WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:22.800 --> 00:00:33.900
This is session two for this evening and
our topic area is host app and data security

3
00:00:35.040 --> 00:0
0:39.000
and let's go ahead and start
with the first question.

4
00:00:42.540 --> 00:00:51.540
Backup Keys - What is it called when an
organization invests in a third party to archive

5
00:00:51.540 --> 00:00:58.920
their backup keys because they don't have the
capability to store those keys securely on their

6
00:00:58.920 --> 00:01:05.520
own? Are we talking about: Issuing; Escrow; 
Revocation; or Stapling. What do you think?

7
00:01:10.620 --> 00:01:19.200
So we've got someone else holding on to,
in this case, or archiving backup keys

8
00:01:19.980 --> 00:01:27.060
because of a lack of ability to store
them securely? What does this sound like?

9
00:01:32.580 --> 00:01:41.220
So again is there some one of these
answers that looks obviously incorrect?

10
00:01:47.640 --> 00:01:50.040
Stapling?
Okay

11
00:01:52.740 --> 00:02:01.020
How about revocation? Is anything being
revoked here, taken away? No not really.

12
00:02:02.580 --> 00:02:13.080
In fact this this question is really kind
of the definition of the word escrow.

13
00:02:13.680 --> 00:02:22.140
For example if you have a mortgage payment
right and you have mortgage on your home

14
00:02:22.140 --> 00:02:30.540
and your mortgage servicer takes in a
certain amount of money and part of that is to

15
00:02:31.320 --> 00:02:39.360
pay for the mortgage and the money you've borrowed
but also so they take money to put into escrow to

16
00:02:39.360 --> 00:02:47.400
pay your taxes every year so they are the third party, the party between you the owner

17
00:02:48.120 --> 00:02:55.740
and the local government to whom you pay
the taxes so they are an escrow party

18
00:02:56.880 --> 00:03:04.020
and that's what we're looking at here. So there's our correct answer.

19
00:03:09.600 --> 00:03:12.300
Email transmission port: 

20
00:03:13.380 --> 00:03:21.960
So right off the bat you can already see that
this question is dealing with well-known ports

21
00:03:22.980 --> 00:03:27.060
And you can see that's pretty much
what's listed in the answer choices.

22
00:03:28.320 --> 00:03:36.420
You need to set up your company's wireless
routers to transport their log files via email

23
00:03:37.200 --> 00:03:43.560
to your central logging system but your
email servers are behind a corporate firewall.

24
00:03:44.640 --> 00:03:49.860
Which port would you need to unblock
to enable the transmission of messages

25
00:03:50.700 --> 00:04:03.600
between these two hosts? okay what are you
thinking is it: TCP 25; UDP 25; TCP 110; or UDP 23?

26
00:04:07.560 --> 00:04:08.880
Anybody have an answer?

27
00:04:15.840 --> 00:04:27.600
Okay so the question involving port numbers and,
as I indicated earlier, well-known port numbers - 

28
00:04:28.980 --> 00:04:38.820
so this is an expectation not just on Security+. If you were doing Network+ or even the

29
00:04:38.820 --> 00:04:49.740
A+ certification exams or Cisco CCNA, you would
be expected to know what these port numbers are.

30
00:04:53.340 --> 00:05:05.760
so what are we dealing with here? Is there there an answer that that is pretty much not right?

31
00:05:09.780 --> 00:05:12.960
What could could be eliminated pretty quickly?

32
00:05:18.540 --> 00:05:24.000
Anybody want to take a guess at this?
Which one of these could be eliminated?

33
00:05:29.100 --> 00:05:35.880
Or which two do you think may not be good choices?

34
00:05:42.420 --> 00:05:54.120
So to answer that or to to think about that
and and be successful you have to know what the

35
00:05:54.120 --> 00:06:03.840
port numbers are and the one that sticks out
as the easiest to eliminate is going to

36
00:06:03.840 --> 00:06:13.080
be choice number four because Port 23 is what
does anybody know which protocol uses Port 23?

37
00:06:18.800 --> 00:06:25.920
Okay so that's Telnet and that really doesn't
have anything with to do with email transmission.

38
00:06:26.820 --> 00:06:31.440
Okay so that's our one choice that
gets eliminated pretty quickly;

39
00:06:33.000 --> 00:06:37.980
now to answer the question as I
said you do have to understand.

