SEC+ Study Guide C

The correct answer is "Logic bomb." In this scenario, the developer added code to the financial system that would activate and transfer money to a foreign bank account only if the developer's termination papers were processed by human resources. This is a classic example of a logic bomb, which is a malicious code that is intentionally inserted into a system to execute a harmful action at a specific time or under specific conditions.

In the secure disposal of computers, the best practice is to sanitize the computer media. This means securely wiping or destroying the data stored on the computer's hard drive or other storage devices. This is important to prevent any sensitive information from being accessed by unauthorized individuals. Configuring computers for automated patch management, changing default passwords, and testing against known vulnerabilities are all important security measures, but they do not specifically address the secure disposal of computers.

If the physical server crashes, all of the local virtual servers go offline immediately. This is a risk associated with a virtual server because virtual servers rely on the physical server for resources and infrastructure. If the physical server fails, it can cause all the virtual servers hosted on it to become unavailable or offline. This can result in downtime and loss of access to critical services or applications running on the virtual servers.

A logic bomb is a type of malicious code that is designed to execute a specific action when a certain condition is met, such as a specific date or time. It remains dormant until the trigger condition is met, at which point it activates and performs its malicious actions. Unlike trojans, worms, and botnets, which can be triggered by various events or actions, a logic bomb is specifically programmed to be triggered by a specific date or time key.

A targeted distributed denial of service (DDoS) attack involves flooding a target system with an overwhelming amount of traffic, rendering it unable to function properly. Botnets, which are networks of compromised computers controlled by a central attacker, are commonly used to launch DDoS attacks. The attacker can direct the botnet to send a massive amount of traffic to the target system, causing it to become overwhelmed and unavailable to legitimate users. Therefore, botnets are the most commonly associated security threat with a targeted DDoS attack.

In discretionary access control (DAC), the owner of the resource or data determines access and the privileges that individuals or groups have. The owner has the authority to grant or deny access to others based on their own discretion and judgment. This means that the owner has control over who can access the resource and what actions they can perform on it. The owner can also modify or revoke access privileges as needed.

This is an example of steganography, which is the practice of concealing information within other non-secret data. In this case, the sensitive message is hidden inside a JPEG image of a beach resort. Cryptography involves encrypting data to protect its confidentiality, while digital signature is used to verify the authenticity and integrity of a message. Hashing is a process of generating a fixed-size string of data from a variable-size input.

A password cracker would help an administrator to find weak passwords. A password cracker is a tool or software that is designed to guess or crack passwords by using various methods such as brute force attacks, dictionary attacks, or rainbow table attacks. By using a password cracker, an administrator can identify passwords that are easily guessable or vulnerable to being cracked, allowing them to take necessary actions to strengthen the security of the system.

Biometric reader and smartcard offer the best security controls for technicians entering the user's data center. A biometric reader ensures that only authorized individuals with unique physiological characteristics can gain access. This adds an extra layer of security as biometric features are difficult to duplicate. Additionally, a smartcard provides another level of authentication, requiring technicians to possess a physical card to gain entry. Combining these two technologies ensures that only authorized personnel can access the data center, providing very tight security controls.

The concept of least privilege requires users and system processes to be assigned minimum levels of permission to carry out the assigned task. This means that individuals should only have access to the resources and information necessary to perform their specific job functions and nothing more. By implementing least privilege, organizations can reduce the risk of unauthorized access, data breaches, and other security incidents. It helps to limit the potential damage that can be caused by a compromised user account or system process.

A mantrap is the best technology to install at the data center to prevent piggybacking. A mantrap is a physical access control system that consists of two or more interlocking doors. Only one door can be open at a time, ensuring that only one person can enter or exit the data center at a time. This prevents unauthorized staff from piggybacking on authorized staff and gaining access to the data center. Security badges, hardware locks, and token access may provide some level of security, but they do not specifically address the issue of piggybacking like a mantrap does.

The administrator should check for an SMTP open relay first because an open relay allows anyone to use the email server to send emails, potentially leading to an unusual amount of email being sent from the PC. This could explain the unusual activity and odd timing of the emails.

The service provided by message authentication code (MAC) hash is integrity. A MAC hash is a cryptographic technique used to verify the integrity of a message. It ensures that the message has not been altered or tampered with during transmission. By generating a unique hash value for the message and comparing it with the received hash value, the receiver can determine if the message has been modified. This helps to ensure the authenticity and reliability of the message.

