WEBVTT 1 00:00:00.000 --> 00:00:01.180 foreign [Music] 2 00:00:20.700 --> 00:00:24.360 good evening and welcome I am Dr Michael Mann and 3 00:00:24.360 --> 00:00:28.500 I'll be your instructor for this series  on preparing for the Security Plus exam 4 00:00:29.640 --> 00:00:35.460 this 12 session series is intended to help  you review key material that will be covered 5 00:00:35.460 --> 00:00:42.300 on the CompTIA Security Plus exam through  the use of practice questions developed by 6 00:00:42.300 --> 00:00:48.240 the Virginia cyber range in this session  we are going to focus on network security 7 00:00:49.680 --> 00:01:00.000 okay wow let's get started so uh good evening  everyone and and welcome we're going to be going 8 00:01:00.000 --> 00:01:10.260 over some review questions to help you prepare  for the Security Plus exam and tonight's topic 9 00:01:11.160 --> 00:01:16.860 excuse me is network security so we're going to  just go ahead and jump in and get started here 10 00:01:18.000 --> 00:01:23.700 um what you're looking at is the  Virginia cyber range CTF interface 11 00:01:24.300 --> 00:01:33.060 and it's a Jeopardy style CTF so we'll start with  our first question and this is on ARP poisoning 12 00:01:35.820 --> 00:01:42.900 and the question is in a corporate ethernet land  which of the following could be used to prevent 13 00:01:42.900 --> 00:01:52.680 Lan ARP poisoning and you need to choose two  static ARP entries patching antivirus software 14 00:01:52.680 --> 00:01:59.040 physical security and firewalls and let's just  open it up and and see what you're thinking 15 00:02:00.180 --> 00:02:05.640 okay so we're talking about corporate  ethernet local area Networks 16 00:02:06.180 --> 00:02:12.420 and ARP poisoning ARP as you may  recall is address resolution protocol 17 00:02:13.440 --> 00:02:24.420 and we're looking for ways to mitigate ARP  poisoning does anybody have an initial thought 18 00:02:26.520 --> 00:02:29.700 from the five options listed 19 00:02:32.520 --> 00:02:42.780 um firewall okay firewalls okay  ARP entries okay static ARP entries 20 00:02:43.860 --> 00:02:49.500 anyone else I was saying and the  antivirus software you gotta guess 21 00:02:50.400 --> 00:03:01.080 okay so let's start with the first um correct  answer and that is going to be static ARP entries 22 00:03:01.980 --> 00:03:17.760 and you may uh recall that arp is a means for um  creating relations between IP and Mac addresses 23 00:03:18.600 --> 00:03:32.700 and the the whole process is dynamic okay  normally so uh static type of ARP entry 24 00:03:33.300 --> 00:03:42.300 really cannot be changed once it is manually  entered and so that is going to be known by 25 00:03:42.300 --> 00:03:50.280 the person who does the entering of this um static  entry and the other thing that's important about 26 00:03:50.280 --> 00:03:58.440 this is that it doesn't age out and it can't  be overwritten by a dynamic ARP entry and that 27 00:03:58.440 --> 00:04:08.160 makes it resistant to tampering so there's one  other um suggestion here that's correct it is 28 00:04:08.160 --> 00:04:14.940 not firewalls and it is not antivirus software  so that leaves patching or physical security 29 00:04:17.100 --> 00:04:24.480 what do you think I'm just taking a guess but  um would it be patching no it's not patching 30 00:04:24.480 --> 00:04:35.280 actually it's physical security and the reason  for this is that ARP poisoning would occur over 31 00:04:35.280 --> 00:04:44.820 a local area network and this is going to require  close proximity to access the local area network 32 00:04:45.600 --> 00:04:56.700 and so good physical security is important to  mitigating ARP poisoning attacks okay that's a 33 00:04:56.700 --> 00:05:06.000 might be a little unexpected at first but when  you think about where these attacks take place 34 00:05:06.000 --> 00:05:16.320 and how they're implemented it starts to make more  sense okay any questions or comments on this one 35 00:05:20.040 --> 00:05:25.560 okay let's go ahead and move  on to the second question 36 00:05:28.740 --> 00:05:32.640 okay so this question involves identical Networks 37 00:05:34.980 --> 00:05:41.700 the scenario is you decide to go to your local  library to work on some homework while trying 38 00:05:41.700 --> 00:05:51.720 to connect to the internet there you notice two  identical local library Wi-Fi networks were not 39 00:05:51.720 --> 00:05:57.660 there previously which are the following best  describes what you should do in this situation 40 00:05:59.460 --> 00:06:05.340 your choices are choose either Network because  the library is large and probably just needs 41 00:06:05.340 --> 00:06:13.860 two routers to cover the whole building choose  neither Network because one is probably a rogue 42 00:06:13.860 --> 00:06:20.820 access point choose both networks and see  which one yields the fastest internet speed 43 00:06:20.820 --> 00:06:31.380 or choose neither because one is probably  blue jacked okay agendas what do you think 44 00:06:33.480 --> 00:06:35.160 I'm gonna say 45 00:06:37.380 --> 00:06:45.000 number two choose neither Network because one is  probably a rogue access point very good and that 46 00:06:45.000 --> 00:06:59.100 is correct the giveaway here is that the SSID  that's appearing is identical in both cases 47 00:06:59.100 --> 00:07:07.680 there are two that's a local library Wi-Fi and  that's almost always going to be a sure sign 48 00:07:08.580 --> 00:07:16.920 that somebody is trying to