40
00:06:38.760 --> 00:06:50.880
What the port numbers are so Port 110 is
used by POP3? Does anybody know what POP3 is?

41
00:06:54.180 --> 00:06:58.320
Okay, so Post Office Protocol

42
00:06:59.220 --> 00:07:08.640
for unencrypted access to electronic mail. The
port is intended for end users to connect to a

43
00:07:08.640 --> 00:07:15.720
mail service to retrieve their messages and the question talks about transmission

44
00:07:17.040 --> 00:07:25.440
In this case wireless routers to transport
log files to a central logging system but the

45
00:07:25.440 --> 00:07:33.180
email servers are behind the corporate firewall
so 110 is not really what's being described.

46
00:07:34.500 --> 00:07:44.580
In this question, so if you know those facts that
leaves us with answer choices one and two and you

47
00:07:44.580 --> 00:07:53.940
know at this point you just have to know that
TCP 25 is what we're looking for and basically

48
00:07:54.900 --> 00:08:08.220
when you're dealing with email transmission
servers communicate using TCP port 25.

49
00:08:10.500 --> 00:08:18.900
So the correct answer is TCP 25 and let's move on to the next question

50
00:08:25.260 --> 00:08:31.440
So we're dealing with
IoT security and IoT is what?

51
00:08:35.880 --> 00:08:37.200
It's another acronym.

52
00:08:39.480 --> 00:08:48.540
Internet of Things?
Yes, Internet of Things. So this is a multiple choice question.

53
00:08:50.640 --> 00:08:55.860
Which of the following are examples of smart or IoT devices?

54
00:08:56.640 --> 00:09:06.120
An air-gapped wearable device; UAVs/drones; System on a chip; a smart light bulb.

55
00:09:08.640 --> 00:09:11.160
Okay, what do you think?

56
00:09:15.540 --> 00:09:18.120
Is there something that can be easily eliminated?

57
00:09:26.100 --> 00:09:27.360
A smart light bulb?

58
00:09:29.400 --> 00:09:32.040
Okay why do you think that could be eliminated?

59
00:09:37.560 --> 00:09:45.300
I already have a good justifiable reason it
just kind of stands out a little bit.
Okay, so

60
00:09:46.800 --> 00:09:53.580
when we talk about Internet of Things and
sort of implied in the definition of the acronym

61
00:09:53.580 --> 00:10:03.780
Internet of Things, we’re talking about devices that
have the ability to communicate over a network.

62
00:10:05.880 --> 00:10:10.800
What does air-gapped mean? Have
you heard this term before?

63
00:10:12.840 --> 00:10:27.840
No.
So air-gapping is a technique to
prevent network communications to a device

64
00:10:28.920 --> 00:10:38.820
So if a system is air-gapped that
means it is separated there is no connection

65
00:10:40.620 --> 00:10:49.440
and so the ones answer Choice here that can be
most easily eliminated is an air-capped wearable

66
00:10:49.440 --> 00:11:00.120
device, okay, and that leaves us with three other
choices: UAVs/drones; System on a chip; or a

67
00:11:00.120 --> 00:11:07.080
smart light bulb. Let's revisit a smart light bulb
because that is definitely one of the choices

68
00:11:08.940 --> 00:11:18.600
perhaps you seen or heard about
these things that you can purchase them.

69
00:11:19.860 --> 00:11:30.840
These devices can be connected and such that you
can be watching some type of movie and if

70
00:11:30.840 --> 00:11:36.840
you have several of these smart light bulbs
they can change the brightness or their color

71
00:11:37.920 --> 00:11:47.280
based upon what you're seeing on the video so they
qualify as an Internet of Things type of device.

72
00:11:48.120 --> 00:11:54.900
Now that leaves us two other choices,
UAVs/drones or System on a chip.

73
00:11:58.200 --> 00:12:02.280
What do you think? Is it one or both?

74
00:12:05.580 --> 00:12:10.200
It's definitely the drones because
so they operate on a network as well.

75
00:12:10.200 --> 00:12:14.220
Yes that is correct. How about a system on a chip?

