WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:22.620 --> 00:00:27.180
okay good evening everybody and
welcome to this review session

3
00:00:28.320 --> 00:00:39.420
the topic tonight is internet encryption part two
all right and we are going to start with pop3s

4
00:00:42.720 --> 00:00:49.080
okay so um I'll go ahead and read the question
give everybody a little bit of time to take a

5
00:00:49.080 --> 00:00:56.940
look at the responses and then we're going to go
ahead and see what you think is the right answer

6
00:00:57.780 --> 00:01:05.160
we'll move on and proceed that way okay you have
just interviewed for a new position and you got

7
00:01:05.160 --> 00:01:11.880
the job the HR manager told you to check with
your to check your email with instructions on the

8
00:01:11.880 --> 00:01:21.240
next steps so you log into your email account once
connected to your email server what does pop3s do

9
00:01:23.340 --> 00:01:29.100
please take a moment look over these
responses and then we will see what you think

10
00:01:37.500 --> 00:01:43.560
you can go ahead and put responses in the chat
or you can use your microphone if you wish

11
00:01:49.260 --> 00:01:56.940
okay so we have some coming in responses
coming in and we have a vote for a and

12
00:01:56.940 --> 00:02:11.040
two votes for C it looks like um so looking at
the responses take a look at the port numbers

13
00:02:13.500 --> 00:02:14.400
does that help you

14
00:02:18.900 --> 00:02:27.660
yes okay all right now let's see
another vote it's definitely not

15
00:02:27.660 --> 00:02:36.720
D because pop3s is not called secure post
office protocol okay and another vote for C

16
00:02:37.740 --> 00:02:51.240
Okay so pop3s uses the TCP protocol on
port number which we have two choices here

17
00:02:52.740 --> 00:03:00.480
I was thinking it wasn't 110 because POP3 uses 110
so if it's s it would use a different port that is

18
00:03:00.480 --> 00:03:10.860
absolutely correct it is TCP over Port 995 okay
um so that's your first step in sort of you know

19
00:03:11.520 --> 00:03:19.980
discarding at least one of the answers and then
we want to look at the other three choices which

20
00:03:20.640 --> 00:03:27.300
you know the first one kind of stands out because
Port 995 is what we're looking for but you still

21
00:03:27.300 --> 00:03:31.740
want to read the other choices and make sure
that there's nothing in there and of course you

22
00:03:31.740 --> 00:03:38.760
want to read the first choice so pop3s enables a
client to securely access email messages stored

23
00:03:38.760 --> 00:03:50.340
in a mailbox on a remote server via TCP Port
995 by default okay all right in the second

24
00:03:51.420 --> 00:03:59.040
pop3s client application securely deletes the
contents of his or her mailbox for improved

25
00:03:59.040 --> 00:04:06.060
processing on the local PC before the user is
authenticated what do you think about that choice

26
00:04:09.660 --> 00:04:14.280
I was thinking it's a little extreme
because of the question about checking

27
00:04:14.280 --> 00:04:22.560
a mailbox yeah so Choice B is eliminated
as well as Choice C that really leaves us

28
00:04:22.560 --> 00:04:31.140
with A and D or the first and the last the
secure post office protocol version three

29
00:04:31.980 --> 00:04:38.820
receives email message from an email
server to store on a cloud application

30
00:04:42.120 --> 00:04:45.840
does that do anything to
change everybody's thinking

31
00:04:55.080 --> 00:04:58.380
okay what do you think first choice or Last Choice

32
00:05:04.200 --> 00:05:13.020
okay yeah we got votes for a and that is in
fact the correct answer okay so once again

33
00:05:13.020 --> 00:05:20.760
the importance of knowing port numbers and a
little bit about the protocols involved as well

34
00:05:23.160 --> 00:05:27.120
um also you should know that pop three

35
00:05:28.080 --> 00:05:35.460
not not secure but pop three does not
synchronize between sender and receiver

36
00:05:36.060 --> 00:05:43.140
so once pop tree retrieves emails from an email
server the email server will delete the emails

37
00:05:44.520 --> 00:05:52.500
okay and they're probably throwing that in
there to use this one as a misdirector okay

38
00:05:54.660 --> 00:05:55.260
all right

39
00:05:57.960 --> 00:05:58.980
next question

40
00:06:03.660 --> 00:06:12.180
remote access VM okay what type
of connection concentrator would

41
00:06:12.180 --> 00:06:18.420
you use to gain remote access to your
Cloud VMS from your corporate Network

42
00:06:19.140 --> 00:06:25.680
so you don't need to give your Cloud VMS public IP
addresses and in this one you're asked to choose

