something that is identified by a scanner or other assessment tool as being a vulnerability, when, in fact, it is not?
False positive
A company CIO worked on building a room that prevents Wi-Fi, cellular and RFI signals from emitting in and out of a defined area to secure the employees environment and to protect from data leakage. What did the CIO construct?
Faraday Cage
In which of the following cases can Transport Layer Security (TLS) be used to provide encrypted communication of services? (Select all that apply.)
File transfer Web Directory services
Select the vulnerabilities that can influence routing. (Select all that apply.)
Fingerprinting ARP poisoning Route injection
A system has been compromised and data has been deleted. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, only two sets of data need to be restored. Examine the available backup schemes and determine which will accomplish the complete restoration of data.
Full and differential
A camera is placed at the entrance to the server room to allow entry based upon an individual's unique walking style. This is which of the following behavioral biometric pattern recognitions?
Gait Analysis
A user installed software on a system without permission. The system is now highly unstable, continuously crashes, and removing the software failed. It has been decided to restore the system from a backup. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, five sets of data need to be used. Considering the available backup schemes, which will accomplish the complete restoration of data?
Full and incremental
A test manager uses automation to generate random input data for security testing. What method is the test manager demonstrating?
Fuzzing
An organization deployed a new internal Line of Business (LOB) application that contains custom code. As part of a risk assessment, it requires testing the application for threat vulnerabilities. Considering the available testing approaches, which implementation would satisfy assessment requirements?
Fuzzing
Which type of penetration test requires the tester to perform partial reconnaissance?
Gray box
Repeated attempts to access a remote server at a branch office from an unknown IP address occurred. Logs from a network appliance show the same unknown traffic going to other areas of the internal network. Which of the following best provides an active and passive protection at the server level? (Select all that apply.)
HIPS HIDS
Identify the removable device that when added to a system, provides cryptographic key generation, management, and storage.
HSM
A server administrator should use which protocol to secure user communication with web services?
HTTPS
Two project managers are on the phone, discussing plans for a new site. The call changes over to video, as a way for one site manager to show a schematic on a wall. Compare types of communication services and determine which service the project managers are using.
HTTPS
A systems administrator converts data into a string of characters in order to maintain the integrity of a file. The characters cannot be reverted back to the original state. What function did the system administrator perform?
Hashing
A company wants to maintain system availability for authorized users. Which environmental security control measure will the company implement?
HVAC
An admin performs a security controls assessment along with a risk assessment at a small business. Results indicate that issues exist with many control types. Maintaining systems availability without risk requires remediation. When considering environmental security control solutions, which measure will the business implement?
HVAC
An environmental advocacy group uses cyber weapons to put companies at risk and promote their agenda. What type of attack does this demonstrate?
Hacktivists
A laptop arrives at the company technology lab with a private key embedded, providing full disk encryption. When matched with a public key, what does this system provide?
Hardware root of trust
Field employees at an organization require mobile devices that offer high-level security options. IT suggests using laptops that include trusted platform module (TPM) technology. When using this technology, what does the system provide?
Hardware root of trust
A systems administrator in an organization sets up a shared drive for employees. The drive contains company files that should not be modified or corrupted. Which of the following solutions could the administrator use to ensure integrity of the files?
Hashing
A military branch requested an application that will provide deployment and exercise information. The system must be operational 24/7, with less than one percent downtime. An admin also implemented a system to reduce redundancy and system failure. What objective does the administrator need to achieve to keep the system operational?
High availability
An application built to provide deployment and exercise information for a military branch requires zero downtime to remain effective. The implementation of failover clusters ensure that redundancy and system failure is at a bare minimum. What type of application method is this?
High availability
A security engineer is using several virtual servers accessible from the company network to lure in potential attackers. What has the security engineer created?
Honeynet
A company has several remote sites. Plans to convert one site into a disaster-recovery site are in development. In the event of a catastrophe at the main site, the new alternate site should be ready to use at a moment's notice. Planning for this new site follows guidelines for which implementation?
Hot
A major incident recently occurred at an organization. As a result, systems were down for several weeks and business was lost. If an alternate site had been available for business continuity purposes, the organization would not have suffered. Analyzing the options and conclude which site type can be ready at a moment's notice.
