Section 2.0 Security Flashcards
A healthcare company wants a security engineer to secure access to its critical internal resources and data with more than just a username and password. What access control measure would the security engineer suggest the company implement to provide an extra layer of security?
YOU WERE SURE AND CORRECT
Multifactor authentication
A new data security technician is learning many foundational principles of logical security controls concerning critical data. The technician notices a lot of effort and conversations from colleagues with clients around the concept of least privilege. What is the goal when it pertains to implementing least privilege?
YOU WERE SURE AND CORRECT
Grant users the minimum possible rights necessary to perform the job.
A senior-level government agency wants to implement multifactor authentication. However, they specifically do not want any user’s mobile device to be a part of the solution as it could compromise them. What authentication method would be a possible solution?
THE CORRECT ANSWER
Hard token
A small company has just set up a Windows domain environment and would like to add functionality for their users to save personal work-related documents on a designated file server to protect files from being lost on their PCs. What solution would allow this functionality?
YOU WERE SURE AND CORRECT
Home folders
A group of employees has voiced concerns about not feeling safe when walking to and from their cars in the parking lot. Since the building is not in a safe neighborhood, they feel like someone could easily hide and attack people during certain shift changes. What could the company implement to help these employees feel safer? (Select all that apply.)
Security guards
Lighting
Video cameras
This type of alarm system utilizes either microwave radio reflection or passive infrared to trigger an alert threshold.
YOU WERE SURE AND CORRECT
Motion sensor
A manufacturing plant plans to have cash payments for products sent to their facility for processing. To provide a proper physical security entrance into the area where personnel will handle the cash, a security vendor may suggest what particular automated solution best ensures that only one employee can enter and exit this area at a time?
YOU WERE SURE AND CORRECT
Access control vestibule
After switching a medium-sized office to a Windows domain, a systems administrator has had trouble getting buy-in from users when it comes to saving documents in redundant network shares. Users are adamant that they want to work out of the local Documents folder of their profile. What can the administrator implement to accomplish the goal of getting data to reside on network shares?
YOU WERE SURE AND CORRECT
Folder redirection
A security engineer is designing a multifactor solution for certain approved users to access highly-sensitive information on the company’s intranet. The engineer will require a soft token code provided by what medium to the user? (Select all that apply.)
Short message service
Voice call
A security vendor contracts with a banking firm to provide access control to highly secured areas. The banking firm wants to grant access via biometric data. What would be suitable to use in this case? (Select all that apply.)
Retina scanner
Fingerprint reader
Palmprint scanner
The security team at a company wants to limit access to certain office areas to prevent theft and improve safety for employees. They would like to utilize door locks with badge readers and software that centrally manages access yet is still accessible with a physical key in case of emergencies or system outages. What objects could the company use in conjunction with the badge readers to grant access? (Select all that apply.)
Smart cards
Key fobs
An organization has asked a network engineer why a particular wireless access point is not allowing users to authenticate to the company’s network. Users can connect to other access points without issue. The engineer finds that the problem access point can find and connect to the Remote Authentication Dial-in User Service (RADIUS) server, but they do not trust each other. What is most likely NOT configured on the access point?
YOU WERE SURE AND CORRECT
Shared secret
A medium-sized office has a growing number of employees whom all need access to the wireless network. Each employee has an individual Windows domain account and wireless network access account. What protocol or service could the office implement to allow users to use one account, granting them access to the wireless network and the domain?
THE CORRECT ANSWER
Kerberos
Which protocol allows access points to use Remote Authentication Dial-in User Service (RADIUS), or Terminal Access Controller Access Control System Plus (TACACS+), and Extensible Authentication Protocol (EAP) to tunnel credentials and tokens that allow a domain user to connect via a wireless client to authenticate to a Windows domain controller and use single sign-on authorization?
THE CORRECT ANSWER
Kerberos
A senior network engineer wants to provide the organization’s staff with a convenient yet secure method for authenticating and administrating all the company Cisco routers, switches, and access points. What Authentication, Authorization, and Accounting (AAA) protocol would provide the best solution for this?
YOU WERE SURE AND CORRECT
TACACS+
A managed services technician works with a customer to properly secure the home office Wi-Fi network. The customer states that they use Wi-Fi Protected Access with Temporal Key Integrity Protocol to secure wireless network traffic. However, the technician advises against this solution, as a malicious actor can easily find the encryption key. What would provide for stronger encryption with AES and CCMP for securing Wi-Fi traffic?