get you to do the  wrong thing basically okay just because the 49 00:07:16.920 --> 00:07:24.360 library is large yeah it doesn't necessarily  um mean or not mean that you don't need two 50 00:07:24.360 --> 00:07:32.940 routers but you know you're not going to have  totally identical ssids it doesn't work that way 51 00:07:34.380 --> 00:07:41.040 um the one choosing one to see if it has a  faster internet speed than the other is kind 52 00:07:41.040 --> 00:07:47.640 of not the right answer in fact it's not the right  answer it's not kind of it's not the right answer 53 00:07:48.600 --> 00:07:57.720 and then blue jacking is also incorrect so what  we are basically looking at here is what we would 54 00:07:57.720 --> 00:08:07.920 call an evil twin attack and basically it's where  a hacker operates a false access point so in the 55 00:08:07.920 --> 00:08:17.160 attempt to get you to associate with it okay all  right doing good I have a question yes please 56 00:08:18.180 --> 00:08:24.600 blue Jack can you explain that what a what is a  blue Jack I'm sorry can you speak up a little bit 57 00:08:24.600 --> 00:08:33.780 please yes can you explain what what is a blue  Jack ah blue jacket so that basically occurs 58 00:08:33.780 --> 00:08:45.060 when an attacker sends unsolicited unsolicited  text messages to a Bluetooth device and so since 59 00:08:45.060 --> 00:08:52.800 you're on this you know Wi-Fi network um and  Bluetooth is more of a personal area network 60 00:08:52.800 --> 00:09:01.080 we would not be using any type of Bluetooth  technology to connect to the library's Network 61 00:09:05.160 --> 00:09:07.020 let's move on to the next one 62 00:09:12.120 --> 00:09:17.100 and the next topic Network intrusion detection 63 00:09:18.480 --> 00:09:25.680 why would your network administrator configure a  signature based Network intrusion detection system 64 00:09:26.700 --> 00:09:32.100 your choices are to authenticate users  attempting to connect to the network 65 00:09:33.780 --> 00:09:43.620 to authorize what users are permitted to do  on the network to automatically update for 66 00:09:43.620 --> 00:09:50.340 known malicious attack patterns or to make  sure that all zero day attacks are detected 67 00:09:52.020 --> 00:09:54.840 so as we head into this question 68 00:09:56.040 --> 00:10:06.600 when you look at the responses is there anything  that sticks out as obviously incorrect yes 69 00:10:14.340 --> 00:10:15.420 I'm going to say 70 00:10:17.640 --> 00:10:19.560 to the number [Music] um 71 00:10:21.060 --> 00:10:27.660 number one number one okay and and why  do you think that one's obviously wrong 72 00:10:34.980 --> 00:10:39.120 okay I'm sorry can you say that again  please sorry I was talking to myself 73 00:10:41.160 --> 00:10:42.360 I don't know exactly why 74 00:10:44.580 --> 00:10:52.560 okay okay well that that's a good sense a good  feeling there because um I think it's your 75 00:10:52.560 --> 00:11:01.320 previous studies kicking in and probably what's  tipping you off is the word authenticate okay so 76 00:11:03.600 --> 00:11:07.380 there's one other response that's 77 00:11:08.460 --> 00:11:16.140 pretty uh incorrect here what I would  call an obvious misdirector anyone 78 00:11:21.300 --> 00:11:27.540 would it be the last one yes it would be and  why do you think that would be the misdirector 79 00:11:29.400 --> 00:11:33.240 because it's talking about  zero day attacks and that's it 80 00:11:33.780 --> 00:11:36.720 has nothing to do with the network but  no one has anything to do for Network 81 00:11:37.860 --> 00:11:49.620 well zero day attacks I mean so when you consider  that a zero day exploit is basically you know uh 82 00:11:51.120 --> 00:11:59.820 is a leveraging of zero day vulnerabilities and  zero day vulnerabilities our vulnerabilities 83 00:11:59.820 --> 00:12:04.980 that are unknown to the vendor in the  case of software say a software vendor 84 00:12:05.580 --> 00:12:15.000 so yeah there wouldn't be a signature yet  and so the correct response for this question 85 00:12:15.840 --> 00:12:22.260 is the third choice to automatically update  for known malicious attack patterns if it's 86 00:12:22.260 --> 00:12:28.920 a known malicious attack then the fact that  it's known means that we have a signature 87 00:12:29.640 --> 00:12:38.880 base for this attack and so we can use that  to our advantage okay so it really doesn't 88 00:12:38.880 --> 00:12:51.060 have anything to do with authenticating users or  authorizing users so there's the correct answer 89 00:12:53.580 --> 00:12:54.080 okay 90 00:12:58.860 --> 00:13:00.180 let's move to the next one 91 00:13:07.860 --> 00:13:16.440 this question involves open source firewalls which  are the following describes a characteristic of 92 00:13:16.440 --> 00:13:26.340 an open source Network firewall your choices  are wired Hardware inexpensive and ineffective 93 00:13:28.860 --> 00:13:31.440 okay what do you think about this one 94 00:13:35.460 --> 00:13:45.660 inexpensive inexpensive that's correct that  is the correct answer um the actually it is 95 00:13:45.660 --> 00:13:57.480 the best answer so if we look at the rest of  these suggested answers what's wrong with wired 96 00:14:02.880 --> 00:14:05.940 is there a possibility it it could be wired 97 00:14:06.960 --> 00:14:13.680 it could be but open source firewalls can  also function as wireless access points 98 00:14:15.120 --> 00:14:22.920 so wired is definitely not the best  answer what about Hardware yeah 