43
00:06:25.680 --> 00:06:31.620
all of the answers that apply please take
take a moment and look over the responses

44
00:06:41.160 --> 00:06:47.280
okay all right let's see what everybody's
thinking here so we've got responses in the chat

45
00:06:48.120 --> 00:07:00.600
okay so looks like we have a lot of VPN
responses okay all right so we can check that um

46
00:07:02.640 --> 00:07:09.060
what do you think about HSM what is HSN

47
00:07:11.160 --> 00:07:11.940
anybody

48
00:07:21.480 --> 00:07:24.960
is it a Hardware security module yes it is

49
00:07:27.360 --> 00:07:36.720
Okay so probably doesn't really qualify it
as a connection concentrator that leaves

50
00:07:37.320 --> 00:07:40.200
forward web proxy or jump box

51
00:07:46.080 --> 00:07:53.040
okay all right so if we don't
think it's the second choice

52
00:07:54.120 --> 00:08:00.180
that leaves us with the first and
fourth so what are you thinking

53
00:08:13.560 --> 00:08:19.560
since it's a choose all that apply obviously you
know there's going to be more than one choice

54
00:08:21.300 --> 00:08:26.040
um sometimes in fact most of the time I think it's

55
00:08:26.040 --> 00:08:31.860
important to remember that you're looking
for the best answer or best answers okay

56
00:08:36.720 --> 00:08:43.800
personally I'm not familiar with a jump box
okay so this is jump box the same as like um

57
00:08:45.900 --> 00:08:55.800
um Bastion not exactly no the jump box
also is sometimes known as a jump server

58
00:08:56.340 --> 00:09:03.720
allows access to endpoints on a remote
land from a local connection Where You Are

59
00:09:06.960 --> 00:09:08.700
how about the forward proxy

60
00:09:13.380 --> 00:09:21.660
because that's going to retrieve data right
perhaps hold on to it so that really doesn't

61
00:09:21.660 --> 00:09:30.000
fit the description of a connection concentrator
and that really leaves us with the two best

62
00:09:30.000 --> 00:09:39.840
answers being jump box and VPN Hardware security
module is a network device okay Let's see we have

63
00:09:39.840 --> 00:09:48.420
another response here jump box yeah okay so
the correct answers here are VPN and jump ups

64
00:09:51.000 --> 00:09:52.920
all right let's move on

65
00:09:58.320 --> 00:10:05.160
okay server configuration oh boy
this is one of those long ones

66
00:10:06.240 --> 00:10:13.140
um this is also probably a good time to remind
everybody to a read questions very carefully

67
00:10:13.860 --> 00:10:19.260
be read them twice It's always important
to know what you're being asked for

68
00:10:20.220 --> 00:10:28.020
okay you have your critical customer web servers
running Linux in your DMZ open to the internet

69
00:10:28.860 --> 00:10:35.280
and the web admin group insists on being
able to log into these systems as root by

70
00:10:35.280 --> 00:10:48.360
a SSH from home over the internet [Music] also
customer data is stored unencrypted on a disk

71
00:10:49.140 --> 00:10:55.500
as the corporate security lead you've been tasked
with ensuring that these servers are hardened

72
00:10:56.400 --> 00:11:03.300
which of the following server config
ideas could you propose to be enforced

73
00:11:03.900 --> 00:11:10.800
to increase the security profile of these
web servers and mitigate against customer

74
00:11:10.800 --> 00:11:19.260
data loss from many intrusions and this time
we're asked to take to choose two answers okay

75
00:11:34.800 --> 00:11:41.160
okay so what do you see that can
be eliminated fairly straight away

76
00:11:46.080 --> 00:11:46.920
second answer

77
00:11:49.680 --> 00:11:50.460
this one

78
00:11:53.220 --> 00:11:54.420
hey anybody else

79
00:12:04.080 --> 00:12:05.940
Okay so

80
00:12:07.800 --> 00:12:20.340
if I look at these proposed answers when I see
Port map SSH Port 23 to a non-standard court

81
00:12:21.960 --> 00:12:27.240
etc etc I really don't need to read
much Beyond Port 23 why is that

82
00:12:28.980 --> 00:12:40.500
yeah eliminate B and C SSH is 22.
that is correct that is correct so 23

83
00:12:41.340 --> 00:12:52.800
is telnet okay so that really isn't going to do us
any good here now you know it just so happens that

84
00:12:52.800 --> 00:13:00.780
and I've seen this happen you know it does happen
where uh perhaps you know two out of four answers

85
00:13:00.780 --> 00:13:06.540
are eliminated right off the bat and if you have
to choose more than one that leaves the other two

