WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:20.460 --> 00:00:26.520
Hey, well, good evening everyone and thank
you for joining us for this review session.

3
00:00:27.660 --> 00:00:36.480
We are going to be using questions from the
Virginia Cyber Range, questions specifically

4
00:00:36.480 --> 00:00:44.160
geared toward helping you review for the
Security+ certification exam.

5
00:00:46.140 --> 00:00:48.420
I'm going to read the question and

6
00:00:49.440 --> 00:00:54.660
see what your responses are and we'll have a
brief discussion and then proceed in that manner.

7
00:00:55.320 --> 00:01:05.040
So the first question involves testing suspicious
Code. Tonight’s topic is host-based security

8
00:01:06.600 --> 00:01:15.360
and the first question is testing suspicious
code so: ______ is/are employed when security

9
00:01:15.360 --> 00:01:22.740
engineers intentionally limit network
or system access to conduct tests and

10
00:01:22.740 --> 00:01:29.160
ensure that suspicious code is not infected
with malware.
So what are we talking about?

11
00:01:30.960 --> 00:01:44.100
Anybody wanna go first? We have something
in the chat: We have a vote for sandboxing.

12
00:01:46.560 --> 00:01:55.140
Any other choices? 
I agree. 
So we've got agreement.

13
00:01:56.880 --> 00:02:03.960
So sandboxing it is. Non-persistence does not really fit

14
00:02:05.220 --> 00:02:13.500
in this  in this situation; non-persistence is
a way of using protected information as required.

15
00:02:13.500 --> 00:02:21.240
It's also a state where transmission of data is
terminated periodically or at the end of a session

16
00:02:22.020 --> 00:02:29.100
so that doesn't really fit the bill for
this question. Intrusion prevention systems

17
00:02:30.360 --> 00:02:38.040
are a network security tool and that can be
hardware/software that continuously monitor for

18
00:02:38.040 --> 00:02:47.340
malicious activity and take action to prevent it
including reporting locking, dropping, minor curves.

19
00:02:48.840 --> 00:02:56.220
And endpoint protection involves monitoring
and protecting endpoints against cyber threats

20
00:02:56.760 --> 00:03:05.340
and of course endpoints are resources such as
workstations and smartphones tablets etc. 

21
00:03:06.240 --> 00:03:12.600
So sandboxing is really the
correct answer here. 

22
00:03:14.940 --> 00:03:15.540
All right

23
00:03:20.880 --> 00:03:23.280
Now let's go on to the next question.

24
00:03:26.580 --> 00:03:29.340
This question is security solutions.

25
00:03:34.080 --> 00:03:41.820
The network administrator has deployed a security
host-based agent that can detect incoming port

26
00:03:41.820 --> 00:03:50.220
scams and block all traffic from the attack
Scans. What security solution have they most

27
00:03:50.220 --> 00:03:58.440
likely implemented.  Let's
see what we have. What do you guys think?

28
00:04:02.340 --> 00:04:04.260
There's something in the chat.

29
00:04:06.480 --> 00:04:08.880
 NIPS, all right.

30
00:04:11.880 --> 00:04:12.600
Others?

31
00:04:18.360 --> 00:04:20.880
So we have one vote for Network intrusion,

32
00:04:22.020 --> 00:04:32.280
and an agreement with network
intrusion and then we have PIDS.

33
00:04:35.460 --> 00:04:36.600
So what is that?

34
00:04:40.800 --> 00:04:41.520
Anybody?

35
00:04:49.860 --> 00:04:56.760
So we're talking about
physical intrusion detection. 

36
00:04:57.960 --> 00:05:00.960
Any other responses?

37
00:05:07.800 --> 00:05:11.340
We've got something here an agreement

38
00:05:11.340 --> 00:05:21.180
with network intrusion. So this is a
security post-based agent that is… go ahead…

39
00:05:27.620 --> 00:05:28.620
[Music]

40
00:05:28.620 --> 00:05:31.500
I don't know host based hrps

41
00:05:32.580 --> 00:05:42.180
 so not perimeter not Network it's host
based because you said host basic hips yeah

42
00:05:43.140 --> 00:05:51.660
the network security  The network administrator
has deployed a security host-based agent to detect

43
00:05:51.660 --> 00:06:02.340
incoming port scans and block traffic so this is
not going to be wireless intrusion and as several

44
00:06:02.340 --> 00:06:11.940
of you have already said; this is host-based so the
correct answer is post intrusion prevention system.