The user should use a certified wipe program to erase data from the old hard drives before disposing of them. This ensures that all sensitive information stored on the drives is permanently deleted and cannot be recovered. Simply reformatting the drives may not completely erase the data, leaving it vulnerable to potential data breaches. Installing antivirus or running anti-spyware on the drives is not necessary for disposing of them and does not address the issue of data security.

The correct time to discuss the appropriate use of electronic devices with a new employee is at the time of hire. This is because it is important to establish expectations and guidelines regarding the use of electronic devices from the beginning of the employment relationship. By discussing this topic at the time of hire, the employer can ensure that the new employee understands the company's policies and can use electronic devices in a responsible and appropriate manner. This helps to create a productive and professional work environment.

A service pack is a collection of fixes for an application or operating system that has been tested by the vendor. It typically includes updates, enhancements, and patches to address known issues and vulnerabilities. Service packs are released periodically to provide users with a comprehensive and tested set of updates, ensuring the stability, security, and functionality of the software. Unlike patches or hotfixes, which are typically released to address specific issues, service packs offer a more comprehensive solution for improving the overall performance and reliability of the software.

A pop-up blocker is a feature that is usually found in web browsers. It is designed to prevent unwanted pop-up windows from opening automatically while browsing the internet. Pop-up windows can be annoying and can also be used to display advertisements or potentially harmful content. Therefore, web browsers often include a pop-up blocker as a built-in feature to enhance the browsing experience and protect users from potential threats.

A sudden spike in CPU activity on a web server connected to the Internet is most likely caused by a DoS (Denial of Service) attack. A DoS attack overwhelms a server with a flood of requests, causing it to become unresponsive or slow down significantly. This spike in CPU activity occurs as the server tries to process and respond to the large number of requests. Spyware, Trojan, and privilege escalation are not typically associated with causing a sudden spike in CPU activity.

In this scenario, accepting the risk is the best course of action because the cost to mitigate the risk is higher than the expected loss. This means that it would be more cost-effective to accept the risk and deal with any potential consequences if the risk is actualized, rather than spending more money to try and mitigate the risk. Rejecting the risk or running a new risk assessment would not be necessary or beneficial in this case.

A Faraday cage is a mechanism that prevents electromagnetic emanations from being captured. It is an enclosure made of conductive materials that creates a shield against electromagnetic radiation. The conductive material absorbs and redirects the electromagnetic waves, preventing them from escaping or entering the cage. This helps to protect sensitive electronic equipment or information from being intercepted or affected by external electromagnetic signals.

The correct answer is that the remote PC has a zombie master application running and the local PCs have a zombie slave application running. This means that the remote PC is controlling the local PCs and using them to send packets to a specific external PC. This is a form of a botnet attack, where the remote PC is the master and the local PCs are the slaves, being used to carry out malicious activities without the knowledge or consent of their owners.

Creating a virtual server on existing equipment is the quickest method to create a secure test server for a programmer. This option allows for the creation of a separate and isolated environment within the existing equipment, which can be used for testing purposes. It eliminates the need to install a network operating system on new equipment or existing equipment, which can be time-consuming and may require additional resources. By using a virtual server, the programmer can have a secure testing environment without the need for physical hardware or extensive setup processes.

Mantraps are physical security devices that are used to prevent unauthorized access to a secure area. They typically consist of two or more doors or gates that can only be opened one at a time, ensuring that only one person can enter or exit at a time. This effectively prevents piggybacking, which is the act of an unauthorized person following closely behind an authorized person to gain access to a secure area. Therefore, the correct answer is piggybacking.

Risk analysis refers to the process of evaluating and assessing potential risks in order to determine their likelihood and impact on a project or organization. It involves identifying and analyzing potential risks, determining their probability and potential consequences, and then assessing their overall significance. This helps in making informed decisions about how to manage and mitigate these risks effectively. Therefore, the answer "Evaluation and assessment" best describes risk analysis as it encompasses the key steps involved in analyzing and evaluating risks.

A digital signature is a cryptographic representation of non-repudiation because it provides a way to verify the authenticity and integrity of a digital document or message. It is created using the private key of the sender and can be verified using the corresponding public key. This ensures that the sender cannot deny sending the message or tampering with its contents, providing non-repudiation.

After determining which patches are needed and applying them, it is important to audit for the successful application of the patches. This ensures that the patches have been properly installed and are functioning as intended. Auditing helps to verify that the patches have been applied to all relevant systems and that any vulnerabilities have been addressed. It also provides a record of the patching process, which can be useful for compliance and reporting purposes.

