Professor Messer - Security+ SY0-701: Exam B Flashcards

Question

Penetration Methodology: Passive reconnaissance

Answer 1

Passive reconnaissance is the process of gathering information from publicly available sites, such as social media or corporate websites.

Answer 2

Loss of intellectual property The exfiltration of confidential information and intellectual property is relatively simple with an easily transportable mobile phone. Organizations associated with sensitive products or services must always be aware of the potential for information leaks using files, photos, or video.

Answer 3

A jump server is a highly secured device commonly used to access secure areas of another network. The technician would first connect to the jump server using SSH or a VPN tunnel, and then "jump" from the jump server to other devices on the inside of the protected network. This would allow technicians at an MSP (Managed Service Provider) to securely access devices on their customer's private networks.

Answer 4

An HSM (Hardware Security Module) is a secure method of cryptographic key backup and hardware-based cryptographic offloading

Answer 5

NAC (Network Access Control) is a broad term describing access control based on a health check or posture assessment. NAC will deny access to devices that don't meet the minimum security requirements.

Answer 6

MTBF The MTBF (Mean Time Between Failures) is the average time expected between outages. This is usually an estimation based on the internal device components and their expected operational lifetime.

Answer 7

MTTR (Mean Time to Repair) is the time required to repair a product or system after a failure.

Answer 8

RPO RPO (Recovery Point Objectives) define how much data loss would be acceptable during a recovery

Answer 9

RTO (Recovery Time Objectives) define the minimum objectives required to get up and running to a particular service level.

Answer 10

Using AAA (Authentication, Authorization, and Accounting) is a common method of centralizing authentication. Instead of having separate local accounts on different devices, users can authenticate with account information maintained in a centralized database.

Answer 11

With discretionary access control (DAC), access and permissions are determined by the owner or originator of the files or resources.

Answer 12

Insecure protocols An insecure authentication protocol will transmit information "in the clear," or without any type of encryption or protection.

Answer 13

Acceptance Risk acceptance is a business decision that places the responsibility of the risky activity on the organization itself. Mitigation If the organization was to purchase additional backup facilities and update their backup processes to include offline backup storage, they would be mitigating the risk of a ransomware infection. Transference Purchasing insurance to cover a risky activity is a common method of transferring risk from the organization to the insurance company Risk-avoidance To avoid the risk of ransomware, the organization would need to completely disconnect from the Internet and disable all methods that ransomware might use to infect a system. This risk response technique would most likely not apply to ransomware.

Answer 14

Disconnect the web servers from the network The unusual log entries on the web server indicate that the system may have been exploited. In that situation, the servers should be contained to prevent all connectivity to those systems.

Answer 15

If Apple’s iOS has been circumvented using jailbreaking, a user can install apps without using the Apple App Store. Circumventing a curated app store to install an app manually is called side loading

Answer 16

VM (Virtual Machine) escape describes the unauthorized access of one VM from a different VM on the same hypervisor. An app installation on a phone is not related to virtual machines.

Answer 17

Cross-site scripting is an attack that uses the trust in a browser to gain access to a third-party site.

Answer 18

Attestation is commonly one of the last steps when performing an audit. This attestation is an opinion of the truth or accuracy of a company’s security position.

Answer 19

A self-assessment describes an organization performing their own security checks.

Answer 20

A watering hole attack infects a third-party visited by the intended victims. An industry convention would be a perfect location to attack security professionals.

Answer 21

The use of OCSP (Online Certificate Status Protocol) requires communication between the client and the issuing CA (Certificate Authority). If the CA is an external organization, then validation checks will communicate across the Internet. The certificate holder can verify their own status and avoid client Internet traffic by storing the status information on an internal server and “stapling” the OCSP status into the SSL/TLS handshake.

Answer 22

A CSR (Certificate Signing Request) is used during the key creation process. The certificate is sent to the CA to be signed as part of the CSR.

Answer 23

Wildcard A wildcard certificate can be used across many different systems matching the fully qualified domain name associated with the wildcard.

Answer 24

IPsec IPsec (Internet Protocol Security) is commonly used to create a VPN (Virtual Private Network) protected tunnel between devices or locations.

Answer 25

A race condition is a programming issue where a portion of the application is making changes not seen by other parts of the application. For example, before allowing someone to log in, a security system first receives their username and password and then checks it against a database before allowing access. Attackers can exploit this fact by interfering with processes to access secure areas and content in what's known as a race condition attack.

Answer 26

Tokenization replaces sensitive data with a non-sensitive placeholder. Tokenization is commonly used for NFC (Near-Field Communication) payment systems, and sends a single-use token across the network instead of the actual credit card information.