76
00:12:16.920 --> 00:12:24.300
I don't think so.
That’s right. Well here again the implication is that you've got this isolated thing

77
00:12:24.960 --> 00:12:30.240
and you know there's nothing more in the description other than the word system

78
00:12:30.240 --> 00:12:39.840
so could it be like a microcomputer system
sure could it be some type of subsystem, yes,

79
00:12:40.800 --> 00:12:49.020
but there's nothing really in the answer description itself that implies something that

80
00:12:49.020 --> 00:12:55.140
would have the ability to communicate with something bigger,

81
00:12:55.980 --> 00:13:00.960
that could have these
type of communication abilities.

82
00:13:01.620 --> 00:13:11.940
But by itself it's not a good answer so your best
answers are UAVs/drones and a Smart light bulb.

83
00:13:20.280 --> 00:13:25.020
When a software publisher is issued

84
00:13:25.740 --> 00:13:34.680
A/n ______ blank they guarantee the software
application is both from the expected entity

85
00:13:35.400 --> 00:13:45.780
(Signed) and unchanged (signed digest).
So what are we talking about here? Root certificates; 

86
00:13:46.560 --> 00:13:53.400
Code-signing certificates; Code signing
key; or offline CA.

87
00:13:57.060 --> 00:14:00.900
Somebody want to take this one?

88
00:14:07.020 --> 00:14:11.340
How about an answer that
could be easily eliminated?

89
00:14:18.480 --> 00:14:24.120
I think the answer has to be out of the
second or the third one so I think the

90
00:14:24.120 --> 00:14:31.860
first and fourth can be eliminated
Okay, so of the second and third

91
00:14:32.580 --> 00:14:39.840
is there anything that looks like it might be
more correct than the others?
The second one

92
00:14:39.840 --> 00:14:45.300
is what I'm leaning towards.
And that’s a good choice because this is the correct answer.

93
00:14:46.740 --> 00:14:54.120
So basically code-signing certificates are
used by software developers to digitally sign

94
00:14:54.120 --> 00:15:03.900
applications and or drivers or other
executable types of software and it allows end

95
00:15:03.900 --> 00:15:13.200
users to verify that the code came from someone
and has not been altered by a third party.

96
00:15:14.460 --> 00:15:25.680
The answering of this type of
question also depends on knowing what some

97
00:15:25.680 --> 00:15:35.880
of the terms mean, so for example, offline
CA and the offline CA provides separation

98
00:15:35.880 --> 00:15:43.380
between the root CA and the rest of the public
key infrastructure which limits its exposure.

99
00:15:44.220 --> 00:15:53.220
But that's not really dealing with software publishers issuing code-signed certificates.

100
00:15:56.100 --> 00:16:09.060
Root certificates, again, nothing really to do
with software publishers and code-signing keys

101
00:16:09.060 --> 00:16:20.100
or a key is typically something that is used to
enable the transmission above and the sort-of

102
00:16:20.100 --> 00:16:28.500
encryption or decryption of information. So code-signing certificate really is the 
best answer for

103
00:16:28.500 --> 00:16:34.500
this type of question or for this question
Specifically.
So okay let's go on to the next.

104
00:16:41.280 --> 00:16:50.880
This question deals with Baseband. Which of the
following is true regarding the term baseband?

105
00:16:50.880 --> 00:16:58.680
And you're asked well it says choose all that
apply but typically in the exams when you see

106
00:16:59.460 --> 00:17:06.720
the little radio buttons it's a single-choice
answer and when you see the little square boxes

107
00:17:06.720 --> 00:17:14.700
it's multiple choices. 
Baseband is a digital signal after it is encoded;

108
00:17:15.420 --> 00:17:20.700
Baseband operating systems have been associated
with several vulnerabilities over the years;

109
00:17:21.900 --> 00:17:31.320
Both NB-IoT and LTE-M are types of baseband technologies; or 
Baseband is a low-power wireless

110
00:17:31.320 --> 00:17:39.840
communications protocol used primarily for
home automation.
So, here again, we're looking for

111
00:17:39.840 --> 00:17:47.160
something that can be easily eliminated. Do you see
any of those choices that can be easily eliminated?

112
00:17:54.840 --> 00:18:00.480
So, when you look at the fourth choice

113
00:18:01.980 --> 00:18:07.320
and they talk about a low-power wireless communications protocol

114
00:18:10.320 --> 00:18:15.600
and they do say used primarily for home automation maybe home use

115
00:18:17.400 --> 00:18:22.320
or personal use, does that sound like baseband

116
00:18:26.820 --> 00:18:27.900
or something else?

