How Well You Know SEC+ Study Guide D Quiz

Disabling unused services reduces the attack surface of an operating system because it eliminates any potential vulnerabilities that may exist within those services. By disabling services that are not needed, the system reduces the number of entry points that attackers can exploit, thereby reducing the overall attack surface. This practice helps to minimize the potential for unauthorized access and compromises to the operating system.

A disk image is the best backup method to restore the entire operating system and all related software. A disk image is a complete copy of the entire hard drive, including the operating system, software, and data. It captures the exact state of the system at the time the backup was created, allowing for a complete restoration of the system to its previous state. This method is more comprehensive and reliable compared to other backup methods like weekly, incremental, or differential backups, which may only backup specific files or changes made since the last backup.

The last step to granting access to specific domain resources is to authorize the user. Once the user has been authenticated and their identity has been verified, the next step is to determine if they have the necessary permissions and privileges to access the specific resources they are requesting. This involves checking the user's role, permissions, and any other access control mechanisms in place to ensure that the user is authorized to access the requested resources.

Job rotation is the practice of moving employees between different roles or departments within an organization. This helps to prevent fraud by ensuring that no single individual has complete control over a particular area of the business. By cross-training staff in different functional areas, organizations can detect and deter fraudulent activities as employees are able to identify irregularities or suspicious behavior more easily. This also helps to foster a culture of accountability and transparency within the organization.

Proper environmental controls help ensure the availability of IT systems. This means that by implementing these controls, the facility can prevent or mitigate environmental factors such as temperature, humidity, and power fluctuations that could potentially disrupt or damage IT systems. By maintaining a stable and controlled environment, the facility can minimize downtime and ensure that the IT systems are accessible and operational when needed.

Symmetric cryptography uses only one key for both encryption and decryption. This key is shared between the sender and the receiver, allowing them to communicate securely by encrypting and decrypting the messages using the same key. This differs from asymmetric cryptography, which uses a pair of keys (public and private) for encryption and decryption. In symmetric cryptography, the same key is used for both operations, making it faster and more efficient for encrypting large amounts of data.

Kerberos authentication model uses a time stamp to prevent the risks associated with a replay attack. A replay attack is when an attacker intercepts and retransmits a valid authentication message to gain unauthorized access. By using a time stamp, Kerberos ensures that each authentication message is only valid for a limited period of time, making it difficult for an attacker to replay the message and gain access. This helps to enhance the security of the authentication process.

A logic bomb is a type of malicious code that is intentionally planted by a person with insider knowledge or access to a system. It is designed to execute a specific action or trigger an event at a certain time or under specific conditions. In this case, a former employee would most likely plant a logic bomb on a server because it is not easily traceable, allowing them to cause damage or disrupt operations without being detected easily. Unlike worms, trojans, or viruses, a logic bomb is specifically designed to remain hidden and only activate at a predetermined time or trigger.

A protocol analyzer is a tool that can be used to capture and analyze network traffic. It can intercept and capture website GET requests, allowing the user to examine the details of the requests, such as the URL, headers, and parameters. By capturing and analyzing the GET requests, one can gain insights into the communication between the client and server, identify potential vulnerabilities, and troubleshoot any issues with the website.

An ACL (Access Control List) is the most efficient way for an administrator to restrict network access to certain ports enterprise-wide. ACLs are used to filter network traffic based on predetermined rules, allowing or denying access to specific ports or IP addresses. By implementing ACLs, the administrator can control and manage network traffic at a granular level, ensuring that only authorized users or systems have access to the desired ports while blocking unauthorized access. This helps to enhance network security and prevent potential threats or attacks.

IPSec (Internet Protocol Security) is a protocol suite used to secure IP communications. It consists of several components, including the encapsulating security payload (ESP), Internet Key Exchange (IKE), and authentication header (AH). The temporal key interchange protocol is not a component of IPSec. It is possible that the temporal key interchange protocol is a made-up term or a distractor option in this question.

Kiting allows a user to float a domain registration for a maximum of five days. Kiting refers to the practice of registering a domain name and then canceling the registration within the grace period, which is typically five days. This allows the user to temporarily use the domain without actually paying for it. It is a deceptive practice that takes advantage of the grace period offered by domain registrars.

A one-time password is the most effective method to combat transaction fraud because it provides a unique code that can only be used for a single transaction. This means that even if the password is intercepted or stolen, it cannot be used again to authorize any other transactions. This adds an extra layer of security to the banking system and reduces the risk of fraudulent transactions.

A honeynet is a collection of servers that is purposely set up to attract hackers. It is designed to be vulnerable and simulate a real network environment, allowing organizations to gather information about the tactics, techniques, and tools used by hackers. By monitoring the activities of hackers in a controlled environment, organizations can gain valuable insights into their techniques and strengthen their overall security posture.

