SEC+ Study Guide B

Implementing an account expiration date for temporary employees would increase security and prevent former temporary employees' accounts from remaining active on the domain. By setting an expiration date for these accounts, they will automatically be deactivated after a specified period, ensuring that only current employees have access to the domain resources. This measure helps to minimize the risk of unauthorized access and potential security breaches.

Two-factor authentication allows for the highest level of security at the time of login because it requires the user to provide two different types of identification factors to verify their identity. This typically includes something the user knows, such as a password, and something the user has, such as a fingerprint or a security token. By requiring two factors, it significantly reduces the risk of unauthorized access, as an attacker would need to possess both factors to gain entry. This provides an additional layer of security compared to one-factor authentication, which only requires a single factor for authentication. Single sign-on and NTLMv2 are not specifically designed to provide the highest level of security at login.

In an asymmetric key cryptography system, a certificate authority is responsible for generating the key pairs. A certificate authority is a trusted entity that verifies the identity of individuals or organizations and issues digital certificates that contain the public key. The certificate authority generates the key pairs by creating a private key and a corresponding public key. The private key is kept secure and is used for encryption and digital signing, while the public key is made available to others for encryption and verification purposes.

This scenario is an example of privilege escalation. Privilege escalation refers to the unauthorized elevation of user privileges, allowing an individual to access resources or perform actions that they are not authorized to do. In this case, the unauthorized user gained access to the company's administrator password, which grants them higher privileges than they should have. With the administrator password, they can now access sensitive client data, which is a clear example of privilege escalation.

A HIDS (Host-based Intrusion Detection System) could be implemented to address the concern about traffic originating between client workstations. HIDS is a security solution that monitors and analyzes the activity on individual hosts or endpoints, such as client workstations. It can detect and alert on any suspicious or malicious activity occurring on these hosts, providing an additional layer of security within the network.

Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of a Denial of Service (DoS) attack. In this type of attack, the attacker overwhelms the target device with a flood of requests, causing it to become unresponsive or crash. By ignoring the return information, the attacker ensures that the device cannot handle any legitimate requests, effectively denying service to legitimate users.

War driving refers to the act of driving around with a laptop and an antenna to locate unsecured wireless access points. This practice is often done with the intention of gaining unauthorized access to these networks or collecting information about them. By identifying unsecured access points, individuals can potentially exploit them for malicious purposes or use them to connect to the internet without permission.

When implementing virtualization technology, it is important to ensure that the virtual servers and the host have the latest service packs and patches applied. This is because virtualization technology can introduce vulnerabilities and security risks, and keeping the software up to date with the latest patches and service packs helps to mitigate these risks. By regularly updating the software, the technician can ensure that any known security vulnerabilities are addressed, reducing the likelihood of a successful attack on the virtualized infrastructure.

DES (Data Encryption Standard) is considered the weakest encryption among the options provided. DES uses a 56-bit key, which is relatively small compared to modern encryption standards. This makes it more vulnerable to brute-force attacks, where an attacker systematically tries all possible keys until the correct one is found. Additionally, DES has been around since the 1970s and has been extensively studied, leading to the discovery of various vulnerabilities and weaknesses. As a result, it is no longer considered secure for most applications and has been largely replaced by more robust encryption algorithms like AES (Advanced Encryption Standard).

SSH (Secure Shell) should be implemented on the network to replace telnet as it provides a more secure protocol for managing network devices. Telnet is an unencrypted protocol, while SSH encrypts the data transmitted between the client and the server, ensuring confidentiality and integrity of the communication. SFTP (Secure File Transfer Protocol) is also a secure protocol for file transfer, but it does not provide the same level of management capabilities as SSH. SMTP (Simple Mail Transfer Protocol) and SNMP (Simple Network Management Protocol) are not suitable replacements for telnet as they are used for email and network management respectively, not device management.

Chain of custody is established immediately upon evidence seizure. This refers to the chronological documentation of the handling, transfer, and storage of evidence. It ensures the integrity and admissibility of the evidence in a legal proceeding. By establishing the chain of custody, it becomes possible to track the possession of the evidence from the moment it is seized, ensuring that it is not tampered with or compromised in any way. This is a critical step in maintaining the credibility and reliability of the evidence throughout the investigation and legal process.