86
00:13:07.500 --> 00:13:19.320
so portmap SSH ports 22 to a non-standard court on
the DMZ firewall enforce long username passphrases

87
00:13:20.520 --> 00:13:26.220
Force the move of customer files on
disk into a locally encrypted database

88
00:13:27.120 --> 00:13:34.380
so these all sound like techniques that meet
the requirements put forth in the question

89
00:13:35.100 --> 00:13:40.620
okay if you want the admins to
be able to log in as root by SSH

90
00:13:42.900 --> 00:13:50.220
the question says straight up customer data is
stored unencrypted not the best of ideas probably

91
00:13:51.780 --> 00:13:58.200
um you've been tasked with ensuring that the
servers are hardened and you want to increase

92
00:13:58.200 --> 00:14:06.180
the security profile and protect customer
data so the First Choice ticks the boxes

93
00:14:07.500 --> 00:14:17.940
The Last Choice on the DMZ firewall dnat the web
admin home IPS to allow SSH only from those IPS

94
00:14:19.020 --> 00:14:27.600
and that is destination net or network address
translation enforce dual Factor authentication for

95
00:14:27.600 --> 00:14:35.700
all server logons logins and migrate the customer
files to a separate secure database server and

96
00:14:35.700 --> 00:14:43.620
those suggestions tick the Box so we are left
with the first and the fourth choices here

97
00:14:46.140 --> 00:14:52.680
as the best answers or the best solutions
to the scenario posed in this question

98
00:14:55.320 --> 00:15:02.160
okay um just gonna put this up here for a moment

99
00:15:04.800 --> 00:15:15.540
um and you can see it looks pretty much like
a pretty standard options UI with choices for

100
00:15:15.540 --> 00:15:22.080
protocol and ports and so forth I don't know that
we necessarily need this to answer the question

101
00:15:23.100 --> 00:15:33.060
so I'm going to get rid of that okay you are
configuring a Wan slash land firewall router

102
00:15:34.020 --> 00:15:38.160
to accept and forward all incoming email traffic

103
00:15:38.940 --> 00:15:49.440
for your MX server traffic from the internet
to your internal email server on 192.168.2.100

104
00:15:49.980 --> 00:16:02.160
in your DMZ what originating port protocol and
forward to court do you need to configure for

105
00:16:02.160 --> 00:16:09.900
this to work okay please take a moment and look
at these choices and when you're ready pick one

106
00:16:14.280 --> 00:16:17.220
okay so what's the obvious one to eliminate

107
00:16:23.100 --> 00:16:29.880
and response in a chat hey yes
Port 80 not what we're looking for

108
00:16:31.500 --> 00:16:35.940
okay so that leaves us with e c and d

109
00:16:41.100 --> 00:16:50.280
okay let's see what we have in response okay
and that's the one to eliminate okay so uh b c

110
00:16:50.280 --> 00:16:59.400
and d remaining do you see any others that are
obvious to eliminate or maybe not so obvious

111
00:17:02.220 --> 00:17:05.820
well clearly this is going to take
some knowledge of port numbers

112
00:17:07.260 --> 00:17:11.580
so what are we talking about with Port 25

113
00:17:18.300 --> 00:17:22.440
that's an MTP okay how about 143

114
00:17:25.980 --> 00:17:26.520
foreign

115
00:17:29.040 --> 00:17:38.340
we have some responses in the chat it's
interviewing yeah 143 yes 143 with question marks

116
00:17:39.840 --> 00:17:40.500
okay

117
00:17:42.540 --> 00:17:46.800
so IMF yes okay so

118
00:17:50.040 --> 00:17:57.840
one other thing to look at is the protocol can
you eliminate another answer based on the protocol

119
00:18:02.700 --> 00:18:12.180
well when can you eliminate B yeah it would
eliminate the UDP is not used so once we've

120
00:18:12.180 --> 00:18:19.800
gone through that little mental exercise that
leaves us with choices C and D okay and when

121
00:18:21.240 --> 00:18:34.020
email is delivered servers communicate using
TCP over port 25. okay so as we've already

122
00:18:34.980 --> 00:18:51.240
mentioned UDP is not going to be used Port 80
and also 143 which is IMAP is not used in the

123
00:18:51.240 --> 00:19:02.100
context of an email Gateway okay so that really
leaves us with Choice d as the correct answer

124
00:19:05.700 --> 00:19:06.200
um

125
00:19:08.100 --> 00:19:13.980
so there's mention here in the
question of MX server traffic

126
00:19:16.020 --> 00:19:18.000
um what do you think they're getting at

127
00:19:22.920 --> 00:19:30.660
okay so if you kind of dig into this a little
bit um at least my interpretation and I'm