Hot
A data center with multiple rows of cabinets, has the back of one cabinet row facing the back of the adjacent row of cabinets. Air pumps through the floor tiles to the front facing cabinets. What physical control is this an example of?
Hot and cold aisles
What is the name of the infrastructure that uses a mix of public and private resources on a single platform?
Hybrid
Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Understanding that WPA uses a combination of an RC4 stream cipher and Temporal Key Integrity Protocol (TKIP), this makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets?
IV attacks
Wi-Fi Protected Access 2 (WPA2) improves the security of the WPA standard using Advanced Encryption Standard (AES) cipher with 128-bit keys deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). This type of protection makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets?
IV attacks
A company has outsourced its equipment requirements and pays on a per use basis to save costs. Which cloud service is this?
IaaS
An organization with an aging network decides to replace the functionality by outsourcing. Doing so will lower the total cost of ownership. Which cloud service will the organization implement?
IaaS
The CEO (Chief Executive Officer) noticed in a gmail account, a corporate email from the vice president containing PII (Personally Identifiable Information). The CEO immediately called the IT (Information Technology) manager to ask how to prevent this from happening again. What ideas did the IT manager suggest would be the most beneficial?
Implement DLP on the email gateway
A hacktivist group has been intercepting multiple emails between a company and a few vendors and has learned that the company is planning to purchase new laptops and some universal serial bus (USB) thumb drives. In what ways can the group breach the target company most effectively? (Select all that apply.)
Infiltrate the shipping company. Add malicious USB drives.
A developer writes code for a new application and wants to ensure protective countermeasures for SQL injection execute. What secure coding technique will provide this?
Input validation
Which of the following represents a secure coding practice that ensures data entered in a system confirms and rejects invalid information?
Input validation
Which of the following provides two-factor authentication?
Inserting a Common Access Card (CAC) and entering a PIN
An employee suspected of modifying company invoices diverted funds from a company account to their private bank account. What kind of malicious actor type does this describe?
Insider threat
Specialized systems that included embedded and automated controllers are becoming common place among the general consumer. Which of these systems could harm or even kill people if not secured from outside threats? (Select all that apply.)
Insulin pumps Smart cars Military Drones
An administrator reconfigured a system back to its baseline settings after a vulnerability scanner detected deviation from the baseline configuration to improve the overall security posture of the system. What did the admin exercise in the Group Policy?
Integrity measurements
Analysts can develop queries and filters to correlate threat data against on-premises data from network traffic and logs when applying which type of threat hunting technique?
Intelligence fusion
A large organization is looking for a quick, effective biometric scanning technique that will support heavy traffic at one of their main facilities. Consider the advantages and disadvantages of various biometric scanners to determine which would best meet the organization's needs.
Iris scanners
A large, metropolitan airport employs hundreds of workers daily. The facility managers have been tasked with increasing security checks for employees entering airport terminals, while maintaining a quick processing time of employee credentials. Analyze the scenario and determine which biometric scanning procedure best meets the airport's needs.
Iris scanners
While installing a windows patch file on a test workstation, the file fails to install. The installation instructions are easy to follow and include a long set of numbers in the form of 35533ce129738fb447deb9003fd54c17. Why is this long set of numbers important to know?
It is an MD5 checksum that confirms file integrity.
A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to setup a secure tunnel. Which protocol is ideal for this situation?
LDAPS
Which technology is solely capable of providing up to 1 Megabit per second (Mbps) data rate speeds for embedded systems, and is compatible with 5G networks?
LTE-M
A company has experienced several break-in attempts at the server farm. The gated area requires common access cards for entry. What other physical security control can the company employ to deter unauthorized entry to the building?
Lighting
Investigators found the main door of a data storage facility opened and a system missing indicating an internal breach. A monitoring system is in place; however, the suspects are unidentifiable. Considering physical security controls, which type should the company implement to protect the facility?
Lighting
A system can detect when a server fails and no longer sends clients to the downed server. Instead the system reroutes the traffic to other servers to share the load, providing high availability. What hardware/software component is being used?
Load Balancer
A company uses one web server with multiple application servers to handle large processing requirements and provide high availability. Which of the following is the company using?
