Domain 3 Quiz

Domain 3 Quiz

1. Decide where things go.
   
2. Your CEO has met with the CEO of another company, and they have agreed to work together to develop a new service. Authentication and identity management will be connected across the two organizations. Given the sensitivity of the development project, user authentication and authorization will use a centralized server running the best available trusted third-party service. Users will receive identity and service tokens from a unified authentication and authorization service, which requires that system clocks be synchronized across the organizations. Applications will be limited to those written with the API of that service. What do you need?
   1. BPA
   2. Federation
   3. Kerberos
   4. KDC
   5. NTP
   6. Kerberization
3. The content management group is considering the use of DNS Round Robin technology. What benefit could this provide?
   1. Load balancing
   2. Transparent proxying
   3. Anti-spoofing
   4. Certificate sharing
4. Users are reporting that they can't access the financial department's secure web page. The following command output is observed. What is wrong?

   $ netstat -an
   Active Internet connections (including servers)
   Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
   tcp4       0      0 10.138.0.3:22          184.16.205.240:50966   ESTABLISHED
   tcp4       0      0 127.0.0.1:9000         127.0.0.1:37632        TIME_WAIT
   tcp4       0      0 127.0.0.1:11628        127.0.0.1:9000         TIME_WAIT
   tcp4       0      0 127.0.0.1:12042        127.0.0.1:9000         TIME_WAIT
   tcp4       0      0 10.138.0.3:80          130.15.4.209:46944     TIME_WAIT
   tcp4       0      0 10.138.0.3:80          46.229.168.70:15234    TIME_WAIT
   tcp4       0      0 10.138.0.3:80          173.187.65.22:50598    ESTABLISHED
   tcp4       0      0 10.138.0.3:80          212.3.84.1:55989       ESTABLISHED
   tcp4       0      0 10.138.0.3:80          212.3.84.1:55987       ESTABLISHED
   tcp4       0      0 10.138.0.3:80          212.3.84.1:55988       TIME_WAIT
   tcp4       0      0 10.138.0.3:80          212.3.84.1:55986       TIME_WAIT
   tcp4       0      0 *:80                   *.*                    LISTEN
   tcp4       0      0 127.0.0.1:9000         *.*                    LISTEN
   tcp4       0      0 *:22                   *.*                    LISTEN
   tcp4       0      0 127.0.0.1:25           *.*                    LISTEN
   udp4       0      0 127.0.0.1:123          *.*                    
   udp4       0      0 10.138.0.3:123         *.*                    
   udp4       0      0 *:123                  *.*                    
   udp4       0      0 *:514                  *.*                    
   

   1. The web server is down
   2. The server is up but its web service isn't running
   3. The certificate is expired
   4. The certificate has been revoked
   5. HTTPS isn't enabled
   6. A firewall is blocking connections
5. Which of these can you put in a boot script to prevent MitM?
   1. nmap -sS -sV -T5 192.168.12.72
   2. arp -s 00:13:3B:12:6f:aa 192.168.12.72
   3. tcpdump -i eth0 host 192.168.12.72 or ether host 00:13:3b:12:6f:aa
   4. netstat -an
   5. ping 192.168.12.72
6. You are examining records from a busy server that is critical to your organization's financial well-being. You find this:

   LAST WEEK:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	d6328ceea77c930e853da08b494c71ad2f8f9b47
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		71558dd386a50333ffb71c07ad904e9abd6792cf
   /etc/ssh/sshd_config:	5a960d6641b42ff8f9e947e218b371b2ad12a728
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842
   
   TODAY:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	d6328ceea77c930e853da08b494c71ad2f8f9b47
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		9a4fb74ef00824d6e84785ad53d6fed364947778
   /etc/ssh/sshd_config:	5a960d6641b42ff8f9e947e218b371b2ad12a728
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842 

   What should you report to management?
   1. Everything seems to be fine.
   2. A user is violating the AUP.
   3. An intruder has gained administrative access and changed the system configuration.
   4. An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
7. You are examining records from a busy server that is critical to your organization's financial well-being. You observe this:

   LAST WEEK:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	d6328ceea77c930e853da08b494c71ad2f8f9b47
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		71558dd386a50333ffb71c07ad904e9abd6792cf
   /etc/ssh/sshd_config:	5a960d6641b42ff8f9e947e218b371b2ad12a728
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842
   
   TODAY:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	d6328ceea77c930e853da08b494c71ad2f8f9b47
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		71558dd386a50333ffb71c07ad904e9abd6792cf
   /etc/ssh/sshd_config:	9c5bbcbdc2994a9835b8804b9ffa699935715a34
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842 