117
00:18:37.200 --> 00:18:38.040
What do you think?

118
00:18:40.680 --> 00:18:50.160
It sounds to me more like

119
00:18:52.320 --> 00:19:01.260
sort of a Bluetooth type of protocol, not something
that is going to be used over wider areas.

120
00:19:02.220 --> 00:19:08.820
So I would probably look at that as
a more easily eliminated type of answer.

121
00:19:09.540 --> 00:19:17.580
It helps if you understand something about
baseband transmission which is the transmission of

122
00:19:17.580 --> 00:19:28.740
an encoded signal using its own frequencies and it
does not shift or modulate to higher frequencies.

123
00:19:34.800 --> 00:19:35.820
Does that help?

124
00:19:38.640 --> 00:19:41.580
Anybody have an idea? One, two, three?

125
00:19:52.620 --> 00:19:54.720
Okay, so

126
00:19:56.820 --> 00:20:02.880
this is again one of those that has a
knowledge-based component that you would

127
00:20:02.880 --> 00:20:11.040
have studied or come across in your
Coursework. So the correct answer

128
00:20:12.120 --> 00:20:18.480
is going to be “Baseband operating systems have
been associated with several vulnerabilities.”

129
00:20:19.380 --> 00:20:27.660
These vulnerabilities some of them
have given attackers the ability to monitor

130
00:20:28.440 --> 00:20:35.280
phone communications, place calls
or send premium SMS messages

131
00:20:36.420 --> 00:20:47.820
or even to cause large data transfers and without
the phone owner's knowledge. Narrow band IoT

132
00:20:48.900 --> 00:20:56.100
is a wireless Internet of Things protocol
using low power Wide Area Network technology

133
00:20:57.300 --> 00:21:10.200
and then LTM-M is LTE cat M1 or long-term evolution, which you might know is 4G category M1

134
00:21:11.220 --> 00:21:22.140
and this technology is for IoT devices
connecting to a 4G network. So here 

135
00:21:22.140 --> 00:21:35.280
again this this question definitely involves some knowledge-based type of questioning here.

136
00:21:37.380 --> 00:21:41.280
You guys heard of this NB-IoT, LTE-M?

137
00:21:43.020 --> 00:21:50.280
Is this familiar to you?
No, not me.
Okay, well, that’s why we’re here.

138
00:21:53.280 --> 00:21:55.920
Let's move on to the next one.

139
00:21:58.860 --> 00:22:06.060
This involves Host hardening. There have been some security issues on your

140
00:22:06.060 --> 00:22:13.440
legacy and modern IoT devices. Which of the
following security issues could have been

141
00:22:13.440 --> 00:22:20.760
apparent to cause you to decide to put those
devices on a firewall and isolated network?

142
00:22:21.840 --> 00:22:28.620
This is definitely multi-select
….questions.

143
00:22:29.460 --> 00:22:34.080
Your choices are: The device doesn't allow
the admin to reset their credentials;

144
00:22:36.060 --> 00:22:40.140
Does that sound like a
security issue or could it be?

145
00:22:45.900 --> 00:22:47.640
It could be.
Okay,

146
00:22:48.960 --> 00:22:56.400
I agree it could be.
The device doesn’t provide support for transport layer. Security

147
00:22:58.740 --> 00:23:01.200
issue? Yes or no?

148
00:23:03.300 --> 00:23:04.740
Yes.

149
00:23:07.140 --> 00:23:19.140
The device uses a low-cost firmware chip and the
vendor never produces updates. 
Security issue? Yeah.

150
00:23:22.740 --> 00:23:26.400
The device prevents the attachment of USB devices;

151
00:23:28.560 --> 00:23:34.140
Security issue? 
Doesn't sound like it.
No, not really.

152
00:23:34.920 --> 00:23:41.460
Okay so for this question the first
three choices are the correct answers.

153
00:23:44.280 --> 00:23:47.520
Let's move on.

154
00:23:53.520 --> 00:24:01.560
In order to monitor your corporation's network
for abnormal traffic patterns, you must start

155
00:24:01.560 --> 00:24:11.580
with setting up what? Network diagram; Baseline; Exploitation framework; or Access control list.

156
00:24:12.480 --> 00:24:20.220
Network diagram?
Network diagram. Anybody got any other choices?

