734:
A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment. From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.
der Screenshot kann richtig sein, bei Destruction-Method ist es sicher richtig, bei der Klassifikation von z.B. 1 als public kann es Zweifel geben, es steht aber nicht gut genug drin, dass man eine eindeutige Zuordnung braucht.
731:
You are a security administrator investigating a potential infection on a network. Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
192.168.10.22 - infected – Mark: UND Origin : scans disabled on this host by svchost
192.168.10.37 - clean - scan found and quarantined svchost
192.168.10.41 - infected - heuristic pattern match but failed to quarantine svchost
10.10.9.12 - clean - scan found and quarantined svchost
10.10.9.18 - infected - heuristic pattern match but failed to quarantine svchost
das halte ich für falsch:
„I came to this conclusion for origin because the time stamp on this host disabling its scan is 14:31.
This is also the time it opened a connection to an 8080 HTTP port. All other hosts scans detected svchost at the exact same time of 14:37:37. The two infected computers opened connections over 8080 a few minutes later. So based on the logs, the timeframes, and the port connections, 22 would have been the first one making it the origin.“
die Infektion ist schon vor 02:31 auf .22 erfolgt
Infected weil der Virenscanner von einem vermutlich bösartigen Prozess deaktiviert wurde: svch0st.exe (leet-Code, svchost wäre in Windows ein üblicher Systemprozess) - Origin wg. Firewallaktivität s.u.
clean seit 18.4., 14:37
infected, 18.4., 14:37 konnte svch0st.exe nicht entfernt werden
die Firewall zeigt 8080-Aktivitäten, davor RPC von 192.168.10.22 aus – das würde ich für die Malware halten.
Clean seit 18.4., 14:37
infected, Quarantäne scheiterte 18.4., 14:37
726:
A security engineer is setting up passwordless authentication for the first time. Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.
richtig, klassisch auf dem Client Schlüsselpaar erzeugen, mit ssh-copy-id einmalig auf den Server den Public-Key übertragen (dabei noch mit Passwort anmelden); danach nur noch mit Nutzung des lokalen Privat-Key am Server anmelden.
733:
A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites. Click on each firewall to do the following:
1. Deny cleartext web traffic. HTTP (80) deny
2. Ensure secure management protocols are used. SSH (22) permit
3. Resolve issues at the DR site. DNS (53) permit
The ruleset order cannot be modified due to outside constraints.
725:
A newly purchased corporate WAP needs to be configured in the MOST secure manner possible. Please click on the below items on the network diagram and configure them accordingly:
• WAP
• DHCP Server
• AAA Server
• Wireless Controller
• LDAP Server
64
|
1
|