Public key infrastructure (PKI) is a system that uses public key cryptography to provide secure communication and authentication. Digital signatures are a key component of PKI as they provide a way to verify the authenticity and integrity of digital documents or messages. By using a private key to sign a document, the recipient can use the corresponding public key to verify that the document has not been tampered with and that it was indeed signed by the expected sender. Therefore, digital signatures are the most closely associated term with PKI.

Implementing the server as a virtual server instance would decrease the recovery time following an incident. This is because a virtual server can be easily backed up and restored, allowing for quick recovery in the event of an attack. Additionally, virtual servers can be easily replicated and deployed on different physical servers, providing redundancy and minimizing downtime.

Man-in-the-middle attack is a type of attack where an attacker intercepts communication between two parties, without their knowledge, and can manipulate or eavesdrop on the communication. In TCP/IP hijacking, the attacker intercepts and manipulates TCP/IP packets to gain unauthorized access or control over a communication session. This allows the attacker to impersonate one or both parties involved in the communication, leading to potential data theft or unauthorized access to sensitive information.

A mantrap is an access control system that creates a secure zone with two or more interlocking doors. It is designed to prevent unauthorized access by allowing only one person to enter or exit at a time. This physical security measure ensures that individuals cannot bypass the secure zone by tailgating or piggybacking. The non-trusted but secure zone immediately outside of the secure zone adds an extra layer of protection by creating a buffer area where individuals must be authenticated or verified before gaining access to the secure zone.

The LANMAN hashing algorithm is the least secure among the options given. LANMAN is an outdated algorithm that was used in older versions of Microsoft Windows for password hashing. It is known to have several vulnerabilities, including a limited character set and being susceptible to rainbow table attacks. In contrast, SHA-1, NTLM, and MD5 are also considered to have security weaknesses, but they are generally more secure than LANMAN.

The technician should implement centralized antivirus. This solution allows for the management and monitoring of antivirus software from a central location, making it easier to deploy updates and patches to all workstations. It also provides a centralized view of virus activity, allowing for quicker detection and response to any threats. Decentralized antivirus would not be as effective as it lacks centralized management and monitoring capabilities. Host-based intrusion detection and spyware detection are important security measures but do not specifically address the issue of viruses on domain workstations.

A Denial of Service (DoS) attack is the correct answer because it commonly results in a buffer overflow. In a DoS attack, the attacker floods a target system with an overwhelming amount of traffic, causing it to become overwhelmed and unable to respond to legitimate requests. This flood of traffic can cause the system's buffers to overflow, leading to a buffer overflow vulnerability. This vulnerability can then be exploited by the attacker to execute malicious code or crash the system.

The performance monitor would be the easiest to use in detection of a DDoS attack because it provides real-time monitoring of system resources such as CPU usage, memory usage, network traffic, and disk I/O. By analyzing these metrics, it is possible to identify abnormal spikes in network traffic or resource consumption, which could indicate a DDoS attack. The performance monitor provides a user-friendly interface and can generate alerts or notifications when certain thresholds are exceeded, making it easier to quickly detect and respond to a DDoS attack.

A retina scanner is the most reliable and has the lowest cross over error rate among the given options. Retina scanning technology uses unique patterns of blood vessels in the back of the eye to authenticate individuals. These patterns are highly distinctive and remain stable over time, making it difficult for imposters to replicate. As a result, the likelihood of false positives and false negatives is significantly reduced, leading to a lower cross over error rate compared to other biometric authentication methods such as fingerprint or handprint scanning.

Port scanners are generally used at the beginning of a vulnerability assessment. This is because port scanning is a method used to identify open ports on a system, which can help determine potential vulnerabilities. By conducting a port scan at the beginning of the assessment, the tester can gather information about the target system's network services and identify any potential entry points for exploitation. This information is then used to prioritize and focus on areas that require further investigation and testing.

SNMP (Simple Network Management Protocol) runs on port 161. SNMP is used to monitor and manage network devices, such as routers, switches, and servers. By running on port 161, SNMP allows network administrators to collect information and perform actions on these devices, such as retrieving statistics, configuring settings, and receiving notifications. Ports 25, 110, and 443 are commonly used for other network protocols, such as SMTP, POP3, and HTTPS respectively, but they are not associated with SNMP.

A Network Intrusion Prevention System (NIPS) should be deployed to protect a network against attacks launched from a business to business intranet. NIPS monitors network traffic and detects and prevents any malicious activity or unauthorized access attempts. A Firewall should also be deployed as it acts as a barrier between the internal network and external networks, controlling and filtering incoming and outgoing network traffic based on predetermined security rules. This helps to block any malicious traffic from entering the network and protects against attacks.