99 00:14:27.180 --> 00:14:33.840 isn't that pertaining to like physical  devices yes to an appliance for example 100 00:14:39.480 --> 00:14:46.320 and and remember when we look at these questions  and oftentimes you know the the sort of implied 101 00:14:46.320 --> 00:14:51.180 instruction or sometimes it's very explicit  is that you need to choose the best answer 102 00:14:55.680 --> 00:15:04.740 and the fact is it's not necessarily going to  be a hardware Appliance it can be it can be 103 00:15:07.860 --> 00:15:10.440 so what about ineffective 104 00:15:13.740 --> 00:15:19.200 doesn't that just kind of sound bad if it's  ineffective it's not it's not working properly 105 00:15:20.220 --> 00:15:25.620 it's it's definitely probably the  worst answer uh suggestion there 106 00:15:26.700 --> 00:15:32.820 um because you know the popularity of Open  Source firewalls whether they're software 107 00:15:33.360 --> 00:15:40.020 were deployed on a hardware platform just you  know they're they're very popular because they 108 00:15:40.020 --> 00:15:47.580 are affected and they are inexpensive and they  work very very well so yeah inexpensive turns 109 00:15:47.580 --> 00:15:56.700 out to be the best answer uh to this question  okay all right let's take a look at the next one 110 00:16:03.720 --> 00:16:14.160 so this question involves root cas so  to be able to negotiate this question 111 00:16:15.000 --> 00:16:23.640 to come to a successful conclusion you  have to know what a CA is so what's a CA 112 00:16:26.040 --> 00:16:37.440 anybody uh the certified uh the authorial  authorization or something something like 113 00:16:37.440 --> 00:16:43.800 that okay close yeah it's a certificate  Authority okay okay so the question is 114 00:16:43.800 --> 00:16:50.040 which of the following is true about a  root CA and we're asked to choose two 115 00:16:51.480 --> 00:17:00.000 your choices are it resides at the highest  part of the chain of trust it resides at the 116 00:17:00.000 --> 00:17:08.100 lowest part of the chain of trust IT issues  certificates to several intermediate cas 117 00:17:09.060 --> 00:17:17.640 or IT issues certificates to several single  cas so let's let's take a stab at this 118 00:17:20.400 --> 00:17:22.560 what's a good one for the first choice 119 00:17:28.320 --> 00:17:37.860 so the use of the word root may be misdirecting or  misleading if you think of the root of a tree and 120 00:17:38.460 --> 00:17:43.860 you know when you maybe picture that you see  it as the lower part of the tree but really 121 00:17:44.580 --> 00:17:53.760 the root cea resides at the highest part of the  chain of trust and that's what's important about 122 00:17:53.760 --> 00:18:03.300 this at the chain of trust the root certificate  Authority is at the highest part it's the origin 123 00:18:04.140 --> 00:18:14.220 okay all right so if we believe that's true then  that lets out it resides at the lowest part of the 124 00:18:14.220 --> 00:18:21.300 chain of trust that becomes incorrect that leaves  us two more choices and we need one of those 125 00:18:23.520 --> 00:18:25.860 so what do you think 126 00:18:28.920 --> 00:18:36.720 okay oh sorry go ahead yes please go  ahead oh um is it the intermediate cas 127 00:18:37.800 --> 00:18:46.140 yes it issues certificates to  several intermediate cas okay and so 128 00:18:48.420 --> 00:18:57.240 the root certificates um when we're talking about  the root CA first of all the thing to know is that 129 00:18:57.240 --> 00:19:05.460 it has a self-signed certificate okay and it uses  this to digitally sign all the other certificates 130 00:19:05.460 --> 00:19:13.620 that it creates and the certificate used by  the root CA is known as the root certificate 131 00:19:13.620 --> 00:19:21.600 and as we already said is self-signed so  depending upon the size of the organization 132 00:19:22.380 --> 00:19:33.060 you can have one or more subordinate Cas but we  typically call these intermediate cas and these 133 00:19:33.060 --> 00:19:41.880 Cas the intermediate Cas have their certificates  issued and digitally signed by the root CA okay 134 00:19:43.320 --> 00:19:53.820 all right it doesn't really reach down  to anything below the intermediate cas 135 00:19:55.320 --> 00:20:02.820 so we say that it issues certificates  to several intermediate cas okay 136 00:20:04.980 --> 00:20:06.540 let's move on to the next one 137 00:20:12.600 --> 00:20:20.400 I have a question yes I wanted a restroom so after  open source after the question question number 138 00:20:20.400 --> 00:20:30.300 four open source firewalls was the fifth question  root CA yes anything yes root CA was the fifth one 139 00:20:31.260 --> 00:20:36.060 and basically the question was  which of the following is true 140 00:20:36.720 --> 00:20:43.260 and the root CA resides at the highest part of  the chain of the trust chain of trust it's the 141 00:20:43.260 --> 00:20:48.840 origin the point of origin and IT issues  certificates to several intermediate cas 142 00:20:51.540 --> 00:20:59.880 okay thank you now the next question  jumps out right with port numbers 143 00:21:00.840 --> 00:21:08.340 so the first thing to understand about this  is the importance of knowing port numbers 144 00:21:09.660 --> 00:21:16.740 and protocols and you know there's really  not going to be any getting around this 145 00:21:17.940 --> 00:21:24.300 um I'm often asked you know how  should I negotiate questions like this 146 00:21:25.620 --> 00:21:31.140 um you know how do I