DES (Data Encryption Standard) has the smallest key space among the given algorithms. This means that DES has the fewest possible number of unique keys that can be used for encryption and decryption. The key space for DES is 56 bits, which is significantly smaller compared to the key spaces of IDEA (128 bits), SHA-1 (160 bits), and AES (128, 192, or 256 bits). A smaller key space can make DES more vulnerable to brute force attacks, where an attacker tries all possible keys to decrypt the encrypted data.

To address the concern of sensitive files being copied to USB drives, two mitigation techniques can be implemented. Firstly, disabling the USB root hub within the operating system will prevent any USB devices from being recognized and accessed by the workstation. Secondly, disabling USB within the workstation's BIOS will further restrict the ability to connect USB devices at a hardware level. These measures effectively limit the use of USB drives and prevent unauthorized copying of sensitive files.

To ensure appropriate personnel have access to systems and networks, conducting periodic personnel employment verifications is necessary. This helps to ensure that only authorized individuals who are currently employed by the organization have access to the systems and networks. Additionally, conducting rights review of users and groups is important to ensure that access privileges are appropriately assigned and that there are no unauthorized or excessive privileges granted to individuals or groups. These two measures help to maintain the security and integrity of the systems and networks by controlling access and preventing unauthorized access or misuse of resources.

The correct answer is "Asymmetric." Public key infrastructure (PKI) is based on asymmetric encryption schemes, which use a pair of keys - a public key for encryption and a private key for decryption. This allows secure communication between parties without the need to share a secret key. Asymmetric encryption is widely used in various applications, such as secure email, digital signatures, and SSL/TLS for secure web browsing.

Implementing account-lockout thresholds can reduce the risk associated with password guessing attacks by locking out an account after a certain number of unsuccessful login attempts. This prevents attackers from repeatedly guessing passwords and gaining unauthorized access.

Implementing stronger password complexity policies can also reduce the risk of password guessing attacks. By requiring users to create passwords that are more complex and difficult to guess, such as using a combination of uppercase and lowercase letters, numbers, and special characters, it becomes harder for attackers to guess or crack passwords through brute force or dictionary attacks.

A vampire tap is the most likely security risk when dealing with a 10BASE5 network. A vampire tap is a device that can be used to tap into a network cable and intercept data without being detected. This can lead to unauthorized access to the network and potential security breaches.

This is an example of weak passwords because the passwords are based off of a predictable pattern (the word $ervicexx, where xx is the last two numbers of the user's cell phone number). This makes it easier for someone to guess or crack the passwords, as they can easily determine the pattern and try different combinations based on the users' phone numbers.

The access control list allows a technician to view the security permissions of a file. The access control list is a list of permissions associated with an object, such as a file or folder, that specifies which users or groups are granted access and the type of access they have. By viewing the access control list, a technician can see which users or groups have permission to read, write, or modify the file, providing insight into the file's security settings.

A firewall is the best device to utilize stateful packet inspection. Stateful packet inspection is a security technique that examines the contents of packets and tracks the state of network connections. It analyzes the data packets in the context of the entire communication session, allowing the firewall to make more informed decisions about whether to allow or block the packets. Firewalls are specifically designed to perform this function and provide a higher level of security compared to other devices like hubs, IDS, or switches, which do not have the same capabilities for deep packet inspection and connection tracking.

Password protecting the BIOS is important to keep a user from changing the boot order of the system. By setting a password on the BIOS, unauthorized users are prevented from accessing the BIOS settings and changing the boot order, which can help protect the system from potential security threats. This ensures that the system boots up in the intended order and prevents any unauthorized changes that may compromise the system's functionality or security.

A protocol analyzer would be the best tool to diagnose which NIC is causing a broadcast storm. A protocol analyzer captures and analyzes network traffic, allowing the technician to identify the source of the excessive broadcast traffic. By examining the network packets and their source addresses, the technician can pinpoint the specific NIC that is generating the broadcast storm. The NIDS log file, local security log file, and local firewall log file may provide some information about network activity, but they would not provide the level of detail and visibility that a protocol analyzer offers.

The implicit deny concept refers to the default behavior of denying access to all resources or actions unless they are explicitly granted permission. This means that by default, no access is allowed and only specific permissions that have been explicitly granted will be permitted.

A protocol analyzer is used to review network traffic and analyze the data packets being transmitted. It can capture and examine the contents of these packets, including any clear text passwords that may be sent over the network. By analyzing the network traffic, a protocol analyzer can identify any security vulnerabilities and help in the detection of clear text passwords being transmitted, allowing for appropriate security measures to be implemented.