128
00:19:31.620 --> 00:19:44.400
is is that we're talking about records MX records
as opposed to a records in DNS and so they are

129
00:19:44.400 --> 00:19:53.940
useful because the MX record record differentiates
between for example web and email servers okay

130
00:19:55.620 --> 00:20:00.660
so further clue there okay

131
00:20:04.740 --> 00:20:06.420
let's go on to the next question

132
00:20:15.180 --> 00:20:18.420
okay fde nice

133
00:20:20.700 --> 00:20:28.200
Jenny has a Windows laptop that contains a
single disk that holds the system files and data

134
00:20:29.220 --> 00:20:33.720
she would like to be to enable full
disk encryption on her computer

135
00:20:34.800 --> 00:20:41.280
but her TPM has been damaged what should
Jenny configure if she is still required

136
00:20:41.280 --> 00:20:56.220
to store the cryptographic key securely okay so um
acronyms which never ever go away uh what is TPM

137
00:20:58.140 --> 00:21:03.360
trusted platform module yes very
good trusted platform module

138
00:21:04.320 --> 00:21:14.160
however in the scenario the TPM has been
damaged so now we have to figure out

139
00:21:15.360 --> 00:21:23.640
how he goal can be accomplished of
storing the cryptographic key securely

140
00:21:29.460 --> 00:21:35.100
so the first thing again and I always tend to
do this and I think most people would take the

141
00:21:35.100 --> 00:21:41.820
test too you look at something that is either
obviously wrong or probably wrong okay we got

142
00:21:41.820 --> 00:21:51.540
responses in the chat Okay so I know VPN
is not it yeah I know everybody in there

143
00:21:53.280 --> 00:22:01.020
everybody had said to see and that's correct
so apparently we have lots of Windows users

144
00:22:02.160 --> 00:22:13.380
um BitLocker is is not going to work okay
um let's see TPM 1.2 or better is required

145
00:22:15.060 --> 00:22:22.980
um VPN not really making too much sense for what
we're trying to do which is store cryptographic

146
00:22:22.980 --> 00:22:30.360
Key securely and a firewall that will filter
unauthorized people from accessing the key that's

147
00:22:30.360 --> 00:22:40.020
kind of a silly answer so it really does leave us
your choice scene okay all right doing good so far

148
00:22:41.820 --> 00:22:43.380
let's move on to the next one

149
00:22:51.960 --> 00:22:55.560
okay and it seems to be hiding somewhere

150
00:22:57.360 --> 00:23:08.640
here we go okay iot device you need to allow
internet connection and management of an embedded

151
00:23:09.180 --> 00:23:16.020
iot device on your internal network but you
don't want to expose standard ports to the

152
00:23:16.020 --> 00:23:23.340
open internet what type of router slash
firewall configuration allows for this

153
00:23:24.600 --> 00:23:30.540
okay take a moment look at our
choices let's see what you think

154
00:23:35.160 --> 00:23:39.900
okay so once again we're
looking for something that's

155
00:23:41.280 --> 00:23:45.360
that can be easily eliminated or
fairly at least easily eliminated

156
00:23:46.200 --> 00:23:55.260
we have some responses in the chat and okay
see two responses for C okay is that what

157
00:23:55.260 --> 00:24:00.960
you think can be easily eliminated or is that
what you think we need to do for this question

158
00:24:05.580 --> 00:24:08.580
C is the answer okay all right

159
00:24:09.960 --> 00:24:18.060
okay and let's see we have another response
eliminate a okay that's that's very interesting

160
00:24:19.200 --> 00:24:28.260
um if we were going to choose something obvious
to eliminate anybody have a suggestion there

161
00:24:33.840 --> 00:24:42.360
okay we have a response in the chat
B okay oh that's really interesting

162
00:24:44.340 --> 00:24:52.800
okay so I would have said D Port encapsulation
when I think about encapsulating a court I think

163
00:24:52.800 --> 00:25:03.120
of things like trunking encapsulations like
802.1 Q which really doesn't do much for us um

164
00:25:05.580 --> 00:25:10.500
you know stateful packet inspection

165
00:25:12.660 --> 00:25:15.540
um I don't think that fits the bill either

166
00:25:22.800 --> 00:25:28.440
so let's say we're left with
port forwarding and dnet

167
00:25:33.720 --> 00:25:44.520
okay so destination that or network address
translations translates destination IP addresses

168
00:25:45.900 --> 00:26:01.200
uh usually of internal devices protected um by
the device to public IP addresses hmm we want