157
00:24:22.920 --> 00:24:28.440
Access control list?
Control list. Okay, Morgan.

158
00:24:32.400 --> 00:24:39.540
I think Access control list.
Okay so it is not access control list

159
00:24:40.260 --> 00:24:47.940
and it is not a network diagram. So we're
looking for abnormal traffic patterns. 

160
00:24:49.320 --> 00:24:55.080
How would you know if a traffic
pattern was unexpected or not?

161
00:25:02.100 --> 00:25:04.920
You would need to compare it with something

162
00:25:07.260 --> 00:25:18.600
The Baseline?
Absolutely okay you normally Baseline
your traffic network traffic patterns and this can

163
00:25:18.600 --> 00:25:28.680
be done with respect to say, for example, days and
times and let's just take an example

164
00:25:28.680 --> 00:25:44.940
of a business and let's say that well let's say
it's maybe a law firm. And what do you think

165
00:25:45.660 --> 00:25:51.960
traffic patterns would be like say
between 9-5 Monday through Friday.

166
00:25:55.800 --> 00:26:05.100
Busy?
Let's say it's a fairly large law firm and most of their business is going to occur

167
00:26:05.700 --> 00:26:08.820
during the normal work week and normal work hours.

168
00:26:09.420 --> 00:26:13.020
Well, they say normal: Monday
through Friday, say 9-5.

169
00:26:13.800 --> 00:26:24.900
If you baseline the traffic patterns over
those days and times you'll get some result.

170
00:26:27.480 --> 00:26:37.140
If on a Thursday afternoon, say around two
o’clock, maybe people are just getting back

171
00:26:37.140 --> 00:26:41.100
from an hour lunch and
starting to see clients again

172
00:26:42.660 --> 00:26:50.760
and instead of seeing what you have baselined or
normally seen say every Thursday at two o’clock,

173
00:26:51.480 --> 00:27:00.900
let's say you start seeing multiple spikes in
network traffic so that would then qualify as

174
00:27:00.900 --> 00:27:08.520
something out of the norm or an abnormal traffic
pattern and a baseline reference enables us to see

175
00:27:08.520 --> 00:27:16.080
this very clearly. In fact it is called baselines
and so that's the answer to this question.

176
00:27:19.260 --> 00:27:20.400
Let's go to the next.

177
00:27:28.620 --> 00:27:35.400
Regedit.Exe. You are tasked with exporting a registry subkey.

178
00:27:36.060 --> 00:27:41.160
What command would you run
if you are using regedit.exe?

179
00:27:42.600 --> 00:27:51.420
So clearly this is a another knowledge-based,
pretty straight forward knowledge-based question.

180
00:27:53.100 --> 00:27:58.080
First of all, are you familiar with regedit?

181
00:28:00.600 --> 00:28:14.100
No. No. 
Okay so Regedit is a utility to edit

182
00:28:14.100 --> 00:28:25.080
the registry on a Windows system and so you know
without knowing that and the specifics of using

183
00:28:25.080 --> 00:28:35.400
this utility you really wouldn't have too much
of a of a good chance of getting this because it

184
00:28:35.400 --> 00:28:43.620
would mainly be a guess so I'll just tell you that
the correct answer here is the third answer: regedit/Export key file.reg.

185
00:28:43.620 --> 00:28:54.300
Regedit with the slash jetted with the slash e file dot reg key um and
basically this allows the export of the sub key

186
00:28:55.500 --> 00:29:07.200
to the file name.
Okay, again, this is something that you just you have to know and also another

187
00:29:07.200 --> 00:29:14.160
one of those things that you need to have
some experience with or use or have used a lot

188
00:29:15.180 --> 00:29:19.980
to be familiar with this.
Okay, let’s move on to the next question.

189
00:29:25.620 --> 00:29:28.020
This involves customer data storage.

190
00:29:29.400 --> 00:29:37.620
Which of the following best explains why some
multinational corporations need to control

191
00:29:38.580 --> 00:29:45.900
where in terms of geographical locations
they can store their customer data?

192
00:29:48.780 --> 00:29:52.920
Does the term geofencing cover this? or

193
00:29:52.920 --> 00:29:58.680
Asset allocation; Non-disclosure agreements: or Data sovereignty?

194
00:30:02.160 --> 00:30:03.240
What do you think?

195
00:30:10.080 --> 00:30:20.760
And again as always is there something that sticks
out as easily eliminated from their four choices?

