SEC+ Practice Questions C-48-C68

A. A visual summary of a risk assessment A risk matrix, or risk heat map, is often presented as a graphical chart comparing the likelihood of risk with the consequence. The incorrect answers: B. Identification of risk at each step of a project plan A risk register is a detailed identification and documentation of risk, the application of possible solutions, and ongoing monitoring of the risk at each step of a project. C. A list of cybersecurity requirements based on the identified risks Risk control assessment provides a security administrator with the information needed to build proper security controls for the documented risk. D. Ongoing group discussions regarding cybersecurity Risk awareness involves constant monitoring and analysis of current trends, risks, and response options. This information can be gathered from group discussions, expert presentations, and security conferences and programs. More information: SY0-601, Objective 5.4 - Risk Analysis https://professormesser.link/601050402

: C. Kerberos Kerberos is a network authentication protocol that provides single sign-on and mutual authentication using cryptographic “tickets” for the behindthe-scenes authentication process. The incorrect answers: A. RADIUS The RADIUS (Remote Authentication Dial-in User Service) authentication protocol is commonly used across many different devices and operating systems, but it does not use cryptographic tickets. B. LDAP LDAP (Lightweight Directory Access Protocol) is another common standard that is often used for authentication, but LDAP does not use cryptographic tickets. D. TACACS TACACS (Terminal Access Controller Access-Control System) is a flexible remote authentication protocol, but it does not use cryptographic tickets during the authentication process. More information: SY0-601, Objective 3.8 - Identity and Access Services https://professormesser.link/601030803

The Answer: D. The source of the attack is 10.1.111.7 and E. The attacker sent an unusual HTTP packet to trigger the IPS The second line of the IPS log shows the type of alert, and this record indicates that a suspicious HTTP packet was sent. The last line of the IPS log shows the protocol, destination, and source IP address information. The source IP address is 10.1.111.7. The incorrect answers: A. The attacker sent a non-authenticated BGP packet to trigger the IPS The alert for this IPS log does not indicate any non-authenticated packets or BGP packets. B. The source of the attack is 192.168.11.1 The last line of the log identifies the protocol and IP addresses. The “src” address is the source of the packet and is identified as 10.1.111.7. C. The event was logged but no packets were dropped The first line of the log shows the name of the IPS that identified the issue, the date and time, and disposition. In this log entry, the packet was rejected from IP address 10.1.111.7. More information: SY0-601, Objective 4.3 - Log Files https://professormesser.link/601040303 MAIN_IPS: 22June2019 09:02:50 reject 10.1.111.7 Alert: HTTP Suspicious Webdav OPTIONS Method Request; Host: Server Severity: medium; Performance Impact:3; Category: info-leak; Packet capture; disable Proto:tcp; dst:192.168.11.1; src:10.1.111.7

D. Active footprinting Active footprinting sends traffic across the network that can be viewed and/or logged. Performing a port scan will send network traffic to a server, and most port scan attempts can be identified and logged by an IPS. The incorrect answers: A. Initial exploitation An exploit attempt is common when performing a penetration test, but a port scan is not exploiting any vulnerabilities. B. Escalation of privilege If a penetration test is able to exploit a system and obtain a higher level of rights and permissions, then the test is successful at escalating the access privileges. A port scan does not gain access to a system, and it will not provide any privilege escalation. C. Pivot Once a penetration test has exploited a vulnerability and gained access to a system, the tester will use this foothold as a pivot point to access to other devices. Since the inside of the network is usually less secure than the perimeter, this pivot can often provide many more opportunities than the initial exploitation. More information: SY0-601, Objective 1.8 - Reconnaissance https://professormesser.link/601010802

The Answer: B. Weak encryption A common issue is weak or outdated security configurations. Older encryptions such as DES and WEP should be updated to use newer and stronger encryption technologies. The incorrect answers: A. Invalid frequency band The 2.4 GHz frequency band is a valid frequency range for 802.11g networks. C. Incorrect IP address and subnet mask None of the listed configuration settings show any issues with the IP address or subnet mask. D. Invalid software version The software version of the access point does not have any configuration options and would not be considered invalid. More information: SY0-601, Objective 1.6 - Vulnerability Types https://professormesser.link/601010601 IP address: 10.1.10.1 Subnet mask: 255.255.255.0 DHCPv4 Server: Enabled SSID: Wireless Wireless Mode: 802.11g Security Mode: WEP-PSK Frequency band: 2.4 GHz Software revision: 2.1 MAC Address: 60:3D:26:71:FF:AA IPv4 Firewall: Enabled

C. Memory leak A memory leak is when a poorly written application allocates memory for use by the application, but then does not release that memory after it is no longer needed. If the application runs on a system for an extended period of time, this memory leak can grow so large that it eventually uses all available memory and crashes the operating system. The incorrect answers: A. Integer overflow An integer overflow attempts to store a large number into a smaller sized memory space. This can sometimes improperly change the value of memory areas that are outside of the smaller space. B. NULL pointer dereference If an application is written to reference a portion of memory, but nothing is currently allocated to that area of memory, a NULL pointer dereference will occur. This can cause the application to crash, display debug information, or create a denial of service (DoS). D. Data injection The unwanted injection of data into a database, library, or any other data flow is an injection attack. An application that does not properly release sections of memory is a badly written application and would not be related to a data injection attack. More information: SY0-601, Objective 1.3 - Other Application Attacks https://professormesser.link/601010310

A. DDoS A DDoS (Distributed Denial of Service) is the failure of a service caused by many different remote devices. In this example, the DDoS is related to a bandwidth utilization exhaustion caused by excessive server requests. The incorrect answers: B. Wireless jamming Wireless jamming is caused by interference of the wireless spectrum. In this example, a wireless network was not part of the web server or any issues associated with the server. C. MAC cloning MAC (Media Access Control) address cloning is when a third-party device changes their MAC address to be the same as another station. In this example, the issue is related to a large number of inbound IP addresses. D. Rogue access point A rogue access point is an unauthorized wireless access point. This issue does not appear to be related to a wireless network. More information: SY0-601, Objective 1.4 - Denial of Service https://professormesser.link/601010410