Lesson 7: Configuring SOHO Network Security

Question 1

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

Answer 1

CIA triad
- Confidentiality
- Integrity
- Availability

Question 2

Protection of computer systems and digital information resources from unauthorized access, attack, theft, or data damage.

Answer 2

cybersecurity

Question 3

Person or entity responsible for an event that has been identified as a security incident or as a risk

Answer 3

threat actor

Question 4

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Answer 4

Risk

Question 5

Weakness that could be triggered accidentally or exploited intentionally to cause a security breach

Answer 5

vulnerability

Question 6

System whose configuration is different from its secure baseline.

Answer 6

non-compliant system

Question 7

System where one or more required security controls (antivirus or firewall, for example) is missing or misconfigured.

Answer 7

unprotected system

Question 8

Specific method by which malware code infects a target host, often via some vulnerability in a software process.

Answer 8

exploit

Question 9

Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 9

zero-day

Question 10

EOL

Answer 10

End of Life

Question 11

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data. A provisioning model that allows employees to use personal mobile devices to access corporate systems and data.

Answer 11

BYOD

Question 12

BYOD

Answer 12

Bring your own device

Question 13

Using persuasion, manipulation, or intimidation to make the victim violate a security policy.

Answer 13

Social engineering

Question 14

Social engineering attack where an attacker pretends to be someone they are not.

Answer 14

Impersonation

Question 15

Social engineering tactic where a team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood

Answer 15

pretexting

Question 16

The social technique of discovering things about an organization (or person) based on what it throws away

Answer 16

Dumpster diving

Question 17

Social engineering tactic to obtain someone’s password or PIN by observing him or her as he or she types it in

Answer 17

shoulder surfing

Question 18

Social engineering technique to gain access to a building by following someone who is unaware of their presence

Answer 18

Tailgating

Question 19

Allowing a threat actor to enter a site or controlled location without authorization

Answer 19

Piggybacking

Question 20

Email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 20

Phising

Question 21

Email-based or web-based form of phishing which targets specific individuals. When the attacker has some information that makes the target more likely to be fooled by the attack

Answer 21

Spear phishing

Question 22

An email-based or web-based form of phishing which targets senior executives or wealthy individuals. An attack directed specifically against upper levels of management in the organization (CEOs and other “big catches”).

Answer 22

Whaling

Question 23

Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP). Conducted through a voice channel (telephone or VoIP, for instance).

Answer 23

Vishing

Question 24

Wireless access point that deceives users into believing that it is a legitimate network access point. Similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials

Answer 24

Evil twin

Question 25

Potential for an entity to exercise a vulnerability (that is, to breach security)

Answer 25

threat

Question 26

Type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident. This typically means an employee, but an also arise from contractors and business partners

Answer 26

insider threat actor

Question 27

Phase in an attack or penetration test in which the attacker or tester gathers information about the target before attacking it. An information-gathering threat in which the attacker attempts to learn about the configuration of the network and security systems

Answer 27

Footprinting

Question 28

Attack technique where the threat actor disguises their identity or impersonates another user or resource. Type of attack where the threat actor can masquerade as a trusted user or computer.

Answer 28

spoofing

Question 29

Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic. Specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks

Answer 29

on-path attack

Question 30

Any type of physical, application, or network attack that affects the availability of a managed resource. This attack causes a service at a given host to fail or to become unavailable to legitimate users.

Answer 30

denial of service (DoS) attack

Question 31

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Answer 31

distributed DoS (DDoS)

Question 32

Group of hosts or devices that have been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks.

Answer 32

botnet

Question 33

Any attack where the attacker tries to gain unauthorized access to and use of passwords.

Answer 33

plaintext password

Question 34

Type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Answer 34

Dictionary

Question 35

Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Answer 35

Brute force

Question 36

A web application can use two methods of running code (2)

Answer 36

Server-side code and Client-side code

Server-side code is run on the HTTP/HTTPS web server to process the request and build the response before it is sent to the client
Client-side code runs within the web browser software on the client machine to modify the web page before it is displayed to the user or to modify requests made to the server.