SSL (Secure Sockets Layer) allows for a secure connection to be made through a web browser. SSL is a protocol that encrypts the data transmitted between a web server and a web browser, ensuring that the information remains confidential and cannot be intercepted by unauthorized parties. It is commonly used for secure online transactions, such as e-commerce websites, online banking, and sensitive data transfers.

Pop-up blocker applications do not require periodic updates to stay accurate because their main function is to block unwanted pop-up windows, which does not require frequent updates. On the other hand, signature-based HIDS, antivirus applications, and rootkit detection applications rely on constantly updated databases of known threats and vulnerabilities in order to accurately detect and protect against them. These databases need to be regularly updated to stay current and effective.

The correct answer suggests that in order to protect the data from permanent loss in case of a disaster at the primary site, the administrator should backup all data at a preset interval to tape and store those tapes at a sister site in another city. Storing the tapes at a sister site in another city ensures that the backup data is kept in a separate geographical location, reducing the risk of loss due to a local disaster. This provides an additional layer of protection and increases the chances of recovering the data in case of a catastrophic event at the primary site.

Penetration testing is the most intrusive on a network compared to the other options. Penetration testing involves actively simulating attacks on a network to identify vulnerabilities and weaknesses. It goes beyond just analyzing protocols or scanning ports by attempting to exploit vulnerabilities and gain unauthorized access. This can potentially disrupt network operations and compromise sensitive data. Protocol analyzers analyze network traffic, port scanners scan for open ports, and vulnerability testing identifies weaknesses, but they are less invasive compared to penetration testing.

This scenario is an example of a false positive. A false positive occurs when a system or tool incorrectly identifies something as a threat or error when it is actually safe or correct. In this case, the antivirus server is flagging the approved application as a threat, even though it is not. This can happen due to various reasons such as outdated virus definitions or software bugs.

Installing a single high-end server and running multiple virtual servers is the most cost-efficient method because it eliminates the need for purchasing and maintaining multiple physical servers. Virtualization allows for the efficient utilization of hardware resources, reducing costs associated with power consumption, cooling, and hardware maintenance. Additionally, it provides flexibility and scalability, allowing for easy deployment and management of additional virtual servers as needed.

When a patch is not available and workarounds do not correct the problem, it would be appropriate to install a hotfix. A hotfix is a small, targeted software update that addresses a specific issue or problem. In this situation, since there is no patch available and the workarounds are not effective in resolving the problem, installing a hotfix can provide a temporary solution until a patch is released. Hotfixes are designed to quickly address critical issues and are typically tested and validated by the software vendor before being made available to users.

Installing only needed software is a practice that should be implemented to harden workstations and servers. This is because unnecessary software increases the attack surface and potential vulnerabilities of the system. By installing only the software that is necessary for the system's functionality, the risk of exploitation and unauthorized access is minimized.

TACACS is a remote access authentication service that encrypts the client-server negotiation dialog. This means that when a client and server are communicating, TACACS ensures that their conversation is encrypted, providing a higher level of security. On the other hand, RADIUS is also a remote access authentication service, but it does not encrypt the client-server negotiation dialog. Therefore, the main difference between RADIUS and TACACS lies in their encryption capabilities during the negotiation process.

Netstat is a command-line tool used to display active network connections and listening ports on a computer. It provides information about the protocol, local and remote addresses, state, and process ID of each connection. By using netstat, the technician can quickly check the current network connections of the desktop and identify any suspicious or unnecessary connections that may be causing the performance issues.

File integrity auditing is the process of comparing cryptographic hash functions of system executables, configuration files, and log files. This is done to ensure that these files have not been tampered with or modified in any way. By comparing the hash values of the files with their original hash values, any changes or alterations can be detected, indicating a potential security breach or unauthorized access. This helps in maintaining the integrity and security of the system by identifying any unauthorized changes and taking appropriate actions to mitigate the risk.

Crosstalk is a problem that is most often associated with UTP (Unshielded Twisted Pair) cable. Crosstalk occurs when there is interference between adjacent pairs of wires within the cable, causing signal degradation and data errors. This interference can be caused by electromagnetic fields from other cables or devices, resulting in a loss of signal quality. Proper cable shielding and separation can help minimize crosstalk and maintain the integrity of the transmitted data.

