Mock Exam 2 Assessment

1. Answer: b

   Concept: EAP-TLS is a secure wireless authentication protocol, as it uses certificates. An X509 certificate is installed on the endpoint. This is the most secure EAP standard.

2. Answer: c

   Concept: The first stage in any attack is to capture the volatile evidence. In this incident, you would capture the network traffic to identify the source of the attack.

3. Answer: b

   Concept: A wildcard certificate can be used on multiple servers, normally those that are internet facing.

4. Answer: c

   Concept: The hot site should be up and running with data that has been replicated.

5. Answer: a

   Concept: The first step is to create a system image or, if it is a hard drive, create a forensic copy.

6. Answer: c

   Concept: A Network mapper (Nmap) can identify new hosts on the network, identify what services are running, and identify what operating systems are installed. It can also be used for banner grabbing.

7. Answer: a

   Concept: IoT home-based automated devices should have the default configurations of the username and password changed. Most users do not realize that these passwords exist.

8. Answer: c

   Concept: A NAT hides the internal network from external users.

9. Answer: b

   Concept: Password spraying is where an attacker obtains a list of employees and then tries common passwords against each account.

10. Answer: b and d

    Concept: AAA servers are used for centralized authentication as they provide authentication, authorization, and accounting. They can record all log-ins and log-outs in a database.

11. Answer: a

    Concept: When you build an image, all of the applications will have the same settings and updates and therefore will be consistent. A baseline consists of the applications that are installed at the current time.

12. Answer: c

    Concept: OAuth 2.0 is the industry-standard protocol for authorization. It is used by OpenID Connect, where people can be authenticated using their Facebook or Google account.

13. Answer: c

    Concept: A shadow IT threat is where someone connects their device to a private network without permission.

14. Answers: a, c, d

    Concept: The password history is the number of passwords that you need to remember before you can reuse them. Password complexity requires users to use three of the four following characters in the password: lowercase, uppercase, numbers, and special characters not used in programming. A minimum password age set to 1 means that you can change the password only once a day, preventing password rotation until you get back to the original password.

15. Answers: b and d

    Concept: Sideloading involves loading third-party applications onto an unlocked mobile Phone. Jailbreaking (iOS), or rooting (Android), is where the phone has been unlocked, removing the vendor's restrictions on the mobile phone.

16. Answer: d

    Concept: GDPR is a framework for data protection law ensuring the privacy rights of individuals. It deals with data privacy and data sharing.

17. Answer: b

    Concept: Salting appends random characters to a password before it is hashed. As the passwords are then longer, brute-force attacks need more processing and computation resources to crack them.

18. Answer: e

    Concept: CCMP uses AES for encryption and is the strongest wireless security.

19. Answer: b, d

    Concept: A NIDS uses sensors and collectors to identify changes to the network.

20. Answer: c

    Concept: Input validation prevents buffer-overflow attacks, integer-overflow attacks, and SQL injection by restricting the input to a certain format.

21. Answer: a

    Concept: VM escape can be used for a lateral attack on the virtual host or the other virtual machines.

22. Answer: c

    Concept: A zero-day virus is a newly released virus, and no monitoring system can detect it until it receives an update in about 7 days' time. There are no patches for it either.

23. Answer: b and d

    Concept: Facial recognition is something you use for authentication. b and d are both something you do – you have a unique signature, and your gait is how you walk.

24. Answer: b and d

    Concept: Sandboxing and chroot jail (Linux version) allow you to isolate an application inside a virtual guest machine.

25. Answer: c

    Concept: Payment Card Industry Data Security Standard (PCI DSS) lays out the regulations for the handling and storage of financial information.

26. Answer: c

    Concept: Disabling NTLM or enabling Kerberos will prevent pass-the-hash attacks. Kerberos is the best of the two as passwords are held in an encrypted database.

27. Answer: b

    Concept: Time-based access restrictions would have prevented someone from accessing the system during the holidays.

28. Answer: d

    Concept: When the FAR and FRR are equal, this is known as the CER. A system with a low CER is the best choice as it has very few errors.

29. Answer: d

    Concept: We need to install an NTP server to synchronize the time of all of the servers so that the events can be put into a sequence of events.

30. Answer: a and c

    Concept: Hashing proves data integrity. SHA1 and MD5 are both hashing algorithms.

31. Answer: c

    Concept: Continuous Integration is where code from multiple sources is integrated together.

32. Answer: a

    Concept: Cross-Site Scripting (XSS) uses HTML tags or JavaScript.

33. Answer: a

    Concept: A smart card is "something you have," inserting the card into the reader is "something you do," and then when you insert the PIN, it is "something that you know."

34. Answers: a, c

    Concept: A site survey should be carried out prior to installing a wireless network as it maps out all of the items that would interfere with a wireless connection. A heat map shows the coverage with blue/green areas showing poor connectivity and red showing great connectivity.

35. Answer: d

    Concept: Once a certificate has been compromised, it should immediately be revoked so it is added to the CRL.

36. Answer: b

    Concept: Unauthorized users are allowed. Look at the middle initial in FAR – it is A for allow.

37. Answer: c

    Concept: Footprinting maps out network topology including active hosts.

38. Answer: d

    Concept: WPA2 is the most secure and TKIP is backward compatible. WPA also works with legacy but is not the best choice.

39. Answer: c

    Concept: Kerberos issues tickets for authentication, and each change has a different Updated Sequence Number (USN) and timestamps. It prevents both replay and pass-the-hash attacks.

40. Answer: b

    Concept: The R&D department creates a lot of the company's trade secrets; therefore, a competitor would steal them to beat you to the marketplace. If they damaged your production line, it would prevent you from getting a product to market.

41. Answer: a and d

    Concept: Vendor diversity involves getting a service from two different providers at the same time. Vendor diversity provides reliability and resilience. For example, if broadband from one provider fails, then the second provider's broadband should still be up and running.

42. Answer: b

    Concept: Secure Shell (SSH) is used for secure remote access and credentials are protected.

43. Answer: c and d

    Concept: If we are using the wrong configuration for the SIEM server, we will get poor monitoring, resulting in false positives. This would also happen if you scanned the wrong type of host.

44. Answer: c

    Concept:

    SLE = ALE/ARO

    ALE = 12 x 10,000 = $120,000

    ARO = 12 X 10 = 120 laptops a year

    Single loss expectancy = $120,000/120 = $1000

    Explanation: The cost of losing the laptops is $120,000, the same as purchasing the insurance. You should not take out the insurance in the hope that next year you may lose fewer laptops, as a record number of laptops has already been lost.

45. Answer: b

    Concept: Mean Time Between Failures (MTBF) is the measure of the number of failures. If I purchased a car and it broke down every day for the next week, I would take it back, as it would be unreliable.

46. Answer: c

    Concept: An airgap isolates a computer from the network as it has no physical or wireless connections. The only way to extract data is by removable media.

47. Answers: a, d

    Concept: Risk transference is where you transfer the responsibility of the risk to a third party, purchasing insurance of any kind and outsourcing your IT are examples.

48. Answer: c

    Concept: Federation services is a third-party-to-third-party authentication method that uses SAML, an XML-based method for authentication. SAML passes credentials to the Identity Provider (IdP).

49. Answer: c

    Concept: Data masking masks all or some of the data held in a field.

50. Answer: b

    Concept: Removing viruses and turning off services are carried out at the eradication phase.