Question 37

Malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Answer 37

XSS (cross-site scripting) attack

Question 38

Attack that injects a database query into the input data directed at a server by accessing the client side of the application

Answer 38

SQL injection

Question 39

SQL

Answer 39

Structured Query Language

Question 40

What does sql do?

Answer 40

read and write information from a database

SQL statements perform operations such as selecting data (SELECT), inserting data (INSERT), deleting data (DELETE), and updating data (UPDATE)

Question 41

Function that converts an arbitrary length string input to a fixed length string output.

Answer 41

hash

Question 42

What are Two of the most used cryptographic hash algorithms? (2)

Answer 42

• Secure Hash Algorithm (SHA)
• Message Digest (MD5)

MD5 is the older algorithm and is gradually being phased out of use.

Question 43

Two-way encryption scheme in which encryption and decryption are both performed by the same key. Uses a single secret key to both encrypt and decrypt data.

Answer 43

symmetric encryption cipher

Question 44

AES

Answer 44

Advanced Encryption Standard

Question 45

Cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one.

Answer 45

asymmetric encryption cipher

Question 46

Message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity. (proves that a message or digital certificate has not been altered or spoofed)

Answer 46

digital signature

Question 47

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm. (allows two hosts to know the same symmetric encryption key without any other host finding out what it is)

Answer 47

Key exchange

Question 48

What type of cryptographic key is delivered in a digital certificate?

Answer 48

A digital certificate is a wrapper for a subject’s public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it

Question 49

A threat actor crafts an email addressed to a senior support technician and part-time football coach inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?

Answer 49

A phishing attack tries to make users authenticate with a fake resource, such as a website. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing because it is specifically targeted at a single person, using personal information known about the subject (his or her football-coaching volunteer work).

Question 50

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Answer 50

Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against denial of service (DoS) attacks.

Question 51

A threat actor recovers some documents via dumpster diving and learns that the system policy causes passwords to be configured with a random mix of different characters that are only five characters in length. To what type of password cracking attack is this vulnerable?

Answer 51

Brute force attacks are effective against short passwords. Dictionary attacks depend on users choosing ordinary words or phrases in a password

Question 52

True or false? The level of risk from zero-day attacks is only significant with respect to EOL systems.

Answer 52

False.
A zero-day is a vulnerability that is unknown to the product vendor and means that no patch is available to mitigate it. This can affect currently supported as well as unsupported end-of-life (EOL) systems. The main difference is that there is a good chance of a patch being developed if the system is still supported, but almost no chance if it is EOL.

Question 53

You are assisting with the development of end-user security awareness documentation. What is the difference between tailgating and shoulder surfing?

Answer 53

Tailgating means following someone else through a door or gateway to enter premises without authorization.
Shoulder surfing means covertly observing someone type a PIN or password or other confidential data.

Question 54

You discover that a threat actor has been able to harvest credentials from some visitors connecting to the company’s wireless network from the lobby. The visitors had connected to a network named “Internet” and were presented with a web page requesting an email address and password to enable guest access. The company’s access point had been disconnected from the cabled network. What type of attack has been perpetrated

Answer 54

This is an evil twin attack where the threat actor uses social engineering techniques to persuade users to connect to an access point that spoofs a legitimate guest network service

Question 55

WPA

Answer 55

Wi-Fi Protected Access

Question 56

WEP

Answer 56

Wired Equivalent Privacy

Question 57

TKIP

Answer 57

Temporal Key Integrity Protocol

Question 58

AES

Answer 58

Advanced Encryption Standard

Question 59

CCMP

Answer 59

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

Question 60

SAE

Answer 60

Simultaneous Authentication of Equals

Question 61

PSK

Answer 61

pre-shared key in WPA2

Question 62

Standard for encapsulating EAP communications over a LAN (EAPoL) or WLAN (EAPoW) to implement port-based authentication

Answer 62

WPA’s 802.1X

Question 63

EAP

Answer 63

Extensible Authentication Protocol

Question 64

AAA

Answer 64

Authentication, Authorization, and Accounting

Question 65

Single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Answer 65

Kerberos

Question 66

In AAA architecture, what type of device might a RADIUS client be?

