Amber is working as a team lead in an organization. She was instructed to share a policy document
with all the employees working from remote locations and collect them after filling. She shared the
files from her mobile device to the concerned employees through the public Internet. An
unauthorized user accessed the file in transit, modified the file, and forwarded it to the remote
employees.
Based on the above scenario, identify the security risk associated with mobile usage policies.
D
Explanation:
Sharing confidential data on an unsecured network is a security risk associated with mobile usage
policies. Mobile devices are often used to access and transmit sensitive information over public or
untrusted networks, such as WiFi hotspots, cellular networks, or Bluetooth connections. This exposes
the data to interception, modification, or redirection by malicious actors who may exploit mobile
security vulnerabilities or use network-based attacks, such as man-in-the-middle, spoofing, or
sniffing. To prevent this risk, mobile users should follow best practices such as using encryption, VPN,
certificate pinning, and secure protocols to protect the data in transit. They should also avoid sending
or receiving sensitive data over unsecured networks or applications, and verify the identity and
integrity of the endpoint servers before establishing a connection. Reference:
The 9 Most Common Security Threats to Mobile Devices in 2021
, Auth0, June 25, 2021
7 Mobile App Security Risks and How to Mitigate Them
, Cypress Data Defense, July 10, 2020
The Latest Mobile Security Threats and How to Prevent Them
, Security Intelligence, February 19,
2019
Barbara, a security professional, was monitoring the loT traffic through a security solution. She
identified that one of the infected devices is trying to connect with other loT devices and spread
malware onto the network. Identify the port number used by the malware to spread the infection to
other loT devices.
D
Explanation:
Port 48101 is the port number used by the malware to spread the infection to other loT devices. This
port is associated with the Mirai botnet, which is one of the most notorious loT malware that targets
vulnerable loT devices and turns them into a network of bots that can launch distributed denial-of-
service (DDoS) attacks. Mirai scans the internet for loT devices that use default or weak credentials
and infects them by logging in via Telnet or SSH. Once infected, the device connects to a command
and control (C&C) server on port 48101 and waits for instructions. The C&C server can then direct the
botnet to attack a target by sending TCP, UDP, or HTTP requests. Mirai has been responsible for some
of the largest DDoS attacks in history, such as the one that disrupted Dyn DNS in 2016 and affected
major websites like Twitter, Netflix, and Reddit. Reference:
Mirai (malware)
, Wikipedia, March 16, 2021
Mirai Botnet: A History of the Largest loT Botnet Attacks
, Imperva, December 10, 2020
Mirai Botnet: How loT Devices Almost Brought Down the Internet
, Cloudflare, March 17, 2021
Below are the various steps involved in establishing a network connection using the shared key
authentication process.
1.The AP sends a challenge text to the station.
2.The station connects to the network.
3.The station encrypts the challenge text using its configured 128-bit key and sends the encrypted
text to the AP.
4.The station sends an authentication frame to the AP.
5.The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original
challenge text.
What is the correct sequence of steps involved in establishing a network connection using the shared
key authentication process?
B
Explanation:
The correct sequence of steps involved in establishing a network connection using the shared key
authentication process is 4 -> 1 -> 3 -> 5 -> 2. This is based on the following description of the shared
key authentication process from the Network Defense Essentials courseware:
The station sends an authentication frame to the AP, indicating that it wants to use shared key
authentication.
The AP responds with an authentication frame containing a challenge text, which is a random string
of bits.
The station encrypts the challenge text using its configured WEP key, which is derived from the
shared secret key (password) that is also known by the AP. The station sends the encrypted text back
to the AP in another authentication frame.
The AP decrypts the encrypted text using its configured WEP key and compares it with the original
challenge text. If they match, the AP sends a positive authentication response to the station. If they
do not match, the AP sends a negative authentication response to the station.
The station connects to the network if the authentication is successful.
Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-18 to 3-19
Shared Key Authentication - Techopedia
, Techopedia, June 15, 2017
Identify the backup mechanism that is performed within the organization using external devices such
as hard disks and requires human interaction to perform the backup operations, thus, making it
suspectable to theft or natural disasters.
B
Explanation:
Onsite data backup is the backup mechanism that is performed within the organization using
external devices such as hard disks and requires human interaction to perform the backup
operations, thus, making it susceptible to theft or natural disasters. Onsite data backup means
storing the backup data on a local storage device, such as an external hard drive, a USB flash drive, a
CD/DVD, or a tape drive, that is physically located in the same premises as the original data source.
Onsite data backup has some advantages, such as fast backup and restore speed, easy access, and
low cost. However, it also has some disadvantages, such as requiring manual intervention, occupying
physical space, and being vulnerable to damage, loss, or theft. If a disaster, such as a fire, flood,
earthquake, or power outage, occurs in the organization, both the original data and the backup data
may be destroyed or inaccessible. Therefore, onsite data backup is not a reliable or secure way to
protect the data from unforeseen events. Reference:
Should I Use an External Hard Drive for Backup in 2024?
