CNL_CH_2

109問 • 2年前

問題一覧

An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

Revoke the code-signing certificate.

Which of the following will increase cryptographic security?

High data entropy

A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Digital signatures use asymmetric encryption. This means the message is encrypted with:

the sender's private key and decrypted with the sender's public key

Which of the following is a reason to publish files' hashes?

To validate the integrity of the files

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

Generate a CSR (Certificate Signing Request)

Which of the following encryption algorithms require one encryption key? (Choose two.)

3DES, RC4

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether it is modified in transit before installation on the user's computer. Which of the following can be used to safely access the file?

Check the hash of the installation file

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

Calculate the checksum using a hashing algorithm

Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?

PKI

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

Wildcard

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

Hashing

Which of the following supplies non-repudiation during a forensics investigation?

Using a SHA-2 signature of a drive image

Which of the following is assured when a user signs an email using a private key?

Non-repudiation

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

Tokenizing the credit cards in the database

A tax organization is working on a solution to validate the online submission of documents. The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

User certificate

An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following should the organization consider before implementation? (Select TWO).

The identity federation protocol, The encryption method

Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

Steganography

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avoid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

SSH key

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

Data at rest

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Brute-force

Which of the following techniques eliminates the use of rainbow tables for password cracking?

Salting

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

Weak encryption

While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. Which of the following mitigations would BEST secure the server environment?

Revoke the code signing certificate used by both programs.

A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Implement salting and hashing

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on other company servers without issue. Which of the following is the MOST likely reason for this finding?

The required intermediate certificate is not loaded as part of the certificate chain.

After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

The public ledger

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the Most likely reason for this issue?

Weak credentials

A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A decryption certificate

To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain. Which of the following is being used?

DNSSEC

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

Data encryption

A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO's concerns?

TLS

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

Implement password salting

A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

Search for matching file hashes on malware websites

A security analyst is reviewing logs on a server and observes the following output: Which of the following is the security analyst observing?

A dictionary attack

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following: Which of the following attacks MOST likely occurred?

Password spraying

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Hashing

During a security audit of a company's network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?

TLS 1.2

A symmetric encryption algorithm is BEST suited for:

protecting large amounts of data

An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The organization does not use single sign- on, nor does it centralized storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?

The compromised password file has been brute-force hacked, and the complexity requirements are not adequate to mitigate this risk.

Data encryption

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Perfect forward secrecy

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multi cloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would BEST meet the architect's objectives?

HSMaaS

A security administrator has generated an SSH key pair to authenticate to a new server. Which of the following should the security administrator do NEXT to use the keys securely for authentication? (Choose 2)

Installthepublickeyontheserver, Encrypt the private key.

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events: To better understand what is going on, the analyst runs a command and receives the following output: Based on the analyst’s findings, which of the following attacks is being executed?

Spraying

Given the following logs: Which of the following BEST describes the type of attack that is occurring?

Dictionary

A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent?

Password-spraying

Which of the following algorithms has the SMALLEST key size?

DES (64)

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop?

An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Hashing, Private key

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

CRL

A security analyst is hardening a Linux workstation and must ensure. It has public keys forwarded to remote systems for secure login. Which of the following steps should the analyst perform to meet these requirements? (Select TWO)

Forward the keys using ssh-copy-id., Forward the keys using ssh-keygen.

An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below: Which of the following BEST describes the type of password attack the attacker is performing?

Dictionary

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before the storing. Which of the following techniques BEST explains this action?

Salting

Which of the following would MOST likely support the integrity of a voting machine?

Blockchain

A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs: Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

A wildcard certificate

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Homomorphic

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

The S/MIME plug-in is not enabled.

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are: www.company.com (main website) contactus.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

Wildcard

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

An extended validation certificate

Tokenizingthecreditcardsinthedatabase

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

Checksums (hash) (integrity)

A security analyst is performing a forensic investigation of compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message, “Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

Pass-the-hash

Customers reported their antivirus software flagged one of the company’s primary software products as suspicious. The company’s Chief Information Security Officer has tasked the developer with determining a method to create a trust model between the software and the customer’s antivirus software. Which of the following would be the BEST solution?

Code signing

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

Digitally sign the relevant game files.

A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM Which of the following describes what is occurring?

An attacker is utilizing a brute-force attack against the account.

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

The encryption algorithm longevity

An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved. Which of the following attacks MOST likely explains the behavior?

Birthday

In which of the following common use cases would steganography be employed?

Obfuscation

Which of the following will increase cryptographic security?

High data entropy

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

Check the hash of the installation file

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following: ● Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users. ● Internal users in question were changing their passwords frequently during that time period. ● A jump box that several domain administrator users use to connect to remote devices was recently compromised. ● The authentication method used in the environment is NTLM. Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Pass-the-hash

A financial institution would like to stare is customer data a could but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?

Homomorphic

Which of the following is true about asymmetric encryption?

A message encrypted with the public key can be decrypted with the private key.

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data?

Passwordhash

Security engineers are working on digital certificate management with the top priority of making administration easier. Which of the following certificates is the best option?

Root

A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication. Which of the following should the administrator do NEXT to enforce this new configuration?

Issue a public / private key pair for each user and securely distribute a private key to each employee.

Which of the following is the BEST method for ensuring non-repudiation?

Digital certificate

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the MOST likely source of the breach?

Supply chain

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?

Key Exchange

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

RainbowTable

Against the recommendation of the IT security analyst, a company set all user passwords on a server as `P@55w0rD`. Upon review of the /etc/passwd file, an attacker found the following: Alice: a8df3b6c4fd75f0617431fd248f35191df8d237f Bob: 2d250c5b2976b03d757f324ebd59340df96aa05e Chris: ea981ec3285421d014108089f3f3f997ce0f4150 Which of the following BEST explains why the encrypted passwords do not match?

Salting

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Spraying

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 Most Voted

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

.cer

A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

S/MIME

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

TLS inspection

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host: Which of the following attacks occurred?

Pass the hash

Which of the following is a cryptographic concept that operates on a fixed length of bits?

Block cipher

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Salting

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Time stamps, Time offset

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days. Which of the following attacks can the account lockout be attributed to?

Brute-force

An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but can’t validate an integrity issue. Which of the following attacks was used?

Collision

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Send a CSR to a known CA and install the signed certificate on the application's server.

An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider is used and the selected option is highly scalable?

Public key Infrastructure

A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?

Tokenization

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?

Salting

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts at a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

Password spraying

An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data. Which of the following is the attacker most likely using?

Steganography

100

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

TLS

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1