Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
A. user accounts may be inadvertently locked out. B. data on the USB drive could be corrupted. C. data on the hard drive will be vulnerable to log analysis. D. the security controls on the USB drive can be bypassed.
Explanation: A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data.
A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?
A. Avoid the risk to the user base allowing them to re-enable their own accounts B. Mitigate the risk by patching the application to increase security and saving money C. Transfer the risk replacing the application now instead of in five years D. Accept the risk and continue to enable the accounts each month saving money
Explanation: This is a risk acceptance measure that has to be implemented since the cost of patching would be too high compared to the cost to keep the system going as is. Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices (i.e. risk deterrence, mitigation, transference or avoidance) exceeds the value of the harm that would occur if the risk came to fruition.
An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application?
A. Time of day restrictions B. Create user accounts for the auditors and assign read-only access C. Mandatory access control D. Role-based access with read-only
Explanation: Auditors (employees performing the auditor role) will have access application by reviewing the logs. We can therefore assign access based on employee role. This is an example of Role-based access control (RBAC). To prevent the auditors from modifying passwords in the application, we need to ensure that they do not have write access. Therefore, you should assign only read access.
Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. RBAC models implement access by job function or by responsibility. Each employee has one or more roles that allow access to specific information. If a person moves from one role to another, the access for the previous role will no longer be available. Instead of thinking “Denise needs to be able to edit files,” RBAC uses the logic “Editors need to be able to edit files” and “Denise is a member of the Editors group.” This model is always good for use in an environment in which there is high employee turnover.
Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following is an authentication method Jane should use?
A. WPA2-PSK B. WEP-PSK C. CCMP D. LEAP
Explanation: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don’t live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented?
A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise
Explanation: D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security
(e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts.
Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).
A. Spoofing B. Man-in-the-middle C. Dictionary D. Brute force E. Privilege escalation
Explanation: Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used by user accounts.
Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?
A. Routine audits B. Account expirations C. Risk assessments D. Change management
Explanation: Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.
An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?
A. A password that has not changed in 180 days B. A single account shared by multiple users C. A user account with administrative rights D. An account that has not been logged into since creation
Explanation: A user account with administrative rights has the same rights as an administrator account on a computer. An administrator account is a user account that lets you make changes that will affect other users. Administrators can change security settings, install software and hardware, and access all files on the computer. Administrators can also make changes to other user accounts. This compares to a standard user (non-administrative) account which has limited rights on a computer. For example, a standard user account cannot install software, cannot make system changes that would affect other users and cannot access other users’ files. Therefore, a compromised user account with administrative rights has the potential for the most damage.
During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?
A. Account recovery B. Account disablement C. Account lockouts D. Account expiration
Explanation: Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.
An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
A. Shoulder surfing B. Dumpster diving C. Whaling attack D. Vishing attack
Explanation: The CCTV camera has recorded people entering their PINs in the ATMs. This is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.