Load balancing
A company migrated their security information and event management (SIEM) system to the cloud to address the overwhelming amount of data. The company wants to take advantage of consistent searchable data that can be integrated with a dynamic reporting engine. Which of the following would help security engineers achieve this?
Log aggregation
Employees must pass through a turnstile, one at a time, using their building badge to gain entry to the server room. This is an example of what type of physical security control?
Mantrap
A large company owning multiple facilities in multiple industries have been the target of hacking groups. There has been recent attacks targeting the company's forges and mills. What type of system control and data acquisition (SCADA) systems would the hackers be most likely targeting?
Manufacturing
Which best describes a war flying attack on a college campus?
Map location of the wireless network.
Which of the following would secure an endpoint and provide attestation signed by a trusted platform module (TPM)?
Measured boot
Confidential data is ready to be destroyed. The plan is to use pulverizing, and a requirements list is being created. Considering the various approaches to destroying media, how will pulverizing be implemented?
Mechanically shredding
Edge devices that are placed in a specific location to pull data towards the center of an environment provide which of the following benefits to customers? (Select all that apply.)
Minimal latency Prioritization of data
Which of the following does NOT provide encryption and is, therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?
NFC
A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack?
Network
A systems administrator is developing the organization's standard naming conventions. When considering naming user accounts, why is it important for the administrator to avoid using nicknames or common words?
Nicknames and common words anonymize users
A custom suite of in-house applications use a variety of encryption methods to process, send, audit, and archive data. Many use various symmetric and key pair encryptions to authenticate messages and ensure the integrity of those message. Which of the following would be a benefit of using these encryption methods?
No single point of failure
A security assessment of the production network is overdue. Following a company's standard rules of engagement for non-disruptive penetration, which of the following would penetration testers need to follow? (Select all that apply.)
Non-intrusive footprinting using Nmap tool Perform passive vulnerability scans.
The company is planning an internal security assessment. The exercise requires penetration testers to use non-intrusive techniques to determine the network's security status. Which of the following would be appropriate for these testers to follow? (Select all that apply.)
Non-intrusive footprinting using Nmap tool. Perform passive vulnerability scans.
A threat actor will use basic Internet research to gather enough information about a local college to determine attack vectors. Which of the following best describes a type of passive reconnaissance that involves little physical work to accomplish the task?
OSINT
An attacker is gathering information from publicly available information on a college campus. The attacker will use information, such as domain names, to identify attack vectors. Which of the following best describes this type of passive reconnaissance?
OSINT
Which of the following secure coding techniques makes code more difficult to read for an attacker?
Obfuscation
Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?
Obtain a pivot point
IT management and security engineers are discussing options to migrate certain web applications to a cloud service provider (CSP). The company uses third-party software to integrate the web applications with other business apps. Of the following, which is NOT the sole responsibility of the company in regards to the cloud platform?
Overall cloud security
A vulnerability related to the system kernel affects which of the following?
Operating system
A company is deciding to migrate web applications to a cloud service provider (CSP) to handle requests during peak seasons. These apps require third-party applications to integrate properly with other business apps. Evaluating the amount of effort for migration, which of the following will the company NOT take sole responsibility?
Overall cloud security
A company would like to implement a cloud model that provides a preconfigured service, availability, and on-demand computing. The company plans to maintain security and configuration of the system. Which is the most appropriate solution for the company?
PaaS
A large firm requires additional cloud services during busy sales periods. These services include servers, storage, and databases to build a platform upon. Which service type is the most appropriate solution for the company?
PaaS
Which of the following will most likely cause false positives? (Select all that apply.)
Passive scanning Port scanning
Two servers are deployed in a lab. A systems administrator wants to test implementing a secure means of communication. There is an option to implement ECDHE (ECC with D-H ephemeral mode). Why would this preferred to other options like RSA? (Select all that apply.)
Perfect forward secrecy Ephemeral key
Which of the following penetration steps should a tester perform before internal reconnaissance?
Persistence
Historically, signatures have been used to prove the identity of a document's signer. In order to make forging attempts less successful, which added layer of security is provided by signature recognition technology?
Pressure and stroke sensitivity
A government entity requires strict control over a cloud-based application portal. Which cloud infrastructure type provides this structure?
Private
An information technology department in the United States Postal Service (USPS) has migrated to a virtualized data center that does not allow commercial access. Only USPS employees can access internal resources. Which deployment model is this considered to be?
