Security+ Missed Questions

Which certificate types are in ascii format?

.pem .crt files can also either be ascii or binary

Pharming

A phishing attack that automatically redirects the user to a fake site.

ABAC

Attribute-based access control. An access control model that grants access to resources based on attributes assigned to subjects and objects.

What does S/MIME protect when used for email attachments

Authentication Nonrepudiation of the sender Message integrity

Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware? A. SEAndroid B. A microSD HSM C. A wireless TPM D. MDM

B) MicroSD HSM (hardware security module)

What commonly gathered organization data can be used to detect new services appearing on systems? A) registry dumps B ) firewall logs C) Vulnerability scans D) Flow logs

C) vulnerability scans

Which one of the following environments is least susceptible to an injection attack? LDAP SQL CASB XML

CASB (cloud access security brokers)

What encryption protocol is used by WPA2

CCMP A block cipher that provides confidentiality, authentication and access control features

Which channels in wireless can be used at the same time and wont cause overlap?

Channels 1, 6 and 11

CASB

Cloud access security broker used to implement and manage security policies when working in a cloud-based environment

What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?

DOM-based XSS

Three primary goals of cybersecurity attacker

Disclosure Denial Alteration

Protocol used to protect data for IPsec tunnel to a remote site

ESP (encapsulation security payload) encrypts data that traverses a VPN

homomorphic encryption

Enables processing of encrypted data without the need to decrypt the data.

EDR

Endpoint detection and response provides monitoring, detection, and response capabilities for systems

How to manage encryption keys in a cloud environment?

HSM - hardware security module manage encryption keys / perform cryptographic operations in an efficient manner

NIST cybersecurity framework

Identify, Protect, Detect, Respond, Recover

Tools used to deploy and manage applications on mobile devices

MDM (mobile device management) MAM (mobile applicator management) UEM (universal endpoint management)

What specification provided by Trusted Computing Group is used to define self-encrypting drives?

Opal

Which secure protocols can an administrator employ on email access for end users?

POPS, IMAPS, HTTPS

Which wifi technology allows for encryption and authentication with no RADIUS server set up under WPA2?

PSK - pre shared key

Four phases of COOP

Readiness and preparedness Continuity of Operations Activation and relocation Reconstitution

Contents of cloud contracts

Right to audit clauses Choice of jurisdiction (regulatory) Data breach notification timeframe

What is the least secure form of multifactor auth?

SMS

What tool is designed to support incident responders by allowing unified, automated responses across the organization?

SOAR security orchestration, automation and response tool

What is parameter pollution

SQL injection like attack example: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;-- serviceID being sent twice gets past the filtering technology

SSRF

Server-side request forgery Trick a server into visiting a URL based on user-supplied input

Methods for preventing broadcast storms

Spanning Tree Protocol (STP) Enable loop protect features on switches Limit size of VLANS

Credential harvesting

Stealing passwords and then using those same credentials across many different sites / platforms

Port for secure LDAP

TCP 636

USB-OTG

USB On The Go Allows USB devices like cameras, keyboards and flash drives to be plugged into mobile devices

Capability analysis

What an attacker can do and what tools are used in the attack

Is traffic still encrypted if a certificate is invalid?

Yes

Which phrase best describes a main-in-the-browser attack?

a proxy Trojan

Issue with SFlow in a large network?

accuracy and nuance can be lost

prepending

adding an expression or a phrase

AH (authentication headers) with IPSEC

authenticate the entire packet for VPNs

Continuous deployment

automates every aspect of deploying software

continuous delivery

automates testing process, but requires human intervention for final deployment

Why is WPS vulnerable?

brute force attack only supports 11,000 possible iterations

continuous integration

code is constantly written and merged into the central repo

FTK / Encase

commercial forensic suites

Common concern of WAP placement

construction materials of walls site survey assessing power levels from other access points

Diamond model

defines four core features of an intrusion event: adversary, capability, infrastructure, and victim

Warm site

has all the hardware and networking needed to run essential operations data must be brought to the site

What is the virtual IP for a load balancer used for?

it is the front-facing IP address

What does kerberos use to issue tickets?

key distribution center the ticket-granting service generates the ticket

Which team member acts as a primary conduit to senior management on an IR team?

members of management or organizational leadership

Typical security concerns for MFP

multi function printer Exposure of sensitive data from copies/scans Acting as reflect/amplifier for network attacks They do provide TLS usually

autopsy

open source forensic tool

802.1X

port-based network access control client = supplicant switch = authenticator backend auth server = centralized user database (such as AD)

RTO

recovery time objective - time an org can tolerate a system being down before it is repaired.

CSA CCM

reference document to understand cloud security controls and map them onto standards

NIST SP 500-292

reference model for cloud computing and operates at a high level

pretexting

social engineering that involves using a false motive and lying to obtain information

Common measures to assess threat intelligence?

timeliness accuracy relevance

Benefits of TPM

trusted platform module provides burned-in cryptographic keys built-in protections against brute-force attacks

dig command

used to perform a reverse-lookup of addresses and determine the IP block owner

Which one of the following threat vectors can an attacker exploit with the least dependence on intentional or inadvertent cooperation by another person? A) wireless B) removable media C) email D) supply chain

wireless network attacks