Answer 27

Alert tuning Our monitoring systems are not always perfect, and many require ongoing tuning to properly configure alerts and notifications of important events.

Answer 28

Perform regular audits and vulnerability scans A focus of credit card storage compliance is to keep credit card information private. The only option matching this requirement is scheduled audits and ongoing vulnerability scans.

Answer 29

The client computer does not have the proper certificate installed The error message states that the server credentials could not be validated. This indicates that the certificate authority that signed the server’s certificate is either different than the CA certificate installed on the client’s workstation, or the client workstation does not have an installed copy of the CA’s certificate. This validation process ensures that the client is communicating to a trusted server and there are no on-path attacks occurring.

Answer 30

Lack of patch updates on an Internet-facing database server One of the easiest ways for a third-party to obtain information is through an existing Internet connection. A hacktivist could potentially exploit an unpatched server to obtain unauthorized access to the operating system and data.

Answer 31

. Replay attack To perform a replay attack, the attacker needs to capture the original non-encrypted content. If an application is not using encrypted communication, the data capture process is a relatively simple process for the attacker.

Answer 32

LDAP 802.1X is a standard for authentication, and LDAP (Lightweight Directory Access Protocol) is a common protocol used for centralized authentication. Other protocols such as RADIUS, TACACS+, or Kerberos would also be options for 802.1X authentication.

Answer 33

An embedded system often does not provide access to the OS and may not provide a method of upgrading the system firmware.

Answer 34

An SDN (Software Defined Network) is commonly used as a method of deploying network components by separating a device into a data plane, control plane, and management plane.

Answer 35

If the laptop hardware is modified, the security team is alerted The enumeration process identifies and reports on the hardware and software installed on the laptop. If this configuration is changed, an alert can be generated.

Answer 36

The Answer: A. HIPS and D. Host-based firewall logs If the laptop is not communicating across the corporate network, then the only evidence of the traffic would be contained on the laptop itself. A HIPS (Host-based Intrusion Prevention System) logs and host-based firewall logs may contain information about recent traffic flows to systems outside of the corporate network.

Answer 37

Secure enclave A secure enclave describes a hardware processor designed for security. The secure enclave monitors the boot process, create true random numbers, store root cryptography keys, and much more.

Answer 38

Data subject In data privacy, the data subject describes an individual with personal data. Payment details and shipping addresses describe personal information from a data subject.

Answer 39

Controller A data controller manages the processing of the data. A payroll department would be an example of a data controller.

Answer 40

The data owner is commonly accountable for all of the data, and the owner often manages the people and systems associated with processing and securing the data.

Answer 41

A data processor manages the data on behalf of the data controller. If the data controller is the payroll department, a third-party payroll company would be the data processor

Answer 42

B. Uses burned-in cryptographic keys and E. Includes built-in protections against brute-force attacks A TPM (Trusted Platform Module) is part of a computer’s motherboard, and it’s specifically designed to assist and protect with cryptographic functions. Full disk encryption (FDE) can use the burned-in TPM keys to verify the local device hasn’t changed, and there are security features in the TPM to prevent brute-force or dictionary attacks against the full disk encryption login credentials

Answer 43

The Answer: A. Mandatory Mandatory access control uses a series of security levels (i.e., public, private, secret) and assigns those levels to each object in the operating system. Users are assigned a security level, and they would only have access to objects that meet or are below that assigned security level. The incorrect answers: B. Rule-based Rule-based access control determines access based on a series of systemenforced rules. An access rule might require a particular browser be used to complete a web page form, or access to a file or system is only allowed during certain times of the day. C. Discretionary Discretionary access control allows the owner of an object to assign access. If a user creates a spreadsheet, the user can then assign users and groups to have a particular level of access to that spreadsheet. D. Role-based Role-based access control assigns a user’s permissions based on their role in the organization. For example, a manager would have a different set of rights and permissions than a team lead.

Answer 44

The ARO (Annualized Rate of Occurrence) describes the number of instances estimated to occur in a year. For example, if the organization expect to lose seven laptops to theft in a year, the ARO for laptop theft is seven.

Answer 45

The ALE (Annual Loss Expectancy) is the expected cost for all events in a single year. If it costs $1,000 to replace a single laptop (the SLE) and you expect to lose seven laptops in a year (the ARO), the ALE for laptop theft is $7,000.

Answer 46

SLE (Single Loss Expectancy) is the monetary loss if a single event occurs. If one laptop is stolen, the cost to replace that single laptop is the SLE, or $1,000.