45
00:06:12.660 --> 00:06:22.440
When you take this exam you definitely
need to make sure you read the questions twice

46
00:06:23.040 --> 00:06:31.200
and look for clues in the question but also
information in the question that can lead you to

47
00:06:32.040 --> 00:06:39.180
obviously incorrect answers. Most of the time
you'll come across questions where there will

48
00:06:39.180 --> 00:06:47.280
be at least one obviously incorrect or maybe
somewhat obvious there may also be misdirectors

49
00:06:47.280 --> 00:06:55.500
which look close to being the answer like
they could be but they're not  all right.

50
00:06:59.880 --> 00:07:00.840
Next question:

51
00:07:06.060 --> 00:07:18.840
NFC - So we're talking about
acronyms. Why? Because they love acronyms.

52
00:07:18.840 --> 00:07:28.860
So what is NFC? Does anybody know? 
Near-field communication. 
Absolutely. Which of the following is

53
00:07:28.860 --> 00:07:39.000
true about Near-field communications? You are asked
to choose all that apply  so your choices: NFC

54
00:07:39.000 --> 00:07:49.680
provides encryption; Based on RFID technology; Has
a close physical proximity requirement; Supports

55
00:07:49.680 --> 00:07:57.180
tap payments with mobile wallet apps.
Is there anything that jumps out as obviously incorrect?

56
00:08:04.080 --> 00:08:06.240
We have something in the chat.

57
00:08:12.420 --> 00:08:18.060
Anyone?
I'm not sure it provides encryption
but all the rest I would agree with.

58
00:08:18.720 --> 00:08:25.620
Yeah and that's correct right; it is based on RFID; 

59
00:08:27.060 --> 00:08:34.140
close physical proximity; and supports
half payments with mobile wallet apps.

60
00:08:35.400 --> 00:08:47.460
NFC uses or can use encryption; it
does not provide it.

61
00:08:49.920 --> 00:08:50.420
All right

62
00:09:00.660 --> 00:09:04.260
Next question - Farming data project

63
00:09:06.300 --> 00:09:14.220
As an IT engineer, you're asked to assist
with a rural farming data project in the

64
00:09:14.220 --> 00:09:20.340
middle of a cornfield with no wired
internet telephone or electrical power.

65
00:09:21.600 --> 00:09:30.540
The wireless phone signal is poor and unreliable
you plan on using a medium-sized solar panel

66
00:09:30.540 --> 00:09:36.000
and battery to run your project's small
electronics and wireless data backhaul.

67
00:09:37.260 --> 00:09:42.420
Which internet data connectivity technologies should you think about using

68
00:09:43.080 --> 00:09:51.480
for that data backhaul part of the setup? And
again you're asked to choose all that apply.

69
00:09:53.880 --> 00:10:04.860
So here again and this is is often typical
of questions and certification exams from

70
00:10:04.860 --> 00:10:12.480
many different providers. Is there
something that is obviously not correct.

71
00:10:15.600 --> 00:10:16.100


72
00:10:19.740 --> 00:10:27.780
I'm sorry, say again.
DSL. I forget now.

73
00:10:27.780 --> 00:10:36.000
So, that’s wrong. We’re in the middle of a cornfield,

74
00:10:37.380 --> 00:10:43.920
no wired internet, telephone, or electrical
Power. Is it likely we're going to be using a cable?

75
00:10:45.720 --> 00:10:57.780
Probably not. So one of the things, one of the
technologies we could use is satellite network

76
00:11:00.300 --> 00:11:07.620
and the other correct answer is going
to be wireless provider signal booster.

77
00:11:10.200 --> 00:11:21.060
In the question the wireless
phone signal is poor and unreliable however

78
00:11:21.060 --> 00:11:32.340
it's still there. 
If we don't 
choose both of those, does that mean that we get

79
00:11:32.340 --> 00:11:39.780
the whole problem, the whole question, wrong?
Do we not get any points for it?
Yeah, typically and

80
00:11:39.780 --> 00:11:49.080
I can't say this with certainty because testing
protocols are kept proprietary, but it's been my

81
00:11:49.080 --> 00:11:58.620
experience and not just with CompTIA but also
Cisco that credit is given for a partial answer

82
00:11:59.580 --> 00:12:08.040
or is somehow figured into the final
score but that's me speaking

83
00:12:08.040 --> 00:12:16.080
from personal experience; that's
not me speaking  officially for CompTIA.

84
00:12:18.120 --> 00:12:18.720


85
00:12:22.680 --> 00:12:23.400
All right.

86
00:12:25.860 --> 00:12:30.480
Here’s an oldie but goodie. This question deals with Stuxnet.