   What should you report to management?
   1. Everything seems to be fine.
   2. A user is violating the AUP.
   3. An intruder has gained administrative access and changed the system configuration.
   4. An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
8. You are examining records from a busy server that is critical to your organization's financial well-being. You observe this:

   LAST WEEK:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	d6328ceea77c930e853da08b494c71ad2f8f9b47
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		71558dd386a50333ffb71c07ad904e9abd6792cf
   /etc/ssh/sshd_config:	5a960d6641b42ff8f9e947e218b371b2ad12a728
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842
   
   TODAY:
   /boot/grub/grub.cfg:	6c3209882734351aa672d3f222bb382267c22ad4
   /boot/vmlinuz-4.13.0:	cfc34c90281bbed47540c6288ec975a4602ee3df
   /etc/passwd:		02f727aaabab9c2963092ba3d7f3543980fef790
   /etc/shadow:		71558dd386a50333ffb71c07ad904e9abd6792cf
   /etc/ssh/sshd_config:	5a960d6641b42ff8f9e947e218b371b2ad12a728
   /bin/ls			b79f70b18538de0199e6829e06b547e079df8842 

   What should you report to management?
   1. Everything seems to be fine.
   2. A user is violating the AUP.
   3. An intruder has gained administrative access and changed the system configuration.
   4. An intruder has gained administrative access and replaced operating system components, and we can no longer trust the operating system itself or any programs installed there.
9. Management has decided that they want wireless security, but they don't have the resources to do key management and maintain certificates. What should they use?
   1. WEP
   2. WAP
   3. WPA
   4. WPA2 Enterprise
   5. WPS
10. Management has decided to use geo-fencing to restrict mobile device operation to company premises. Which technology should you select?
    1. BYOD
    2. COPE
    3. CYOD
    4. BODE
11. You observe the following in the results of a security scan. What is this?

    Channel	SSID
    1	corpnet3
    6	corpnet3
    6	netgear
    11	corpnet3

    1. Evil twin
    2. Rogue AP
    3. Bluesnarfing
    4. Watering hole
12. Desmond, a network engineer, has been directed to set up network security that will require a device to authenticate itself onto the network and verify that patching and anti-virus signatures are updated, before allowing the user to try to authentication. What should Desmond use?
    1. 802.1i
    2. 802.1x
    3. 802.1q
    4. 802.11i
    A.k.a. Network Access Control or NAC, or Port Security.
13. You observe the following in the results of a security scan. What is this?

    Channel	SSID
    1	corpnet3
    6	corpnet3
    6	corpnet3
    11	corpnet3

    1. Evil twin
    2. Rogue AP
    3. Bluesnarfing
    4. Watering hole
14. You observe this data.

    An unapproved executable attempted to run and was prevented.
    The action was stopped and logged.
    Location: c:\Program Files\Chromium Browser\Chrome.exe
        User: Elon
       Cause: Policy setting for unapproved software 

    Which tool or defensive measure was involved?
    1. File integrity check
    2. Antivirus
    3. Blacklisting
    4. Whitelisting
    5. DLP
    6. DEP
15. Julie, a network engineer, has been informed by management that they want to deploy network security technology that uses OSI layers 4 through 7 to authenticate, authorize, and audit Internet activity. To reduce the load on help desk personnel, this must require little to no browser or other application reconfiguration. What should she recommend?
    1. SIEM
    2. 802.1x
    3. Transparent proxy
    4. Load balancer
16. Jenny can unlock her work mobile phone by drawing a pattern on the screen with her finger. This mode of authentication verifies:
    1. Something you know
    2. Something you have
    3. Something you are
    4. Something you do
    5. Somewhere you are
17. To enter the server room Joe must pass through a mantrap, entering a PIN on a keypad at the outer door, entering the mantrap and closing the door behind him, swiping his badge on the reader, then typing a password into a keyboard by the inner door. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
18. To enter the server room Joe must be recognized by the guard, enter a PIN on the keypad, and place his hand on a scanner. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
19. To enter the server room Joe must be recognized by the guard, show the guard his badge, and enter a PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
20. Joe has been given a Post-It note with a PIN written on it. To enter the server room he must be recognized by the guard, tell the guard the passphrase of the day, and enter the PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
21. Kristina works at a financial services firm that suffered a major breach. They have implemented a centralized AAA system regulating access to the Intranet. After proving their identity with a smart card and a complex passphrase, users are connected to the appropriate VLAN. Internal services are only provided to user sessions holding valid service tickets. Intranet activity records are continuously analyzed to detect inappropriate or malicious activity. Identify this latter activity.
    1. Identification
    2. Authentication
    3. Authorization
    4. Auditing
22. Akira authenticates with a device that displays a different value every minute. What is this an example of?
    1. Multi-factor
    2. OTP
    3. HOTP
    4. TOTP
23. Kerberos provides which three of the following? Select three.
    1. Network intrusion detection
    2. ESSO
    3. Cryptographic key control
    4. Log analysis and alerting
    5. An API supporting third-party applications
    6. A "single pane of glass" dashboard
24. Functional SSO must incorporate which of the following?
    1. Active Directory
    2. RADIUS
    3. Federated identity management
    4. Kerberos
25. Which of these is an XML-based open-source standard that involves an IdP or Identity Provider, an SP or Service Provider, and a Principal, and is the basis for several other authentication systems?
    1. SAML
    2. OAUTH
    3. OpenID
    4. Shibboleth
    5. WS-Federation
26. You are equipping a forensics team. Which of these would be most useful?
    1. A set of precision screwdrivers
    2. A playbook
    3. Luminol
    4. Latex gloves and masks
27. You observe this data.

