A systems administrator confirms that the company’s remote server is providing the following list of preferred ciphers:
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
• TLS_RSA_WITH_RC4_128_SHA (0x5)
• TLS_RSA_WITH_RC4_128_MD5 (0x4)
Nevertheless, when the systems administrator’s browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees’ browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). Which of the following describes a potential attack to the systems administrator’s browser?
- A. A cipher mismatch
- B. Key rotation
- C. A downgrade attack
- D. A compromised key
- E. Rekeying
The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?
- A. Evasion
- B. Persistence
- C. Collection
- D. Lateral movement
The Chief Information Security Officer is concerned about the possibility of employees downloading malicious files from the internet and opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?
- A. Integrate the web proxy with threat intelligence feeds.
- B. Scan all downloads using an antivirus engine on the web proxy.
- C. Block known malware sites on the web proxy.
- D. Execute the files in the sandbox on the web proxy.
An internal security assessor identified large gaps in a company’s IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
- A. Due care
- B. Due diligence
- C. Due process
- D. Due notice
An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?
- A. Including input sanitization to the logon page
- B. Configuring an account lockout policy
- C. Implementing a new password reset system
- D. Adding MFA to all accounts
A security engineer has recently become aware of a Java application that processes critical information in real time on the company’s network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime?
- A. Perform software composition analysis on libraries from third parties.
- B. Run the application in a sandbox and perform penetration tests.
- C. Rewrite and compile the application in C++ and then reinstall it.
- D. Embed the current application into a virtual machine that runs on dedicated hardware.
After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:
Wed 12 Dec 2020 10:00:03 Unknown sources is now enabled on this device.
Which of the following is the MOST likely reason for the successful attack?
- A. Lack of MDM controls
- B. Auto-join hotspots enabled
- C. Sideloading
- D. Lack of application segmentation
An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be MOST concerning to the organization in the event of equipment failure?
- A. Support may not be available during all business hours.
- B. The organization requires authorized vendor specialists.
- C. Each region has different regulatory frameworks to follow.
- D. Shipping delays could cost the organization money.
A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement?
- A. Digital signature
- B. Message hash
- C. Message digest
- D. Message authentication code
A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?
- A. ChaCha20
- B. RSA
- C. AES256
- D. RIPEMD