Performing a binary copy of the system's storage media is a common practice in forensic investigation. This involves creating an exact replica of the storage media, including all files, folders, and system data, at the binary level. It ensures that the original evidence is preserved and allows forensic experts to analyze the copied data without altering or damaging the original source. This method is crucial in maintaining the integrity of the evidence and ensuring that any findings or conclusions drawn from the investigation are reliable and admissible in court.

Sanitization is the best process of removing PII (Personally Identifiable Information) data from a disk drive before reuse. Sanitization refers to the process of permanently and irreversibly removing all data from a storage device, ensuring that it cannot be recovered by any means. This process involves overwriting the entire disk with random data patterns multiple times, effectively erasing all traces of the original data. Destruction, reformatting, and degaussing do not guarantee complete data removal and can still leave traces of sensitive information that can be recovered. Therefore, sanitization is the most secure method for protecting PII data.

The correct answer is "That the pop-up blocker application trusts this site." This is because the user reports that the login box does not appear after a browser upgrade, indicating that the pop-up blocker may be blocking the login box from appearing. Therefore, checking if the pop-up blocker application trusts this site would be the best first step to troubleshoot the issue.

The correct answer is Hypervisor. The hypervisor is a virtual machine monitor that manages and monitors the various virtual instances running on a physical server. It is responsible for allocating and managing the resources of the physical server, such as CPU, memory, and storage, among the virtual machines. The hypervisor also ensures that the virtual machines are isolated from each other and that they have access to the necessary resources to run efficiently.

A virtual machine provides a restricted environment for executing code. This means that the virtual machine creates a secure and isolated environment where code can be executed without affecting the host system or other virtual machines. This restriction helps to prevent malicious code from accessing or modifying sensitive data or resources on the host system. It also allows for better control and management of the virtual machine's behavior, ensuring that it operates within defined boundaries and does not pose a security risk to the overall system.

A service pack is an installable package that includes several patches from the same vendor for various applications. It is a comprehensive update that contains all previously released patches, fixes, and updates for a specific software product. Service packs are typically released periodically to address known issues, improve performance, and enhance functionality. They provide a convenient way for users to update their software to the latest version without having to individually install multiple patches or updates.

Java uses a sandbox to manage a program's ability to access system resources. A sandbox is a security mechanism that restricts the actions a program can perform, preventing it from accessing sensitive resources or executing potentially harmful operations. By running Java programs in a sandboxed environment, Java ensures that they cannot access or modify system files, network resources, or other potentially dangerous operations without explicit permission. This helps to protect the system from malicious or unintended actions by the program.

To isolate the public hosts from the rest of the network, a DMZ (Demilitarized Zone) should be implemented on the network. A DMZ is a separate network segment that sits between the internal network and the external network (Internet). By placing the public servers in the DMZ, they are separated from the internal network, providing an additional layer of security. This helps to prevent unauthorized access to the internal network if the public servers are compromised.

A smurf attack is a type of Denial of Service (DoS) attack. In this attack, the attacker sends a large number of ICMP echo request packets (ping) to a broadcast IP address, with the source IP address spoofed to be the victim's IP address. The broadcast address causes the ping replies to be sent to all hosts on the network, overwhelming the victim's network and causing it to become inaccessible. Therefore, a smurf attack falls under the category of DoS threats, as it aims to disrupt the availability of a network or system.

Coaxial cables are commonly used for transmitting data signals, and one of the primary security risks associated with them is data emanation from the core. This means that the data being transmitted through the cable can potentially leak or be intercepted by unauthorized individuals. This can lead to a breach of sensitive information and compromise the security of the network. Therefore, it is important to implement proper security measures, such as encryption, to protect against data emanation from the core of coaxial cables.

A rainbow table is a precomputed table that contains a list of encrypted passwords and their corresponding plaintext values. It allows an administrator to find weak passwords on the network by comparing the encrypted passwords in the table with the encrypted passwords stored on the network. If a match is found, it means that the password is weak and can be easily cracked.

AES (Advanced Encryption Standard) is the most recent addition to cryptography. It was selected as the replacement for the outdated Data Encryption Standard (DES) in 2001. AES is a symmetric encryption algorithm that is widely used for securing sensitive information. It offers a higher level of security and efficiency compared to DES and 3DES (Triple DES). PGP (Pretty Good Privacy) is a hybrid encryption program that has been around since 1991 and is not as recent as AES.