THE CORRECT ANSWER
WPA2
Network engineers are talking at a conference, reminiscing about legacy Wi-Fi security standards. Unfortunately, they could not remember the cipher that replaced Rivest Cipher 4 (RC4) at the advent of WPA2. What cipher are they attempting to remember?
YOU WERE SURE AND CORRECT
AES
A security engineer is attending a training session based on newer network security best practices. However, regarding Wi-Fi protected access (WPA), they learn that WPA3 replaced WPA2 with its accompanying encryption standard stack. With WPA3, what other cipher/protocol stack replaced them?
THE CORRECT ANSWER
AES GCMP
A new local coffee shop would like to provide customers with free Wi-Fi access. In addition, they would like to provide a secured wireless connection without using a pre-shared passphrase. Which type of protected access should the coffee shop use to meet these requirements?
THE CORRECT ANSWER
WPA3
A growing company has just recently implemented a Windows domain and is building out its Active Directory structure. They have asked a network services company if they can manage access to their wireless network using permissions in the new domain. A network engineer tells them this is certainly achievable using this particular protocol.
THE CORRECT ANSWER
EAP
A network engineer wants to implement a strong EAP-TLS method using multifactor authentication in an enterprise environment. The engineer must configure the Remote Authentication Dial-in User Service (RADIUS) server and the wireless supplicant with which of the following components? (Select all that apply.)
Digital certificate
Encryption key pair
A user thinks there may be a virus on their computer, calls into an IT help desk, and states that when browsing certain websites, the browser gives a scary warning about the site possibly being unsafe. What could cause a browser certificate warning? (Select all that apply.)
A certificate is self-signed.
There is a server name mismatch in the certificate.
A certificate has expired.
A customer brings a PC into a local computer repair shop believing it may have a virus. After some investigation into the problems, the technician deems that there are so many viruses and malware on the system that there really is only one appropriate avenue to take to give the customer the security of knowing the PC is free and clear of the viruses and malware. What remediation will the technician perform?
THE CORRECT ANSWER
Perform OS reinstallation.
A managed service provider company has adopted CompTIA’s seven-step best practice procedure for malware removal. A technician is about to attempt to remove a malware infection according to these best practices. Which step will the technician take in the overall process of removal? (Select all that apply.)
Disable System Restore.
Educate the end user.
An IT security professional has finished removing a trojan malware infection using their company’s enterprise anti-malware platform. What operating-system-specific validations would ensure no reinfections could occur? (Select all that apply.)
Restore points
DNS configuration
Software firewall settings
A malicious hacker sets out to create a botnet to deploy onto a mass number of computers to perform complex blockchain calculations for obtaining digital coins. What malware payload will accomplish this task?
YOU WERE SURE AND CORRECT
Cryptominer
A company’s CFO notices an extremely small USB dongle plugged into their laptop. It is not associated with any of the wireless devices the CFO uses, and the device does not have any logo printed on it. After speaking with the IT service desk, the CFO mentions that he has received some emails lately about changes to various online accounts that he did not initiate. What conclusion may the service desk technician come to after hearing this statement?
THE CORRECT ANSWER
The CFO’s system has a keylogger installed.
A user’s computer has an infection that renders the computer system unusable as soon as it boots up. After calling the support phone number for the system’s antivirus software, the support technician gives the user a .iso file to help remove the infection. What will this file allow the user to do differently from removing the infection after the computer starts up?
THE CORRECT ANSWER
Scan the computer in recovery mode.
A user makes a frantic call to a family friend. Their computer displays a message that the Federal Bureau of Investigation has tracked malicious terrorist activity to their laptop. The only information they see to remove the message is a link to a Bitcoin wallet that requests payment. What type of infection is this user experiencing?
YOU WERE SURE AND CORRECT
Ransomware attack
A fairly new level one help desk technician has worked hard to remove some malware infections on a user’s computer. However, similar infections reappeared once the technician cleaned up and restarted the computer. What malware vector is manifesting in this situation?
THE CORRECT ANSWER
Boot sector virus
When dealing with this particular malware payload, users should be aware that there is the possibility that it can compromise system files and programming interfaces. For example, compromised local shell processes, such as Explorer or Task Manager on Windows, ps or top on Linux, and port-listening tools no longer reveal their presence. What is this particular malware payload?
YOU WERE SURE AND CORRECT
Rootkit
A computer science student is taking beginner-level classes on information security. The course discusses malware vectors, a method by which the malware executes on a computer. The student then learns about which of the following common vectors? (Select all that apply.)
