
Domain 3 Quiz
Domain 3 Quiz
-
Decide where things go.
On the real test you will drag them and they snap into place.
Safe with signing keys (these would be stored on optical discs or USB sticks)
Locking cabinet with WAP. (CompTIA says "locking cabinet" where I would say "equipment rack with locking doors", and yes, enclosing a WAP inside a metal cabinet makes no sense)
Card-swipe lock with door from lobby to business office. From public (sort of) area to business area.
Biometric lock with door from business office to server room. Most sensitive door, it gets the best lock.
Video camera in server room.
Captive portal with lobby. -
Management wants to use a security framework that is
designed to bridge the gap between management and technical
groups in order to quantitatively analyze and control risk,
focusing on identifying the maturity of processes and
establishing sound metrics.
What do you recommend?
- ISO 27001 and 27002
- NIST SP 800-37 RMF
- COBIT
- COVID
Something that might be a tipoff is the overly obvious wrong choice COVID. It's probably there to distract you, tempt you away from the correct answer COBIT. An absurdly wrong choice very similar to something else might suggest that the similar one is correct. -
Which of these can you put in a boot script to
prevent MitM?
-
nmap -sS -sV -T5 192.168.12.72
-
arp -s 00:13:3B:12:6f:aa 192.168.12.72
-
tcpdump -i eth0 host 192.168.12.72 or ether host 00:13:3b:12:6f:aa
-
netstat -an
-
ping 192.168.12.72
arp
syntax sets up static ARP, it's that same syntax on Windows, Linux, MacOS, BSD, and probably other places. Static ARP isn't at all practical, but it could prevent MitM connection hijacking with ARP spoofing. Once you set a static ARP mapping, the operating system no longer uses ARP to make requests, or pays attention to inbound unsolicited ARP "answers". The other commands arenmap
(port scanning and OS detection),tcpdump
(packet capture),netstat
(measuring TCP/UDP activity), andping
(testing end-to-end IP connectivity). Static ARP is the only one that has any preventative function. -
-
You are examining records from a busy server that is
critical to your organization's financial well-being.
You find this:
LAST WEEK: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842 TODAY: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 9a4fb74ef00824d6e84785ad53d6fed364947778 /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842
What should you report to management?- Everything seems to be fine.
- A user is violating the AUP.
- An intruder has gained administrative access and changed the system configuration.
- An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
/etc/shadow
changed, but we expect this. It will change every time a user changes their password. Apparently "busy" implies enough users that we caught someone changing their password between yesterday's and today's Tripwire run. -
You are examining records from a busy server that is
critical to your organization's financial well-being.
You observe the following:
LAST WEEK: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842 TODAY: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 7c6fa9266a5abfa03d685ea7f7164393c984b710 /etc/shadow: 9a4fb74ef00824d6e84785ad53d6fed364947778 /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842
What should you report to management?- Everything seems to be fine.
- A user is violating the AUP.
- An intruder has gained administrative access and changed the system configuration.
- An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
/etc/shadow
and/etc/passwd
changed. You probably added a new user, adding one new line to each file. Or maybe you modified a user (changingpasswd
) and coincidentally someone changed their password (changingshadow
). Again, no worry.
It's possible that someone gained administrative access and they created the new user. But A is by far the most likely explanation. -
You are examining records from a busy server that is
critical to your organization's financial well-being.
You observe this:
LAST WEEK: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842 TODAY: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 9c5bbcbdc2994a9835b8804b9ffa699935715a34 /bin/ls b79f70b18538de0199e6829e06b547e079df8842
What should you report to management?- Everything seems to be fine.
- A user is violating the AUP.
- An intruder has gained administrative access and changed the system configuration.
- An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
/etc/ssh/sshd_config
. -
You are examining records from a busy server that is
critical to your organization's financial well-being.
You observe this:
LAST WEEK: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: d6328ceea77c930e853da08b494c71ad2f8f9b47 /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842 TODAY: /boot/grub/grub.cfg: 6c3209882734351aa672d3f222bb382267c22ad4 /boot/vmlinuz-4.13.0: cfc34c90281bbed47540c6288ec975a4602ee3df /etc/passwd: 02f727aaabab9c2963092ba3d7f3543980fef790 /etc/shadow: 71558dd386a50333ffb71c07ad904e9abd6792cf /etc/ssh/sshd_config: 5a960d6641b42ff8f9e947e218b371b2ad12a728 /bin/ls b79f70b18538de0199e6829e06b547e079df8842
What should you report to management?- Everything seems to be fine.
- A user is violating the AUP.
- An intruder has gained administrative access and changed the system configuration.
- An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
-
Management has decided that they want wireless security,
but they don't have the resources to do key management
and maintain certificates.
What should they use?
- WEP
- WAP
- WPA
- WPA2 Enterprise
- WPS
-
Management has decided to use geo-fencing to restrict
mobile device operation to company premises.
Which technology should you select?
- BYOD
- COPE
- CYOD
- BODE
-
Lori's manager, Brian, has just returned from a board meeting
where it was announced that the company would be deploying
Infrastructure as a Service.
Brian didn't know what that was, and was embarrassed to ask.
Which is the best explanation of what it will involve?
- Logical rather than physical network isolation
- Air gaps
- Virtualization
- Subcontracting
-
Why might you use fuzzing?
Select two.
- You need to detect logical errors
- You don't have the source code
- You have the source code
- You have the source code, but you signed a non-disclosure agreement
- You're uncertain of the purpose of the software
-
Refineries and waste water treatment plants are controlled
by which of the following, which have been
successfully attacked on multiple occasions:
- RTOS
- IoT
- SCADA
- SoC
- Embedded
-
Dorothy, the software development manager, needs development
and testing platforms for her programmers.
However, she doesn't want to have to buy server hardware,
or cross-train programmers to be system administrators.
Which cloud solution could solve her problem?
- IaaS
- IDaaS
- PaaS
- SaaS
-
Maria, a security analyst, was about to boot a suspect
system with a Kali Linux DVD.
Her manager stopped her, saying that she mustn't modify
the computer's operating system or data.
She explained that it was safe, it would load an
operating system into RAM and treat everything on disk
as read-only data, because it's:
- Non-modification boot
- Live boot
- Transparent boot
- Ephemeral boot
-
Suheb, the IT department manager, needs to be able to assess
organizational security at any time, and identify issues
before they become big problems.
Which should he use?
- Monthly audits
- Continuous monitoring
- Continuous improvement
- Baseline analysis
-
Chuck, a network engineer, needs to compartmentalize traffic
flow on the Intranet, and authenticate each connected
endpoint device.
What should he use?
Select two.
- NAC
- DLP
- 802.3
- VLAN
-
Alexei, an attacker from Eastern Europe, was able to break
into one of your organization's virtual web servers.
However, he was unable to pivot to any of several other
virtual servers running on the same hardware platform.
What happened?
- VM Escape
- Shadow IT
- VM sprawl
- Sandboxing
- Hypervisor flaws
-
Akio, a systems engineer, needs to implement a technical
defense that verifies the validity of the operating system
itself before booting the system.
He hopes this will solve the problem of root kits and other
kernel modification.
What should he use?
- Anti-malware scanning
- BIOS checks
- UEFI
- Trusted supply chain
-
Philip, a system administrator, has been asked for
recommendations for protecting compute servers
in the data center.
Which should he suggest?
Select three.
- FM-200
- Biometrics
- DLP
- Remote wipe
- Mantrap
- GPS tracking
Exhibit with 10 things, plus 18 questions
Passing = 82% of 28 = 23.0
Goal = 91% of 28 = 25.5