Jason Dion - Security+ Udemy Course Practice Exam Flashcards
** Which of the following methods is used to replace ALL or part of a Data Field with a randomly generated number used to reference the original value stored in another vault or database?
Anonymization
Data Minimization
Data Masking
Tokenization
Tokenization
Explanation:
Tokenization means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate from the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique.
Data masking can mean that all or part of a field’s contents is redacted, by substituting all character strings with x, for example.
Data minimization involves limiting data collection to only what is required to fulfill a specific purpose. Reducing what information is collected reduces the amount and type of information that must be protected.
Data anonymization is the process of removing personally identifiable information from data sets so that the people whom the data describe remain anonymous.
** What tool can be used to scan a Network to perform vulnerability checks and compliance auditing?
BeEF
Metasploit
NMAP
Nessus
Nessus
Explanation:
Nessus is a popular vulnerability scanner. It can be used to check how vulnerable your network is by using various plugins to test for vulnerabilities. Also, Nessus can perform compliance auditing, like internal and external PCI DSS audit scans.
The nmap tool is a port scanner.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
** A computer is infected with malware that has infected the Windows kernel to hide. Which type of malware MOST likely infected this computer?
Rootkit
Botnet
Trojan
Ransomware
Rootkit
Explanation:
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. A rootkit is generally a collection of tools that enabled administrator-level access to a computer or network. They can often disguise themselves from detection by the operating system and anti-malware solutions. If a rootkit is suspected on a machine, it is best to reformat and reimage the system.
A botnet is many internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection.
A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid.
Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.
** Which of the following categories would contain information about a French Citizen’s Race or Ethnic Origin?
DLP
PII
SPI
PHI
SPI (Sensitive Personal Information)
Explanation:
According to the GDPR, information about an individual’s race or ethnic origin is classified as Sensitive Personal Information (SPI). Sensitive personal information (SPI) is information about a subject’s opinions, beliefs, and nature afforded specially protected status by privacy legislation.
As it cannot be used to identify somebody or make any relevant assertions about health uniquely, it is neither PII nor PHI.
Data loss prevention (DLP) is a software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
** Review the following Packet Captured at your NIDS:
23:12:23.154234 IP 86.18.10.3:54326 > 71.168.10.45:3389 Flags [P.], Seq 1834:1245, act1, win 511, options [nop,nop, TS val 263451334 erc 482862734, length 125
After reviewing the packet above, you discovered there is an Unauthorized Service running on the host. Which of the following ACL entries should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on this host?
DENY TCP ANY HOST 71.168.10.45 EQ 3389
DENY TCP ANY HOST 86.18.10.3 EQ 25
DENY IP HOST 86.18.10.3 EQ 3389
DENY IP HOST 71.168.10.45 ANY EQ 25
DENY TCP ANY HOST 71.168.10.45 EQ 3389
Explanation:
Since the question asks you to prevent unauthorized service access, we need to block port 3389 from accepting connections on 71.168.10.45 (the host). This option will deny ANY workstation from connecting to this machine (host) over the Remote Desktop Protocol service that is unauthorized (port 3389).
** A supplier needs to connect several laptops to an organization’s Network as part of their service agreement. These laptops will be operated and maintained by the supplier. Victor, a Cybersecurity analyst for the organization, is concerned that these laptops could contain some vulnerabilities that could weaken the Network’s Security posture. What can Victor do to mitigate the risk to other devices on the Network without having direct administrative access to the supplier’s laptops?
Require 2FA (Two-Factor Authentication) on the laptops.
Scan the laptops for vulnerabilities and patch them.
Increase the Encryption Level of the VPN used by the laptops.
Implement a Jumpbox System
Implement a Jumpbox System
Explanation:
A jumpbox is a system on a network used to access and manage devices in a separate security zone. This would create network segmentation between the supplier’s laptops and the rest of the network to minimize the risk. A jump-box system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.
While the other options listed are all good security practices, they do not fully mitigate the risk that insecure systems pose since Victor cannot enforce these configurations on a supplier-provided laptop. Instead, he must find a method of segmenting the laptops from the rest of the network, either physically, logically, using an air gap, or using a jumpbox.
** Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be used by the community center. What type of data destruction or sanitization method do you recommend?
Degaussing
Shredding
Wiping
Purging
Wiping
Explanation:
Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse.
Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario.
Purging involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one.
Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.
** The management at Steven’s work is concerned about rogue devices being attached to the Network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired Network?
Router and Switch-based MAC addressing reporting.
A Physical Survey
Reviewing a central administration tool like an endpoint manager.
A discovery scan using a port scanner.
Router and Switch-based MAC addressing reporting.
Explanation:
The best option is MAC address reporting from a source device like a router or a switch. If the company uses a management system or inventory process to capture these addresses, then a report from one of these devices will show what is connected to the network even when they are not currently in the inventory. This information could then be used to track down rogue devices based on the physical port connected to a network device.
** Which role validates the user’s identity when using SAML for authentication?
RP
SP
User Agent
IdP
IdP (Identity Provider)
Explanation:
The IdP provides the validation of the user’s identity. Security assertions markup language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. SAML is a solution for providing single sign-on (SSO) and federated identity management.
It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP.
The principal’s User Agent (typically a browser) requests a resource from the service provider (SP).
The resource host can also be referred to as the relying party (RP). If the user agent does not already have a valid session, the SP redirects the user agent to the identity provider (IdP). The IdP requests the principal’s credentials if not already signed in and, if correct, provides a SAML response containing one or more assertions. The SP verifies the signature(s) and (if accepted) establishes a session and provides access to the resource.
** Which of the following hashing algorithms results in a 160.bit fixed output?
NTLM
SHA-2
RIPEMD
MD-5
RIPEMD
Explanation:
RIPEMD creates a 160-bit fixed output.
SHA-2 creates a 256-bit fixed output.
NTLM creates a 128-bit fixed output.
MD-5 creates a 128-bit fixed output.
** Which of the following cryptographic algorithms is classified as asymmetric?
RC4
AES
PGP
3DES
PGP (Pretty Good Privacy)
Explanation:
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications. PGP is a public-key cryptosystem and relies on an asymmetric algorithm.
AES, RC4, and 3DES are all symmetric algorithms.
** Windows files servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows File Server to expose sensitive files, databases, and passwords?
CRLF Injection
SQL Injection
Missing Patches
Cross-Site Scripting
Missing Patches
Explanation:
Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability. If your servers are not patched against the vulnerability, they can become victims of the exploit, and the server’s data can become compromised.
Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. Cross-site scripting focuses on exploiting a user’s workstation, not a server.
CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected.
SQL injection is the placement of malicious code in SQL statements via web page input. SQL is commonly used against databases, but they are not useful when attacking file servers.
** What tool is used to collect Wireless packet data?
Netcat
Nessus
Aircrack-ng
John the Ripper
Aircrack-ng
Explanation:
Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. This includes packet capture and export of the data collected as a text file or pcap file.
John the Ripper is a password cracking software tool.
Nessus is a vulnerability scanner.
Netcat is used to create a reverse shell from a victimized machine back to an attacker.
** Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal Network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training’s Secure internal Network. Which of the following technologies would allow you to configure this port and support both requirements?
MAC Filtering
Implement NAC
Create an ACL to allow access
Configure a SIEM
Implement NAC (Network Access Control)
Explanation:
Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them on a guest network or VLAN.
While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port.
A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware.
An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee’s laptop and a CompTIA employee’s laptop like a NAC implementation could.
** Which of the following Cryptographic algorithms is classified as Symmetric?
RSA
ECC
Diffie-Hellman
AES
AES (Advanced Encryption Standard)
Explanation:
The Advanced Encryption Standard (AES) is a symmetric-key algorithm for encrypting digital data. It was established as an electronic data encryption standard by NIST in 2001. AES can use a 128-bit, 192-bit, or 256-bit key, and uses a 128-bit block size.
ECC, RSA, and Diffie-Hellman, DSA are all asymmetric algorithms.
DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4, RC5, RC6 are all Symmetric.
GPG is considered a Hybrid algorithm. Uses AES’s Symmetric Encryption with Asymmetric RSA Cipher to create Digital Signatures and has Cross-Platform Availability.
** Dion Training is currently undergoing an audit of its information systems. The auditor wants to understand better how the PII data from a particular database is used within business operations. Which of the following employees should the auditor interview?
Data Protection Officer
Data Steward
Data Owner
Data Controller
Data Protection Officer
Explanation:
The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. They must understand how any privacy information is used within business operations. Therefore, they are the best person for the auditor to interview to get a complete picture of the data usage.
** You have been hired as a Cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank’s Cybersecurity program?
HIPPA
FERPA
GLBA
SOX
GLBA (Gramm-Leach-Bliley Act)
Explanation:
The Gramm-Leach-Bliley Act (GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information.
The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.
Sarbanes-Oxley (SOX) is a United States federal law that sets new or expanded requirements for all US public company boards, management, and public accounting firms.
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments.
** Of the Options listed, choose the FOUR Security features that you should use the to BEST protect your Servers in the Data Center? This can include Physical, Logical, or Administrative protections.
Options:
Mantrap
Biometrics
GPS Tracking
Cable Lock
Proximity Badges
FM-200
Remote Wipe
Strong Passwords
Antivirus
ECC
Mantrap
Biometrics
FM-200
Antivirus
Explanation:
The best option based on your choices is FM-200, Biometric locks, Mantrap, and Antivirus. FM-200 is a fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire. Biometric locks are often used in high-security areas as a lock on the access door. Additionally, biometric authentication could be used for a server by using a USB fingerprint reader. Mantraps often are used as part of securing a data center as well. This area creates a boundary between a lower security area (such as the offices) and the higher security area (the server room). Antivirus should be installed on servers since they can use signature-based scans to ensure files are safe before being executed.
** An attacker uses the nslookup interactive mode to locate information on a Domain Name Service (DNS). What command should they type to request the appropriate records for only the Name Servers?
locate type=ns
set type=ns
transfer type=ns
request type=ns
set type=ns
Explanation:
The nslookup command is used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records. The “set type=ns” tells nslookup only reports information on name servers. If you used “set type=mx” instead, you would receive information only about mail exchange servers.
** Which of the following Cryptographic algorithms is classified as Symmetric?
RSA
Twofish
Diffie-Hellman
ECC
Twofish
Explanation:
Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.
ECC, RSA, and Diffie-Hellman, DSA are all asymmetric algorithms.
DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4, RC5, RC6 are all Symmetric.
GPG is considered a Hybrid algorithm. Uses AES’s Symmetric Encryption with Asymmetric RSA Cipher to create Digital Signatures and has Cross-Platform Availability.
** A Cybersecurity analyst is attempting to classify Network Traffic within an organization. The analyst runs the tcpdump command and receives the following output:
$ tcpdump -n -i eth0
15:01:25.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: p 105:157(52) ack 18060 win 16549
15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: p 23988:24136(148) ack 157 win 113
15:01:35:170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157 win 113
Which of the following statements is TRUE based on this output?
11.154.12.121 is a client that is accessing an SSH Server over port 52497
10.0.19.121 is a client that is accessing an SSH Server over port 52497.
10.0.19.121 is under attack from a host at 11.154.12.121.
11.154.12.121 is under attack from a host at 10.0.19.121.
10.0.19.121 is a client that is accessing an SSH Server over port 52497.
Explanation:
This output from the tcpdump command is displaying three packets in a larger sequence of events. Based solely on these three packets, we can only be certain that the server (11.154.12.121) runs an SSH server over port 22. This is based on the first line of the output.
The second and third lines are the server responding to the request and sending data back to the client (10.0.19.121) over port 52497.
There is no evidence of an attack against either the server or the client based on this output since we can only see the headers and not the content being sent between the client and server.
