Security+ Mobile App Questions Flashcards
Salting a password is a technique used in key stretching to make the password more secure against cracking attempts. There are various techniques to stretch a key; some are more common but each is different. – Which of the following is a key stretching technique that salts a password of atleast 64 bits using a pseudo-random function such as HMAC?
crypt(3)
PBKDF2
Bcrypt
SHA-1
PBKDF2
Explanation:
PBKDF2 is a salting technique that incorperates a pseudo-random function to protect passwords of atleast 64 bits. PBKDF2 is in use in many applications such as WIFI Protected Access II (WPA2), Apple’s iOS mobile operating system, and Cisco operating systems.
A load balancer at Acme Inc. is fielding requests from the internet to Acme’s new web portal that provides hospitals access to their medical tool catalog. They are receiving quite a bit of traffic from around the country and have configured the load balancer to keep user’s requests local to the server that first accepts the request. For example, user 1 visits the website and is routed to server 3; all subsequent visits sends user 1 to server 3 for their web access. – This is an example of which of the following?
Geolocation Routing
Round-robin Load Balancing
Weight-based Routing
Source Address Affinity
Source Address Affinity
Explanation:
Source Address Affinity ensures that requests are routed to the same server that a user was originally sent to, based on the IP address. The first visit to the website may be assigned a distribution method like round-robin, but with Source Address Affinity, every time the user revisits the page, they will have their request sent to the server that they were routed to originally.
Anders Insurance Agency has discovered that malware on one of their internal computers has been exfiltrating user information. But the malware is unfamiliar and not registering with their antivirus/anti-malware programs. They alert a cybersecurity agency, which investigates and discovers that the malware is originating from an infected government site for an insurance regulatory authority that Anders Insurance visits regularly. – Which of the following is the BEST description of what has occurred?
Watering Hole Attack
Phishing
Man-in-the-Middle Attack
Whaling
Watering Hole Attack
Explanation:
Watering Hole Attack targets sites that its victims use most often. After infecting the site and configuring it to deliver malware, the attacker waits for their target to use the site and become infected, then the attacker can carry out additional objectives, such as exfiltrating information.
A user is browing social media site and sees a post by their friend about an interesting game, along with the link. The user clicks on the link and is presented with a game that is focused on discovering hidden items on the web page and clicking on them. The user plays the game, eventually leaves the page, and later discovers that their social media account has been hacked and is now sending spam messages to their friends. – Which of the following MOST LIKELY occured in this scenario?
Clickjacking
Man-in-the-Browser
Domain Hijacking
Session Hijacking
Clickjacking
Explanation:
Clickjacking is an attack where the attacker builds elements on a web page that obscure the true nature of what the user is clicking on. It is possible to use HTML elements called frames to mask web pages and essentially build their own elements on top, such as game icons or buttons, and trick users into performing the actions they desire. This could take the form of a user clicking a “reset password” link, sharing a post without their knowledge, or providing a session ID or credentials to the attacker.
An attacker is watching the public wireless communications in a local coffee shop. They are sniffing the traffic and have proceeded to intercept a login session in order to capture the information for later use. – What attack is being used?
Watering Hole
Cross-Site Scripting
Replay
Evil Twin
Replay
Explanation:
When a hacker is able to intercept a session and use it again later, it’s considered a Replay Attack. The attacker intercepts the session and analyzes it. They can later impersonate the victim and use the session to gain access to servers or applications. Encryption stops this attack.
An administrator has an email server that is configured to accept IMAP connections on the well-known port of 143. They want to implement a secure IMAP configuration within the environment but need it to conform to the original environement. – WHich of the following protocols would they use?
IMAPS
SSL
STARTTLS
SPOP
STARTTLS
Explanation:
Internet Message Access Protocol v4 (IMAPv4) provides access to stored email on an email server and enables users to organize and manage these emails in folders on the server. IMAP4 uses port 143 and, though IMAPS is a secure edition of IMAP4, it uses a different port: 993. In contrast, IMAP4 with STARTTLS operates on the same well-known port as IMAP4 on Port 143.
An administrator needs a security solution for their organization’s cloud environment. They want a service that sits between their on-site premises and the cloud provider. It should allow them to define security policies for traffic following outside their on-premises site to the cloud. – What type of security solution should they implement?
CASB
SDV
SWG
Security Groups
CASB (Cloud Access Security Broker)
Explanation:
Cloud Access Security Broker is a service that acts as a software layer between an organization and their cloud. Many cloud providers, like Amazon and Microsot, provide APIs that allow for automated control of this.
An administrator at Acme Inc. is taking a snapshot of the network and comparing it to an original snapshot to check for anomalies. – What is the administrator doing?
Monitoring
Streaming
Baselining
Benchmarking
Baselining
Explanation:
Baselining is the process of measuring changes in networking, hardware, and software. It gives monitoring software the ability to determine what’s normal and what’s abnormal in the system. It’s how the software determines abnormal traffic patterns in order to alert the administrator.
An administrator is interested in implementing email encryption throughout the organization. They have a PKI configured to work within the local network and would like to incorperate that. – Which of the following protocols should they implement?