196
00:30:31.620 --> 00:30:36.540
Is the answer geofencing?
No, it is not.

197
00:30:41.400 --> 00:30:45.720
They they kind of look like a lot of
the answers look like they could be correct.

198
00:30:45.720 --> 00:30:57.480
Geo-fencing, we are talking about storing
customer data but there's a phrase in here that

199
00:30:57.480 --> 00:31:10.260
is pretty helpful for sort of narrowing down the
answers that praises multinational corporations.

200
00:31:11.280 --> 00:31:19.680
The geographical locations in
parentheses could easily lead

201
00:31:19.680 --> 00:31:25.200
you to thinking geo-fencing and that answers
definitely what I would call a misdirector.

202
00:31:26.580 --> 00:31:34.680
That leaves us with Asset allocation; NSAs or non-disclosure agreements: or Data sovereignty.

203
00:31:37.680 --> 00:31:42.900
foreign

204
00:31:49.920 --> 00:32:03.900
So this question really is discussing data
sovereignty. Have you heard GDPR?


205
00:32:07.200 --> 00:32:16.320
Yes,
Okay, so General Data Protection Regulation
and if you've heard of this this is a

206
00:32:17.220 --> 00:32:22.620
regulation brought into effect
by the European Union in 2018.

207
00:32:24.180 --> 00:32:38.340
So we are in fact talking about data
sovereignty and GDPR is the perfect example

208
00:32:39.180 --> 00:32:46.080
of data sovereignty and what this
question is referring to and so

209
00:32:49.380 --> 00:32:55.560
again this was sort of brought about by
the European Union as a means of protecting

210
00:32:57.180 --> 00:32:59.460
customer data and information.

211
00:33:01.560 --> 00:33:10.740
I would like to point out that I have
seen several versions of this question and

212
00:33:11.460 --> 00:33:20.040
one of those involves questions on this
type of certification exam and some others

213
00:33:20.040 --> 00:33:27.960
and it asks if United States
companies are subject to GDPR.

214
00:33:28.620 --> 00:33:33.120
Now as we said that as I've already
said this is something has come about

215
00:33:34.440 --> 00:33:40.740
and basically started in the European Union
GDPR specifically is what I'm talking about.

216
00:33:41.460 --> 00:33:49.980
So do you think that it would be applicable
to United States companies as well?

217
00:33:50.580 --> 00:33:59.940
Yes.
Yes, that’s correct; it is. But you have to consider under what conditions. 

218
00:34:01.560 --> 00:34:06.720
if they're selling to other people who are
part of the European Union like if you have

219
00:34:06.720 --> 00:34:13.380
a website that people from that region of the
world access even over here you still have to

220
00:34:14.340 --> 00:34:23.100
respect those post guidelines.
That is absolutely correct, So services

221
00:34:24.780 --> 00:34:35.820
are offered to Europeans or their European
Organizations. Yes, U.S companies are absolutely

222
00:34:35.820 --> 00:34:44.280
subject to follow the regulation so it's another
way that you might see this brought about

223
00:34:45.180 --> 00:34:49.620
Very good, let's move on to the next one

224
00:35:00.180 --> 00:35:13.080
Okay so this question involves Host security.
Sam is a student who is failing his math class

225
00:35:13.860 --> 00:35:19.320
and he just learned that he cannot
graduate if he does not pass this class.

226
00:35:20.820 --> 00:35:26.100
He goes to his teacher's computer
and inserts a small connector

227
00:35:27.000 --> 00:35:35.160
that captures everything the user types between
the keyboard and the computer's USB port.

228
00:35:36.480 --> 00:35:42.720
He hopes to discover the teacher's password to
give himself a passing grade in the class manually.

229
00:35:43.980 --> 00:35:47.340
Which of the following is
most likely being described:

230
00:35:48.300 --> 00:35:56.580
Is this an adware attack; a backdoor attack; 
a key logger attack; or a brute force attack?

231
00:35:57.420 --> 00:36:09.480
What do you think?
A key logger?
Sure, that’s exactly what this is. The obviously incorrect
232
00:36:09.480 --> 00:36:17.220
answer here was is going to be adware attack
and brute force really doesn't apply to this.