, Cloudwards, February 8, 2024
How to Back Up a Computer to an External Hard Drive
, Lifewire, April 1, 2022
Best Way to Backup Multiple Computers to One External Drive
, AOMEI, December 29, 2020
Which of the following types of network traffic flow does not provide encryption in the data transfer
process, and the data transfer between the sender and receiver is in plain text?
D
Explanation:
FTP traffic does not provide encryption in the data transfer process, and the data transfer between
the sender and receiver is in plain text. FTP stands for File Transfer Protocol, and it is a standard
network protocol for transferring files between a client and a server over a TCP/IP network. FTP uses
two separate channels for communication: a control channel for sending commands and receiving
responses, and a data channel for transferring files. However, FTP does not encrypt any of the data
that is sent or received over these channels, which means that anyone who can intercept the
network traffic can read or modify the contents of the files, as well as the usernames and passwords
used for authentication. This poses a serious security risk for the confidentiality, integrity, and
availability of the data and the systems involved in the file transfer. Therefore, FTP is not a secure way
to transfer sensitive or confidential data over the network. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-31 to 3-32
What is FTP, and Why Does It Matter in 2021?
, Kinsta, January 4, 2021
FTP Security
, Wikipedia, February 9, 2021
Alice was working on her major project; she saved all her confidential files and locked her laptop.
Bob wanted to access Alice's laptop for his personal use but was unable to access the laptop due to
biometric authentication.
Which of the following network defense approaches was employed by Alice on her laptop?
B
Explanation:
The network defense approach that was employed by Alice on her laptop was the preventive
approach. The preventive approach aims to stop or deter potential attacks before they happen by
implementing security measures that reduce the attack surface and increase the difficulty of
exploitation. Biometric authentication is an example of a preventive measure that uses a physical
characteristic, such as a fingerprint, iris, or face, to verify the identity of the user and grant access to
the device or system. Biometric authentication is more secure than traditional methods, such as
passwords or PINs, because it is harder to forge, guess, or steal. By locking her laptop and using
biometric authentication, Alice prevented Bob from accessing her laptop and her confidential files
without her permission. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 1-7 to 1-8
What is Biometric Authentication?
, Norton, July 29, 2020
An introduction to network defense basics
, Enable Sysadmin, November 26, 2019
Kalley, a network administrator of an organization, has installed a traffic monitoring system to
capture and report suspicious traffic signatures. In this process, she detects traffic containing
password cracking, sniffing, and brute-forcing attempts.Which of the following categories of
suspicious traffic signature were identified by Kalley through the installed monitoring system?
B
Explanation:
Unauthorized access signatures were identified by Kalley through the installed monitoring system.
Unauthorized access signatures are designed to detect attempts to gain unauthorized access to a
system or network by exploiting vulnerabilities, misconfigurations, or weak credentials. Password
cracking, sniffing, and brute-forcing are common techniques used by attackers to obtain or guess the
passwords of legitimate users or administrators and gain access to their accounts or privileges. These
techniques generate suspicious traffic patterns that can be detected by traffic monitoring systems,
such as Snort, using signature-based detection. Signature-based detection is based on the premise
that abnormal or malicious network traffic fits a distinct pattern, whereas normal or benign traffic
does not. Therefore, by installing a traffic monitoring system and capturing and reporting suspicious
traffic signatures, Kalley can identify and prevent unauthorized access attempts and protect the
security of her organization’s network. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-33 to 3-34
Detecting Suspicious Traffic via Signatures - Intrusion Detection with Snort
, O’Reilly, 2003
Threat Signature Categories - Palo Alto Networks
, Palo Alto Networks, 2020
Finch, a security auditor, was assigned the task of providing devices to all the employees to enable
work from remote locations. Finch restricted the devices to work only for organization-related tasks,
and not for personal use.
Which of the following mobile usage policies has Finch implemented in the above scenario?
B
Explanation:
Finch has implemented the COBO (Corporate-Owned, Business-Only) mobile usage policy in the
above scenario. COBO is a policy where the organization provides mobile devices to the employees
and restricts them to use the devices only for work-related purposes. The organization has full
control over the devices and can enforce security measures, such as encryption, password
protection, remote wipe, and application whitelisting or blacklisting. The employees are not allowed
to use the devices for personal use, such as browsing the internet, making personal calls, or installing
personal apps. COBO is a policy that aims to maximize security and minimize distractions and risks
for the organization and the employees. Reference:
Mobile usage policy in office - sample, cell phone policy in companies and organization
, HR Help
Board, 2020
Employee Cell Phone Policy Template
, Workable, 2020
How Employers Enforce Cell Phone Policies in the Workplace
, Indeed, 2022
In an organization, employees are restricted from using their own storage devices, and only the
company's portable storage devices are allowed. As employees are carrying the company's portable
device outside their premises, the data should be protected from unauthorized access.