deal with this and  some of these things and this is one of them 147 00:21:32.100 --> 00:21:39.240 some of this information is pretty much a straight  up knowledge based information it's not like a 148 00:21:39.240 --> 00:21:48.720 performance question um it's just really something  you have to know and what I usually tell people is 149 00:21:49.320 --> 00:21:57.960 that if there's something you can do to help  you with knowledge-based information so such 150 00:21:57.960 --> 00:22:03.420 as protocols and port numbers if there's  something that you can physically do 151 00:22:04.080 --> 00:22:13.260 if there's something you can create this is often  very helpful to learning the material and one of 152 00:22:13.260 --> 00:22:24.120 the easiest things to do is to create a PowerPoint  presentation and you can also create things like 153 00:22:24.120 --> 00:22:31.860 Word documents maybe you're going to use them  as flash cards if you really wanted to get 154 00:22:32.640 --> 00:22:42.540 detailed about it you can find Jeopardy style  games like this CTF as a Jeopardy Style game 155 00:22:42.540 --> 00:22:48.720 really pretty much you can find these templates  for PowerPoint download them and you know 156 00:22:49.500 --> 00:22:55.980 create a whole sequence or a whole series on  protocols and port numbers so the question 157 00:22:55.980 --> 00:23:08.340 here which statement below is true regarding TCP  Port 636 and your choices are it is used by FTP 158 00:23:09.000 --> 00:23:21.780 it is used by ftps it is used by ldap it is used  by ldaps so anybody have a suggestion for this one 159 00:23:25.740 --> 00:23:33.420 I want to say FTP TP at FTP okay no 160 00:23:36.240 --> 00:23:37.020 anyone else 161 00:23:39.780 --> 00:23:50.520 is it the fourth one it is it is ldaps  so lightweight directory access protocol 162 00:23:51.420 --> 00:24:02.700 secure or secure ldap uses secure  sockets layer SSL over TCP Port 636 163 00:24:03.600 --> 00:24:08.940 to encrypt the communication between  the client and the ldap system 164 00:24:10.440 --> 00:24:20.760 again this is one of those things where you  basically have to deal with knowledge-based 165 00:24:20.760 --> 00:24:27.120 information and you know oftentimes there's  a there's a great deal of it so once again 166 00:24:27.120 --> 00:24:35.940 my suggestion is always try to find some way  to create something a study guide a self-help 167 00:24:36.480 --> 00:24:44.640 guide or something that works for you and but  just do something because that will often help 168 00:24:44.640 --> 00:24:54.720 to solidify the knowledge okay and you know the  thing to understand about that is that we really 169 00:24:54.720 --> 00:25:00.480 do want to try to avoid just cramming things into  short-term memory because it really doesn't work 170 00:25:01.140 --> 00:25:06.360 and it's also obviously not very lasting  that's why we call it short-term memory 171 00:25:06.360 --> 00:25:13.080 by working with the information and  creating something like a study guide 172 00:25:13.740 --> 00:25:21.840 you can better put it into longer term memory  okay all right let's go to the next question 173 00:25:22.920 --> 00:25:30.900 what does ldld AP stand for again  lightweight directory access protocol 174 00:25:33.960 --> 00:25:37.200 thank you you're welcome okay 175 00:25:39.480 --> 00:25:48.840 the next question the topic is domain  name the question is a startup business 176 00:25:49.620 --> 00:25:58.320 thinks that they have found a way to cut some  costs by registering a domain name for a short 177 00:25:58.320 --> 00:26:06.900 period and then deleting it repeatedly so that  they can avoid paying for the domain name expenses 178 00:26:07.980 --> 00:26:16.440 in this example what term is being  described your choices are domain hijacking 179 00:26:17.460 --> 00:26:28.140 domain poisoning domain kiting or domain  squatting so let's see what you think 180 00:26:31.260 --> 00:26:40.620 okay would it be domain squatting okay you think  it's domain squatting okay is there a reason 181 00:26:42.900 --> 00:26:45.660 kind of just based off of  the definition of squatting 182 00:26:45.660 --> 00:26:49.140 okay you don't necessarily own  the property you're just there 183 00:26:51.660 --> 00:27:02.460 okay so domain squatting is basically buying a  domain name and the the main reason for doing 184 00:27:02.460 --> 00:27:08.280 this the sole purpose for doing it is to prevent  someone else from getting it or from buying it 185 00:27:09.540 --> 00:27:15.060 um when this happens typically buyers  will resell the domain name at a higher 186 00:27:15.060 --> 00:27:21.540 price to someone else who's you know somewhat  desperate to get the name um but that's not 187 00:27:21.540 --> 00:27:27.780 exactly what's being described here I'm going to  call that one a pretty good you know misdirector 188 00:27:29.160 --> 00:27:33.300 um what about domain hijacking  is that right or is that wrong 189 00:27:35.700 --> 00:27:45.420 wrong yeah that's an incorrect answer okay  so domain hijacking basically involves the 190 00:27:45.420 --> 00:27:52.680 hackers taking over a domain name from  its original registrant and this can 191 00:27:52.680 --> 00:28:01.140 be done using social engineering techniques um  possibly exploiting vulnerabilities on systems 192 00:28:01.680 --> 00:28:07.620 that the host domain name you know to gain  authorized access to the domain registration 193 00:28:08.400 --> 00:28:14.520 so that's not the correct answer