Answer 66

AAA refers to Authentication, Authorization, and Accounting and the Remote Access Dial-in User Service (RADIUS) protocol is one way of implementing this architecture. The RADIUS server is positioned on the internal network and processes authentication and authorization requests. The RADIUS client is the access point, and it must be configured with the IP address of the server plus a shared secret passphrase. The access point forwards authentication traffic between the end-user device (a supplicant) and the RADIUS server but cannot inspect the traffic.

Question 67

What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?

Answer 67

1. A digital certificate and its associated private key are installed on the wireless station.
2. Device authentication, typically via a password, PIN, or biometric gesture, permits access to the private key.

Question 68

True or false. TKIP represents the best available wireless encryption and should be configured in place of AES if supported.

Answer 68

False.
Advanced Encryption Standard (AES) provides stronger encryption and is enabled by selecting Wi-Fi Protected Access (WPA) version 2 with AES/CCMP or WPA3 encryption mode. The Temporal Key Integrity Protocol (TKIP) attempts to fix problems with the older RC4 cipher used by the first version of WPA. TKIP and WPA1 are now deprecated.

Question 69

True or false? WPA3 personal mode is configured by selecting a passphrase shared between all users who are permitted to connect to the network.

Answer 69

True.
WPA3-Personal uses group authentication via a shared passphrase. The simultaneous authentication of equals (SAE) mechanism by which this passphrase is used to generate network encryption keys is improved compared to the older WPA2 protocol, however

Question 70

motherboard. Modern types of firmware are stored in flash memory and can be updated more easily than legacy programmable read-only memory (ROM) types.

Answer 70

firmware

Question 71

Security measure performed on email and Internet traffic to identify and block suspicious, malicious and/or inappropriate content in accordance with an organization’s policies.

Answer 71

content filtering

Question 72

Process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN

Answer 72

port forwarding

Question 73

Type of port forwarding where the external port is forwarded to a different internal port on the LAN host.

Answer 73

port mapping

Question 74

Mechanism to configure access through a firewall for applications that require more than one port. Basically, when the firewall detects activity on outbound port A destined for a given external IP address, it opens inbound access for the external IP address on port B for a set period.

Answer 74

port triggering

Question 75

Protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall.

Answer 75

Universal-plug-and-play (UPnP)

Question 76

Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Answer 76

screened subnet

Question 77

You have selected a secure location for a new home router, changed the default password, and verified the WAN IP address and Internet link. What next step should you perform before configuring wireless settings?

Answer 77

Check for a firmware update. Using the latest firmware is important to mitigate risks from software vulnerabilities.

Question 78

You are reviewing a secure deployment checklist for home router wireless configuration. Following the CompTIA A+ objectives, what additional setting should be considered along with the following four settings?

Changing the service set identifier (SSID)
Disabling SSID broadcast
Encryption settings
Changing channels

Answer 78

Disabling guest access.
It might be appropriate to allow a guest network depending on the circumstances, but the general principle is that services and access methods that are not required should be disabled.

Question 79

A different user wants to configure a multiplayer game server by using the DMZ feature of the router. Is this the best configuration option?

Answer 79

Probably not.
Using a home router’s “demilitarized zone” or DMZ host option forwards traffic for all ports not covered by specific port-forwarding rules to the host. It is possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/firewalls.

Question 80

You are assisting a user with setting up Internet access to a web server on a home network. You want to configure a DHCP reservation to set the web server’s IP address, allow external clients to connect to the secure port TCP/443, but configure the web server to listen on port TCP/8080. Is this configuration possible on a typical home router?