87
00:12:31.680 --> 00:12:38.400
What part of Stuxnet made it unlike any
other virus or worm that came before?

88
00:12:41.040 --> 00:12:43.980
Take a moment and the choices

89
00:12:47.520 --> 00:12:49.920
and let's let's take a response.

90
00:12:55.320 --> 00:12:59.460
So of all the choices,

91
00:13:01.560 --> 00:13:02.880
which do you think it is?

92
00:13:07.380 --> 00:13:09.480
 Let's check the chat here.

93
00:13:11.820 --> 00:13:21.780
The last one? The first one? D?
It looks like we have two votes for the last answer choice. It 

94
00:13:21.780 --> 00:13:27.420
was the first digital weapon that escaped the
digital realm and that is the correct answer.

95
00:13:30.360 --> 00:13:31.080
So 

96
00:13:33.300 --> 00:13:36.420
the situation…let’s see what else we have here.

97
00:13:39.300 --> 00:13:47.400
So Stuxnet attacked all layers of target

98
00:13:47.400 --> 00:13:55.800
infrastructure so operating system Windows,
Siemens software, and of course that software

99
00:13:55.800 --> 00:14:02.100
controlled PLC's - programmable logic controllers - 
and the embedded software on the PLCs themselves;

100
00:14:03.360 --> 00:14:12.540
was designed to be delivered by a removable device
like a USB stick; and the facility where this

101
00:14:14.700 --> 00:14:15.200


102
00:14:17.520 --> 00:14:24.780
malware really was released on the Natanz
facility was known to be or thought to be air-

103
00:14:24.780 --> 00:14:30.600
gapped so in other words its systems
were not connected to the internet.

104
00:14:32.340 --> 00:14:42.960
And this particular worm was also designed
to spread quickly and sort of indiscriminately

105
00:14:42.960 --> 00:14:54.240
 and I think  we all know that the
result was pretty much what was expected. 

106
00:14:57.540 --> 00:14:58.980
Let's go on to the next question.

107
00:15:06.660 --> 00:15:15.300
So this question involves the term Rooting
and basically: Which of the following relates to

108
00:15:15.300 --> 00:15:20.520
or is related to the term rooting? Again
you're asked to choose all that apply

109
00:15:25.680 --> 00:15:33.420
so this is not really a performance-based question.
This is more of a knowledge-based question.

110
00:15:34.860 --> 00:15:41.760
To successfully negotiate this you have
to understand what the term rooting means.

111
00:15:42.360 --> 00:15:44.520
So what is everybody thinking?

112
00:15:55.800 --> 00:16:06.120
We have something in the chat:
Shellcode and python. Two and four.

113
00:16:09.720 --> 00:16:19.500
So rooting is another term for:
Let's see we have more choices here

114
00:16:22.560 --> 00:16:23.340
Shellcode. 

115
00:16:27.720 --> 00:16:38.160
If I tell you that rooting is also
known as jailbreaking does that help?
Oh, yes.

116
00:16:38.160 --> 00:16:52.620
iPhone users? Yeah.
And Android devices.
That's right.

117
00:16:53.640 --> 00:17:05.520
So it's important to note that questions
like this come up and oftentimes rely on

118
00:17:05.520 --> 00:17:12.240
you understanding of terms such as rooting
but also  understanding the term means.

119
00:17:12.240 --> 00:17:19.500
Knowing what an alternative version of the term
may be and acronyms and I can't say this enough:

120
00:17:22.140 --> 00:17:29.760
They love acronyms. Now  I get it. Every
profession has its language and acronyms are

121
00:17:29.760 --> 00:17:37.980
important but it's just a good idea to
be well prepared for this and there are

122
00:17:37.980 --> 00:17:46.740
many ways that you can do it: flash cards
in any form can be particularly effective.

123
00:17:48.060 --> 00:17:55.200
 One of the more fun ways to deal with this
if you're so motivated would be to download

124
00:17:55.200 --> 00:18:05.340
Jeopardy template, the game Jeopardy template for
PowerPoint, off the internet and they’re

125
00:18:05.340 --> 00:18:14.160
many places and it can be downloaded
at no charge and you can set up acronyms and make

126
00:18:14.160 --> 00:18:24.240
a game out of it  but you're going to have to
deal with it at some point. I often find that

127
00:18:26.160 --> 00:18:33.780
being able to do something with knowledge-based
questions or acronym-based questions

128
00:18:34.740 --> 00:18:44.460
helps me to remember better. I really don't
like staring at a page and trying to

129
00:18:44.460 --> 00:18:50.700
memorize items I'd rather do something with it
because it enables me to learn more naturally

130
00:18:51.540 --> 00:18:57.120
and just the act of  setting
this thing up as a PowerPoint game

131
00:18:57.780 --> 00:19:08.700
is going to  sort of enable this
long-term learning for you all right here.