The correct answer is "running weekly spyware applications." This is because running weekly spyware applications is not a hardening technique. Hardening techniques typically involve measures such as applying security templates, network-based patch management, and disabling non-required services to strengthen the security of a system or network. Running spyware applications, on the other hand, is a practice aimed at detecting and removing malicious software rather than hardening the system itself.

Using a personal software firewall on an office laptop connected to a home user's network is most likely to benefit from this security measure. When connecting to a home user's network, the office laptop is exposed to potential security risks from other devices on the network. By using a personal software firewall, the laptop can protect against unauthorized access and potential attacks from other devices on the network, ensuring the security of the data and the device itself.

The primary function of risk management in an organization is to reduce risk to a level that the organization will accept. This means that instead of trying to completely eliminate all risks, the organization determines the acceptable level of risk and implements measures to mitigate risks up to that level. The organization understands that it is not possible or practical to eliminate all risks, so it focuses on identifying, assessing, and managing risks to a level that is within its risk appetite and tolerance.

IPSec is the best encryption technology to accomplish secure connection from home to the corporate network. IPSec provides secure communication by encrypting the data packets and authenticating the parties involved in the communication. It operates at the network layer, ensuring end-to-end security and can be used with various protocols like Internet Protocol (IP). It is widely used for creating Virtual Private Networks (VPNs) to establish secure connections over the internet, making it the most suitable option for employees to connect securely to the corporate network while working from home.

A network mapper would be the best tool for an administrator to quickly find a rogue server on the network. A network mapper scans the network and identifies all connected devices, allowing the administrator to easily identify any unauthorized or unknown servers. This tool provides a comprehensive view of the network and can quickly pinpoint any rogue servers that may be present.

Backup tapes should be kept in secure and controlled environments to ensure their safety and integrity. Keeping them near a fiber optic cable entrance, shared LCD screen, or high-end server could expose them to potential risks such as physical damage, unauthorized access, or electromagnetic interference. However, keeping them near a power line poses the risk of electrical hazards and potential damage due to power surges or fluctuations. Hence, near a power line is not an appropriate location for storing backup tapes.

NTLM (NT LAN Manager) is commonly disabled to make password cracking more difficult. NTLM is an outdated hashing technique that is vulnerable to various attacks, including brute force and dictionary attacks. Disabling NTLM forces the use of more secure hashing techniques, making it harder for attackers to crack passwords. AES (Advanced Encryption Standard), OVAL (Open Vulnerability and Assessment Language), and Kerberos are not hashing techniques, so they are not commonly disabled for this purpose.

IPSec is often used along with L2TP for encryption. L2TP (Layer 2 Tunneling Protocol) is a protocol that allows the creation of virtual private networks (VPNs) over the internet. IPSec (Internet Protocol Security) is a suite of protocols that provides secure communication over IP networks. By combining L2TP with IPSec, data can be encrypted and protected from unauthorized access, ensuring the confidentiality and integrity of the transmitted information. S/MIME, SSH, and 3DES are not typically used in conjunction with L2TP for encryption.

The incident response process involves several steps to effectively handle and mitigate security incidents. These steps typically include containment, eradication, recovery, and reporting. Repudiation, however, is not a step in the incident response process. Repudiation refers to the act of denying or disowning responsibility for a particular action or event. While it may be relevant in legal or contractual contexts, it is not directly related to incident response.

The correct answer is Man-in-the-middle. Man-in-the-middle attack is similar to the suggested product because it involves intercepting and manipulating communication between two parties without their knowledge. In this case, the product would intercept the SSL session, decrypt it, scan the content for inappropriate material, and then repackage the session without the staff knowing. This allows the company to monitor and control the content accessed by the staff, similar to how a man-in-the-middle attack allows an attacker to eavesdrop on and manipulate communication between two parties.

Configuration baselines should be taken after the initial configuration of a new system. This is because the initial configuration involves setting up the system according to the desired specifications and requirements. Once the initial configuration is completed, it is important to take a baseline to capture the current state of the system. This baseline can then be used as a reference point for future comparisons and to ensure that any changes made to the system are in line with the desired configuration.

Running a vulnerability assessment tool is the best option to evaluate the security compliance of a group of servers against best practices. This tool scans the servers and identifies any vulnerabilities or weaknesses in the system. It helps in identifying potential security risks and allows for timely remediation. A vulnerability assessment is a proactive approach that helps in ensuring the servers are secure and compliant with industry best practices.