Certmaster practice questions Flashcards

Question

# 5 An organization that is planning a move to the cloud checks to see that the chosen CSP uses a standard method for creating and following security competencies. Which method does the CSP likely implement? ## Footnote Cloud controls matrix Reference architecture Service Organization Control (SOC2) National, territory, or state laws

Answer 1

Cloud controls matrix ## Footnote Cloud controls consists of specific controls and assessment guidelines that should be implemented by CSPs. A matrix acts as a starting point for agreements as it provides a baseline level of security competency that the CSP should meet.

Answer 2

Malicious USB plug ## Footnote A malicious Universal Serial Bus (USB) charging cable and plug are deployed similar to card skimmers. The device may be placed over a public charging port at airports and other transit locations. The device can then access a smartphone when connected.

Answer 3

Security guidance ## Footnote Security guidance offers a best practice summary analyzing the unique challenges of cloud environments and how on-premises controls can be adapted to them.

Answer 4

Daylight savings time UTC time ## Footnote Local time is the time within a particular time zone, which is offset from UTC by several hours. NTFS uses UTC "internally." It is vital to establish how a timestamp is calculated and note the offset. The local time offset on a system may vary if daylight savings time is in place. Investigators must note the offset between the local system time and UTC.

Answer 5

Embedded system ## Footnote An embedded system is a combination of hardware and software that contains a dedicated function and uses a computer component to complete the function.

Answer 6

Risk control assessment ## Footnote Risk and control self-assessment (RCSA) is the method by which companies evaluate and analyze the operational risks and the efficacy of the controls used to manage them.

Answer 7

cat ## Footnote The Linux command cat allows for viewing the entire contents of one or more files. For example, to view the contents of two log files, use cat -n access.log access2.log. The -n switch adds line numbers.

Answer 8

Spraying ## Footnote Password spraying is a horizontal brute-force online attack. The attacker chooses one or more common passwords (for example, password) and tries them in conjunction with multiple usernames.

Answer 9

Trend analysis ## Footnote Since flow analyzers gather metadata and statistics about network traffic, they are commonly used to visualize traffic statistics in order to assist in identifying trends.

Answer 10

Use a pre-shared key ## Footnote PSK (Pre-shared Key) is the password needed to gain access to a WAP (Wireless Authentication Protocol) that is WPA2 enabled, for example.

Answer 11

Transit gateway ## Footnote A transit gateway is a cloud network hub that allows users to interconnect virtual private clouds (VPC) and on-premises networks through a central console.

Answer 12

Ensuring processing redundancy supports the workflow ## Footnote Business continuity planning identifies how business processes should deal with both minor and disaster-level disruption. It ensures that there is processing redundancy supporting the workflow through failover.

Answer 13

Risk register ## Footnote The risk register shows the results of risk assessments in a comprehensible document format. Information in the register includes impact, likelihood ratings, date of identification, description, countermeasures, owner/route for escalation, and status.

Answer 14

Lessons learned ## Footnote The "lessons learned" phase occurs when the team's response is evaluated. It is for this reason that it is important to document the entire response process.

Answer 15

Configuration baseline ## Footnote Security content automation protocol (SCAP) allows compatible scanners to determine whether a computer meets a configuration baseline. The Extensible Configuration Checklist Description Format (XCCDF) audits for best-practice configuration checklists and rules.

Answer 16

PUPs ## Footnote Potentially unwanted programs (PUP) are software installed alongside a package selected by the user, or perhaps bundled with a new computer system.

Answer 17

Inherent risk ## Footnote The result of quantitative or qualitative analysis is a measure of inherent risk. Inherent risk is the level of risk before any type of mitigation has been attempted.

Answer 18

Personal health information (PHI) ## Footnote Personal health information (PHI), such as medical and insurance records, laboratory test results, etc., has a high value in black markets because of its potential use for blackmail and insurance fraud. It is often anonymized and used for research.

Answer 19

Eradication ## Footnote Eradication is an incident response lifecycle phase requiring the identification of the root cause of an incident. For instance, a user clicking on a suspicious attachment in an email is a root cause of a potentially larger problem.