The Account lockout duration setting determines the amount of time an account will be locked out after the maximum number of failed login attempts. In this case, setting the Account lockout duration to 30 minutes will lock the account for that duration after the maximum number of attempts have failed. The other options mentioned, such as Key distribution center, Account lockout threshold, and Password complexity requirements, do not directly relate to the account lockout duration.

The recommended measures of implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques are aimed at addressing the threat of spam. Whitelisting and blacklisting help filter out unwanted emails, while closing-open relays prevent unauthorized use of the email server. Strong authentication techniques ensure that only authorized users can access the server, reducing the risk of spam being sent from unauthorized accounts. Therefore, by implementing these measures, the server administrator can effectively mitigate the threat of spam.

A protocol analyzer is a tool that can be used to capture and analyze network traffic. It can be used to determine which flags are set in a TCP/IP handshake by capturing the packets exchanged during the handshake process and examining the TCP header. The flags in the TCP header, such as FIN, RST, SYN, and ACK, indicate different stages and actions in the TCP/IP handshake. By analyzing the captured packets, the protocol analyzer can provide information about which flags are set during the handshake.

MAC flooding is a technique in which an attacker floods a switch with fake MAC addresses, causing the switch to enter into a fail-open mode and behave like a hub. This allows the attacker to intercept and view all network traffic passing through the switch, compromising the security of the network. ARP poisoning, DNS poisoning, and DNS spoofing are all different attack techniques that can be used to manipulate network traffic, but they do not specifically cause a switch to function like a hub.

MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. It is commonly used to verify data integrity by generating a unique hash value for a given input. Despite its popularity, MD5 is considered to be weak and insecure for cryptographic purposes due to its vulnerability to collision attacks. However, it can still be used for non-cryptographic purposes such as checksums and fingerprinting.

ARP poisoning is a type of attack where an attacker sends out numerous MAC resolution requests with the intention of creating a buffer overflow attack. In this attack, the attacker sends fake ARP (Address Resolution Protocol) messages to a target network, tricking the network into associating the attacker's MAC address with the IP address of a legitimate device. This allows the attacker to intercept and manipulate network traffic, potentially leading to a buffer overflow attack where the attacker overflows a buffer in a system's memory and gains unauthorized access or control.

IPSec connection parameters are stored in the Security Association Database (SAD). The SAD is a database that contains all the security parameters, such as encryption algorithms, authentication methods, and key management information, for each IPSec connection. It is used by the IPSec protocol to establish and maintain secure communication between two endpoints. The SAD keeps track of the security associations, which are the rules and policies that govern the IPSec connections. By storing the IPSec connection parameters in the SAD, the system can easily retrieve and apply the necessary security settings for each connection.

War chalking is a technique used by hackers to identify unsecured wireless network locations to other hackers. It involves marking or drawing symbols on public spaces, such as walls or pavements, to indicate the presence of an unsecured Wi-Fi network. These symbols serve as a signal to other hackers that the network is vulnerable and can be easily exploited. By using war chalking, hackers can quickly identify and target unsecured networks for unauthorized access or malicious activities.

Identification is a critical component of the authentication process because it is the step where the user's identity is confirmed or verified. This step ensures that the user is who they claim to be and establishes their identity within the system. Once the user is verified, further steps such as authorization can take place to determine the privileges and access rights of the user. Identification helps prevent unauthorized access by ensuring that only legitimate users are granted access to the system.

Authentication is the process of verifying the claimed identity of a user. It involves confirming the user's identity through the use of credentials such as passwords, biometrics, or security tokens. This ensures that the user is who they claim to be before granting them access to a system or resource. Identification refers to the act of identifying a user, while verification is the process of confirming the accuracy of the information provided. Validation, on the other hand, typically refers to the process of checking the integrity and validity of data.

The process of least privilege falls under the category of confidentiality. Least privilege refers to the principle of providing users with only the minimum level of access and privileges necessary to perform their job functions. By implementing least privilege, organizations can ensure that sensitive information is protected and only accessible to authorized individuals, thus maintaining confidentiality.

Mandatory vacations are least likely to help reduce single points of failure because they do not directly address the technical or operational aspects of a system. While they may provide some level of redundancy by ensuring that multiple employees are familiar with a particular task, they do not directly mitigate the risk of a single point of failure. On the other hand, cross training, clustered servers, and disaster recovery exercises are all measures that can help minimize the impact of a single point of failure by providing redundancy, distributing workload, and ensuring the ability to recover from failures.