Answer 80

Yes.
You need to configure a port-mapping rule so that the router takes requests arriving at its WAN IP for TCP/443 and forwards them to the server’s IP address on TCP/8080. Using a known IP address for the server by configuring a Dynamic Host Configuration Protocol (DHCP) reservation simplifies this configuration. The home router’s DHCP server must be configured with the media access control (MAC) address or hardware identifier of the web server.

Question 81

Sturdy vertical post installed to control road traffic or designed to prevent ram-raiding and vehicle-ramming attacks.

Answer 81

bollards

Question 82

Secure entry system with two gateways, only one of which is open at any one time.

Answer 82

access control vestibule

Question 83

The building will house a number of servers contained within a secure room and network racks. You have recommended that the provisioning requirement includes key-operated chassis faceplates. What threats will this mitigate?

Answer 83

A lockable faceplate controls who can access the power button, external ports, and internal components. This mitigates the risk of someone gaining access to the server room via social engineering. It also mitigates risks from insider threat by rogue administrators, though to a lesser extent (each request for a chassis key would need to be approved and logged).

Question 84

Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device installed at a turnstile in the building lobby. The scanner reads her palmprint and compares it to a master record of her palmprint in a database to verify her identity. What type of security control is this?

Answer 84

Biometric authentication deployed as part of a building’s entry-control system.

Question 85

You are assisting with the design of a new campus building for a multinational firm. On the recommendation of a security consultant, the architect has added closely spaced sculpted stone posts with reinforced steel cores that surround the area between the building entrance and the street. At the most recent client meeting, the building owner has queried the cost of these. Can you explain their purpose?

Answer 85

These bollards are designed to prevent vehicles from crashing into the building lobby as part of a terrorist or criminal attack. The security consultant should only recommend the control if the risk of this type of attack justifies the expense.

Question 86

A network administrator sets up a network access control solution throughout the enterprise which allows them to see ports with multiple devices connected into a switch port. The administrator uses this to help identify wireless access points throughout the enterprise, especially older ones which may have been forgotten. Which of the following legacy wireless encryption mechanisms is the administrator going to change? (Select all that apply.)

A.WPA2
B.WPA
C.WPA3
D.WEP

Answer 86

B. WPA and D. WEP

The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.

Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.

WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).

The main features of WPA3 are Simultaneous Authentication of Equals (SAE), updated cryptographic protocols, protected management frames, and Wi-Fi enhanced open.

Question 87

A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability?

A.WPA3
B.WPA2
C.WPA
D.WEP

Answer 87

A. WPA3

In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing.

WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).

The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.

Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.

Question 88

A security manager at a top-secret facility assesses the feasibility of integrating biometric authentication but has heard that it is often not accurate. Which of the following is the most accurate form of biometrics?

A.Retina scanner
B.Palmprint scanning
C.Fingerprint readers
D.Badge reader

Answer 88

A. Retina scanner

Question 89

A vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching?

A.Actor
B.Threat
C.Risk
D.MFA

Answer 89

C. Risk

Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. This is the most important aspect of the prioritization of patches.

An actor is an agent that executes malicious activity on a system. In this case, there is no known actor.

Threat is the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor.

An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.

Question 90

A student is interning for a security team at a major company and wants to practice on their home network. They want to make sure devices are easily identified when traffic is examined. Which of the following will help them accomplish this?

A.Port forward
B.UPnP
C.DHCP Reservation
D.Port triggering

Answer 90

C. DHCP Reservation

One option is to create a reservation (DHCP) for the device on the Dynamic Host Configuration Protocol (DHCP) server. This means that the DHCP server always assigns the same IP address to the host.

If users want to run some sort of server application from the network and make it accessible to the internet, the user must configure a port forwarding rule.

Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters.

Port triggering is used to set up applications that require more than one port, such as file transfer protocol (FTP) servers.