Answer 20

Geographical dispersal ## Footnote Geographical dispersal is a failover consideration that replicates data in hot and warm sites physically distanced from one another in the event of a catastrophe.

Answer 21

non-centralized deployment undocumented process ## Footnote A **non-centralized deployment** process makes patch management difficult. For example, Microsoft Endpoint Configuration Manager can schedule, monitor, and auto-deploy patches to Windows systems and applications. An **undocumented process** makes it difficult to maintain a consistent workflow for patch management in a closed or classified network. Personnel should know how to download patches from the Internet and upload them to the closed network.

Answer 22

Familiarity/liking ## Footnote One of the basic tools of a social engineer is simply to be affable, likable, and persuasive, and to present the requests they make as completely reasonable and unobjectionable.

Answer 23

National Institute of Standards and Technology (NIST) ## Footnote Information security and cybersecurity tasks can be classified as five functions (Identify, Protect, Detect, Respond, Recover), following the framework developed by the National Institute of Standards and Technology.

Answer 24

Separation of duties ## Footnote Separation of duties is a means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by insider threats. Divided duties among individuals prevent ethical conflicts or abuses of power.

Answer 25

Is a high risk Is not identified ## Footnote **False negatives** are the potential vulnerabilities that are not identified by the scanning tool. It is possible the vulnerability has not been discovered, or a hacker may have spoofed the vulnerability as if nothing is wrong. A **false negative** is a high security risk because a possible threat could go unnoticed for long periods. This can be mitigated by running repeat scans and by using scanning tools from other vendors.

Answer 26

Artifacts ## Footnote An artifact is a piece of data, such as registration keys, files, timestamps, and event logs that may or may not be important to the investigative analysis or incident response.

Answer 27

data custodian ## Footnote The data custodian role handles managing the system on which the data assets are stored. This includes responsibility for enforcing access control, encryption, and backup/recovery measures.

Answer 28

Fog computing ## Footnote Fog computing provides decentralized local access by deploying fog nodes throughout the network. Fog computing analyzes data on the network edge to avoid the need to transfer unnecessary data back to the LAN.

Answer 29

Acceptance ## Footnote Risk acceptance means that no countermeasures are put in place either because the level of risk does not justify the cost or because there will be an unavoidable delay before the countermeasures are deployed.

Answer 30

Remote access trojan Botnet Command and control ## Footnote A **botnet** is a group of bots that are all under the control of the same malware instance. A bot is an automated script or tool that performs some malicious activity. A **command and control** (C2 or C&C) host or network controls the bots or botnet to carry out remote tasks on the local network. A **remote access trojan** (RAT) is backdoor malware that mimics the functionality of legitimate remote control programs but is designed specifically to operate covertly.

Answer 31

Quarantine of infected hosts Containment of the threat ## Footnote **Corrective** controls act to eliminate or reduce the impact of an intrusion event. During an attack, for instance, a corrective control can eliminate the threat. **Quarantining** infected or compromised machines is a corrective control.

Answer 32

Vendor support page ## Footnote Vendors will provide guides, templates, and tools for configuring and securing operating systems, applications, and physical devices like a rack server. CPU vulnerabilities may require firmware updates that may only be available from the vendor. Conferences are hosted and sponsored by various institutions and provide an opportunity for presentations on the latest threats and technologies. The Black Hat conferences showcase the latest threats and hacker techniques in the industry. Social media platforms, such as Facebook, can showcase "How to" videos and posts, but they are limited. Support files are only available on vendor support pages. A local industry group or company like Best Buy's Geek Squad helps with smaller commercial and consumer products and is not ideal for rack server related items.

Answer 33

tcpdump tcpreplay Wireshark ## Footnote **tcpdump** is a command-line packet capture utility for Linux. The utility will display captured packets until halted manually, and it can save frames to a .pcap file. This tool commonly uses filter expressions to reduce the number of frames captured, such as Type, Direction, or Protocol. **Wireshark** is a graphical application that can capture all types of traffic by sniffing the network, and save that data to a .pcap file. **tcpreplay** is a command-line utility for Linux that can replay data from a .pcap file, for example, to analyze traffic patterns and data.

