A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

• A.Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
• B.Install a sandbox to run the malicious payload in a safe environment
• C.Perform a traceroute to identify the communication path
• D.Use netstat to check whether communication has been made with a remote host

Comment: *

Name: *

Email: *

Verification: *

The security administrator has installed a new firewall which implements an implicit DENY policy by default.

Correct Answer:

Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:



Section: Network Security
Explanation:
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Comment: *

Name: *

Email: *

Verification: *

Which of the following describes the ability of code to target a hypervisor from inside

• A.Software-defined networking
• B.Fog computing
• C.VM escape
• D.Container breakout
• E.Image forgery

Comment: *

Name: *

Email: *

Verification: *

A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

• A.ARP poisoning
• B.Evil twin
• C.Man-in-the-middle
• D.MAC cloning

Comment: *

Name: *

Email: *

Verification: *

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

• A.Vishing
• B.Phishing
• C.Spear phishing
• D.Whaling

Comment: *

Name: *

Email: *

Verification: *