Which of the following techniques can be used to protect the data in a portable storage device?
B
Explanation:
Data encryption is the technique that can be used to protect the data in a portable storage device.
Data encryption is the process of transforming data into an unreadable format using a secret key or
algorithm. Only authorized parties who have the correct key or algorithm can decrypt and access the
data. Data encryption provides security and privacy for the data stored on a portable storage device,
such as a USB flash drive or an external hard drive, by preventing unauthorized access, modification,
or disclosure. If the device is lost or stolen, the data will remain protected and inaccessible to the
unauthorized user. Data encryption can be implemented using software or hardware solutions, such
as BitLocker, VeraCrypt, or encrypted USB drives.
Data encryption is one of the best practices for
securely storing data on portable devices123
. Reference:
7 Ways to Secure Sensitive Data on a USB Flash Drive
, UpGuard, August 17, 2022
How to Protect Data on Portable Drives
, PCWorld, January 10, 2011
Securely Storing Data
, Security.org, December 20, 2022
Which of the following algorithms uses a sponge construction where message blocks are XORed into
the initial bits of the state that the algorithm then invertible permutes?
C
Explanation:
SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the
initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic
hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the
Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge
construction, which is a simple iterated construction that can produce variable-length output from a
fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into
two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing
phase and the squeezing phase. In the absorbing phase, the input message is padded and divided
into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is
transformed by the permutation function f. This process continues until all the input blocks are
processed. In the squeezing phase, the output is generated by repeatedly applying the permutation
function f to the state and extracting the first r bits as output blocks. The output can be truncated to
the desired length. SHA-3 uses a permutation function f that is based on a round function that
consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations,
permutations, and additions on the state. The permutation function f is invertible, meaning that it
can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths:
SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes:
SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length
output. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-23 to 3-25
SHA-3 - Wikipedia
, Wikipedia, March 16, 2021
The sponge and duplex constructions - Keccak Team
, Keccak Team, 2020
Below are the various steps involved in the creation of a data retention policy.
1.Understand and determine the applicable legal requirements of the organization
2.Ensure that all employees understand the organization's data retention policy
3.Build a data retention policy development team
4.ldentify and classify the data to be included in the data retention policy
5.Develop the data retention policy
Identify the correct sequence of steps involved.
B
Explanation:
The correct sequence of steps involved in the creation of a data retention policy is 3 -> 1 -> 4 -> 5 ->
2. This is based on the following description of the data retention policy creation process from the
web search results:
Build a team: To design a data retention policy, you need a team of industry experts, such as legal, IT,
compliance, and business representatives, who can contribute their knowledge and perspectives to
the policy.
The team should have a clear leader who can coordinate the tasks and communicate the
goals and expectations1
.
Determine legal requirements: The team should research and understand the applicable legal and
regulatory requirements for data retention that affect the organization, such as GDPR, HIPAA, PCI
DSS, etc.
The team should also consider any contractual obligations or industry standards that may
influence the data retention policy2134
.
Identify and classify the data: The team should inventory and categorize all the data that the
organization collects, stores, and processes, based on their function, subject, or type.
The team
should also assess the value, risk, and sensitivity of each data category, and determine the
appropriate retention period, format, and location for each data category2134
.
Develop the data retention policy: The team should draft the data retention policy document that
outlines the purpose, scope, roles, responsibilities, procedures, and exceptions of the data retention
policy. The policy should be clear, concise, and consistent, and should reflect the legal and business
requirements of the organization.
The policy should also include a data retention schedule that
specifies the retention period and disposition method for each data category2134
.
Ensure that all employees understand the organization’s data retention policy: The team should
communicate and distribute the data retention policy to all the relevant employees and
stakeholders, and provide training and guidance on how to comply with the policy.
The team should
also monitor and enforce the policy, and review and update the policy regularly to reflect any
changes in the legal or business environment2134
.
Reference:
How to Create a Data Retention Policy | Smartsheet
, Smartsheet, July 17, 2019
What Is a Data Retention Policy? Best Practices + Template
, Drata, November 29, 2023
Data Retention Policy: What It Is and How to Create One - SpinOne
, SpinOne, 2020
How to Develop and Implement a Retention Policy - SecureScan
, SecureScan, 2020
Cibel.org, an organization, wanted to develop a web application for marketing its products to the
public. In this process, they consulted a cloud service provider and requested provision of
development tools, configuration management, and deployment platforms for developing
customized applications.
Identify the type of cloud service requested by Cibel.org in the above scenario.