Answer 34

SRTP ## Footnote SRTP, which stands for Secure Real-time Transport Protocol, provides encryption and authentication for RTP (Real-Time Protocol) data in unicast and multicast data flows. SRTP will encrypt all data sent and received by each SIP endpoint for the entire journey.

Answer 35

Preventative ## Footnote Preventative controls act to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. An ACL is an example of this control type.

Answer 36

Add redirects to .htaccess files. Craft phishing links in email. ## Footnote **An** attacker can craft a phishing link that might appear legitimate to a naïve user, such as: https://trusted.foo/login.php?url="https://tru5ted.foo". **The** .htaccess file controls high-level configuration of a website. This file runs on an Apache server and can be edited to redirect users to other URLs.

Answer 37

Entropy ## Footnote Entropy is a measure of cryptographic unpredictability. Using high entropy sources of data provides more security than using low sources. A lack of good entropy can leave a system vulnerable.

Answer 38

Sandbox ## Footnote A sandbox, such as Cuckoo, is an isolated environment created to safely analyze malware and exploits. Sandboxing is an isolation technique commonly used in cybersecurity research, particularly malware research.

Answer 39

Production ## Footnote A production environment is where the final product is placed. All testing and development are complete at this point.

Answer 40

Notify those affected by the breach. ## Footnote Many laws and regulations require immediate notification of all third parties affected by a breach, including the GDPR in the EU. Failing to do so could lead to fines and potential reputation damage.

Answer 41

MicroSD ## Footnote Micro Secure Digital (MicroSD) is an external media device supported by many Android devices. Built-in and third-party encryption applications on the mobile OS may encrypt these types of removable storage.

Answer 42

Vulnerability scanning ## Footnote Whether they use purely passive techniques or some sort of active session or agent, vulnerability scanners represent a non-intrusive scanning type. The scanner identifies vulnerabilities from its database by analyzing things, such as build and patch levels or system policies.

Answer 43

Cache ## Footnote System cache is one of the most volatile data, similar to the CPU. This data should be captured before powering a device off.

Answer 44

SAE WPA3 ## Footnote **Wi-Fi Protected Access 3** (WPA3) is the most up-to-date wireless specification that provides security features and mechanisms that improve the weaknesses of WPA2. **Simultaneous Authentication of Equals** (SAE) is a feature of WPA3. It replaces WPA's 4-way handshake authentication and association mechanism with a protocol based on the Diffie-Hellman key agreement.

Answer 45

Jump server ## Footnote A jump server only runs the necessary administrative ports and protocols (typically SSH or RDP). Administrators connect to the jump server then use the jump server to connect to the admin interface of application servers in a demilitarized zone (DMZ).

Answer 46

Intranet ## Footnote An intranet is an internal company zone established to allow employees the ability to share content and communicate more effectively. Only authorized individuals can access the intranet.

Answer 47

Identify critical systems and mission essential functions ## Footnote Identifying critical systems and mission essential functions is often the first step of the risk management process, and will reveal any potential single points of failure.

Answer 48

Change control ## Footnote Change control of quality management systems and information technology systems is a process used to ensure that changes to the product or system are implemented in a managed and organized manner.

Answer 49

Live boot media ## Footnote Live boot media is a non-persistent operating system on a compact disk or USB. Live boot media can be run on any computer to provide the user a complete operating system while the computer is on.

Answer 50

RRset, Signing key ## Footnote DNS Security Extensions (DNSSEC) help to mitigate spoofing and poisoning attacks. When enabled, a "package" of resource records (called an RRset) is signed with a private key (the Zone Signing Key).

Answer 51

Prints the first lines of the target ## Footnote The head command, by default, outputs the oldest ten lines in a file. The echo command is a command that outputs the strings passed as an argument; in this case, the first lines of the provided target.