233
00:36:18.840 --> 00:36:26.580
But this is absolutely a key logger attack
and you know the the giveaway here is that

234
00:36:27.960 --> 00:36:33.240
the intent is to capture everything
the user types between the keyboard

235
00:36:34.440 --> 00:36:41.400
and the computer’s USB port and
the idea is to hope to capture

236
00:36:41.400 --> 00:36:47.820
some credentialing for grading
system applications and and

237
00:36:48.660 --> 00:36:57.000
so you could go in and manually change his grade
which is highly unethical and not recommended.

238
00:36:58.680 --> 00:37:00.420
All right.

239
00:37:06.300 --> 00:37:11.400
Next question: PKI risk deduction.

240
00:37:13.740 --> 00:37:20.160
Your network administrator should do which of the
following if they want to reduce the security risk

241
00:37:20.160 --> 00:37:27.960
of their Public Key Infrastructure: Use a
password to generate your certificate request key;

242
00:37:29.340 --> 00:37:36.780
Do not choose a wild card domain
request a shorter expiration date;

243
00:37:38.100 --> 00:37:43.620
or all of the above.
Okay, so what are you thinking?







244
00:37:54.060 --> 00:37:57.180
Do not use a wild card domain?

245
00:37:59.880 --> 00:38:10.380
That could reduce security risks.
Is there anything else or is that it?
I guess wow.

246
00:38:12.300 --> 00:38:18.240
Shorter expiration date?
So then would it be all of the above?
Yeah, because as 

247
00:38:18.240 --> 00:38:23.640
soon as you can see in a single answer
you know single answer choice question

248
00:38:24.540 --> 00:38:31.140
if one or more than one makes sense then the
only real answer that's going to make sense

249
00:38:31.140 --> 00:38:37.920
is all of the above because you can't choose them
separately and that's just a test-taking technique.

250
00:38:38.700 --> 00:38:44.580
But Use any passwords to generate
certificate requests, security reduction,

251
00:38:45.600 --> 00:38:52.920
security risk reduction, not choosing wild card and shorter expiration

252
00:38:52.920 --> 00:39:01.020
Date. So yes, we are left with all of the
Above. Let’s go on to the next one.

253
00:39:05.760 --> 00:39:11.820
You have created a registry entry to disable
the Windows AutoRun feature and exported it

254
00:39:11.820 --> 00:39:20.760
to a .reg file named disableautorun.reg. You plan on pushing it out to all company laptops

255
00:39:20.760 --> 00:39:27.960
in a security update later that month after you
finish testing it and get approval to do so. What

256
00:39:27.960 --> 00:39:38.040
is the command line command that will need to be
executed on all client laptops? Here again, 

257
00:39:38.820 --> 00:39:45.300
we're dealing with regedit and we understand
that as we've already previously spoken about

258
00:39:45.300 --> 00:39:58.680
that it's the registry editor or utility so this
does involve again some knowledge about regedit.

259
00:39:59.520 --> 00:40:06.960
However is there something that is
obviously not a good answer here?

260
00:40:12.480 --> 00:40:17.760
So the question’s asking about exporting something

261
00:40:20.100 --> 00:40:30.180
called disableautorun. Which these choices is obviously not a good one?

262
00:40:31.140 --> 00:40:43.860
Notepad?
Yes, Notepad is nothing; it’s just an
application and we can probably look at the file

263
00:40:46.200 --> 00:40:58.320
but that's not going to help us with the task here. How about Poledit? Does anybody know what that is?

264
00:41:03.120 --> 00:41:13.620
It's probably not too surprising; it
is an old utility system policy editor.

265
00:41:15.780 --> 00:41:26.760
Let's see if memory serves correctly: Windows 95/98 and it was not installed with the operating

266
00:41:26.760 --> 00:41:36.780
system but it was kept on the distribution media
so you could use it if you wanted it so that

267
00:41:36.780 --> 00:41:48.000
really doesn't help us. That leaves us with regedit and then the file or regimport and again

268
00:41:49.260 --> 00:41:59.100
you know we are trying to export this. We are trying to push it out; we are not trying

269
00:41:59.100 --> 00:42:07.620
to import it. So that leaves us with regedit,
Disableautorun. That’s the correct answer here.

270
00:42:09.180 --> 00:42:15.180
We have some
more so let's get on to the next one.

