The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

• A.The vulnerability management team
• B.The CIRT
• C.The NOC team
• D.The read team

Comment: *

Name: *

Email: *

Verification: *

A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

• A.An injection attack is being conducted against a user authentication system.
• B.A replay attack is being conducted against the application.
• C.A service account password may have been changed, resulting in continuous failed logins within the application.
• D.A credentialed vulnerability scanner attack is testing several CVEs against the application.

Comment: *

Name: *

Email: *

Verification: *

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:
http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?

• A.Pass-the-hash
• B.Session replay
• C.Cross-site request forgery
• D.Object deference

Comment: *

Name: *

Email: *

Verification: *

The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Correct Answer:

Explanation
Graphical user interface Description automatically generated with medium confidence

Graphical user interface Description automatically generated

Section: Network Security
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port
22Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References:Stewart,
James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Comment: *

Name: *

Email: *

Verification: *

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

• A.PaaS
• B.DaaS
• C.SaaS
• D.IaaS

Comment: *

Name: *

Email: *

Verification: *