** Your company just launched a new invoicing website for use by your five largest vendors. You are the Cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
MAC Filtering
Implement an Allow List
VPN
Intrusion Detection System
Implement an Allow List
Explanation:
By implementing an allow list of the authorized IP addresses for the five largest vendors, they will be the only ones who can access the webserver. This can be done by creating rules in the Access Control List (ACL) to deny ALL other users except these five vendors, thereby dropping a large number of requests from any other IP addresses, such as those from an attacker. Based on the scenario’s description, it appears like the system is under some form of denial of service attack. Still, by implementing an allow list at the edge of the network and sinkholing any traffic from IP addresses that are not allow listed, the server will no longer be overwhelmed or perform slowly to respond to legitimate requests.
MAC filtering is only applicable at layer 2 of the OSI model (which would not work for traffic being sent over the internet from your vendors to your server).
A VPN is a reasonable solution to secure the connection between the vendors and your systems, but it will not deal with the DoS condition being experienced.
An intrusion detection system may detect the DoS condition, but an IDS cannot resolve it (whereas an IPS could).
** Which analysis framework provides a graphical depiction of the attacker’s approach relative to a Kill Chain?
MITRE ATT&CK Framework
Lockheed Martin Cyber Kill Chain
Diamond Model of Intrusion Analysis
OpenIOC
Diamond Model of Intrusion Analysis
Explanation:
The Diamond Model provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. The Diamond Model is constructed around a graphical representation of an attacker’s behavior.
The MITRE ATT&CK framework provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.
The Lockheed Martin cyber kill chain provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate them.
OpenIOC contains a depth of research on APTs but does not integrate the detection and mitigation strategy.
** Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?
dd
FTK Imager
Memdump
Autopsy
FTK Imager
Explanation:
FTK Imager can create perfect copies or forensic images of computer data without making changes to the original evidence. The forensic image is identical in every way to the original, including copying the slack, unallocated, and free space on a given drive.
The dd tool can also create forensic images, but it is not a proprietary tool since it is open-source.
Memdump is used to collect the content within RAM on a given host.
Autopsy is a cross-platform, open-source forensic tool suite.
** What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes?
Destroy
Degauss
Clear
Purge
Clear
Explanation:
Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. Clearing involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings.
Purging data is meant to eliminate information from being feasibly recovered even in a laboratory environment.
Destroy requires physical destruction of the media, such as pulverization, melting, incineration, and disintegration.
Degaussing is the process of decreasing or eliminating a remnant magnetic field. Degaussing is an effective method of sanitization for magnetic media, such as hard drives and floppy disks.
** Which of the following types of access control provides the strongest level of protection?
ABAC
RBAC
MAC
DAC
MAC (Mandatory Access Control)
Explanation:
Mandatory Access Control (MAC) requires all access to be predefined based on system classification, configuration, and authentication. MAC is commonly used in highly centralized environments and usually relies on a series of labels, such as classification levels of the data.
ABAC = Attribute-based Access Control
RBAC = Role-based Access Control
DAC = Discretionary Access Control
You suspect that your server has been the victim of a Web-based Attack. Which of the following ports would most likely be seen in the logs to indicate the attack’s target?
389
3389
443
21
443
Explanation:
Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS).
An attack against Active Directory is likely to be observed on port 389 LDAP.
An attack on an FTP server is likely to be observed on port 21 (FTP).
An attack using the remote desktop protocol would be observed on port 3389 (RDP).
Which protocol relies on mutual authentication of the client and the server for its Security?
LDAPS
CHAP
Two-Factor Authentication
RADIUS
LDAPS (Lightweight Directory Access Protocol SECURE)
Explanation:
The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc.). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.
What information should be recorded on a Chain of Custody form during a forensic investigation?
The list of individuals who made contact with files leading to the investigation.
Any individual who worked with evidence during the investigation.
The law enforcement agent who was first on the scene.
The list of former owners/operators of the workstation involved in the investigation.
Any individual who worked with evidence during the investigation.