Private
Digital signatures on an email rely on a Public Key Infrastructure (PKI). The certificate used for this purpose can be safely stored on a smart card. What is the purpose of a digital signature, and how is the sender's private key used? (Select all that apply.)
Private key encrypts the digest Signature is for non-repudiation
An up and coming electric car business is working closely with the Automotive Information Sharing and Analysis Center (Auto-ISAC) to better understand the cyber threats and vulnerabilities related to smart vehicles. The Auto-ISAC is what type of threat intelligence source?
Private sharing center
A user reported the system being taken over for a few minutes (remotely) before deciding to power off the workstation. After reviewing the Network Intrusion Detection System (NIDS) during the time of the incident, there was no indication of unauthorized remote connections. What would be the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points? (Select all that apply.)
Protection from zero day attacks Prevent malicious traffic between VMs
After setting up a Git repository for a team of developers, the systems administrator opted to use Kerberos to allow other users to log in and use its services. How would configuring Kerberos benefit the overall security of the application?
Provides secure communication for directory services
Management has setup a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access?
Provision SSO access.
Microsoft Azure offers cloud services to individuals for web-based email, online office applications, and storage for a fee. Individuals share the same hardware, storage, and network devices with other individuals. Which cloud deployment model does this BEST represent?
Public
What is the name of the infrastructure provisioned for open use by the general public?
Public cloud
A successful penetration testing exercise that involves multiple debriefs over a long period between participants requires efficient facilitating. Which team would handle this facilitation?
Purple team
An authentication application automatically sends a message to a user attempting to gain access to a company application. The message asks the user to re-enter credentials and a one time code. Which of the following authentication types does this best represent?
Push notification
A Linux systems admin reported a suspicious .py file that ran on a daily schedule after business hours. The file included shellcode that would automate Application Programming Interface (API) calls to a web application to get information. What type of script is this shellcode most likely running?
Python script
Describe a technology that can potentially disrupt the current state-of-the-art in cybersecurity because of the possibility that this technology may be used to break encryption of current communication security protocols as well as provide far superior communications security?
Quantum computing
A system engineer would like to remove the single point of failure and improve performance while upgrading subsystems with more than three disks at the lowest cost possible. Which of the following is the engineer most likely to invest in?
RAID-10
Which Redundant Array of Inexpensive Disks (RAID) combines mirroring and striping and is the better option for mission critical applications?
RAID-10
A user's device does not make a direct cabled connection to the network. Instead, the connection occurs over or through an intermediate network. Describe this type of connection.
Remote access
A group of hackers has been monitoring recent orders from a company involving new laptops and universal serial bus (USB) thumb drives. The group infiltrated the shipping company and added malicious USB thumb drives to the order. The target company received the order without any concerns. What vectors made this attack successful? (Select all that apply.)
Removable media Supply chain
An attacker is using a kill chain attack, moving from host to host, deploying logic bombs and then exiting out. System administrators must not discover these hidden exploits. What can the attacker do to ensure the hack goes unnoticed?
Remove backdoors and tools.
A tokenization process is a substitute for encryption when securing a database. What does tokenization do in this case?
Replace field data with random numbers.
Differentiate between retinal and iris scanners.
Retinal scans are complex and intrusive, yet highly accurate, using infrared (IR) light to perform blood vessel pattern analysis.
A closed group of hacktivists, who used to work for a greedy company, fashioned a zero-day exploit to target specific computers on the company network. The members used internal influences to insert the exploit onto the network. Which of the following factors will greatly influence the success of this attack? (Select all that apply.)
Revenge for hardship Former colleague assistance
A group of people lost their jobs after their company filed for bankruptcy. These employees formed a closed hacktivist group to fashion a zero-day exploit that will target specific Windows operating systems (OS) on the company network. They will use internal influences to get the exploit onto the network. Which of the following factors will greatly influence the success of this attack? (Select all that apply.)
Revenge for hardship Former colleague assistance
A company has implemented a Virtual Desktop Infrastructure (VDI) where the user's desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which of the following ensures non-persistence has been implemented?
