A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused. Which of the following is the BEST approach?
Correct Answer:
B
https://legalshred.com/degaussing-vs-hard-drive-shredding/
The best and most secure method of rendering hard drive information completely unusable is to completely destroy it through hard drive shredding
Shredding is a method of physically destroying storage media files by cutting them into small pieces using a machine called a shredder. Shredding can ensure that confidential data from storage media files is sanitized so the drives cannot be reused, as it makes it impossible to recover any data from the shredded pieces.
A security analyst is reviewing a new Internet portal that will be used for corporate employees to obtain their pay statements. Corporate policy classifies pay statement information as confidential, and it must be protected by MFA. Which of the following would best fulfill the MFA requirement while keeping the portal accessible from the internet?
Correct Answer:
B
Requiring the internet portal to be accessible from only the corporate SSO internet endpoint and requiring a smart card and PIN. This option provides the best MFA requirement because it uses two factors of authentication: something you have (smart card) and something you know (PIN). It also restricts access to the portal from a trusted source (corporate SSO internet endpoint).
A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no following should the analyst review FIRST?
Correct Answer:
C
The security analyst should review the IDS rule set first. The IDS (Intrusion Detection System) is a tool that monitors network traffic and alerts on any suspicious or malicious activity. The IDS rule set is a set of conditions or patterns that define what constitutes normal or abnormal behavior on the network. The IDS rule set can affect the number of security incidents being reported, as it determines what triggers an alert or not3. The security analyst should review the IDS rule set to check if it is up to date, accurate, and comprehensive. If the IDS rule set is outdated, inaccurate, or incomplete, it may miss some incidents or generate false positives or negatives.
A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:
$ sudo nc —1 —v —e maildaemon.py 25 > caplog.txt Which of the following solutions did the analyst implement?
Correct Answer:
D
The correct answer is D. Honeypot. A honeypot is a security mechanism designed to detect and deflect attempts at unauthorized use of information systems. In this case, the analyst has set up a system to listen on a network port that is commonly used for email traffic. The purpose of this honeypot is to attract attackers and allow the security analyst to observe their behavior and tactics. By monitoring the traffic that is captured in the caplog.txt file, the analyst can identify attacks that were not blocked by the organization’s firewalls1.
* A. Log correlation is not correct. Log correlation is a process of analyzing and correlating data from multiple sources, such as firewalls, servers, applications, or devices, to identify patterns, trends, or anomalies. Log correlation can help to improve security visibility, detection, and response, but it does not describe the solution that the analyst implemented.
* B. Crontab mail script is not correct. Crontab is a tool that allows users to schedule commands or scripts to run at specified times or intervals on a Linux system. A mail script is a script that can send or receive email messages using a mail server. A crontab mail script could be used to automate email tasks, such as sending reports or alerts, but it does not describe the solution that the analyst implemented.
* C. Sinkhole is not correct. A sinkhole is a technique that redirects malicious or unwanted traffic to a controlled destination, such as a fake or isolated server. A sinkhole can help to prevent or mitigate the impact of attacks, such as botnets, malware, or phishing, by blocking or capturing the traffic. However, a sinkhole does not describe the solution that the analyst implemented.
1: CompTIA CySA+ Exam: Implementing a Firewall Analysis Solution
The following output is from a tcpdump al the edge of the corporate network:
Which of the following best describes the potential security concern?
Correct Answer:
B
Encapsulated traffic may evade security monitoring and defenses by hiding or obfuscating the actual content or source of the traffic. Encapsulation is a technique that wraps data packets with additional headers or protocols to enable communication across different network types or layers. Encapsulation can be used for legitimate purposes, such as tunneling, VPNs, or NAT, but it can also be used by attackers to bypass security controls or detection mechanisms that are not able to inspect or analyze the encapsulated traffic .