what about  domain poisoning does anybody know what this is 194 00:28:18.480 --> 00:28:22.740 I don't but I don't think that's  the correct answer either it's not 195 00:28:22.740 --> 00:28:28.080 um you may have heard this or heard of  it as DNS poisoning or DNS cash poisoning 196 00:28:29.640 --> 00:28:40.020 um but that that's not right either and so that  leaves us with domain kiting and what's Happening 197 00:28:40.020 --> 00:28:51.540 Here is that someone can purchase and register  the domain and take advantage of Grace periods 198 00:28:52.380 --> 00:29:01.860 and so you can use the domain for a grace period  then you can cancel the registration but then go 199 00:29:01.860 --> 00:29:11.460 and register it again and then try to keep writing  this grace period I guess for as long as you can 200 00:29:12.840 --> 00:29:21.720 and I think when I think about that definition  and the the name domain kiting it kind of sort 201 00:29:21.720 --> 00:29:29.340 of resembles you know watching somebody fly a  kite because the kite just doesn't go straight 202 00:29:29.340 --> 00:29:37.440 up and up and up and up right it goes up and comes  down maybe spins around or something and you know 203 00:29:37.440 --> 00:29:42.660 that's really what you're trying to do here you're  trying to sort of ride this wave of the grace 204 00:29:42.660 --> 00:29:49.080 period and then you know when the thing is heading  towards the ground well then you let go of it and 205 00:29:49.860 --> 00:29:56.760 re-register it or you send the kite up again  it's just how I think of it I'm telling you this 206 00:29:56.760 --> 00:30:02.040 because this is sort of the picture that  comes to my mind when I think about this 207 00:30:02.580 --> 00:30:09.960 and you know if you have an impression based  on say the name of a term being described in 208 00:30:09.960 --> 00:30:17.160 this case domain kiting that can also go a  long ways to helping you remember this okay 209 00:30:20.580 --> 00:30:22.020 let's go on to the next one 210 00:30:26.940 --> 00:30:36.720 this question involves iot security and so of  course you know what's going to matter here is 211 00:30:36.720 --> 00:30:47.700 that you understand again acronyms iot um I should  point out that certification exams especially 212 00:30:49.260 --> 00:30:58.680 Security Plus um is loaded with acronyms  so here again you may be faced with 213 00:30:59.340 --> 00:31:07.740 needing a way a methodology to deal with  acronyms and you know the first thing 214 00:31:07.740 --> 00:31:13.380 that comes to my mind of course is using  PowerPoint presentations again you can 215 00:31:13.920 --> 00:31:21.360 create these neat slides that work like flash  cards or any way that you know you you react 216 00:31:21.360 --> 00:31:29.460 best to okay some people like flash cards some  people like straight up notes so what is iot 217 00:31:31.500 --> 00:31:41.040 of things the internet of things and the question  is iot sensors with minimal data transmission 218 00:31:41.040 --> 00:31:50.220 requirements are best restrained by a blank  Network design obviously our task is to fill 219 00:31:50.220 --> 00:32:00.660 in the blank so your choices are restricted  latency client TLS certificates restricted 220 00:32:00.660 --> 00:32:08.280 broadcast domain or restricted bandwidth okay  all right anybody have an idea on this one 221 00:32:14.160 --> 00:32:18.120 okay does something stand  out as obviously incorrect 222 00:32:20.940 --> 00:32:28.920 anybody no it's okay take a  guess constricting bandwidth 223 00:32:30.660 --> 00:32:34.680 okay and and you think that  is the incorrect answer 224 00:32:36.660 --> 00:32:43.980 oh no no no I'm so sorry I think the uh maybe  it's the client TLC certificate certificate 225 00:32:44.520 --> 00:32:56.340 okay all right so yeah um client TLS certificates  yeah that kind of doesn't make too much sense 226 00:32:57.960 --> 00:33:10.620 um I'd say the key to this particular question is  that understanding that iot sensors can exist in a 227 00:33:10.620 --> 00:33:18.900 wide range of items and I mean everything from  refrigerators to you know fluid level sensors 228 00:33:19.500 --> 00:33:28.620 but the really important part of this question  is minimal data transmission requirements 229 00:33:30.660 --> 00:33:39.240 and so if we're told up front that there  are minimal data transmission requirements 230 00:33:40.260 --> 00:33:47.820 and we don't want to give any more quarter  or any more space or room than we need to 231 00:33:48.540 --> 00:33:55.200 restricted latency is not going to do it for  us latency doesn't make sense in this context 232 00:33:56.340 --> 00:34:04.800 ended bandwidth oh sorry yes yes absolutely  the the answer to this question is restricted 233 00:34:04.800 --> 00:34:11.580 bandwidth okay and you know I mean  we're talking about possibly needing 234 00:34:12.120 --> 00:34:22.260 a bandwidth of say two megabits per second which  is very very tight very restricted okay but if 235 00:34:22.260 --> 00:34:28.620 the minimal if the transmission requirements are  minimal which they may be coming from iot sensors 236 00:34:29.400 --> 00:34:35.340 you know we we don't need a bandwidth  of 50 megabits per second okay 237 00:34:36.300 --> 00:34:45.600 and so the idea here is that you are  only giving enough quarter or room 238 00:34:46.500 --> 00:34:56.820 to satisfy what you need okay all right  the other thing to remember is that 239 00:34:58.260 --> 00:35:06.060 sensor Transmissions