Revert to known state
On the first day of the job, the Chief Information Officer (CIO) works with security engineers to evaluate the security of all information systems to determine how to improve them. The company uses a security information and event management (SIEM) system to collect all applicable data. What is the CIO's main concern in relation to SIEM?
Reviewing the analysis report
A company is looking for a surveillance system that is mobile, can intelligently detect and seek disturbances, and may lower guard hiring requirements. Recommend a system that can be purchased from a third-party vendor that fulfills these requirements.
Robot sentries
A company requires a method of managing the network through a control layer separate from the data layer. The company would like to reconfigure the network by making changes from executable files, instead of physically reconfiguring. Which of the following should the company implement?
SDN
A company would like to steer away from the use of proprietary hardware to route traffic at the data plane level through virtualization. Which of the following is a good solution for the company?
SDN
A new system's use policy dictates that employees assigned a specific computer can no longer roam and use any computer in the building. Furthermore, upon logon, the encrypted drive will decrypt with a key stored on the system. The goal of this approach is to improve security and accountability. Which type of hardware security implementation did admin configure?
SED
A security engineer sets up hardware that will automatically encrypt data on the drive. When the user enters credentials, the drive will decrypt with keys stored on the system. Which type of hardware security implementation is this?
SED
A system administrator completes a file transfer, secured by encrypting the authentication and data between the client and server over TCP port 22. Evaluate the file transfer protocols and determine which protocol the administrator used.
SFTP
A network administrator sets up a protocol for management and monitoring. The administrator needs the protocol to support encryption and to have a strong user-based authentication. Recommend which protocol to use.
SNMPv3
When implementing voice and video teleconferencing solutions, which protocol provides confidentiality for the actual call data?
SRTP
Employees no longer have to manually update their antivirus software on their local machines. The company outsourced the process, allowing them to spend more time completing their daily cloud computing functions. This is an example of which of the following?
SaaS
A security assessment team member found new vulnerabilities in a production application. The security assessment team needs to apply updates and test their effectiveness before pushing the patches to production. Which environment will best complete the application and testing of these patches?
Sandbox
In a secure deployment methodology, which environment most commonly uses code development and testing?
Sandbox
A company maintained operations even though the workload had heavily increased using the existing software and hardware. What mechanism allowed this to occur?
Scalability
An application requires additional RAM to be added at the end of the month due to increased user load for inventory processing. As demand decreases, the application removes the storage resources to revert back to its original operating size. Which cloud characteristic is this?
Scalability
The Federal Bureau of Investigation (FBI) is searching for a known hacker that may have information regarding a recent security breach on a secret government system. How might the FBI follow up on leads to find this specific hacker on the Internet?
Search the dark web
Which of the following actors will surely seek authorization before performing a penetration attack on a private system?
Search the dark web.
Which of the following are components of a key stretching process? (Select all that apply.)
Secure Hash Algorithm (SHA) Salt
Employees log into their email and the messages download from the server onto the client. The mail server does not store the messages. Compare the following email protocols and determine which protocol this represents.
Secure Post Office Protocol v3
A service tech working for a major ISP is installing a new VoIP system for a corporate customer. Recommend a method of securing data transport for the VoIP system in order to protect audio data from calls.
Secure Real-time Transport Protocol (SRTP)
An administrator needs to complete a Secure File Transfer (SFTP) between UNIX systems. Compare the methods for obtaining secure remote access and determine which method the admin will most likely use.
Secure Shell
Signing certificates to verify authenticity and unauthorized modification of an executable script is a form of which of these?
Secure coding technique
Which of the following is true about default configurations of devices from vendors?
Security on them is minimal.
A disgruntled employee at a high-tech facility was just fired. Before leaving, the employee decided to produce a false alarm in their broiler room to cause an emergency. What would the employee mostly likely target to cause an alarm?
Sensors
An organization has been collecting old and retired computer systems in a spare closet. In order to dispose of these systems, all storage media must be removed and destroyed first. Which method would be the most effective for optical media?
Shredding
Confidential data is ready to be destroyed. The plan is to use pulping and a requirements list is being created to carry out the task. Considering the various approaches to destroying media, how will pulping be implemented?
Shredding and mixing contents with a solution
The department's manager is requiring all employees digitally sign their email for full accountability. The manager requests the IT department create certificates for each employee. How does a digital signature provide accountability, and how does this process work? (Select all that apply.)