Answer 52

Cloud computing ## Footnote In cloud computing, a company uses a cloud service provider to deliver computing resources. A cloud-based server utilizes virtual technology to host a company’s applications offsite.

Answer 53

HTTP Strict Transport Security (HSTS) Cache-Control Content Security Policy (CSP) ## Footnote **HTTP Strict Transport Security** (HSTS) is a header option that forces the browser to connect using HTTPS only, mitigating downgrade attacks, such as SSL stripping. **Content Security Policy** (CSP) is a header option that mitigates clickjacking, script injection, and other client-side attacks. **Cache-Control** is a header option that sets whether the browser can cache responses. Preventing data caching protects confidential and personal information where the client device is shared by multiple users.

Answer 54

Weak encryption ## Footnote Weak encryption vulnerabilities allow unauthorized access to data. An algorithm used for encryption may have known weaknesses that allow brute-force enumeration.

Answer 55

Access policy ## Footnote Access policies determine things such as the right to log on to a computer locally or via remote desktop, install software, change the network configuration, and so on.

Answer 56

Data masking ## Footnote Data masking is a secure coding technique used to hide sensitive or private data from disclosure. All or part of the data fields are altered by substituting character strings with a random character.

Answer 57

The provider is responsible for the availability of the software. ## Footnote In a Software as a Service (SaaS) plan, the provider is responsible for the availability of the software. The software may include an appliance with Windows Server 2016 already installed and available to use.

Answer 58

RADIUS ## Footnote Remote Authentication Dial-in User Service (RADIUS) is made up of an Authentication, Authorization, and Account (AAA) server, a Network Access Control (NAC) or RADIUS client, and the supplicant. A supplicant is any device that is trying to access the local network remotely.

Answer 59

When to report compliance incidents Incident categories and definitions Query strings to identify incident types ## Footnote **Specific** query strings and signatures easily scan and detect specific types of incidents. These strings improve response and resolution time. **How** to address compliance incidents with, for example, Health Insurance Portability and Accountability Act (HIPAA) laws should be outlined. It may include a list of contacts and their information, how to contact them, and when. **Incident** categories and descriptions help ensure that all management and operational staff have a shared framework for interpreting the meaning of terms, concepts, and definitions.

Answer 60

nmap netstat netcat ## Footnote The **netstat** command is useful in showing the state of TCP/UDP ports on a system. The same command is used on both Windows and Linux, though with different options for syntax. **Netcat** is a simple but effective tool for testing connectivity. It is available for both Windows and Linux. Netcat can be used for port scanning and fingerprinting. The **Nmap** Security Scanner is one of the most popular open-source IP scanners. Nmap can use diverse methods of host and port discovery, some of which can operate stealthily.

Answer 61

Geographical considerations ## Footnote Amazon Web Services (AWS) is taking into account geographical considerations. The agreement mandates the system will stay within the United States.

Answer 62

Crypto-malware ## Footnote Ransomware is a type of Trojan malware that extorts money from the victim. The computer remains locked until the user pays the ransom. Crypto-malware is ransomware that attempts to encrypt data files. The user will be unable to access the files without the private encryption key.

Answer 63

Container ## Footnote Containers decouple services and applications from a host operating system. Containers run within isolated cells and do not have their own kernel. They allow for continuous integration and continuous delivery.

Answer 64

Revoke the host's certificate ## Footnote Certificate revocation must always be performed if the associated host is compromised. The Key Compromise property of the certification can allow it to be rekeyed to retain the same subject and expiry information.

Answer 65

The attempts to reuse can be traced if the threat actor successfully exfiltrates it. ## Footnote A honeyfile is convincingly useful but actually fake data. This data can be made trackable, so that when a threat actor successfully exfiltrates it, the attempts to reuse or exploit it can be traced.

Answer 66

Reuse ## Footnote The practice of reusing a cryptographic key can make a system vulnerable to cyber attacks. The longer a key is in use, the easier it is for an attacker to compromise it. Randomly generated, unique keys provide better security.

