WEP used to be Cool
A network administrator would like each user to authenticate with their personal username and password when connecting to the company's wireless network. This should be used by the network administrator configure on the wireless access points.
What is 802.1x
802.1X uses a centralized authentication server, and all users can use their normal credentials to authenticate to an 802.1X network.
What kind of security control is associated with a login banner?
What is Deterrent
A deterrent control does not directly stop an attack, but it may discourage an action.
This is when a different key is used for decryption than encryption
What is Asymmetric
A ________ forces a service to fail, and it usually succeeds by taking advantage of a design failure or vulnerability.
What is Denial of Service (DoS)
During sales meetings, visitors often require an Internet connection for demonstrations. Which of the following should the company implement to maintain the security of the internal network resources?
A. NAT
B. Ad hoc wireless workstations
C. Intranet
D. Guest network with captive portal
What is Guest network with captive portal
A guest network would allow access to the Internet but prevent any access to the internal network. The captive portal would prompt each guest for authentication or to agree to terms of use before granting access to the network.
A government transport service has installed access points that support WPA3. This technology would provide enhanced security for PSK while using WPA3.
What is SAE
WPA3 (Wi-Fi Protected Access 3) enhances the PSK (Pre-Shared Key) authentication process by privately deriving session keys instead of sending the key hashes across the network.
An organization is installing a UPS for their new data center. What would BEST describe this type of control?
What is compensating
A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS does not stop a power outage, but it does provide alternative power if an outage occurs.
This is the process of making something unclear or making something difficult to understand.
What is Obfuscation
Hiding information can be useful, and the process of making something difficult to understand is obfuscation.
Malware installed as ______ often modifies core system files to help remain invisible on the infected system.
What is rootkit
Each salesperson in a company will receive a laptop with applications and data to support their sales efforts. The IT manager would like to prevent third-parties from gaining access to this information if the laptop is stolen. Which of the following would be the BEST way to protect this data?
A. Remote wipe
B. Full disk encryption
C. Biometrics
D. BIOS user password
What is Full disk encryption
With full disk encryption, everything written to the laptop’s local drive is stored as encrypted data. If the laptop was stolen, the thief would not have the credentials to decrypt the drive data.
Daily Double!!
What is the client computer does not have the proper certificate installed
The error message states that the server credentials could not be validated. T his indicates that the certificate authority that signed the server’s certificate is either different than the CA certificate installed on the client’s workstation, or the client workstation does not have an installed copy of the CA’s certificate. This validation process ensures that the client is communicating to a trusted server and there are no man-in-the-middle attacks occurring.
What control type is associated with a bollard, fence, or lock?
What is physical
A physical control includes real-world security features such as fences, locks, or bollards.
This is when encrypted data is drastically different than plaintext.
What is confusion
______ uses copycat websites and a bit of social engineering to convince victims to give up authentication credentials or personal information.
What is Phishing
A security administrator is deploying a web server and needs to understand the methods an attacker could use to gain access to the system. Which of the following would be the BEST source of this information?
A. MITRE ATT&CK
B. Diamond model
C. Tabletop exercise
D. ISO 27701
What is MITRE ATT&CK
The MITRE ATT&CK framework is a knowledgebase that contains points of intrusion, methods used for attackers to move around, and a list of security techniques to prevent future attacks.
A system administrator has configured MAC filtering on the corporate access point, but access logs show that unauthorized users are accessing the network. The administrator has confirmed that the address filter includes only authorized MAC addresses. What should the administrator configure to prevent this authorized use?
What is WPA3 encryption
A MAC (Media Access Control) address can be spoofed on a remote device, which means anyone within the vicinity of the access point can view legitimate MAC addresses and spoof them to avoid the MAC filter. To ensure proper authentication, the system administrator can enable WPA3 (Wi-Fi Protected Access version 3) with a shared key, or configure 802.1X to integrate with an existing authentication database.
A shipping company stores information in small regional warehouses around the country. The company keeps an IPS online at each warehouse to watch for suspicious traffic patterns. What would BEST describe the security control used at the warehouse?
What is detective
An IPS can detect and record any intrusion attempt.
DAILY DOUBLE!!
What is Diffusion
This is an easy way to gain access to a secure area is to simply walk behind someone who has already gained access to that area.
What is tailgating
A company has identified a web server data breach that resulted in the theft of financial records from 150 million customers. A security update to the company’s web server software was available for two months prior to the breach. Which of the following would have prevented this breach from occurring?
A. Patch management
B. Full disk encryption
C. Disable unnecessary services
D. Application allow lists
What is Patch management
A formal patch management process would have clearly identified this vulnerability and would have given the credit bureau the opportunity to mitigate or patch the vulnerability well before it would have been exploited.
A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company’s network team now needs to support additional authentication protocols inside of an encrypted tunnel. What would meet the network team’s requirements?
What is EAP-TTLS
EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) allows the use of multiple authentication protocols transported inside of an encrypted TLS (Transport Layer Security) tunnel. T his allows the use of any authentication while maintaining confidentiality with TLS
A set of corporate security policies is what kind of security control?
What is managerial
A managerial control is a guideline that would control how people act, such as security policies and standard operating procedures.
This is an encryption method that creates asymmetric encryption key pairs dynamically, uses them for the duration of the session, and then discards them.
What is Perfect Forward Secrecy (PFS)
Attackers will use a list of common passwords when reverse engineering authentication credentials. These passwords are stored in a list called a _______.
What is dictionary
A network administrator needs to identify all inbound connections to a Linux web server. Which of the following utilities would be the BEST choice for this task?
A. netcat
B. nmap
C. net view
D. netstat
What is netstat
The netstat command can view inbound and outbound statistics for all connections to a device.