can also be  tapped into to get into a network 240 00:35:07.080 --> 00:35:16.200 so by tightening the bandwidth you  may in effect be helping to prevent 241 00:35:17.040 --> 00:35:28.200 attacks that are seeking to get into the network  okay all right let's go on to the next question 242 00:35:33.000 --> 00:35:35.220 and this one involves Network design 243 00:35:37.200 --> 00:35:43.020 so the question is which term is most  closely interchangeable to a reverse proxy 244 00:35:44.280 --> 00:35:56.220 your choices are forward proxy load  balancer https server SNMP service 245 00:35:58.080 --> 00:36:03.840 okay anybody wanna take a shot at this question 246 00:36:07.500 --> 00:36:10.980 okay does anything look obviously incorrect 247 00:36:14.160 --> 00:36:20.580 do you think SNMP service has  anything to do with a reverse proxy 248 00:36:22.740 --> 00:36:25.200 do you recall what SNMP services 249 00:36:30.660 --> 00:36:32.520 does anybody remember that acronym 250 00:36:35.400 --> 00:36:44.100 okay so simple Network management protocol  and this allows us to pull devices and 251 00:36:45.060 --> 00:37:00.180 get and set configurations so to me SNMP service  and https server would be the two that stand 252 00:37:00.180 --> 00:37:10.200 out as the least correct okay what about a  forward proxy does anybody know what that is 253 00:37:13.080 --> 00:37:17.820 okay so forward proxy is the most  common form of a proxy server 254 00:37:18.780 --> 00:37:25.140 generally used to pass requests from isolated  private Network to the internet through a firewall 255 00:37:27.660 --> 00:37:38.160 so the most closely interchangeable to  reverse proxy the term would be load balancer 256 00:37:39.120 --> 00:37:47.700 okay now a reverse proxy facilitates a user's  requests to web server or application server and 257 00:37:47.700 --> 00:37:55.320 the server's response a load balancer receives  user requests and distributes them accordingly 258 00:37:55.920 --> 00:38:02.280 among a group of servers and then forwards  each server response to its respective user 259 00:38:03.060 --> 00:38:10.320 so you can kind of tell from that that there's a  bit of overlap between the functions of the two 260 00:38:10.320 --> 00:38:22.140 and that makes load balancer the best answer to  this question okay so here the situation involves 261 00:38:22.140 --> 00:38:32.100 understanding the terminology what proxy servers  are what they do and as well as as being able to 262 00:38:32.100 --> 00:38:43.500 spot incorrect answers like SNMP servers or  https server okay let's move on to the next 263 00:38:51.180 --> 00:38:59.280 okay this question involves PKA pki excuse  me certificate attributes and the question is 264 00:39:00.120 --> 00:39:09.420 which of the following are included within a  pki SSL TLS certificate and this time they want 265 00:39:09.420 --> 00:39:24.000 you to choose all that apply so your choices are  URL domain name in parentheses cm or common name 266 00:39:25.920 --> 00:39:38.340 certificate Authority reference also CA expiration  date or private key okay so what are you thinking 267 00:39:40.920 --> 00:39:46.440 anything that sticks out here  I'm sorry say again oh privacy 268 00:39:47.820 --> 00:39:54.960 private key okay is there a reason that you  think that private Keys is are you saying 269 00:39:54.960 --> 00:40:04.740 that's a good answer or a bad answer oh well  good answer a good answer okay so it is not okay 270 00:40:06.720 --> 00:40:13.500 well it's okay that's okay um this  question involves understanding public 271 00:40:13.500 --> 00:40:24.840 key infrastructure okay and so certificate  attributes are components of the certificate 272 00:40:25.800 --> 00:40:34.260 and the private key is definitely not going to  be one of them okay because it's not stored in 273 00:40:34.260 --> 00:40:43.380 a pki certificate certificates are files  with a public key and contain information 274 00:40:44.520 --> 00:40:54.840 of its respective private key owner Okay so  private key is not one of the correct choices 275 00:40:55.980 --> 00:41:04.080 what do you think about some of the others how  about expiration date do certificates expire do 276 00:41:04.080 --> 00:41:11.340 they have a valid from date and a date and  after which they expire what do you think 277 00:41:12.180 --> 00:41:21.420 yes yes they do okay and the certificate  Authority reference what about that one 278 00:41:26.160 --> 00:41:32.760 is there a reference to the certificate  Authority that generated the certificate 279 00:41:36.600 --> 00:41:41.220 do you think it's important to  know where it came from yes yes 280 00:41:42.540 --> 00:41:48.000 okay and the URL domain name  what do you think about that one 281 00:41:52.980 --> 00:41:59.340 it's important to know as well it is  it's the sin in parentheses stands for 282 00:41:59.340 --> 00:42:05.340 common name and it's also known as fqdn  and here we go with the acronyms again 283 00:42:06.120 --> 00:42:16.620 so fqdn fully qualified domain name so our  three correct choices here are URL domain name 284 00:42:16.620 --> 00:42:24.360 certificate Authority reference and expiration  date all right let's push on to the next question 285 00:42:30.840 --> 00:42:43.080 okay so this one is involving SSL and TLS the  question reads what do SSL and TLS get you from 286 00:42:43.080 --> 00:42:51.600 a security compliance perspective and we're asked  to choose two your choices are data encryption in 287 00:42:51.600 --> 00:43:03.000 transit