Answer 67

A loop in the network STP ## Footnote A switch **loop** on the network will cause network connections to drop since the packet cannot make the appropriate hop to the next switch to its final destination. Switching loops also generates broadcast storms. **STP** (Spanning Tree Protocol) is a means for the bridges to organize themselves into a hierarchy and prevent loops from forming.

Answer 68

Phishing ## Footnote Phishing is a combination of social engineering and spoofing, where the attacker sets up a spoof website to imitate a trusted one. The attacker then emails users of the genuine website, informing them that their account must be updated, supplying a disguised link that leads to their spoofed site. When users authenticate with the spoofed site, their logon credentials are captured.

Answer 69

Continuous validation ## Footnote Continuous validation is the process in which a product is continually tested throughout the development lifecycle to ensure it is meeting the functional and security goals of a customer.

Answer 70

Test access point (TAP) ## Footnote A test access point (TAP) is a device that copies signals from the physical layer and the data link layer. Since no network or transport logic is used, every frame is received, allowing reliable packet monitoring.

Answer 71

DNS amplification attack ## Footnote Domain name system (DNS) amplification attack is an application attack that targets vulnerabilities in the headers and payloads of specific application protocols. It triggers a short request for a long response at the victim network.

Answer 72

Consensus ## Footnote The principle of consensus or social proof refers to techniques that cause many people to act just as others would without force. The attacker can use this instinct to persuade the target that to refuse a request would be odd.

Answer 73

Evade detection through refactoring Use malware with administrator privilege ## Footnote The **malware** must evade detection by anti-virus to be successful. This can be done through code refactoring which means the code performs the same function by using different methods, such as changing its signature. **Dynamic Link Library** (DLL) injection is deployed with malware that is already operating on the system with local administrator or system privileges.

Answer 74

Retention ## Footnote When policy dictates preserving data in an archive after the date it is still being used, whether for regulatory or security purposes, this is known as a retention policy.

Answer 75

TLS 1.2 ## Footnote Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher along with improvements to the cipher suite negotiation process and protection against known attacks.

Answer 76

A Man-in-the-Browser (MitB) attack ## Footnote A MitB attack compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Vulnerability exploit kits installed on a website can actively try to exploit vulnerabilities in clients browsing the site.

Answer 77

Compliance/Licensing ## Footnote Software compliance and licensing is a legally binding agreement that means only using a software in accordance with the software developers’ conditions of usage.

Answer 78

MicroSD HSM ## Footnote Micro Secure Digital (MicroSD) Hardware Security Module (HSM) is designed to store cryptographic keys, such as a key-pair certificate, in a secure manner. It requires no extra drivers or uncommon hardware components to use.

Answer 79

MSSP ## Footnote A managed service provider (MSP)/Managed security service provider (MSSP) offers fully outsourced responsibility for information assurance to a third party.

Answer 80

SNMPv3 ## Footnote Simple Network Management Protocol (SNMP) v3 supports encryption and strong user-based authentication. Instead of community names, the agent is configured with a list of usernames and access permissions.

Answer 81

VBA ## Footnote Microsoft Office uses the Visual Basic for Applications (VBA) languages to script macros, for example, in a Word document to carry out multiple tasks automatically.

Answer 82

Red team ## Footnote The red team performs the offensive role to try to infiltrate the target. This team is one of two competing teams in a penetration testing exercise.

Answer 83

Keep ML algorithm a secret. Use SOAR to check picture properties. ## Footnote **Security orchestration, automation, and response** (SOAR) and automated runbooks could effectively check saved pictures before they are ingested into the machine learning tool. This will prevent malicious data from being ingested. **Machine Learning** (ML) algorithm is secrecy by obscurity. An adversarial attack can skew image data by tricking the ML tool to recognize an image as something else if the algorithm is known.

Answer 84

Pivot ## Footnote A pivot bypasses a network boundary and compromises servers on an internal network. A pivot is normally accomplished using remote access and tunneling protocols.