B
Explanation:
The type of cloud
The type of cloud service requested by Cibel.org in the above scenario is Platform-as-a-service
(PaaS). PaaS is a cloud-based service that delivers a range of developer tools and deployment
capabilities. PaaS provides a complete, ready-to-use, cloud-hosted platform for developing, running,
maintaining and managing applications. PaaS customers do not need to install, configure, or manage
the underlying infrastructure, such as servers, storage, network, or operating system. Instead, they
can focus on the application development and deployment process, using the tools and services
provided by the cloud service provider. PaaS solutions support cloud-native development
technologies, such as microservices, containers, Kubernetes, serverless computing, that enable
developers to build once, then deploy and manage consistently across private cloud, public cloud
and on-premises environments. PaaS also offers features such as scalability, availability, security,
backup, and monitoring for the applications.
PaaS is suitable for organizations that want to develop
customized applications without investing in or maintaining the infrastructure123
. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-40 to 3-41
What is PaaS? A Beginner’s Guide to Platform as a Service - G2
, G2, February 19, 2020
Cloud Service Models Explained: SaaS, IaaS, PaaS, FaaS - Jelvix
, Jelvix, July 14, 2020
Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity
using the credentials provided and passes that request on behalf of Ben to grant the digital
certificate.
Which of the following PKI components verified Ben as being legitimate to receive the certificate?
B
Explanation:
The PKI component that verified Ben as being legitimate to receive the certificate is the registration
authority (RA). An RA is an entity that is responsible for identifying and authenticating certificate
applicants, approving or rejecting certificate applications, and initiating certificate revocations or
suspensions under certain circumstances. An RA acts as an intermediary between the certificate
authority (CA) and the certificate applicant, and performs the necessary checks and validations
before forwarding the request to the CA. The CA is the entity that signs and issues the certificates,
and maintains the certificate directory and the certificate revocation list. A certificate directory is a
repository of issued certificates that can be accessed by users or applications to verify the validity
and status of a certificate.
A validation authority (VA) is an entity that provides online certificate
validation services, such as OCSP or SCVP, to verify the revocation status of a certificate in real
time123
. Reference:
Public key infrastructure - Wikipedia
, Wikipedia, March 16, 2021
Components of a PKI - The National Cyber Security Centre
, NCSC, 2020
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-26 to 3-27
George, a certified security professional, was hired by an organization to ensure that the server
accurately responds to customer requests. In this process, George employed a security solution to
monitor the network traffic toward the server. While monitoring the traffic, he identified attack
signatures such as SYN flood and ping of death attempts on the server.
Which of the following categories of suspicious traffic signature has George identified in the above
scenario?
D
Explanation:
Denial-of-service (DoS) is the category of suspicious traffic signature that George identified in the
above scenario. DoS signatures are designed to detect attempts to disrupt or degrade the availability
or performance of a system or network by overwhelming it with excessive or malformed traffic. SYN
flood and ping of death are examples of DoS attacks that exploit the TCP/IP protocol to consume the
resources or crash the target server. A SYN flood attack sends a large number of TCP SYN packets to
the target server, without completing the three-way handshake, thus creating a backlog of half-open
connections that exhaust the server’s memory or bandwidth. A ping of death attack sends a
malformed ICMP echo request packet that exceeds the maximum size allowed by the IP protocol,
thus causing the target server to crash or reboot.
DoS attacks can cause serious damage to the
organization’s reputation, productivity, and revenue, and should be detected and mitigated as soon
as possible123
. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-33 to 3-34
What is a denial-of-service attack?
, Cloudflare, 2020
Denial-of-service attack - Wikipedia
, Wikipedia, March 16, 2021
Identify the loT communication model that serves as an analyzer for a company to track monthly or
yearly energy consumption. Using this analysis, companies can reduce the expenditure on energy.
C
Explanation:
The loT communication model that serves as an analyzer for a company to track monthly or yearly
energy consumption is the device-to-cloud model. The device-to-cloud model is a loT
communication model where the loT devices, such as smart meters, sensors, or thermostats, send
data directly to the cloud platform, such as AWS, Azure, or Google Cloud, over the internet. The
cloud platform then processes, analyzes, and stores the data, and provides feedback, control, or
visualization to the users or applications. The device-to-cloud model enables the company to
monitor and optimize the energy consumption of the loT devices in real time, and to leverage the
cloud services, such as machine learning, big data analytics, or artificial intelligence, to perform
advanced energy management and demand response.
The device-to-cloud model also reduces the
complexity and cost of the loT infrastructure, as it does not require intermediate gateways or servers
to connect the loT devices to the cloud123
. Reference:
Network Defense Essentials Courseware
, EC-Council, 2020, pp. 3-38 to 3-39
loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End
Data-Sharing
, DZone, July 9, 2018
loT Communication Models: Device-to-Device, Device-to-Cloud, Device-to-Gateway, and Back-End
Data-Sharing
, Medium, March 26, 2019