132
00:19:14.460 --> 00:19:15.240
All right.

133
00:19:17.820 --> 00:19:24.180
So this question involves internet
Connectivity.
Blake just moved into a new

134
00:19:24.180 --> 00:19:30.840
house where he is going to be spending a lot of
his time working from home. He has to immediately

135
00:19:30.840 --> 00:19:36.900
get back to working having no time to wait for
his internet provider to set up his home router.

136
00:19:37.800 --> 00:19:46.680
The problem is that Blake needs to run a drafting
application on his desktop OS computer and can't

137
00:19:46.680 --> 00:19:57.840
use a mobile device but his desktop has no Wi-Fi
just ethernet and USB. What is the most secure

138
00:19:57.840 --> 00:20:05.340
and efficient way Blake can achieve internet
connectivity on his home office desktop computer?

139
00:20:06.540 --> 00:20:11.700
Take a moment look at the answer
choices and let's see what you're thinking.

140
00:20:20.100 --> 00:20:26.400
Oh overwhelming, great, excellent. Tethering.

141
00:20:27.720 --> 00:20:40.680
Very good, very good. So, yeah, asking the
co-worker to do tests. Yeah I don't think so. No,

142
00:20:42.120 --> 00:20:53.760
How about the next door neighbor? No. Could you do it? Maybe.

143
00:20:53.760 --> 00:21:02.700
There’s going to be lots of security problems there and there's no Wi-fi
so hot spots are out.

144
00:21:07.140 --> 00:21:09.720
Good, all right.

145
00:21:15.300 --> 00:21:22.440
So, now we're going to talk about device
Management. A large enterprise has multiple

146
00:21:22.440 --> 00:21:30.060
stationary mobile and IoT devices on its
network that are used by its employees.

147
00:21:30.840 --> 00:21:38.820
Which method do you recommend they apply in order
to manage the use of apps, corporate data, and

148
00:21:38.820 --> 00:21:48.300
settings for all of these devices? Would it be 
the second option? the smartest choice

149
00:21:48.300 --> 00:22:00.360
You mean unified endpoint management?
Yes.
Yes that is it.
I agree.

150
00:22:00.360 --> 00:22:11.160
The simple network management protocol -  does that stand out as sort of
one of the obviously wrong answers?

151
00:22:11.700 --> 00:22:21.720
And patch management.Yeah, not what we’re looking for.
 Windows management 

152
00:22:21.720 --> 00:22:28.440
administration - this is specifications from
Microsoft for consolidating the management of

153
00:22:28.440 --> 00:22:36.480
devices and application in a network from Windows
Computing systems and we have a host of systems

154
00:22:36.480 --> 00:22:44.880
here so basically we're talking about unified
endpoint management. Very good all right.

155
00:22:48.840 --> 00:22:51.240
 The next question

156
00:22:56.460 --> 00:22:57.720
Security Solutions

157
00:22:59.820 --> 00:23:03.120
How can you instantly mitigate the risk

158
00:23:03.120 --> 00:23:13.200
of receiving images embedded with malicious
code for your smartphone's texting app? 

159
00:23:15.720 --> 00:23:22.860
Disable MMS.
So I think then it's pretty clear and it looks like

160
00:23:23.400 --> 00:23:29.400
lots of people got this. Images

161
00:23:29.400 --> 00:23:35.880
in short message service right I mean images
embedded with code what does that sound like

162
00:23:42.180 --> 00:23:52.260
Sarah, particular technique that's malware I know
it I just can't remember it it starts with an s

163
00:23:53.220 --> 00:23:57.840
Steganography.

164
00:23:58.680 --> 00:24:08.880
So the SMS answers then again pressing
that you understand what SMS is. 

165
00:24:12.000 --> 00:24:19.740
Those are going to be the obvious and standout
incorrect answers and since we are trying to

166
00:24:19.740 --> 00:24:28.680
mitigate the risk of receiving images we're not
going to be enabling MMS  we're going to be

167
00:24:28.680 --> 00:24:38.580
disabling it all right so multimedia disable
multimedia is the correct answer for this question

168
00:24:40.380 --> 00:24:45.360
Next question.