Worm
Virus
Trojan
As a part of a company’s overall information security plan, the security operations team sends out designed phishing emails to groups of users. Users who click links inside baited emails are then enrolled in training to help them spot phishing-type emails. What are some characteristics seen in typical phishing emails? (Select all that apply.)
As a part of a company’s overall information security plan, the security operations team sends out designed phishing emails to groups of users. Users who click links inside baited emails are then enrolled in training to help them spot phishing-type emails. What are some characteristics seen in typical phishing emails? (Select all that apply.)
Tailgate into the offices.
Impersonate an employee.
A systems administrator is auditing the settings of a group of web servers. The administrator notices that a few of the servers also have file services and database roles installed and are not in line with the documented configuration of the company’s standard web servers. What vulnerability are these systems experiencing?
THE CORRECT ANSWER
Non-compliant system
A school district is working on a plan for a future bring your own device (BYOD) program for students. They would like to provide connectivity due to the rural location of the building and limited cell phone service. What concern would the network security team have with this plan?
YOU WERE SURE AND CORRECT
Lack of a secure baseline configuration for personal devices
Which of the following attacks are successful since there are currently no known patches to prevent it from happening?
YOU WERE SURE AND CORRECT
Zero-day attack
An employee receives a phone call from someone in the IT department informing them that their computer has a virus. In a panic, the employee quickly follows the instructions from the caller to grant remote access to their workstation. Unfortunately, the employee notices that the application used for remote access is not the same as the application used in the past when someone from IT has remotely worked on their workstation. What kind of attack has the user just experienced?
YOU WERE SURE AND CORRECT
Vishing
A concerned employee has noticed that their manager seems to always quietly approach other co-workers from behind and carefully watch the actions they are doing on their computers. Other employees reported that this manager would watch for an extensive amount of time before saying anything to the employee at the computer. What social engineering tactic could be suspect in this situation?
YOU WERE SURE AND CORRECT
Shoulder surfing
What type of attack occurs when an attacker may use software to guess another user’s password using common words?
YOU WERE SURE AND CORRECT
Dictionary attack
An IT support intern attends a local IT security conference. The intern attends a breakout session that focuses on common security vulnerabilities when managing multiple endpoints. What security vulnerabilities can the session point out? (Select all that apply.)
Unpatched system
End of life OS
Unprotected system
Company executives, like the Chief Information Officer (CIO), are the main target of which of the following attacks?
YOU WERE SURE AND CORRECT
Whaling
An employee receives an email from what looks to be the IT department informing the employee has a compromised password. In a panic, the employee clicks the provided web link in the email, enters their old password, and then enters a new password. The employee noticed that this is not how the IT department has had them change their password in the past. What kind of attack has the user just experienced?
YOU WERE SURE AND CORRECT
Phishing
A person visits a local library frequently with their laptop to use the Wi-Fi to complete school assignments and check social media. One day, the user notices that the wireless network name or the Service Set Identifier (SSID) is slightly different from normal. As a result, the user connects to the Wi-Fi and is automatically brought to a Facebook web page with fields to enter their Facebook username and password. What type of attack has occurred here?
YOU WERE SURE AND CORRECT
Evil twin
After a recent data breach, a company’s IT department has concluded that the breach started with a laptop that accessed the Wi-Fi to gain access to its resources. The company uses a passphrase and media access control (MAC) address filtering to restrict access to Wi-Fi. What type of attack gained access to the company’s wireless network?
THE CORRECT ANSWER
Spoofing
After carrying out a campaign to gather data via e-mail and other electronic means, what else can an attacker do to gather personal information about a company owner without being in that person’s presence?
THE CORRECT ANSWER
Go dumpster-diving behind the corporate offices.
A large corporation has ordered all branch offices to secure office data to prevent unauthorized access to data in the case of theft. The change applies company-wide via a security policy for easy deployment. What does a computer technician need to address to fulfill these orders? (Select all that apply.)
Disable USB ports.
Activate BitLocker To Go.
A company has given its employees a Windows 10 laptop to use for remote work. Employees who already have access to Office 365 applications can get to work right away. How would employees initially log on to their laptops to begin working on them?
THE CORRECT ANSWER
Use their Microsoft account.
Employees at a secure facility must log on to office workstations with two-factor authentication (2FA). All employees access the building with a smart card. What 2FA methods are employees most likely using to access their workstations? (Select all that apply.)
Username and password
PIN
The User Account Control (UAC) feature in Windows has a concern with what type of user account on a Windows machine?
THE CORRECT ANSWER
Administrator