    11:43:57.293662 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 1, length 64
    11:43:57.294143 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 1, length 64
    11:43:58.294308 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 2, length 64
    11:43:58.294730 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 2, length 64
    11:43:59.322328 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 3, length 64
    11:43:59.322645 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 3, length 6 

    Which tool or defensive measure was involved? Select two.
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
28. You observe this data.

    www.google.com (172.217.6.4) 56(84) bytes of data.
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=1 ttl=116 time=26.9 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=2 ttl=116 time=28.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=3 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=4 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=5 ttl=116 time=28.5 ms
    
    --- www.google.com statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4005ms
    rtt min/avg/max/mdev = 26.976/27.673/28.568/0.621 ms 

    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
29. You observe this data.

    Host is up (0.00031s latency).
    rDNS record for 192.168.1.40: hplj4250n.kc9rg.org
    Not shown: 993 closed ports
    PORT      STATE SERVICE    VERSION
    80/tcp    open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    280/tcp   open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    443/tcp   open  ssl/https?
    515/tcp   open  printer
    7627/tcp  open  http       HP-ChaiSOE 1.0 (HP LaserJet http config)
    9100/tcp  open  jetdirect?
    14000/tcp open  tcpwrapped
    MAC Address: 00:12:79:DF:81:B1 (Hewlett Packard)
    Device type: printer
    Running: HP embedded
    OS details: HP LaserJet 4250 (JetDirect) printer
    Network Distance: 1 hop
    Service Info: Host: 192.168.1.40; Device: printer 

    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
30. You want to use a system that can protect communication by authenticating the server, and also providing a copy of the server's public key in a trustworthy format. A provider of trusted certificates will only provide one when you follow their rules. There is a protocol that you can use to check in real time whether a certificate should be trusted or not. You must have a copy of the currently untrusted certificates locally, to reduce network traffic. Rather than a complete copy of the key, you may refer to its hash instead. There are ways to prevent a breach today from exposing secrets based on keys in the past. What do you need?
    1. TLS
    2. CPS
    3. OCSP
    4. CRL
    5. thumbprint
    6. PFS
31. Blake has been asked to configure the web server to provide Perfect Forward Secrecy. Which security feature will this provide?
    1. Data sent from the server to the client will always be protected
    2. Data sent from the client to the server will always be protected
    3. A breach today does not expose keys from the past
    4. A breach today does not expose keys in the future
32. Alice wants to send an encrypted message to Bob. What does she need?
    1. Alice's public key
    2. Alice's private key
    3. Bob's public key
    4. Bob's private key
33. Alice has obtained a copy of Bob's certificate. Which of these does it contain?
    1. Bob's private key
    2. Bob's public key
    3. The CA's private key
    4. The CA's public key
34. Alice has obtained a copy of what claims to be Bob's certificate. Which of these does she need to verify that it really belongs to Bob?
    1. Bob's private key
    2. Bob's public key
    3. The CA's private key
    4. The CA's public key
35. Bob has just received an digitally signed, encrypted message from Alice. What does he need? Select three.
    1. Alice's certificate
    2. Bob's certificate
    3. The CA's certificate
    4. Bob's public key
    5. Bob's private key

To the answers

Exhibit with 9 things, plus 34 regular questions

Passing = 82% of 43 = 35.3

Goal = 91% of 43 = 39.1