169
00:24:50.760 --> 00:24:57.900
Hi, Michael. What was the answer to that last
question? I'm sorry it seemed like it went really

170
00:24:57.900 --> 00:25:07.920
Fast.
Yes I'm sorry.

171
00:25:07.920 --> 00:25:19.860
Messaging capabilities  yeah thank
you you're welcome. Listen. Thank you.

172
00:25:23.280 --> 00:25:32.940
We're at RFID 
Which of the following is true regarding

173
00:25:32.940 --> 00:25:40.800
RFID? And here we are with the acronyms
again RFID stands for router frequency ID.

174
00:25:43.860 --> 00:25:56.220
That's the last one 
Examples of RFID our UPC barcodes and QR codes.

175
00:25:58.020 --> 00:26:07.620
No.
Let’s talk about RF what does that stand for? Radio

176
00:26:07.620 --> 00:26:16.140
frequency ID.
Sure.
So we're talking about radio waves. The last choice is optical

177
00:26:17.460 --> 00:26:28.620
RFID encodes information into stationary
Devices.
Does that sound right?
No.

178
00:26:31.140 --> 00:26:35.280
Go ahead it's the second one.

179
00:26:36.420 --> 00:26:46.260
So choice three could be considered from this
director but if you understand what an RFID is

180
00:26:46.860 --> 00:26:55.560
this question is going to approach the solution
from the point of view of application of RFID.

181
00:26:56.940 --> 00:27:04.020
And so you need to be prepared for that as
well it's still what I would consider knowledge

182
00:27:04.020 --> 00:27:11.340
based as opposed to performance based but given
the other choices and especially that they're

183
00:27:12.180 --> 00:27:21.060
for the most part obviously well received an
example of the right answer like in the real

184
00:27:21.060 --> 00:27:31.560
World.
EasyPass?
Yeah, sure.
Well someone else can answer as well go ahead and I've got one too.

185
00:27:32.820 --> 00:27:45.300
So I had the opportunity when I was doing my Master's to talk

186
00:27:46.200 --> 00:27:58.380
to UPS drivers and we were talking about how the
trucks use RFID now this was a number of years ago

187
00:27:58.380 --> 00:28:03.600
but  and I don't know if they're
still doing this or not.

188
00:28:03.600 --> 00:28:10.200
I don’t know if you followed it or anything but when the
trucks would pull in to the docking stations

189
00:28:11.640 --> 00:28:22.620
 there is RFID on them and of course when
you're in proximity to the receiver this lets

190
00:28:22.620 --> 00:28:29.520
the information system know which truck has
just arrived and it starts off a whole chain

191
00:28:30.180 --> 00:28:40.260
of processes about what may be on the truck, what
has to be done next and so forth and so at the

192
00:28:40.260 --> 00:28:46.740
time that I was doing this and I'd spoken to the
driver, UPS was making fair use of this technology.

193
00:28:48.960 --> 00:28:49.500
Okay.

194
00:28:52.200 --> 00:28:52.980
Thank you.

195
00:28:57.540 --> 00:29:08.100
 Healthcare Act. While a medical professional
is doing an at-home check-in for their patient

196
00:29:09.060 --> 00:29:15.360
they use a cloud-hosting tablet to log all
of their notes through the company's chosen

197
00:29:15.360 --> 00:29:24.180
healthcare app. This tablet has remote access to
its cloud desktop and all of its applications

198
00:29:25.140 --> 00:29:33.660
what type of technology are they implementing? So, again you're kind of looking for anything

199
00:29:33.660 --> 00:29:45.600
that is wrong obviously incorrect.
Go ahead.
VPN?
Yeah so we have votes

200
00:29:45.600 --> 00:29:55.980
 for VPN and one
for BDI.

201
00:29:59.160 --> 00:30:11.400
RDP is remote desktop protocol
How about DHCP?

202
00:30:12.900 --> 00:30:19.200
It's another protocol
 Yeah Dynamic Post Configuration. That's not what we're

203
00:30:19.200 --> 00:30:27.480
talking about so in the question the
important information is cloud hosted tablet

204
00:30:28.980 --> 00:30:32.220
and then the tablet has remote access

205
00:30:33.060 --> 00:30:39.840
to its cloud desktop and that was thrown
in on purpose and all of its applications

206
00:30:41.100 --> 00:30:52.080
so the technology being implemented here is
virtual desktop infrastructure - VDI - not VPN.

207
00:30:52.860 --> 00:31:00.540
I suppose VPN could be the misdirector of all of
these answers but VDI is what we're looking for.

208
00:31:04.440 --> 00:31:13.920
That one was tricky. What does that
stand for again?