data encryption on disk data encryption  in memory and client server session encryption 288 00:43:05.280 --> 00:43:09.240 so clearly we're dealing with encryption here 289 00:43:11.580 --> 00:43:13.320 okay so what are you thinking 290 00:43:16.860 --> 00:43:20.640 if we're concerned with data encryption 291 00:43:22.980 --> 00:43:25.380 where do you think it's most critical 292 00:43:28.380 --> 00:43:40.020 and Transit in transit I would agree with that and  that is in fact a correct answer oops there we go 293 00:43:40.680 --> 00:43:47.040 data encryption in transit okay what about on disk 294 00:43:48.360 --> 00:43:53.640 does that have anything to do with secure  sockets layer or transport layer security 295 00:43:57.600 --> 00:43:59.520 when we look at the rest of the choices 296 00:44:02.760 --> 00:44:12.960 if we're concerned with encryption obviously we  are trying to keep the wrong people from seeing 297 00:44:12.960 --> 00:44:19.440 the information or accessing it or being able to  do something with it even if they have accessed it 298 00:44:20.460 --> 00:44:25.380 so data encryption on disk and in memory 299 00:44:28.020 --> 00:44:31.140 and then client server session encryption 300 00:44:33.300 --> 00:44:36.420 which one of those three is not like the others 301 00:44:37.080 --> 00:44:45.600 and we're only talking about these  three choices now here here and here 302 00:44:48.420 --> 00:44:55.740 if I ask it another way and I say data  encryption in transit and then I ask 303 00:44:55.740 --> 00:45:01.980 you to look at the remaining three  choices and pick one that is like 304 00:45:03.480 --> 00:45:07.380 data encryption in transit  which do you think it would be 305 00:45:09.120 --> 00:45:19.080 number four yes yes absolutely okay  if we have a client server session 306 00:45:20.700 --> 00:45:25.620 right then we have communication  between at least two endpoints 307 00:45:26.880 --> 00:45:36.480 and again we're sort of dealing with data in  transit okay so those two are most closely related 308 00:45:38.280 --> 00:45:48.180 now this doesn't mean you can't do data encryption  on disk okay you certainly can there are 309 00:45:48.840 --> 00:45:54.660 several ways to do this the most popular  and well-known are going to be full disk 310 00:45:54.660 --> 00:46:02.280 encryption or file level encryption and file level  encryption gives you a little more granularity and 311 00:46:02.280 --> 00:46:09.660 control over what exactly you want to encrypt  in terms of the files and data encryption on 312 00:46:09.660 --> 00:46:16.500 disk is just the whole thing okay all right  let's move on and go to the next question 313 00:46:22.620 --> 00:46:29.040 okay so this involves again Wi-Fi  security your it manager has asked 314 00:46:29.040 --> 00:46:34.260 you to verify the security profile of  the Wi-Fi access points in your office 315 00:46:35.220 --> 00:46:42.180 so you plan to look at several aspects  of your wireless networks what are some 316 00:46:42.180 --> 00:46:48.900 of the top common vulnerabilities you should  First Look for and we're told to choose two 317 00:46:50.220 --> 00:46:57.000 we're looking for common vulnerabilities the first  things you would look for your choices are MAC 318 00:46:57.000 --> 00:47:08.700 address filtering default admin passwords  open Wi-Fi networks or AES 256 encryption 319 00:47:11.040 --> 00:47:18.180 okay what do you think would it make sense  to start with Wi-Fi it's open Wi-Fi networks 320 00:47:18.180 --> 00:47:30.000 first yes yes it would unsecured Networks a common  vulnerability something that you can easily spot 321 00:47:31.380 --> 00:47:37.860 okay what's another one what do you  think that's easily admin password yeah 322 00:47:40.140 --> 00:47:51.840 yep sure because what are they admin and admin  admin and password right it depends on the 323 00:47:51.840 --> 00:47:57.600 manufacturer now of course they do this you know  too to make it easy when you take something out 324 00:47:57.600 --> 00:48:03.300 of the box and you're getting it set up and not to  just you know put it out there with no protection 325 00:48:03.900 --> 00:48:15.420 but everybody knows these things now the other  thing is that um Mac address and MAC address 326 00:48:15.420 --> 00:48:29.280 filtering and you know using AES 256 encryption I  mean you know they're not they are viable answers 327 00:48:29.280 --> 00:48:40.320 but they certainly are going to require a lot  more work to see if you're using AES 128 or 256 328 00:48:40.320 --> 00:48:49.560 or if you have MAC address filtering set up  okay so the most obvious common as they were 329 00:48:49.560 --> 00:48:57.540 calling it would be default admin passwords  and open Wi-Fi networks okay let's move on 330 00:49:00.540 --> 00:49:05.940 let's see here [Music] oops there we go 331 00:49:08.760 --> 00:49:16.860 okay this involves Federated identity management  control the question is which of the following 332 00:49:16.860 --> 00:49:25.200 describes a better rated identity management  control your choices are audit specifications 333 00:49:25.200 --> 00:49:33.420 that are designed to ensure that cloud hosting  providers meet Professional Standards a virtual 334 00:49:33.420 --> 00:49:40.140 item that contains authorization data and is  commonly used in multi-factor Authentication 335 00:49:41.280 --> 00:49:47.400 and authentication process that trusts  a third-party Network authenticator to 336 00:49:47.400 --> 00:49:55.080 Grant access to