NIPS, or Network Intrusion Prevention System, could be selected to provide security to the network segment. NIPS is designed to monitor network traffic and detect and prevent any malicious activity or unauthorized access attempts. It can analyze network packets in real-time, identify potential threats, and take immediate action to block or mitigate them. By deploying a NIPS, the administrator can effectively protect the internal network segment from external threats and ensure the security of the network.

The question asks for an exception to be identified within the penetration testing scope of work. The correct answer is "a complete list of all network vulnerabilities." This means that a complete list of all network vulnerabilities should not be included in the scope of work. Instead, the scope should include identifying the IP addresses of machines from which penetration testing will be executed, a list of acceptable testing techniques and tools to be utilized, and the handling of information collected by the penetration testing team.

3DES (Triple Data Encryption Standard) has the largest overhead among the given encryption algorithms. This is because 3DES applies the DES algorithm three times in a row, making it slower and requiring more processing power compared to AES256 and AES. RSA, on the other hand, is an asymmetric encryption algorithm and has a different overhead compared to symmetric encryption algorithms like AES and 3DES.

Collision resistance is the ability of a hash algorithm to avoid producing the same output for two different inputs. In other words, it ensures that it is computationally infeasible to find two different inputs that result in the same hash value. This property is essential for the security of hash functions, as it prevents attackers from finding collisions and potentially exploiting vulnerabilities in systems that rely on hash functions for data integrity and authentication.

MD5 (Message Digest Algorithm 5) is the correct answer. While MD5 is considered to be a relatively weak hashing algorithm compared to more modern options, such as SHA-1 or SHA-256, it is still more secure than the other options listed. LANMAN, SHA-1, and CHAP are all vulnerable to various attacks and have known weaknesses, making MD5 the most secure option among the given choices. However, it is important to note that MD5 is no longer recommended for cryptographic purposes due to its vulnerabilities.

Installing a Host Intrusion Detection System (HIDS) is the least effective method for hardening an operating system. While HIDS can help detect and prevent unauthorized access and malicious activities, it is not as effective as other measures such as configuration baselines, which provide a standardized and secure configuration for the system. Limiting administrative privileges helps minimize the risk of unauthorized access and reduces the attack surface. Installing a software firewall adds an additional layer of protection by controlling network traffic. Therefore, compared to these methods, installing HIDS is the least effective in hardening an operating system.

WEP (Wired Equivalent Privacy) is a security protocol used to secure wireless networks. It has several weaknesses, including the lack of integrity checking, which means that it does not verify the integrity of the data being transmitted. This weakness allows for the possibility of data tampering or modification during transmission. The other weaknesses mentioned in the options are valid weaknesses of WEP, such as the vulnerability of the initialization vector, susceptibility to replay attacks, and the use of weak keys.

Someone who is dumpster diving is likely looking for discarded items that they can use or sell. The business card of a computer contractor would be of most interest because it indicates that the contractor may have discarded or thrown away valuable computer equipment or parts. This could be a potential treasure for someone who is dumpster diving and looking for electronics to salvage.

TLS (Transport Layer Security) is the correct answer because it is a protocol that provides secure communication over a network. It is commonly used to encrypt data between email servers, ensuring that the information exchanged between them remains confidential and protected from unauthorized access. TLS establishes a secure connection between the servers, encrypting the data transmitted between them and verifying the authenticity of the servers involved in the communication. This protocol is widely used in email communication to ensure the privacy and security of email exchanges.

SSL (Secure Sockets Layer) can be implemented as an alternative to the overhead of a VPN. SSL is a cryptographic protocol that provides secure communication over the internet. It uses encryption to protect data transmitted between a client and a server, ensuring privacy and integrity. By implementing SSL, organizations can establish secure connections without the need for a separate VPN infrastructure, reducing the complexity and overhead associated with VPNs. SSL is commonly used for secure web browsing (HTTPS) and can also be used for other applications that require secure communication.

Identity proofing is the process of verifying the identity of an individual. It involves collecting and verifying personal information such as name, date of birth, and address. This process typically occurs during the identification phase of identification and authentication. During this phase, the individual's identity is established and authenticated through various means such as presenting identification documents, providing personal information, or undergoing biometric verification. Once the identity is successfully proofed, the individual can proceed to the authentication phase, where they prove their identity to gain access to a system or service.

TKIP (Temporal Key Integrity Protocol) is not the most secure transmission algorithm. It was designed as a temporary solution for WPA (Wi-Fi Protected Access) to address the vulnerabilities of WEP (Wired Equivalent Privacy). However, TKIP has known weaknesses and has been deprecated in favor of more secure encryption algorithms such as AES (Advanced Encryption Standard). AES256, a variant of AES with a key size of 256 bits, is considered more secure than TKIP and provides stronger encryption for data transmission.