209
00:31:15.060 --> 00:31:19.380
Virtual Desktop Infrastructure.

210
00:31:24.720 --> 00:31:25.220


211
00:31:29.700 --> 00:31:36.780
So the next question biometric authentication.
Which of the following are examples of biometric

212
00:31:36.780 --> 00:31:44.460
authentication and this time you're told
to choose only two: 
Fingerprint for one.

213
00:31:46.560 --> 00:31:54.960
 Gait.

214
00:31:54.960 --> 00:32:00.420
It’s the way a person walks.

215
00:32:01.080 --> 00:32:10.500
That's exactly right, so biometric authentication
deals with what how would you describe it

216
00:32:11.040 --> 00:32:22.620
something that you are yeah you are yes absolutely
a pin something  Smart Car Smart car is

217
00:32:22.620 --> 00:32:27.720
something that you have I have something
you have fingerprints that's the easy one.

218
00:32:28.320 --> 00:32:36.660
Gait. Here again, I don't know maybe
they just want to test your vocabulary skills

219
00:32:37.560 --> 00:32:44.940
but a person's gait is the way they walk, the way they move and a lot of things can

220
00:32:44.940 --> 00:32:51.660
affect it; certain medications that a person
may be taking can affect their gait, of course.

221
00:32:51.660 --> 00:32:59.820
Some kind of physical problem can affect their
Gait. All right.
So that one was pretty easy.

222
00:33:01.920 --> 00:33:02.460


223
00:33:08.160 --> 00:33:13.200
Security Solutions. Which security

224
00:33:13.200 --> 00:33:20.100
measure would you recommend for
administrators who want to be alerted

225
00:33:20.100 --> 00:33:28.620
every time there is anomalous traffic or activity
on their network without the attacker being aware?

226
00:33:28.620 --> 00:33:37.200
NIDS?

227
00:33:38.820 --> 00:33:43.800
So everybody's on the network intrusion detection.

228
00:33:44.700 --> 00:33:54.000
Yes. Anything else? So what's
wrong here? What's obviously wrong?

229
00:33:58.500 --> 00:34:09.180
So when you see the word network right
then we're not talking about host intrusion.

230
00:34:09.900 --> 00:34:15.420
So that's incorrect. What do you
guys think about the last choice?

231
00:34:16.260 --> 00:34:22.800
We're not talking about storage - no
not at all - so again knowing the acronyms

232
00:34:22.800 --> 00:34:29.460
those two are ruled out pretty much
right away. How about the third choice?

233
00:34:32.160 --> 00:34:32.940
What is that?

234
00:34:37.500 --> 00:34:41.820
So we're talking about
privileged access management

235
00:34:43.800 --> 00:34:50.820
as an identity security solution that helps
protect organizations against cyber threat by

236
00:34:50.820 --> 00:34:59.100
monitoring detecting and preventing unauthorized
privileged access to critical resources.

237
00:35:00.180 --> 00:35:08.700
That could be considered the misdirector here
If we had to choose one but the correct answer

238
00:35:09.780 --> 00:35:11.400
Network Intrusion Detection.

239
00:35:13.620 --> 00:35:14.220


240
00:35:22.920 --> 00:35:23.420


241
00:35:26.100 --> 00:35:33.720
This one’s entitled PowerPoint: You and your co-worker are on the way to a work conference

242
00:35:35.040 --> 00:35:43.200
While in the van you realize you need to share the
PowerPoint presentation with them for your speech.

243
00:35:44.280 --> 00:35:51.660
if there is no Wi-fi connectivity on the van
and you only have the PowerPoint on your laptop

244
00:35:52.500 --> 00:35:59.220
what is the most secure efficient and
cost-effective action you should take.

245
00:36:01.080 --> 00:36:03.900
Take a moment look over your choices.

246
00:36:12.360 --> 00:36:12.860
Yeah.

247
00:36:14.400 --> 00:36:28.560
We have some responses in the chat: D, A, D. So it looks like people are gravitating

248
00:36:28.560 --> 00:36:36.000
towards save the PowerPoint file to a thumb
drive or connect your laptops.

249
00:36:36.000 --> 00:36:45.900
Choice one would not be considered efficient 

250
00:36:48.060 --> 00:36:54.600
use your personal smart phones hotspot to
email the PowerPoint. Is that a good choice?

251
00:36:59.160 --> 00:37:06.060
There's no wi-fi though, but you said personal smartphone. Never mind.

252
00:37:07.500 --> 00:37:16.620
So not secure and the fourth not really efficient
that leaves us with Implement Wi-Fi Direct.

