SEC+Practice Questions C72-C90

B. Full disk encryption With full disk encryption, everything written to the laptop’s local drive is stored as encrypted data. If the laptop was stolen, the thief would not have the credentials to decrypt the drive data. The incorrect answers: A. Remote wipe Although a remote wipe function is useful, it’s a reactive response that does not provide any data protection prior to the wipe. C. Biometrics Biometric authentication can limit access to the operating system, but the laptop’s storage drive can still be removed and read from another computer. D. BIOS user password Adding a power-on BIOS password would help prevent any unauthorized access to the operating system, but the password doesn’t provide any protection for the data on the laptop’s storage drive. More information: SY0-601, Objective 3.2 - Application Hardening https://professormesser.link/601030205

D. Guest network with captive portal A guest network would allow access to the Internet but prevent any access to the internal network. The captive portal would prompt each guest for authentication or to agree to terms of use before granting access to the network. The incorrect answers: A. NAT NAT (Network Address Translation) is a method of modifying IP addresses when traversing the network, but NAT itself does not provide any additional security mechanisms. B. Ad hoc wireless workstations Ad hoc wireless devices are able to communicate with each other without the use of an access point. There are no additional security features included with an ad hoc connection. C. Intranet The intranet is a private internal network used by company employees. It’s common to provide the highest protection to the intranet resources, so a company would not commonly connect the intranet to a public conference room. More information: SY0-601, Objective 3.4 - Wireless Authentication Methods https://professormesser.link/601030402

: C. dd The Linux dd command is commonly used to create an image of a partition or disk. The incorrect answers: A. Memdump The memdump command is used to make a copy of everything stored in local system memory. This dump of memory does not contain any local storage drive files. B. chmod The Linux chmod (change mode) command is used to modify the access rights and permissions of files stored on the system. The chmod command is not used to create system images. D. tcpdump The tcpdump utility is used to capture and store network packets. The tcpdump utility does not create images from stored data. More information: SY0-601, Objective 4.1 - Forensic Tools https://professormesser.link/601040106

C. Managerial A managerial control is a guideline that would control how people act, such as security policies and standard operating procedures. The incorrect answers: A. Compensating A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. A security policy does not provide a way to restore from an attack. B. Detective A detective control may not prevent access, but it can identify and record any intrusion attempts. Security policies do not provide any identification or recording of intrusions. D. Physical A physical control would block access. For example, a door lock or security guard would be a physical control. More information: SY0-601, Objective 5.1 - Security Controls https://professormesser.link/601050101

C. Maintain reliable backup data Organized crime is often after data, and can sometimes encrypt or delete data on a service. A good set of backups can often resolve these issues quickly and without any ransomware payments to an organized crime entity. The incorrect answers: A. Prevent users from posting passwords near their workstations Criminal syndicate members usually access systems remotely. Although it’s important that users don’t write down their passwords, the organized crime members aren’t generally in a position to see them. B. Require identification cards for all employees and guests Since the criminal syndicate members rarely visit a site, having identification for employees and visitors isn’t the largest concern associated with this threat actor. D. Use access control vestibules at all data center locations Access control vestibules control the flow of people through an area, and organized crime members aren’t usually visiting a data center. More information: SY0-601, Objective 1.5 - Threat Actors https://professormesser.link/601010501

: C. Implement a secure configuration of the web service The tech support resources for many services will include a list of hardening recommendations. This hardening may include account restrictions, file permission settings, internal service configuration options, and other settings to ensure that the service is as secure as possible. The incorrect answers: A. Build a backup server for the application Of course, you should always have a backup. Although the backup may help recover quickly from an attack, the backup itself won’t protect the application from attacks. B. Run the application in a cloud-based environment The location of the application service won’t provide any significant protection against attacks. Some cloud-based services may include some additional security features, but many do not. Given the options available, running the application in the cloud would not be the best option available. D. Send application logs to the SIEM via syslog It’s always useful to have a consolidated set of logs, but the logs on the SIEM (Security Information and Event Management) server won’t protect the application from attacks. More information: SY0-601, Objective 5.2 - Secure Configurations https://professormesser.link/601050203

A. Enable WPA3 encryption A MAC (Media Access Control) address can be spoofed on a remote device, which means anyone within the vicinity of the access point can view legitimate MAC addresses and spoof them to avoid the MAC filter. To ensure proper authentication, the system administrator can enable WPA3 (Wi-Fi Protected Access version 3) with a shared key, or configure 802.1X to integrate with an existing authentication database. The incorrect answers: B. Remove unauthorized MAC addresses from the filter Since MAC addresses are visible when capturing packets, any unauthorized users affected by the removal of a MAC address would simply obtain the remaining MAC addresses in use and spoof those addresses to gain access. C. Modify the SSID name The SSID (Service Set Identifier) is the name associated with the wireless network. The name of the access point is not a security feature, so changing the name would not provide any additional access control. D. Modify the channel The frequencies used by the access point are chosen to minimize interference with nearby wireless devices. These wireless channels are not security features and changing the frequency would not limit unauthorized access. More information: SY0-601, Objective 3.4 - Wireless Cryptography https://professormesser.link/601030401