SEC+Practice Questions C72-C90

B. Full disk encryption With full disk encryption, everything written to the laptop’s local drive is stored as encrypted data. If the laptop was stolen, the thief would not have the credentials to decrypt the drive data. The incorrect answers: A. Remote wipe Although a remote wipe function is useful, it’s a reactive response that does not provide any data protection prior to the wipe. C. Biometrics Biometric authentication can limit access to the operating system, but the laptop’s storage drive can still be removed and read from another computer. D. BIOS user password Adding a power-on BIOS password would help prevent any unauthorized access to the operating system, but the password doesn’t provide any protection for the data on the laptop’s storage drive. More information: SY0-601, Objective 3.2 - Application Hardening https://professormesser.link/601030205

D. Guest network with captive portal A guest network would allow access to the Internet but prevent any access to the internal network. The captive portal would prompt each guest for authentication or to agree to terms of use before granting access to the network. The incorrect answers: A. NAT NAT (Network Address Translation) is a method of modifying IP addresses when traversing the network, but NAT itself does not provide any additional security mechanisms. B. Ad hoc wireless workstations Ad hoc wireless devices are able to communicate with each other without the use of an access point. There are no additional security features included with an ad hoc connection. C. Intranet The intranet is a private internal network used by company employees. It’s common to provide the highest protection to the intranet resources, so a company would not commonly connect the intranet to a public conference room. More information: SY0-601, Objective 3.4 - Wireless Authentication Methods https://professormesser.link/601030402

: C. dd The Linux dd command is commonly used to create an image of a partition or disk. The incorrect answers: A. Memdump The memdump command is used to make a copy of everything stored in local system memory. This dump of memory does not contain any local storage drive files. B. chmod The Linux chmod (change mode) command is used to modify the access rights and permissions of files stored on the system. The chmod command is not used to create system images. D. tcpdump The tcpdump utility is used to capture and store network packets. The tcpdump utility does not create images from stored data. More information: SY0-601, Objective 4.1 - Forensic Tools https://professormesser.link/601040106

C. Managerial A managerial control is a guideline that would control how people act, such as security policies and standard operating procedures. The incorrect answers: A. Compensating A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. A security policy does not provide a way to restore from an attack. B. Detective A detective control may not prevent access, but it can identify and record any intrusion attempts. Security policies do not provide any identification or recording of intrusions. D. Physical A physical control would block access. For example, a door lock or security guard would be a physical control. More information: SY0-601, Objective 5.1 - Security Controls https://professormesser.link/601050101

C. Maintain reliable backup data Organized crime is often after data, and can sometimes encrypt or delete data on a service. A good set of backups can often resolve these issues quickly and without any ransomware payments to an organized crime entity. The incorrect answers: A. Prevent users from posting passwords near their workstations Criminal syndicate members usually access systems remotely. Although it’s important that users don’t write down their passwords, the organized crime members aren’t generally in a position to see them. B. Require identification cards for all employees and guests Since the criminal syndicate members rarely visit a site, having identification for employees and visitors isn’t the largest concern associated with this threat actor. D. Use access control vestibules at all data center locations Access control vestibules control the flow of people through an area, and organized crime members aren’t usually visiting a data center. More information: SY0-601, Objective 1.5 - Threat Actors https://professormesser.link/601010501

: C. Implement a secure configuration of the web service The tech support resources for many services will include a list of hardening recommendations. This hardening may include account restrictions, file permission settings, internal service configuration options, and other settings to ensure that the service is as secure as possible. The incorrect answers: A. Build a backup server for the application Of course, you should always have a backup. Although the backup may help recover quickly from an attack, the backup itself won’t protect the application from attacks. B. Run the application in a cloud-based environment The location of the application service won’t provide any significant protection against attacks. Some cloud-based services may include some additional security features, but many do not. Given the options available, running the application in the cloud would not be the best option available. D. Send application logs to the SIEM via syslog It’s always useful to have a consolidated set of logs, but the logs on the SIEM (Security Information and Event Management) server won’t protect the application from attacks. More information: SY0-601, Objective 5.2 - Secure Configurations https://professormesser.link/601050203

A. Enable WPA3 encryption A MAC (Media Access Control) address can be spoofed on a remote device, which means anyone within the vicinity of the access point can view legitimate MAC addresses and spoof them to avoid the MAC filter. To ensure proper authentication, the system administrator can enable WPA3 (Wi-Fi Protected Access version 3) with a shared key, or configure 802.1X to integrate with an existing authentication database. The incorrect answers: B. Remove unauthorized MAC addresses from the filter Since MAC addresses are visible when capturing packets, any unauthorized users affected by the removal of a MAC address would simply obtain the remaining MAC addresses in use and spoof those addresses to gain access. C. Modify the SSID name The SSID (Service Set Identifier) is the name associated with the wireless network. The name of the access point is not a security feature, so changing the name would not provide any additional access control. D. Modify the channel The frequencies used by the access point are chosen to minimize interference with nearby wireless devices. These wireless channels are not security features and changing the frequency would not limit unauthorized access. More information: SY0-601, Objective 3.4 - Wireless Cryptography https://professormesser.link/601030401

C. Playbook A playbook describes a broad set of steps to follow to manage a security event. For example, a playbook might describe the processes to follow when investigating a data breach or when recovering from a ransomware attack. The incorrect answers: A. Managerial controls Managerial security controls describe administrative security methods, such as security policies and rules. B. DAC DAC (Discretionary Access Control) describes an access control method where the user decides which users can access their data and the permissions associated with that access. D. Order of volatility The order of volatility describes the lifetime associated with digital data. These volatility rates are important when determining which forensic data should be gathered first. More information: SY0-601, Objective 4.4 - Security Configurations https://professormesser.link/601040402

C. 802.1X IEEE 802.1X is a standard for port-based network access control (NAC). When 802.1X is enabled, devices connecting to the network do not gain access until they provide the correct authentication credentials. This 802.1X standard refers to the client as the supplicant, the switch is commonly configured as the authenticator, and the backend authentication server is a centralized user database such as Active Directory. The incorrect answers: A. Federation Federation would allow members of one organization to authenticate to the network of another organization using their normal credentials. B. AES AES (Advanced Encryption Standard) is a common encryption protocol, and it does not describe a supplicant, authenticator, or authentication server. D. PKI PKI (Public Key Infrastructure) is a method of describing the public-key encryption technologies and its supporting policies and procedures. PKI does not require the use of supplicants, authenticators, or authentication servers. More information: SY0-601, Objective 3.4 - Wireless Authentication Protocols https://professormesser.link/601030403

A. NFC and D. Biometrics The wall sensor will be activated with the phone’s NFC (Near-field Communication) electronics and would authenticate using the biometric fingerprint reader on the phone. The incorrect answers: B. Remote wipe Although remote wipe can be a useful management tool for a mobile device, there’s no need to include remote wipe capabilities with this particular application. The door unlocking process would still require authentication using the user’s fingerprint if the phone was lost or stolen. C. Containerization This application doesn’t appear to store any confidential local data, so keeping the enterprise data separate from the personal data isn’t a significant concern. E. Push notification A push notification will cause alerts to appear on the phone without any user intervention. In this app, all of the actions are initiated by the user. More information: SY0-601, Objective 3.5 - Mobile Networks https://professormesser.link/601030501