253
00:37:17.580 --> 00:37:26.820
 Wi-Fi Direct is a connection that allows for
device to device communication linking devices

254
00:37:26.820 --> 00:37:35.520
together without a nearby centralized network.
One device acts as an access point and the other

255
00:37:35.520 --> 00:37:43.620
device connects to it using Wi-Fi protected setup
and Wi-Fi protective access security protocols

256
00:37:44.760 --> 00:37:51.720
 so Wi-Fi direct to transfer
the PowerPoint file is the choice.

257
00:37:54.120 --> 00:38:03.300
I have a question.
Go ahead.
Is this also like  for Apple devices like airdrop?

258
00:38:04.380 --> 00:38:10.320
I believe it is. I’m not well versed
with Apple devices to be honest with you

259
00:38:11.400 --> 00:38:16.140
but I think it's close .
Thank you.

260
00:38:22.260 --> 00:38:23.640
Firmware elements.

261
00:38:25.860 --> 00:38:34.560
You need to analyze the boot log of your PC to
ensure that there are no signs of compromise

262
00:38:35.340 --> 00:38:47.220
like the presence of unsigned drivers if the PC
can only boot with trusted operating systems which

263
00:38:47.220 --> 00:38:56.280
firmware elements are most likely cousin? Choose
Two. Take a moment and look your choices over.

264
00:38:59.340 --> 00:39:08.100
Let’s see what we have.

265
00:39:10.740 --> 00:39:24.060
Two and four. TPM, UEFI.
So first of all what is firmware?

266
00:39:28.620 --> 00:39:29.460
What do you think?

267
00:39:40.860 --> 00:39:50.880
So let's talk about that and define
the term firmware - software that provides

268
00:39:53.100 --> 00:39:57.960
Is it something like…

269
00:39:59.940 --> 00:40:03.720
Say again please.
I'm gonna type it.

270
00:40:05.820 --> 00:40:12.120
Let's take a look at the chat you got
there  
Right programming and non-volatile

271
00:40:12.120 --> 00:40:20.280
Memory…
So firmware is software that
provides basic machine instructions that

272
00:40:20.280 --> 00:40:26.040
allow hardware to function and communicates
with other software running on a device.

273
00:40:27.180 --> 00:40:31.740
Firmware provides low level
control for devices, hardware

274
00:40:32.760 --> 00:40:43.320
sometimes known as embedded software. 
So EAP is that something we would consider

275
00:40:45.660 --> 00:40:46.740
What is EAP?

276
00:40:55.380 --> 00:41:01.560
So EAP is Extensible Authentication Protocol.

277
00:41:07.980 --> 00:41:09.420
is that a firmware element?

278
00:41:11.160 --> 00:41:19.680
No, it’s a protocol for wireless networks  so that's out of the running. 

279
00:41:21.900 --> 00:41:25.200
How about HSM? Is that firmware?

280
00:41:28.440 --> 00:41:29.700
What is HSM?

281
00:41:36.660 --> 00:41:44.700
So HSM is not firmware. That is an
acronym for Hardware Security Module

282
00:41:45.600 --> 00:41:54.300
which is a physical device that provides
extra security for sensitive data so

283
00:41:56.700 --> 00:42:10.920
that leaves us with UEFI, NTPM. So
unified extensible firmware interface

284
00:42:10.920 --> 00:42:22.560
has the word firmware so again knowing your
acronyms is important and then TPM. What is TPM?

285
00:42:23.220 --> 00:42:37.920
Trusted Platform Module. Yes, exactly  and so
that is going to qualify as an acceptable answer.

286
00:42:39.120 --> 00:42:52.920
What does UEFI stand for? I have
Unified Extensible Firmware Interface. Thank you

287
00:42:56.760 --> 00:42:57.300


288
00:42:59.760 --> 00:43:00.840
All right.

289
00:43:08.880 --> 00:43:13.320
That leaves us with API.

290
00:43:17.700 --> 00:43:28.260
Which of the following terms best describes
the API based process of substituting the

291
00:43:28.260 --> 00:43:41.280
transmission of sensitive authentication or
authorization data with unique abstract signed

292
00:43:41.280 --> 00:43:48.180
metadata in order to reference the original
information without compromising its security?

293
00:43:50.100 --> 00:43:53.940
So the question is what are we describing here?

294
00:44:08.640 --> 00:44:11.100
I have some responses coming into the chat

295
00:44:19.620 --> 00:44:22.620


296
00:44:23.700 --> 00:44:24.600
Let's see we have

297
00:44:27.000 --> 00:44:28.860
Hashing.