Signature is for non-repudiation Sender's private key encrypts the digest
An application crashed after a software engineer implemented RSA with a key size of 2048-bit key for strong encryption. When other encryption algorithms were utilized, elliptical curve worked well, and the application worked faster than anticipated. Which solution will make elliptical curve cryptography work better?
Smaller key size
A system administrator clones a virtual machine from a certain point in time to deploy a new application for company timekeeping use. Which of the following actions did the system administrator perform?
Snapshot
Wearable technology, such as smartwatches and fitness trackers, contain embedded systems that integrate all components of a computer on a circuit. These systems pose a risk of data loss. Identify this system.
SoC
A targeted attack has a budget that can allocate resources and manpower to achieve its goals. What attribute does this type of attack contain?
Sophistication
A development team must adhere to the following rules when coding an application's software for consistency and readability: Class must be Uppercase and be a color. Method must be lowercase and refer to a city. Functions must be lowercase verbs. What practice is the development team adhering to?
Standard Naming Convention
Which of the following malicious actors are likely to show great interest in another country's energy infrastructure and have virtually unlimited resources to carry out espionage attacks?
State actors
The company has a data loss prevention system (DLP) integrated into several Enterprise services, including email. Security administrators identified some information leakage from insider threats, using a series of pictures attached to emails. Which of the following leaked the information?
Steganography
A major power incident has impacted a local transportation company and all systems have powered off. While the IT department is waiting for the power to be restored, they have been reviewing the situation and creating an order of restoration plan. Evaluate the following options and select the plan that would best follow standard guidelines.
Step 1. Enable and test power Step 2. Enable and test infrastructure Step 3. Enable and test critical network servers
What is a push notification?
Store services that an app or website can use to display an alert on a mobile device
A developer uses a group of SQL statements to accept input data for validation. What technique did the developer use to protect from SQL injection attacks?
Stored procedures
Fingerprint scanning is one of the most straightforward methods of biometric identification. Which of these concerns are most pertinent to the use of this technology? (Select all that apply.)
Surfaces must be clean and dry Ease of spoofing
Why must token devices to be closely synchronized with the authentication server? (Select all that apply.)
Synchronizing the systems allow for accurate accounting and auditing of when systems are accessed and by what means. Setting a time limit for the code helps ensure it is not used by an unauthorized user should a token-bearing device be lost. One-Time Passwords (OTP) often contain a timestamp that expires quickly if not used.
A company is implementing the use of an alternate site in the event of a disaster. The plan is to replicate data between the main site and the alternate site on a continuous basis. The sites are a few hundred miles apart. Which statements are true regarding replication? (Select all that apply.)
Synchronous replication is particularly sensitive to distance. Asynchronous replication indicates data is mirrored from a primary site to a secondary site.
Management inquired about ways to secure the domain name servers. An admin suggests using DNS SEC, or Domain Name Server Security Extensions, to help mitigate against spoofing and poisoning attacks. Which port is ideal for DNSSEC traffic?
TCP 53
A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Compare and contrast the SSL/TLS versions and determine which version deployed.
TLS 1.2
What major advantage does Time-Based One-Time Password Algorithm (TOTP) have over HMAC-Based One-Time Password Algorithm (HOTP)?
TOTP adds an expiration time to the token.
A company implements an encryption key burned into the chip of the processor of employee laptops which provides a hardware root of trust. What did the company employ?
TPM
A system engineer has a new application that needs deployment on a production server that the company employees use. Which of the following is the BEST approach for implementation of the new application on the server?
Take a snapshot of the server and test the application before installing to production.
To provide new functionality in a company's business processes, the system requires a new Line of Business (LOB) application. The application awaits installation. Which of the following is the BEST approach for implementation of the new application on the server?
Take a snapshot of the server and test the application before installing to production.
An assistant network administrator wants to increase wireless network coverage in a building and purchased new Wi-Fi Access Points (APs) at a discounted price to replace the old ones. Unfortunately, the network admin did not consult the security team before the purchase, and after the install, the admin discovers a serious known backdoor firmware vulnerability built into the APs. The admin contacts the vendor, but the vendor refuses to fix the known issue, even though the product remains on sale. Which of the following best describes the type of vulnerability management challenge this problem proposes?
