A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration: * Most secure algorithms should be selected * All traffic should be encrypted over the VPN * A secret password will be used to authenticate the two VPN concentrators
Correct Answer:
See the Explanation part for all the Solution. Explanation: To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators: Requirements: * Most secure algorithms should be selected. * All traffic should be encrypted over the VPN. * A secret password will be used to authenticate the two VPN concentrators. VPN Concentrator 1 Configuration: Phase 1: * Peer IP address: 5.5.5.10 (The IP address of VPN Concentrator 2) * Auth method: PSK (Pre-Shared Key) * Negotiation mode: MAIN * Encryption algorithm: AES256 * Hash algorithm: SHA256 * DH key group: 14 Phase 2: * Mode: Tunnel * Protocol: ESP (Encapsulating Security Payload) * Encryption algorithm: AES256 * Hash algorithm: SHA256 * Local network/mask: 192.168.1.0/24 * Remote network/mask: 192.168.2.0/24 VPN Concentrator 2 Configuration: Phase 1: * Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1) * Auth method: PSK (Pre-Shared Key) * Negotiation mode: MAIN * Encryption algorithm: AES256 * Hash algorithm: SHA256 * DH key group: 14 Phase 2: * Mode: Tunnel * Protocol: ESP (Encapsulating Security Payload) * Encryption algorithm: AES256 * Hash algorithm: SHA256 * Local network/mask: 192.168.2.0/24 * Remote network/mask: 192.168.1.0/24 Summary: * Peer IP Address: Set to the IP address of the remote VPN concentrator. * Auth Method: PSK for using a pre-shared key. * Negotiation Mode: MAIN for the initial setup. * Encryption Algorithm: AES256, which is a strong and secure algorithm. * Hash Algorithm: SHA256, which provides strong hashing. * DH Key Group: 14 for strong Diffie-Hellman key exchange. * Phase 2 Protocol: ESP for encryption and integrity. * Local and Remote Networks: Properly configure the local and remote network addresses to match each branch office subnet. By configuring these settings on both VPN concentrators, the site-to-site VPN will meet the requirements for strong security algorithms, encryption of all traffic, and authentication using a pre-shared key.
Question 187
Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
Correct Answer: C
A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to deliver a malicious payload to the organization's network. The attack aims to infect users' computers and gain access to a connected corporate network. The attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear- phishing attacks, which typically attempt to steal data or install malware onto users' devices1 In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company's network. The attackers likely chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees' computers and propagated to the network.
Question 188
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
Correct Answer: C
Safety controls are security controls that are designed to protect human life and physical assets from harm or damage. Examples of safety controls include fire alarms, sprinklers, emergency exits, backup generators, and surge protectors. Safety controls should fail open, which means that they should remain operational or allow access when a failure or error occurs. Failing open can prevent or minimize the impact of a disaster, such as a fire, flood, earthquake, or power outage, on human life and physical assets. For example, if a fire alarm fails, it should still trigger the sprinklers and unlock the emergency exits, rather than remain silent and locked. Failing open can also ensure that essential services, such as healthcare, transportation, or communication, are available during a crisis. Remote access points, logging controls, and logical security controls are other types of security controls, but they should not fail open in a data center. Remote access points are security controls that allow users or systems to access a network or a system from a remote location, such as a VPN, a web portal, or a wireless access point. Remote access points should fail closed, which means that they should deny access when a failure or error occurs. Failing closed can prevent unauthorized or malicious access to the data center's network or systems, such as by hackers, malware, or rogue devices. Logging controls are security controls that record and monitor the activities and events that occur on a network or a system, such as user actions, system errors, security incidents, or performance metrics. Logging controls should also fail closed, which means that they should stop or suspend the activities or events when a failure or error occurs. Failing closed can prevent data loss, corruption, or tampering, as well as ensure compliance with regulations and standards. Logical security controls are security controls that use software or code to protect data and systems from unauthorized or malicious access, modification, or destruction, such as encryption, authentication, authorization, or firewall. Logical security controls should also fail closed, which means that they should block or restrict access when a failure or error occurs. Failing closed can prevent data breaches, cyberattacks, or logical flaws, as well as ensure confidentiality, integrity, and availability of data and systems. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143, 372-373, 376-377
Question 189
A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?
Correct Answer: A
Security Orchestration, Automation, and Response (SOAR) systems help organizations automate repetitive security tasks, reduce manual intervention, and improve the efficiency of security operations. By integrating with various security tools, SOAR can automatically respond to incidents, helping to enhance threat detection while reducing the manual workload on security analysts. References = CompTIA Security+ SY0-701 study materials, particularly in the domain of security operations and automation technologies.
Question 190
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?
Correct Answer: D
The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid this issue by granting the user or process the necessary access rights for the patching activity.