298
00:44:31.200 --> 00:44:37.920
Encryption. Hashing. Hmmmm.

299
00:44:40.200 --> 00:44:40.700


300
00:44:44.340 --> 00:44:52.860
So we are substituting the transmission of
sensitive authentication or authorization data

301
00:44:53.580 --> 00:45:01.020
substituting it with unique
abstract signed metadata.

302
00:45:02.820 --> 00:45:08.100
the goal is to reference the original
but without compromising its security.

303
00:45:10.440 --> 00:45:17.640
So we have some more coming
into the chat. See what we have.

304
00:45:20.400 --> 00:45:37.200
Ah, Token and D. Sure.
So the correct
answer here is tokenization and let's think

305
00:45:37.200 --> 00:45:48.480
about this. Encryption vs. tokenization. What do you think is the difference?

306
00:45:50.160 --> 00:45:57.540
The substituting part ?
Which are you talking about?
Encryption

307
00:45:58.440 --> 00:46:07.080
or tokenization.

308
00:46:09.900 --> 00:46:19.440
what are we basically doing wrapping
the information so we're scrambling

309
00:46:19.440 --> 00:46:27.660
sensitive data. This also implies more
than likely the use of keys to decrypt it.

310
00:46:29.460 --> 00:46:38.760
Encryption equals scrambling
token equals substitute so tokenization involves

311
00:46:38.760 --> 00:46:46.680
swapping sensitive data for a token that must then
be presented in order to retrieve the data without

312
00:46:46.680 --> 00:46:57.180
using keys. Big difference. What
are we talking about here?

313
00:47:05.040 --> 00:47:11.220
Is it when you and I could be wrong is it
when you put other data over that data like

314
00:47:11.220 --> 00:47:18.120
data so you can't recognize what it is?
Yeah, 
What's an application data masking?

315
00:47:20.160 --> 00:47:24.000
Stenography

316
00:47:24.780 --> 00:47:31.740
Something which protects sensitive data so

317
00:47:31.740 --> 00:47:38.760
some common use cases the password
when you hide the password -h

318
00:47:40.020 --> 00:47:43.020
When someone types a password
and a dots come up does that count?

319
00:47:44.280 --> 00:47:53.100
 Yeah, that enables the set the use
of a data set without exposing the real data so

320
00:47:53.100 --> 00:47:58.020
if you're talking about  every time
you hit a key you see a little star up here

321
00:47:58.020 --> 00:48:04.440
on the screen yeah so that doesn't expose the real
data and it does present us with a type of token

322
00:48:05.640 --> 00:48:11.760
 other use cases could be things
like software testing or user training

323
00:48:12.840 --> 00:48:19.680
Typically a way of creating a similar
version of data that can be used for purposes

324
00:48:19.680 --> 00:48:27.900
such as software testing  but yeah so
that's masking and what about hashing?

325
00:48:33.420 --> 00:48:43.560
 So if we talk about hashing we are talking
about it typically an algorithm for what we more

326
00:48:43.560 --> 00:48:52.680
commonly would call a one-way function and it
takes some data as an input and then outputs

327
00:48:53.520 --> 00:48:57.180
a single numeric value. Let’s see we have here

328
00:48:59.280 --> 00:49:02.400
transferring the key to a string 

329
00:49:03.720 --> 00:49:09.780
so why would we use hashing what what
does it get us what does it do for us

330
00:49:16.800 --> 00:49:31.920
password code  
If I was going to talk about
one of the three basic tenants of cyber security

331
00:49:32.820 --> 00:49:40.560
there we go - integrity 

332
00:49:42.900 --> 00:49:52.020
so the numeric value can be stored transmitted
it can be used to verify the Integrity of data

333
00:49:52.020 --> 00:50:00.180
that was hashed  and this is commonly
seen for example if you are downloading a

334
00:50:00.180 --> 00:50:12.660
file something right  perhaps an image maybe an
ISO image and oftentimes a hash is presented with

335
00:50:12.660 --> 00:50:19.740
it so that you can check once you've downloaded
the data that the Integrity has been maintained

336
00:50:19.740 --> 00:50:30.060
because the hash value is the same  let's see
what else TCP Communications  what about it

337
00:50:40.920 --> 00:50:44.160
Jordan can you explain that a bit?

338
00:50:52.440 --> 00:50:59.760
Utilizing hashing to verify Integrity.
Any other thoughts on this?

339
00:51:04.440 --> 00:51:14.760
 so again the correct answer is tokenization