SEC+Practice Quiz B6-B26

: A. Server hardening Many applications and services include secure configuration guides that can assist in hardening the system. These hardening steps will make the system as secure as possible while simultaneously allowing the application to run efficiently. The incorrect answers: B. Multi-factor authentication Although multi-factor authentication is always a good best practice, simply enabling multiple authentication methods would not resolve the issues identified during the audit. C. Enable HTTPS Most web servers will use HTTPS to ensure that network communication is encryption. However, the encrypted network traffic would not correct the issues identified during the audit. D. Run operating system updates Keeping the system up to date is another good best practice, but the issues identified during the audit were not bugs related to the operating systems. All of the issues identified in the audit appear to be related to the configuration of the web server, so any resolution will focus on correcting these configuration issues. More information: SY0-601, Objective 5.2 - Secure Configurations https://professormesser.link/601050203

D. Detective An IPS can detect and record any intrusion attempt. The incorrect answers: A. Managerial Managerial controls would control how people act, such as security policies and standard operating procedures. B. Compensating A compensating control can’t prevent an attack, but it can compensate when an attack occurs. For example, a compensating control would be the re-imaging process or a server restored from backup if an attack had been identified. C. Physical A physical control would block access. For example, a door lock or security guard would be a physical control. More information: SY0-601, Objective 5.1 - Security Controls https://professormesser.link/601050101

: A. Data owner The data owner is accountable for specific data, and is often a senior officer of the organization. The incorrect answers: B. Data protection officer The data protection officer (DPO) is responsible for the organization's data privacy. The DPO commonly sets processes and procedures for maintaining the privacy of data. C. Data steward The data steward manages access rights to the data. In this example, the IT team would be the data steward. D. Data processor The data processor is often a third-party that processes data on behalf of the data controller. More information: SY0-601, Objective 5.5 - Data Roles and Responsibilities https://professormesser.link/601050504

B. OSINT OSINT (Open Source Intelligence) describes the process of obtaining information from open sources, such as social media sites, corporate websites, online forums, and other publicly available locations. The incorrect answers: A. Partially known environment A partially known environment test describes how much information the attacker knows about the test. The attacker may have access to some information about the test, but not all information is disclosed. C. Exfiltration Exfiltration describes the theft of data by an attacker. D. Active footprinting Active footprinting would show some evidence of data gathering. For example, performing a ping scan or DNS query wouldn’t exploit a vulnerability, but it would show that someone was gathering information. More information: SY0-601, Objective 1.8 - Reconnaissance https://professormesser.link/601010802

D. SOAR SOAR (Security Orchestration, Automation, and Response) provides security teams with integration and automation of processes and procedures. The incorrect answers: A. Active footprinting Active footprinting will gather information about a system, but it does not provide any ongoing monitoring or response features. B. IaaS IaaS (Infrastructure as a Service) is a type of cloud service that provides the basic hardware required to install an OS and application. IaaS does not provide ongoing monitoring for security events or automation features. C. Vulnerability scan A vulnerability scan will identify any known vulnerabilities that may be associated with a system. However, a vulnerability scan will not identify real-time infections or automate the response. More information: SY0-601, Objective 4.4 - Security Configurations https://professormesser.link/601040402

C. Invoice scam Invoice scams attempt to take advantage of the miscommunication between different parts of the organization. Fake invoices are submitted by the attacker, and these invoices can sometimes be incorrectly paid without going through the expected verification process. The incorrect answers: A. Spear phishing Spear phishing is a directed attack that attempts to obtain private or personal information. In this example, the result was to obtain payment and not to gather private information. B. Watering hole attack A watering hole attack requires users to visit a central website or location. This example did not require the user to visit any third-party websites. D. Credential harvesting Credential harvesting attempts to transfer password files and authentication information from other computers. More information: SY0-601, Objective 1.1 - Other Social Engineering Attacks https://professormesser.link/601010109

D. VM escape A VM (Virtual Machine) escape is a vulnerability that allows communication between separate VMs. The incorrect answers: A. Containerization Containerization is an application deployment architecture that uses a self-contained group of application code and dependencies. Many separate containers can run on a single system B. Service integration Service Integration and Management (SIAM) allows the integration of many different service providers into a single management system. This simplifies the application management and deployment process when using separate cloud providers. C. SDN SDN (Software-Defined Networking) separates the control plane of networking devices from the data plane. This allows for more automation and dynamic changes to the infrastructure. More information: SY0-601, Objective 2.2 - Virtualization Security https://professormesser.link/601020205