Explanation:
Chain of custody forms list every person who has worked with or who has touched the evidence that is a part of an investigation. These forms record every action taken by each individual in possession of the evidence. Depending on the organization’s procedures, manipulation of evidence may require an additional person to act as a witness to verify whatever action is being taken.
While the chain of custody would record who initially collected the evidence, it does not have to record who was the first person on the scene (if that person didn’t collect the evidence).
The other options presented by the question are all good pieces of information to record in your notes, but it is not required to be on the chain of custody form.
Your company is making a significant investment in Infrastructure-as-a-Service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?
Span multiple virtual disks to fragment data.
Use data masking.
Use Full-Disk Encryption
Zero-Wipe drives before moving systems.
Use Full-Disk Encryption (FDE)
Explanation:
To mitigate the risk of data remanence, you should implement full disk encryption. This method will ensure that all data is encrypted and cannot be exposed to other organizations or the underlying IaaS provider.
Using a zero wipe is typically impossible because VM systems may move without user intervention during scaling and elasticity operations.
Data masking can mean that all or part of a field’s contents is redacted, by substituting all character strings with “x,” for example. Data masking will not prevent your corporate data from being exposed by data remanence.
Spanning multiple disks will leave the data accessible, even though it would be fragmented, and would make the data remanence problem worse overall.
Which of the following Cryptographic algorithms is classified as Symmetric?
ECC
GPG
DSA
DES
DES (Data Encryption Standard)
Explanation:
The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for applications, it was the standard used from 1977 until the early 2000s.
ECC, RSA, and Diffie-Hellman, DSA are all asymmetric algorithms.
DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4, RC5, RC6 are all Symmetric.
GPG is considered a Hybrid algorithm. Uses AES’s Symmetric Encryption with Asymmetric RSA Cipher to create Digital Signatures and has Cross-Platform Availability.
You are installing Windows 2019 on a Rack-Mounted Server and hosting multiple Virtual Machines within the physical Server. You just finished the installation and now want to begin creating and provisioning the Virtual Machines. Which of the following should you utilize to allow you to create and provision Virtual Machines?
Terminal Services
Disk Management
Device Manager
Hypervisor
Hypervisor
Explanation:
A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing. To create and provision virtual machines within the Windows 2019 operating system, you can use a Type II hypervisor like VM Ware or VirtualBox.
Disk Management is a system utility in Windows that enables you to perform advanced storage tasks.
Device Manager is a component of the Microsoft Windows operating system that allows users to view and control the hardware attached to the computer.
Remote Desktop Services, known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to take control of a remote computer or virtual machine over a network connection.
After analyzing and correlating activity from the Firewall logs, Server logs, and the Intrusion Detection System logs, a Cybersecurity analyst has determined that a sophisticated breach of the company’s Network Security may have occurred from a group of specialized attackers in a foreign country over the past five months. Up until now, these cyberattacks against the company Network had gone unnoticed by the company’s information Security team. How would you BEST classify this threat?
Insider Threat
Privilege Escalation
Advanced Persistent Threat (APT)
Spear Phishing
Advanced Persistent Threat (APT)
Explanation:
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. An APT attack intends to steal data rather than to cause damage to the network or organization. An APT refers to an adversary’s ongoing ability to compromise network security, obtain and maintain access, and use various tools and techniques. They are often supported and funded by nation-states or work directly for a nation-states’ government.
Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
An insider threat is a malicious threat to an organization from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems.
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. While an APT may use spear phishing, privilege escalation, or an insider threat to gain access to the system, the scenario presented in this question doesn’t specify what method was used. Therefore, APT is the best answer to select.
Your organization has recently suffered a data breach due to a Server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the Network is changed. What is the easiest way to perform the password change requirement?
Create a New Security Group
Revoke the Digital Certificate
Deploy a new Group Policy
Utilize the Key Escrow process
Deploy a new Group Policy
Explanation:
A group policy is used to manage Windows systems in a Windows network domain environment utilizing a Group Policy Object (GPO). GPOs can include many settings related to credentials, such as password complexity requirements, password history, password length, and account lockout settings. You can force a reset of the default administrator account password by using a group policy update.