Security+ Missed Questions
Which certificate types are in ascii format?
.pem .crt files can also either be ascii or binary
Pharming
A phishing attack that automatically redirects the user to a fake site.
ABAC
Attribute-based access control. An access control model that grants access to resources based on attributes assigned to subjects and objects.
What does S/MIME protect when used for email attachments
Authentication Nonrepudiation of the sender Message integrity
Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware? A. SEAndroid B. A microSD HSM C. A wireless TPM D. MDM
B) MicroSD HSM (hardware security module)
What commonly gathered organization data can be used to detect new services appearing on systems? A) registry dumps B ) firewall logs C) Vulnerability scans D) Flow logs
C) vulnerability scans
Which one of the following environments is least susceptible to an injection attack? LDAP SQL CASB XML
CASB (cloud access security brokers)
What encryption protocol is used by WPA2
CCMP A block cipher that provides confidentiality, authentication and access control features
Which channels in wireless can be used at the same time and wont cause overlap?
Channels 1, 6 and 11
CASB
Cloud access security broker used to implement and manage security policies when working in a cloud-based environment
What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?
DOM-based XSS
Three primary goals of cybersecurity attacker
Disclosure Denial Alteration
Protocol used to protect data for IPsec tunnel to a remote site
ESP (encapsulation security payload) encrypts data that traverses a VPN
homomorphic encryption
Enables processing of encrypted data without the need to decrypt the data.
EDR
Endpoint detection and response provides monitoring, detection, and response capabilities for systems
How to manage encryption keys in a cloud environment?
HSM - hardware security module manage encryption keys / perform cryptographic operations in an efficient manner
NIST cybersecurity framework
Identify, Protect, Detect, Respond, Recover
Tools used to deploy and manage applications on mobile devices
MDM (mobile device management) MAM (mobile applicator management) UEM (universal endpoint management)
What specification provided by Trusted Computing Group is used to define self-encrypting drives?
Opal
Which secure protocols can an administrator employ on email access for end users?
POPS, IMAPS, HTTPS
Which wifi technology allows for encryption and authentication with no RADIUS server set up under WPA2?
PSK - pre shared key
Four phases of COOP
Readiness and preparedness Continuity of Operations Activation and relocation Reconstitution
Contents of cloud contracts
Right to audit clauses Choice of jurisdiction (regulatory) Data breach notification timeframe
What is the least secure form of multifactor auth?
SMS
What tool is designed to support incident responders by allowing unified, automated responses across the organization?
SOAR security orchestration, automation and response tool
What is parameter pollution
SQL injection like attack example: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;-- serviceID being sent twice gets past the filtering technology
SSRF
Server-side request forgery Trick a server into visiting a URL based on user-supplied input
Methods for preventing broadcast storms
Spanning Tree Protocol (STP) Enable loop protect features on switches Limit size of VLANS
Credential harvesting
Stealing passwords and then using those same credentials across many different sites / platforms
Port for secure LDAP
TCP 636
USB-OTG
USB On The Go Allows USB devices like cameras, keyboards and flash drives to be plugged into mobile devices
Capability analysis
What an attacker can do and what tools are used in the attack
Is traffic still encrypted if a certificate is invalid?
Yes
Which phrase best describes a main-in-the-browser attack?
a proxy Trojan
Issue with SFlow in a large network?
accuracy and nuance can be lost
prepending
adding an expression or a phrase
AH (authentication headers) with IPSEC
authenticate the entire packet for VPNs
Continuous deployment
automates every aspect of deploying software
continuous delivery
automates testing process, but requires human intervention for final deployment
Why is WPS vulnerable?
brute force attack only supports 11,000 possible iterations
continuous integration
code is constantly written and merged into the central repo
FTK / Encase
commercial forensic suites
Common concern of WAP placement
construction materials of walls site survey assessing power levels from other access points
Diamond model
defines four core features of an intrusion event: adversary, capability, infrastructure, and victim
Warm site
has all the hardware and networking needed to run essential operations data must be brought to the site
What is the virtual IP for a load balancer used for?
it is the front-facing IP address
What does kerberos use to issue tickets?
key distribution center the ticket-granting service generates the ticket
Which team member acts as a primary conduit to senior management on an IR team?
members of management or organizational leadership
Typical security concerns for MFP
multi function printer Exposure of sensitive data from copies/scans Acting as reflect/amplifier for network attacks They do provide TLS usually
autopsy
open source forensic tool
802.1X
port-based network access control client = supplicant switch = authenticator backend auth server = centralized user database (such as AD)
RTO
recovery time objective - time an org can tolerate a system being down before it is repaired.
CSA CCM
reference document to understand cloud security controls and map them onto standards
NIST SP 500-292
reference model for cloud computing and operates at a high level
pretexting
social engineering that involves using a false motive and lying to obtain information
Common measures to assess threat intelligence?
timeliness accuracy relevance
Benefits of TPM
trusted platform module provides burned-in cryptographic keys built-in protections against brute-force attacks
dig command
used to perform a reverse-lookup of addresses and determine the IP block owner
Which one of the following threat vectors can an attacker exploit with the least dependence on intentional or inadvertent cooperation by another person? A) wireless B) removable media C) email D) supply chain
wireless network attacks