271
00:42:16.860 --> 00:42:23.520
I'm sorry can I ask you a quick question about
that?
Sure.
Do all the command lines when using

272
00:42:23.520 --> 00:42:31.200
regedit like have regedit at the beginning?
It's the utility.
it’s how you actuate

273
00:42:31.200 --> 00:42:40.680
the utility and then there are parameters after
that like /e or /s and then maybe some

274
00:42:40.680 --> 00:42:49.620
further parameters but and that's typical when
you use a command line utility to use the name of

275
00:42:49.620 --> 00:42:55.800
the utility first and then followed by whatever
the switches and parameters are that go with it.

276
00:42:56.820 --> 00:43:04.560
So in Linux-based systems you can find
this information using the man command - short for

277
00:43:04.560 --> 00:43:13.320
manuals - and you know there's always going to
be some kind of documentation available for this.

278
00:43:14.400 --> 00:43:22.860
but that's that's you know very typical.
Thank you. IoT Security:

279
00:43:25.260 --> 00:43:29.400
A credit card and driver's license
were mistakenly left on the sales

280
00:43:29.400 --> 00:43:34.560
department's printer scanner which was
then remotely compromised by a malicious

281
00:43:34.560 --> 00:43:41.640
actor who scanned the cards and apparently
used one for unauthorized online purchases.

282
00:43:42.840 --> 00:43:48.060
And the driver's license used to open a
bank account in the sales customer's name.

283
00:43:48.720 --> 00:43:56.400
Further investigation reveals that the attacker
identified vulnerabilities in the unpatched

284
00:43:56.400 --> 00:44:03.660
printer scanner’s web application component which
was revealed through web app error messages

285
00:44:04.680 --> 00:44:10.740
Which terms best describe the nature of
this attack? And we’re told to choose two.

286
00:44:11.460 --> 00:44:19.680
Here again we're always
looking for something that sticks out as

287
00:44:20.760 --> 00:44:26.640
being easy to . Do
you see anything like that?

288
00:44:29.580 --> 00:44:33.240
Can you eliminate ransomware?
You can.

289
00:44:35.280 --> 00:44:43.320
And I certainly would. What else do
you think could easily be eliminated?

290
00:44:50.640 --> 00:44:58.740
Brute force attack?
Absolutely brute force attack is going to try every combination

291
00:44:58.740 --> 00:45:06.060
say for example if you're trying to crack a
password and what has happened here is that

292
00:45:06.060 --> 00:45:13.320
specific information was exfiltrated and used
so that absolutely leaves out brute force attack.

293
00:45:14.700 --> 00:45:25.260
There is no real indication of
asking for ransom on the part of the

294
00:45:25.260 --> 00:45:32.520
attacker so that really only leaves us with
identity theft which driver's license

295
00:45:32.520 --> 00:45:41.700
and data exfiltration which is exactly what
happened here. Let’s move on.

296
00:45:44.220 --> 00:45:51.720
Last question: What is the best
description of a self-signed certificate?

297
00:45:53.220 --> 00:45:59.040
 certificate that has been physically signed by
themselves rather than by a certificate authority;

298
00:45:59.940 --> 00:46:04.680
A certificate that has been physically
signed by a certificate authority;

299
00:46:05.220 --> 00:46:11.880
A certificate that has been digitally signed
by themselves rather than by a certificate

300
00:46:11.880 --> 00:46:16.800
authority; or a certificate that has been
digitally signed by certificate authority?

301
00:46:19.140 --> 00:46:26.100
Number three?
Number three. That is the correct answer. Obviously

302
00:46:27.720 --> 00:46:34.020
we're talking about self-signed by some
organizations so that clearly lets out

303
00:46:34.020 --> 00:46:41.940
certificate authority or choices two and
four and one can also be eliminated because

304
00:46:43.200 --> 00:46:49.440
certificates this we are not talking about
physically signed entities; we are talking

305
00:46:49.440 --> 00:46:58.740
about digitally assigned so digitally
signed by an organization or even a user

306
00:46:58.740 --> 00:47:06.600
who's using the certificate okay and that means
or implies that it's being used for internal use

307
00:47:07.260 --> 00:47:16.020
and for an application used by the
creator but not to be used externally.

308
00:47:16.800 --> 00:47:28.980
So there it is. That concludes
our review on data security.

309
00:47:30.300 --> 00:47:36.240
I'd like to thank you all for joining us
this evening and I hope you found this useful.