Answer 85

Single sign-on ## Footnote A single sign-on (SSO) system allows the user to authenticate once to a local device and be authenticated to compatible application servers without having to enter credentials again.

Answer 86

Victim Capability Infrastructure ## Footnote **Victim**-A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. It is useful to define the victim in terms of both the people or organization targeted, as well as the victim's assets (i.e., the attack surface). **Infrastructure**-The infrastructure feature describes the communication structures the adversary uses to utilize a capability. **Capability**-The capability feature describes the tools and/or techniques of the adversary used in the event. All of the vulnerabilities and exposures utilized by the individual's capability, regardless of the victim, is its capacity.

Answer 87

Non-repudiation ## Footnote Non-repudiation is a term that describes a property of a secure network where a sender cannot deny having sent a message.

Answer 88

Disk encryption ## Footnote The Opal security subsystem class is a set of specifications that defines a management interface for a host application to activate, provision, and manage encryption of user data on self-encrypting drives (SED).

Answer 89

Data Privacy Officer (DPO) ## Footnote The data privacy officer is responsible for the oversight of assets handled by the organization containing personally identifiable information (PII). The Privacy Officer maintains consistency with legislative and regulatory frameworks of the collection, disclosure, and protection of PII.

Answer 90

Weak keys ## Footnote Weak keys are poor or short algorithms in cryptographic keys used with a specific cipher. They are vulnerable to cybersecurity attacks. Stretching keys can strengthen the algorithm to make it more secure.

Answer 91

Lightweight ## Footnote Lightweight cryptography is an encryption method that provides a small footprint and/or low computational complexity for resource-constrained systems such as an Internet of Things (IoT) device.

Answer 92

API consideration ## Footnote API considerations are programming code that enables data transmission between one software product to another. It also contains the terms of this data exchange.

Answer 93

Provides privilege management and authorization ## Footnote Directory services are the principal means of providing privilege management and authorization on an enterprise network. The Lightweight Directory Access Protocol (LDAP) is a protocol used with X.500 format directories.

Answer 94

Namespaces Control groups ## Footnote In a **container** engine such as Docker, each container is isolated from others through separate namespaces. Namespaces prevent one container from reading or writing processes in another. **Control** groups ensure that one container cannot overwhelm others in a DoS-type attack. Namespaces and control groups reduce the risk of data exposure between containers.

Answer 95

File metadata ## Footnote File metadata includes information about when a file was created, accessed, and modified; access control lists defining who is authorized to read or modify the file; copyright information; or tags for indexing are all possible file metadata.

Answer 96

Hardware security module ## Footnote A hardware security module (HSM) is an appliance designed to perform centralized public key infrastructure (PKI) management, key generation, or key escrow for devices. HSM can also be implemented as a plug-in PCIe adapter card to operate within a device.

Answer 97

Open permissions Default settings ## Footnote **Open permissions** can allow anyone on the network with access to files and services. Although the file share is available to internal employees, only administrators should be reviewing gathered health information. **Default settings** are usually unsecure settings that leave the environment and data open to compromise. A shared folder that provides access to everyone on the Internal network is an example of a default setting when shared folders are created.

Answer 98

Code reuse ## Footnote Code reuse is the copying of code from one location into another. Careless or mismanaged code reuse can introduce instances of dead code.

Answer 99

Simulations ## Footnote Simulation is an activity in which two teams replicate a scenario and play the scenario out on real hardware, with one team representing the attackers, and the other team representing the response team.

Answer 100

A race condition ## Footnote A race condition vulnerability occurs when multiple threads are attempting to write at the same memory location. Race conditions can deploy as an anti-virus evasion technique.

Answer 101

Split segments between VPCs. ## Footnote Network segmentation can assist with separating workloads for performance and load balancing, keeping data processing within an isolated segment for compliance with laws and regulations and compartmentalizing data access and processing for different departments or functional requirements.

Answer 102

Geolocation ## Footnote Geolocation is the use of network attributes to identify (or estimate) the physical position of a device.

