SEC+Practice Quiz B69-B90

A. LDAP LDAP (Lightweight Directory Access Protocol) is a common protocol to use for centralized authentication. Other protocols such as RADIUS, TACACS+, or Kerberos would also be valid options for 802.1X authentication. The incorrect answers: B. HTTPS HTTPS (Hypertext Transfer Protocol Secure) is commonly used to encrypt web server communication. HTTPS is not an authentication protocol. C. SNMPv3 SNMPv3 (Simple Network Management Protocol version 3) is used to manage servers and infrastructure devices. SNMP is not an authentication protocol. D. MS-CHAP MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) was commonly used to authenticate devices using Microsoft’s Point-toPoint Tunneling Protocol (PPTP). Security issues related to the use of DES (Data Encryption Standard) encryption in MS-CHAP eliminate it from consideration for modern authentication. More information: SY0-601, Objective 3.4 - Wireless Authentication Protocols https://professormesser.link/601030403

D. Embedded system An embedded system usually does not provide access to the OS and may not even provide a method of upgrading the system firmware. The incorrect answers: A. End-of-life A device at its end-of-life is no longer supported by the vendor. In this example, the vendor support status isn’t mentioned. B. Weak configuration A weak configuration would leave the system easily accessible by an attacker. In this example, the described scenario doesn’t describe any weak configurations. C. Improper input handling Improper handling of user input can sometimes result in an exploit. In this example, no specific user input issues were described. More information: SY0-601, Objective 2.6 - Embedded Systems Constraints https://professormesser.link/601020603

A. Pulping Pulping places the papers into a large washing tank to remove the ink, and the paper is broken down into pulp and recycled. The information on the paper is not recoverable after pulping. The incorrect answers: B. Degaussing Degaussing removes the electromagnetic field of storage media and electronics. Degaussing will not have any effect on paper items. C. NDA A non-disclosure agreement is only valid to the people who have signed the agreement. In this case, it can be assumed that the papers were obtained by a third-party after being placed in the trash. D. Fenced garbage disposal areas Although a fenced disposal area would have protected this information while it was on-site, the papers could have been obtained once they left the facility. The best choice for this question would be the option that would render the information on the pages unreadable. More information: SY0-601, Objective 2.7 - Secure Data Destruction https://professormesser.link/601020703

A. HIPS and D. Host-based firewall logs If the laptop is not communicating across the corporate network, then the only evidence of the traffic would be contained on the laptop itself. A HIPS (Host-based Intrusion Prevention System) and host-based firewall logs may contain information about recent traffic flows to systems outside of the corporate network. The incorrect answers: B. UTM appliance logs A unified threat management appliance is commonly located in the core of the network. The use of a cellular hotspot would circumvent the UTM and would not be logged. C. Web application firewall events Web application firewalls are commonly used to protect internal web servers. Outbound Internet communication would not be logged, and anyone circumventing the existing security controls would also not be logged. E. Next-generation firewall logs Although a next-generation firewall keeps detailed logs, any systems communicating outside of the normal corporate Internet connection would not appear in those logs. More information: SY0-601, Objective 3.2 - Endpoint Protection https://professormesser.link/601030201

B. Elliptic curve ECC (Elliptic Curve Cryptography) uses smaller keys than non-ECC encryption and has smaller storage and transmission requirements. These characteristics make it an efficient option for mobile devices. The incorrect answers: A. AES AES (Advanced Encryption Standard) is a useful encryption cipher, but the reduced overhead of elliptic curve cryptography is a better option for this scenario. C. Diffie-Hellman Diffie-Hellman is a key-agreement protocol, and Diffie-Hellman does not provide for any encryption or authentication. D. PGP PGP’s public-key cryptography requires much more overhead than the elliptic curve cryptography option. More information: SY0-601, Objective 2.8 Symmetric and Asymmetric Cryptography https://professormesser.link/601020802

B. A list of Microsoft patches that have not been applied to a server A vulnerability scan will identify known vulnerabilities, but it will stop short of exploiting these vulnerabilities. The incorrect answers: A. A list of usernames and password hashes from a server This type of secure information cannot be obtained through a vulnerability scan. C. A copy of image files from a private file share A private file share would prevent any access by unauthorized users, including vulnerability scans. D. The BIOS configuration of a server Private information, such as a device’s BIOS configuration, is not available from a vulnerability scan. More information: SY0-601, Objective 1.7 - Vulnerability Scans https://professormesser.link/601010702

A. Rogue access point A rogue access point is an unauthorized access point added by a user or attacker. This access point may not necessarily be malicious, but it does create significant security concerns and unauthorized access to the corporate network. The incorrect answers: B. Domain hijack A domain hijacking would be associated with unauthorized access to a domain name. In this example, the wireless IP addressing and performance issues do not appear to be related to a domain hijack. C. DDoS A DDOS (Distributed Denial of Service) would cause outages or slow performance to a service. A DDoS would not commonly modify or update any local IP addresses. D. MAC flooding MAC (Media Access Control) flooding can certainly create performance issues, but the unmatching IP address scheme on the wireless network does not appear to be related to a MAC flood. More information: SY0-601, Objective 1.4 - Rogue Access Points and Evil Twins https://professormesser.link/601010401

C. NetFlow logs NetFlow information can provide a summary of network traffic, application usage, and details of network conversations. The NetFlow logs will show all conversations from this device to any others in the network. The incorrect answers: A. DNS server logs DNS server logs will document all name resolutions, but an attacker may not use a DNS server and may prefer accessing devices by IP address. B. Penetration test A penetration test may identify any vulnerabilities that exist on the server, but it won't provide any information about traffic flows or connections initiated by an attacker. D. Email header An email header usually contains information of email servers used to transfer the message and security signatures to verify the sender. An email header would not contain information on traffic flows associated with this attacker. More information: SY0-601, Objective 4.3 - Log Management https://professormesser.link/601040304

C. Symmetric Symmetric encryption uses the same key for both encryption and decryption. The incorrect answers: A. Asymmetric Asymmetric encryption uses different keys for encryption and decryption. B. Key escrow Key escrow is when a third-party holds the decryption keys for your data. D. Out-of-band key exchange Keys can be transferred between people or systems over the network (inband) or outside the normal network communication (out-of-band). In this example, the key wasn’t exchanged between people or systems, since the system administrator is the same person who encrypted and decrypted. More information: SY0-601, Objective 2.8 - Symmetric and Asymmetric Cryptography https://professormesser.link/601020802

B. Scan outgoing traffic with DLP DLP (Data Loss Prevention) systems are designed to identify sensitive data transfers. If the DLP finds a data transfer with financial details, personal information, or other private information, the DLP can block the data transfer. The incorrect answers: A. Enable MFA on the email client MFA (Multi-Factor Authentication) can provide more security during the authentication process, but the description of the malware did not associate the exploit with the login process. The malware will most likely wait for the user to login before exfiltrating the data. C. Require users to enable the VPN when using email A VPN (Virtual Private Network) can protect data between systems, but it won't prevent malware from sending data once it connects to the email system. D. Update the list of malicious URLs in the firewall Blocking known URLs (Uniform Resource Locators) in a firewall is a useful way to prevent access to known malicious sites, but it won't prevent malware from sending email messages. More information: SY0-601, Objective 4.4 - Security Configurations https://professormesser.link/601040402