another or different network or an  authentication Service that grants Federal access 337 00:49:56.340 --> 00:50:03.660 so anything sticks out as obviously  incorrect what do you think 338 00:50:06.000 --> 00:50:13.380 would it be number one Okay so  audit specifications that are 339 00:50:13.380 --> 00:50:17.880 designed to ensure that cloud hosting  providers meet Professional Standards 340 00:50:18.420 --> 00:50:25.320 okay um why do you think that might  be clearly wrong or obviously wrong 341 00:50:26.940 --> 00:50:31.980 because it's talking about cloud and hosting  providers okay and not necessarily anything 342 00:50:31.980 --> 00:50:39.720 with identity management yep yeah yeah I  would agree with that um the other one I 343 00:50:39.720 --> 00:50:46.440 think that's kind of silly is the last one an  authentication Service that grants Federal access 344 00:50:47.940 --> 00:50:55.080 I mean not even quite sure what they're getting at  and you know every now and then you get lucky and 345 00:50:55.980 --> 00:51:04.260 you get a question and one of the answers is  really kind of out there so what do you think 346 00:51:04.260 --> 00:51:13.680 the correct answer is here it's is it the  multi-factor identification no no it's not 347 00:51:13.680 --> 00:51:20.940 okay no because we're we're dealing with identity  management and if you are concerned with identity 348 00:51:20.940 --> 00:51:30.120 and identity management and we're really concerned  with Authentication okay and so the correct answer 349 00:51:32.040 --> 00:51:36.720 an authentication process that trusts  a third-party Network Authenticator 350 00:51:37.260 --> 00:51:44.040 to Grant access to another or different Networks  okay what's a third party what would you give an 351 00:51:44.040 --> 00:51:50.520 example of a third-party Network Authenticator  yeah I mean it's another type of organization 352 00:51:50.520 --> 00:52:02.400 that maintains the information stores that can  be used for single sign-on so like OCTA okay okay 353 00:52:04.260 --> 00:52:12.960 okay so the other thing to understand about this  is Federated identity management provides single 354 00:52:12.960 --> 00:52:22.140 sign-on capability okay all right and let's see  I think we're gonna have time for another one 355 00:52:24.840 --> 00:52:31.440 okay the network administrator for your  organization needs to configure a security 356 00:52:31.440 --> 00:52:40.320 method that allows only specific devices to a port  on the land what methods should they administer 357 00:52:41.100 --> 00:52:47.100 your choices are nmap Mac filtering  firewall and Source i p affinity 358 00:52:48.360 --> 00:52:57.060 Okay so we're looking for methodology  that allows only specific devices 359 00:52:58.620 --> 00:53:06.060 to access a port on the land what is  obviously incorrect here do you think 360 00:53:09.720 --> 00:53:18.960 and math and map and Maps a tool yeah okay right  it's it's not really a security method it's a tool 361 00:53:20.280 --> 00:53:24.960 is there anything else in that same  category that's kind of a tool and 362 00:53:25.680 --> 00:53:28.980 making a security method but still not as much 363 00:53:31.740 --> 00:53:34.800 how about firewall does that answer make sense 364 00:53:39.300 --> 00:53:42.120 I mean firewall's a tool as well right 365 00:53:47.340 --> 00:53:55.380 I do have a question with Mac filtering is that  only considered what about say again is Mac 366 00:53:55.380 --> 00:54:00.900 filtering only might sound weird but it's not  Mac as an apple right it's like an acronym for 367 00:54:00.900 --> 00:54:10.320 something else Mac yeah Mac addresses okay media  Access Control okay in fact Mac filtering is the 368 00:54:10.320 --> 00:54:19.500 correct answer okay this is this is a way that  and it can be employed on your home network uh 369 00:54:19.500 --> 00:54:29.940 most modern wireless routers do have mac filtering  built into them um certainly uh small office home 370 00:54:29.940 --> 00:54:37.680 office and Enterprise switching equipment can  use and often does use Mac filtering um in fact 371 00:54:37.680 --> 00:54:45.540 when a switch is set up for Mac filtering if you  connect a host to it with a different Mac address 372 00:54:45.540 --> 00:54:53.220 than it's expecting okay the port will often go  into what we might call an error disabled state 373 00:54:53.220 --> 00:55:01.740 so it's it's a really good method for making  sure that only certain devices can access ports 374 00:55:02.340 --> 00:55:07.740 and if you're accessing a port on the land you're  certainly going to be going through some type of 375 00:55:07.740 --> 00:55:17.280 aggregation Appliance like a layer 2 switch  you can also set ports up to accept more than 376 00:55:17.280 --> 00:55:25.740 one Mac address but it's still filtering and and  that's correct and what about Source IP affinity 377 00:55:27.360 --> 00:55:34.080 does anybody know what that is okay so  it's also known as simple persistence 378 00:55:34.680 --> 00:55:43.620 and Source address Affinity persistence supports  TCP and UDP protocols direct session requests to 379 00:55:43.620 --> 00:55:50.640 the same server based solely on the source  i p address of a packet in other words it 380 00:55:50.640 --> 00:56:02.100 prefers that source and that's why we use the  term Source IP affinity okay we have one more 381 00:56:04.200 --> 00:56:11.940 yeah go ahead just before you move on you said uh  Mac was media Access Control yes okay thank you