Question 91

A hotel manager notices that a wireless access point with the same service set identifier (SSID) is broadcasting with higher power. What attack could this indicate?

A.Whaling
B.Phishing
C.Footprinting
D.Evil twin

Answer 91

D. Evil twin

Question 92

A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What non-malicious threat is the administrator helping to prevent?

A.Default password
B.Power off
C.Firmware update
D.Evil twin

Answer 92

B. Power off

Question 93

A user wants to secure their home Wi-Fi router. Which of the following are strong security practices? (Select all that apply.)

A.Content filtering
B.Disable 2.4 GHz frequency band
C.Firmware update
D.AAA

Answer 93

A. Content filtering and C. Firmware update

Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses with sites known to host various categories of content like malware, spam, or other threats.

Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3.

Disabling the 2.4 GHz frequency will not increase security. 2.4 GHz is one of the frequencies used and has a better range with slower speeds.

An Authentication, Authorization, and Accounting (AAA) server is not typically set up on home networks.

Question 94

A security company was asked to help set up physical security at a massive company to identify concealed weapons coming into the building. What should the company implement?

A.Access control vestibule
B.Magnetometer
C.Bollard
D.Fencing

Answer 94

B. Magnetometer

A handheld magnetometer is a type of metal detector that is often deployed at airports and in public buildings to identify concealed weapons or other items.

An access control vestibule is where one gateway leads to an enclosed space protected by another barrier. This restricts access to one person at a time.

Sites, where there is a risk of a terrorist attack, will use barricades such as bollards and security posts to prevent vehicles from crashing into the building or exploding a bomb near it.

Fencing is generally effective, but the drawback is that it gives a building an intimidating appearance.

Question 95

An IT manager wants to secure a storage room with expensive server equipment. Which of the following will provide the best contactless security?

A.Badge reader
B.Electronic lock
C.Conventional lock
D.Bollard

Answer 95

A. Badge reader

Question 96

A server administrator wants to secure a whole rack of servers. What would be the best way to secure access to the servers?

A.Kensington locks
B.Chassis locks
C.Fingerprint readers
D.Cabinet locks

Answer 96

D. Cabinet locks

Lockable rack cabinets control access to servers, switches, and routers installed in standard network racks. These can be supplied with key-operated or electronic locks.

Kensington locks are used with a cable tie to secure a laptop or other device to a desk or pillar and prevent theft.

Chassis locks and faceplates prevent the covers of server equipment from being opened. These can prevent access to external USB ports and prevent someone from accessing the internal fixed disks.

Fingerprint readers are not commonly used to secure rack cabinets. The technology is also non-intrusive and relatively simple to use, although moisture or dirt can prevent readings, and there are hygiene issues at shared-use gateways.

Question 97

A jewelry retail chain has just discovered how to create a new form of jewels that has never been seen before. They want to set up an alarm system that triggers when the case is opened. What type of alarm should the jewelry chain install to secure the glass display case containing the jewels?

A.Motion Sensors
B.Radio frequency ID (RFID)
C.Circuit
D.Duress

Answer 97

C. Circuit

A circuit-based alarm sounds when the circuit opens or closes. In this context, the alarm could trigger if someone opens the glass display case, making it an ideal choice.

A motion-based alarm links to a detector triggered by movement within an area. The sensors in these detectors use either microwave radio reflection or passive infrared (PIR), which detects moving heat sources. While effective for larger spaces, this may be too sensitive for a small display case.

RFID tags and readers can track the movement of tagged objects within an area. While this system is versatile, it may be overkill for a localized area like a glass display case.

A duress alarm could be implemented as a wireless pendant, concealed sensor, or trigger, or call contact. While useful for personal safety, it doesn’t directly secure the jewels within the case.

Question 98

A penetration tester gains access to a regular user’s box. The tester wants to escalate privileges, so they call into the help desk, as the regular user, and sets up a script that will capture the help desk user’s Kerberos token to be able to replay. What is this social engineering technique called?