Low humidity and high temperature are most likely to generate static electricity because static electricity is more likely to build up when the air is dry (low humidity) and the temperature is high. In these conditions, the air is less conductive, meaning that it does not easily allow the flow of electrons. As a result, when two objects come into contact or rub against each other, electrons can be transferred, causing a buildup of static electricity.

Asymmetric key cryptography is a cryptographic method that uses two different keys, a public key and a private key. The public key is used for encryption, while the private key is used for decryption. This ensures that only the intended recipient can decrypt the message. Therefore, the most likely benefit provided by asymmetric key cryptography is confidentiality, as it ensures that the information remains secure and cannot be accessed by unauthorized parties.

Least privilege is the concept that should be applied when assigning permissions to enable a person to perform their job task. This concept ensures that individuals are only given the minimum level of access necessary to perform their specific job responsibilities. By implementing least privilege, organizations can reduce the risk of unauthorized access, limit the potential damage caused by insider threats, and maintain a more secure and controlled environment.

A recovery agent is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA). A recovery agent is responsible for recovering encrypted data when the original encryption key is lost or unavailable. In the context of a certificate authority, the recovery agent would have the necessary permissions and capabilities to restore a public/private key set if needed. This privilege ensures that the administrator can perform necessary key recovery operations to maintain the security and functionality of the CA.

Symmetric key cryptography requires a common pre-shared key before communication can begin. In this encryption method, the same key is used for both encryption and decryption. This means that both the sender and the receiver must possess the same key in order to encrypt and decrypt messages. This key needs to be securely shared between the two parties before they can start communicating using symmetric key cryptography.

To prove or disprove the claim that someone is attempting to use the user account at night, the administrator should check the local security logs first. The local security logs contain information about login attempts, including the time and source IP address. By reviewing these logs, the administrator can determine if there have been any unauthorized login attempts during the specified time period and identify any potential security breaches.

PGP (Pretty Good Privacy) uses a key ring. A key ring in PGP is a collection of encryption keys that are used for secure communication. The key ring includes both the public and private keys of the user. The public key is used for encryption, while the private key is used for decryption. PGP is a widely used encryption program that provides privacy and authentication for data communication.

The correct answer is ECC. ECC stands for Elliptic Curve Cryptography, which is a type of asymmetric key algorithm. Unlike symmetric key algorithms such as Rijndael, 3DES, and RC4, which use the same key for both encryption and decryption, ECC uses a pair of keys (public and private) for encryption and decryption.

ECC algorithms are implemented in portable devices. This means that these algorithms are designed and optimized to be used on devices such as smartphones, tablets, and other mobile devices. The use of ECC algorithms in portable devices allows for efficient and secure communication and data encryption on these devices, ensuring the privacy and integrity of the information being transmitted or stored.

Session keys are encrypted using an asymmetric algorithm in SSL. This is done to ensure the security of the session keys during transmission. Asymmetric encryption involves the use of a public key to encrypt the session key, which can then only be decrypted using the corresponding private key. This provides a secure way to transmit the session keys without exposing them to potential attackers.

ISAKMP (Internet Security Association and Key Management Protocol) should be blocked outbound on the network. ISAKMP is used for establishing security associations and exchanging keying material for VPN connections. By blocking ISAKMP outbound, the administrator ensures that no one from inside the network can establish a VPN connection to a remote office or network.

Kerberos uses the Key Distribution Center (KDC) to issue tickets. The KDC is a trusted entity that is responsible for authenticating users and granting them tickets, which they can then use to access various resources within the network. The KDC consists of two components: the Authentication Server (AS) and the Ticket Granting Server (TGS). The AS verifies the user's identity and issues a Ticket Granting Ticket (TGT), while the TGS uses the TGT to issue service tickets for specific resources. Therefore, the correct answer is Key Distribution Center.

Discretionary Access Control (DAC) allows a file to have different security permissions for users that have the same roles or user groups. This means that the owner of the file can grant or restrict access to specific users or groups based on their individual needs or requirements. DAC provides flexibility and allows for more granular control over file permissions, ensuring that different users with the same roles or group affiliations can have different levels of access to the file.

A hash function is a mathematical function that takes an input (or "message") and returns a fixed-length string of characters, which is known as the hash value or hash code. One-way means that it is easy to compute the hash value from the input, but it is computationally infeasible to determine the original input from the hash value. This ensures data integrity and security. Additionally, a hash function may require a key to provide additional security and prevent unauthorized access or tampering with the data.