There is a lack of vendor support for the Wi-Fi access points (APs).
An organization deployed an application for team collaboration to overcome telework challenges. A user must enter their organizational email and a password at initial setup. To gain access to the application, the user must install Google Authenticator on their mobile device. The authentication service provides a random sequence of numbers to the user to complete the authentication process. Which two-factor authentication does this best represent?
Time-based One-Time Password (TOTP)
When upgrading an application at regular intervals and before submitting newly-developed applications, why is it important for application vulnerability scanners to test for vulnerabilities and unsecure coding practices, as well as analyzing for application uses the developer may not expect could occur?
To ensure the application is not vulnerable to new threats.
Which of the following is a method of securing sensitive information, such as an account number, into a random string of characters that requires no mathematical process?
Tokenization
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select all that apply.)
Transport Tunnel
A company replaces outdated workstations to increase storage capacity and provide more enhanced security measures. One of the benefits implements secure booting from startup. Which firmware provides this feature?
UEFI
A firmware interface used during the connection between the hardware and the operating system includes provisions for secure booting. What type of firmware does this illustrate?
UEFI
A data center needs to ensure that data is not lost at the system level in the event of a blackout. Servers must stay operable for at least an eight-hour window and recovery controls implemented as part of the response. Which redundancy effort should be put in place to ensure the data remains available?
UPS
A systems administrator is using a web application scanner to find any vulnerabilities on a web server. Which of the following would accurately describe the actions the administrator would take in this case?
Use Nikto to scan for SQL injection exploits.
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server. (Select all that apply.)
Use SSH for uploading files Use the configuration templates provided Secure a guest account
A workstation has a Data Loss Prevention (DLP) solution installed and USBs prohibited from use and physical connections. How would a system admin setup the workstation to allow specific devices?
Use the device instance ID
Due to the use of personal USB drives, company workstations have McAfee's Data Loss Prevention (DLP) Endpoint product installed. Management wants to allow the use of only approved USB drives. How would admin configure the workstations to allow only approved USB drives?
Use the device instance ID
A company runs multiple VMs on a single physical server to increase availability and lower operating costs. To update files, the company releases a Microsoft patch. While the patch update pushed out, it only reached a few of the machines degrading the functionality of the server. What type of phenomenon occurred?
VM Sprawl
There is an attack of the host system through the virtual machine. The attacker took control of the host and all virtual machines connected to it. What most likely occurred?
VM escape
Users report to IT that they cannot access several servers. After an investigation, IT reports that a breach occurred in a virtual server and it hijacked the host machine. What type of incident most likely occurred?
VM escape
A security information and event management (SIEM) system can manage logs from various data inputs for analysis and reporting. Which of the following would be appropriate data inputs to determine the health and/or security of individual client computers? (Select all that apply.)
Vulnerability scanners Windows 10 hosts DLP systems
A government firm has been working on establishing an alternate operations site in the event of a disaster. Currently, the preparations have confirmed the readiness of an alternate site with a few minor configuration contingencies. These configurations should take no longer than 24 to 48 hours to implement. Evaluate characteristics of alternate sites and conclude which type the firm is currently working with
Warm site
A government firm has been working on establishing an alternate operations site in the event of a disaster. Currently, the preparations have confirmed the readiness of an alternate site with a few minor configuration contingencies. These configurations should take no longer than 24 to 48 hours to implement. Evaluate characteristics of alternate sites and conclude which type the firm is currently working with.
Warm site
A System on a Chip (SoC) is an embedded system that integrates all components of a computer on a circuit. These systems pose a risk of data loss on which of the following devices?
Wearable technology
A systems administrator is using a tool called Nikto to look for known exploits, such as Structured Query Language (SQL) injection and cross-site scripting (XSS), on a specific server. What is the administrator generally using to find such exploits?
Web application scanner
During which type of penetration test does the tester skip the reconnaissance phase of the test?
White box
Which of the following actors will surely seek authorization before performing a penetration attack on a private system?
White hat hacker
A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library?
Whitelisting
An administrator tries to remotely access a virtual Windows 2016 server, but the connection fails. The admin pings the server and there is no packet loss. Regular services, such as file shares, still work for users. Which of the following is most likely causing the connection failures?
Windows Firewall