A.Dumpster diving
B.Impersonation
C.Shoulder surfing
D.Tailgating

Answer 98

B. Impersonation

Question 99

A network administrator is setting up administrative access to network devices. What common solution is used for this?

A.Kerberos
B.TACACS+
C.RADIUS
D.EAP

Answer 99

B. TACACS+

TACACS+ is an AAA protocol like RADIUS, but it is typically used for device administration rather than user access to the network.

Active Directory itself is not an Authentication, Authorization, and Accounting (AAA) server. However, Kerberos can compare against the Active Directory database to validate if a user is able to log on.

Where Remote Authentication Dial-in User Service (RADIUS) is often used to authenticate connections by wireless and VPN users, TACACS+ is often used in authenticating administrative access to routers, switches, and access points.

Extensible Authentication Protocol (EAP) allows the use of different mechanisms to authenticate against a network directory.

Question 100

A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use?

A.XSS
B.SQL injection
C.Plaintext authentication
D.DoS

Answer 100

C. Plaintext authentication

A plaintext authentication password can be captured by obtaining a password file or by sniffing unencrypted traffic on the network.

A cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.

In a SQL injection attack, the threat actor modifies one of four basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.

A denial of service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users.

Question 101

A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use?

A.LDAP
B.TACACS+
C.OU
D.RADIUS

Answer 101

D. RADIUS

Question 102

EAPoW

Answer 102

Extensible Authentication Protocol over Wireless

Question 103

A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure?

A.TACACS+
B.WPA3
C.Active directory
D.MFA

Answer 103

C. Active Directory

Extensible Authentication Protocol over Wireless (EAPoW) is a protocol used for wireless network authentication. It allows for a variety of authentication methods to be used over wireless networks. When implementing EAPoW, the network professional will need to configure an authentication server that supports EAP methods, and this is often done using Active Directory (AD). Active Directory is a directory service developed by Microsoft that provides centralized authentication, authorization, and directory services. It’s commonly used for user authentication in enterprise environments, and it can be integrated with various EAP methods to provide secure and centralized authentication for wireless networks.

WPA3: While WPA3 is a security protocol used to protect Wi-Fi networks, it’s not directly related to setting up EAPoW. WPA3 enhances security features like encryption and protection against brute-force attacks.

TACACS+: TACACS+ is a protocol used for centralized authentication, authorization, and accounting (AAA) services. While it can be used for network access control, it’s not specifically associated with EAPoW for wireless authentication.

MFA (Multi-Factor Authentication): MFA involves using multiple authentication factors (such as passwords, tokens, biometrics) to verify a user’s identity. While it’s a security practice, it’s not the specific requirement for configuring EAPoW. EAP methods themselves can involve various authentication factors, but MFA is not exclusively tied to EAPoW configuration.

Question 104

A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure. What else besides the router operating system patches should the specialist keep patched?

A.Firmware
B.UPnP
C.Default password
D.AAA

Answer 104

A. Firmware

Question 105

A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up?

A.Content filtering
B.UPnP
C.Port forward
D.Screened subnet

Answer 105

D. Screened subnet

A screened subnet can also be referred to by the deprecated terminology demilitarized zone (DMZ). The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the LAN.

Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses.

Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters.

Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.

Question 106

A security analyst is looking at the overall security status of systems on the network. Which of the following represents the greatest threat?

A.EOL system
B.Unprotected system
C.Zero-day
D.Non-compliant system

Answer 106

A. EOL system

A legacy or end-of-life (EOL) system is one where the software vendor no longer provides support or fixes for problems. These represent the greatest threat to the network.

An unprotected system is one where at least one of these controls is either missing or improperly configured.

A vulnerability that is exploited before the developer knows about it or can release a patch is called a zero-day.

A non-compliant system is one that has drifted from its hardened configuration. A vulnerability scanner is a class of software designed to detect non-compliant systems.