PGP
OpenPGP
S/MIME
TLS
S/MIME (Secure/Multipurpose Internet Mail Extensions)
Explanation:
Secure/Multipurpose Internet Mail Extensions (S/MIME) is one of the most prevalent email encryption standards available. S/MIME uses RSA for asymmetric encryption and AES for symmetric encryption and can encrypt email at rest and in transit. Due to the use of RSA for asymmetric encryption, a PKI is required to provide and manage the appropriate certificates.
Which service of IPSec ensures that an IP Packet is from the sender it claims to be from?
Authentication
Encryption
Confidentiality
Integrity
Authentication
Explanation:
My Take: Authentication is Person to Person verification/confirmation where Integrity makes sure the information in the Packet has not been altered and came from where they should have come from.
Authentication deals with confirming that the Sender is who they say they are.
Integrity ensures that files are not altered in transit and Confidentiality can encrypt the packet.
As the final networking components are configured and tested, the production environment is now complete for Acme Inc. and their new payment processing service. They want to use a form of monitoring that will take a snapshot of the entire environment and its normal operating procedures and send an alert if anything is performing oddly. – What type of monitoring established performance baseline based on a set of network traffic evaluations?
Signature-based
Anomaly-based
Pattern-based
Hashing-based
Anomaly-based
Explanation:
Anomaly-based monitoring systems are also known as statistical anomaly-based monitoring systems. They establish a performance baseline based on a set of normal network traffic evaluations. The baseline should be taken when servers are under normal load.
A security administrator is creating a plan that lays out the steps to perform in the event of a fire in their new data center. It outlines what to prioritize and how to properly evacuate if necessary. – What of the following is the administrator creating?
Failover Plan
Backup Plan
Disaster Recovery Plan
Fire Plan
Disaster Recovery Plan
Explanation:
Disaster Recovery Plan is created in a case of an unplanned disaster such as a fire, flood, power loss, or theft. It contains the steps needed to get the organization productive again.
During the course of a reorganization, Smith Industries was interested in implementing a new IT security framework to promote enhanced security, along with proper processes for obtaining and deploying secure hardware and software. – Of the following IT Security frameworks, which divides IT into the following four sections: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate?
ITIL
PMBOK
COBIT
NIST
COBIT (Control Objectives for Information and Related Technologies)
Explanation:
COBIT is a good practice framework created by the international professional association ISACA for information technology management and governance. COBIT provides an implementable “set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
A new junior developer is being briefed on development efforts at Acme Inc. The lead administrator is explaining a recent issue where an application was writing to a set of memory that another command was using. This caused unexpected issues and several crashes before it was remedied. – Which of the following were they MOST LIKELY encountering?
Improper input handling
Resource exhaustion
Race Condition
Integer Overflow
Race Condition
Explanation:
In programming, when serveral modules of an application, or two or more applications, attempt to access the same resource at the same time, it can cause a conflict known as a Race Condition. This situation can be a significant headache for a developer if not properly accounted for, as it can lead to incorrect computations, data value conflicts, and more.
A critical business system at Smith Industries is built on an aging platform, but replacement attempts have been difficult. The executives are interested in the potential risk it poses to the rest of the network and what may happen if it’s left without an adequate replacement. They are performing regular baseline captures and would like to use existing information if possible. – What baseline reporting methodology are they using to find vulnerabilities and weaknesses in their system?
Security posture
Hashing
Vulnerability Assessment
Security Posture Assessment
Security Posture Assessment
Explanation:
Security Posture Assessment uses baseline reporting and other analyses to discover vulnerabilities and weaknesses in systems. It’s used to determine an organization’s security posture, which is the security status of the organization’s entire network, information, and systems, and their capability to manage the defense of this environment and react to changing circumstances.
An employee at ACME corporation fell victim to a phishing attack. Once the intruder gained access to the employee’s account, they were able to exfiltrate protected information regarding the corporation’s infrastructure. – Which type of data breach would this be classified as?
Financial
Privacy
Proprietary
Integrity
Proprietary
Explanation:
A proprietary data breach ocurs when proprietary data has been accessed or exfiltrated. Proprietary data is any data controlled solely by your company. Protected infrastructure information is an example of proprietary data.
A new employee is starting at ACME Inc., working in HR. The network administrator creates their account and places it in the HR group, which includes the HR managers and HR employees, so they have the same access. The nework administrator explains to the employee that there are areas of the HR application that they have access to but that are only for managers. – This violates which of the following technical control principles?
Location-based Policies
Need to Know
Group-based Privileges
Least Privilege
Least Privilege
Explanation:
Least Privilege is a technical control by which users only have the access necessary to perform their job functions and nothing more. In this example, there should have ben a group configured for HR employees separate from that of the HR managers, so that they only had the permissions necessary to perform their jobs.
An attacker is working on gaining access to a target network and has succeeded in gaining access to a user’s workstaiton. The attacker then begins to use that workstation to attack other targets and to continue access escalation. – Which of the following did the attacker perofrm after gaining access?
Pivot
Active Reconnaissance
Escalation of Privilege
Initial Exploitation
Pivot
Explanation:
A Pivot is the process of using various tools to obtain more information baout the subject at hand. In this case, the attacker pivots after gaining access to the victim’s workstation to then begin attacking the rest of the network from that workstation. This is the attacker pivoting from the machine to obtain a wide variety of other information about the network, such as network shares, additional vulnerable hosts, or even sensitive information, depending on data storage.