Answer 103

Concealing messages or information within other data ## Footnote Steganography obscures data by embedding it in another format. Messages can be covertly inserted into TCP packets in images by modifying specific pixels and even possibly to embed images or other data into audio files.

Answer 104

Guest account ## Footnote A guest account is a special type of shared account with no password. It allows anonymous and unauthenticated access to a resource. Guest accounts are created when installing web services, as most web servers allow unauthenticated access.

Answer 105

Data exposure ## Footnote Sensitive data should be protected to prevent data exposure. Secure coding techniques such as encryption, code obfuscation, and signing can prevent data from being exposed and modified.

Answer 106

Diagrams ## Footnote The use of diagrams provides a visual representation of complex relationships between network topologies, workflows, internet protocols, and architecture within a system. Diagrams must be updated as system components change. Baseline configurations are documented and agreed-upon sets of specifications for information systems.

Answer 107

Network range Cryptography capability Compute power ## Footnote **Compute power** is a common constraint of an embedded system. Embedded systems are relatively small and do not have the average computing capabilities as a standard computer. **Authentication** is a common constraint for embedded systems. Because they lack compute capacity, embedded systems cannot match the authentication technologies of a standard network. The lack of size and computing power also diminishes choices for **network connectivity**. Transmission Control Protocol/Internet Protocol (TCP/IP)-based networking is not up to standards with embedded systems using relatively low processing power.

Answer 108

User Account Control (UAC) Sudo restrictions ## Footnote **Conditional** access is an example of rule-based access control where policies are determined by system-enforced rules. The User Account Control (UAC) is an example of conditional access. A **conditional** access system monitors account or device behavior throughout a session. An example is sudo restrictions on privileged accounts.

Answer 109

Phone call ## Footnote A phone call is a form of two-factor authentication (2FA). An automated service dials the registered number on file to confirm authentication of a user.

Answer 110

Cloud ## Footnote On a cloud platform, an attacker only needs to find one account, service, or host with weak credentials to gain access. The attacker is likely to target the accounts used to develop services in the cloud or manage cloud systems.

Answer 111

Servers are incompatible. Vendor lacks expertise. ## Footnote **Devices** or software that are incompatible with other devices or software make them difficult to manage. Companies often seek compatibility factors to ensure full integration with existing assets. A **vendor** that lacks expertise is also unable to support deployment and other activities required for using a rack server in the environment. Customer experience is vital to future purchases.

Answer 112

Bluejacking ## Footnote WHAT YOU NEED TO KNOW A Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware.

Answer 113

EAP ## Footnote 802.1x, which is the Port-based Network Access Control framework, establishes several ways for devices and users to be securely authenticated before they are permitted full network access. EAP or extensible authentication protocol is the actual authentication mechanism.

Answer 114

DNS Security Extensions ## Footnote Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.

Answer 115

Application design flaw ## Footnote An application design flaw is a vulnerability in the software. It can cause the security system to be circumvented or will cause the application to crash. For this reason, proper patch management processes are required to ensure service availability of the application.

Answer 116

Backdoor ## Footnote A backdoor is any type of access method to a host that circumvents the usual authentication method and gives the remote user administrative control.

Answer 117

Time-based login policy ## Footnote A time-based login policy establishes the maximum amount of time an account may be logged in for. For example, a user with no activity will be logged off after 6 hours.

Answer 118

session replay cross-site scripting (XSS) ## Footnote A **session replay** is a client-side attack. This means that the attack executes arbitrary code on the user's browser. A **cross-site scripting (XSS)** attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.

Answer 119

Fake telemetry ## Footnote Fake telemetry is false, but realistic, data used to trick an attacker into believing it is legitimate information.

Answer 120

NAT ## Footnote Network addressing protocol (NAT) translates public IP addresses to private and vice versa. By using the NAT protocol on the firewall, a company can hide assets from the public internet.

Answer 121

ARO ## Footnote The annual rate of occurrence (ARO) indicates how many times a loss will occur within a year. An ARO is used in conjunction with the single loss expectancy (SLE) to figure the annual loss expectancy (ALE).