169
00:26:01.200 --> 00:26:08.280
to allow an internet connection and management of
an embedded iot device on your internal Network

170
00:26:10.020 --> 00:26:16.440
so what we're really talking about here is
Let's see we have something in the chat we

171
00:26:17.100 --> 00:26:26.880
is a port forwarding support forwarding Maps
external IP addresses and ports to internal

172
00:26:26.880 --> 00:26:33.360
IP addresses and ports allowing access
to internal services from the internet

173
00:26:34.860 --> 00:26:41.580
um there's a fairly popular example
of this does anybody know what it is

174
00:26:46.860 --> 00:26:49.500
maybe something you'd like
to do in your spare time

175
00:26:56.880 --> 00:27:03.000
which sadly I don't have enough of but
if I did I might play a few more games

176
00:27:03.960 --> 00:27:06.840
right and I might have to
do some Port mapping there

177
00:27:07.920 --> 00:27:17.700
report forwarding at least I think that's the
the popular use of this as I said I haven't

178
00:27:17.700 --> 00:27:27.360
had too much time to play lately but uh maybe
this summer okay let's move on to the next one

179
00:27:34.140 --> 00:27:42.420
okay so we have a question on reconnaissance a
threat actor is looking for ways to penetrate

180
00:27:42.420 --> 00:27:51.180
an organization's Network their first step is to
perform reconnaissance where they try to discover

181
00:27:51.180 --> 00:28:00.240
which network services are open that shouldn't be
which tools should they use to carry out this step

182
00:28:07.140 --> 00:28:15.420
okay so we got some responses in the chat pretty
quickly okay so let's see what you're thinking

183
00:28:19.320 --> 00:28:28.980
wow okay it looks like everybody's thinking Choice
C so yes that is the overwhelming choice and it is

184
00:28:28.980 --> 00:28:38.700
absolutely correct um protocol analyzer is
not going to help right we are looking for

185
00:28:39.420 --> 00:28:45.840
ports that are open and services that are open
that should not be these represent vulnerabilities

186
00:28:49.920 --> 00:28:56.220
that can be exploited um Port scanner
is the tool you're looking for

187
00:28:56.940 --> 00:29:03.600
protocol analyzers really just
capture transmittent traffic

188
00:29:04.980 --> 00:29:12.900
and open source intelligence that's
not really what we're looking for here

189
00:29:14.340 --> 00:29:26.100
um vulnerability scanners these can give us the
information we're looking for they are sometimes

190
00:29:26.820 --> 00:29:32.280
a bit more intrusive and because
the question mentions reconnaissance

191
00:29:34.320 --> 00:29:40.740
the implication is that the threat
actor is at this point still trying

192
00:29:40.740 --> 00:29:48.480
to remain unnoticed or at least as much as
possum possible so really the best choice

193
00:29:48.480 --> 00:29:57.180
the best answer for this question is Port
scanner okay let's move to the next question

194
00:30:04.320 --> 00:30:05.100
okay

195
00:30:09.540 --> 00:30:10.040
okay

196
00:30:11.640 --> 00:30:21.060
SNMP version three encryption algorithm you are
required to add encryption support to your SNMP

197
00:30:21.060 --> 00:30:28.380
version 3 implementation which of the following
encryption algorithms are you able to use

198
00:30:30.420 --> 00:30:31.140
choose two

199
00:30:37.200 --> 00:30:40.920
okay so what's what's obviously
not a good choice here

200
00:30:44.640 --> 00:30:50.220
maybe three days three days okay

201
00:30:54.060 --> 00:31:01.080
see we have some responses in the
chat C and D are the answers okay

202
00:31:02.160 --> 00:31:07.860
I think the obvious one to eliminate is md5

203
00:31:11.580 --> 00:31:12.480
why is that

204
00:31:19.620 --> 00:31:31.080
because md5 is old compared to shots of 56. it is
and it is very very easily broken it is as you as

205
00:31:31.080 --> 00:31:38.640
you know uh yeah one-way hashing algorithm
so we can eliminate that right off the bat

206
00:31:39.900 --> 00:31:47.820
um we're talking about encryption so
we have advanced encryption standard

207
00:31:49.380 --> 00:31:54.660
maybe as an answer that sticks out
as being correct what do you think

208
00:31:55.260 --> 00:32:02.760
does anybody agree with that yes
okay so we'll choose that one we'll

209
00:32:02.760 --> 00:32:11.580
eliminate the second choice that leaves
us with sha-256 and triple this foreign

210
00:32:11.580 --> 00:32:23.220
256 because it's a hashing algorithm yeah secure
hash algorithm yeah I've probably eliminated for

211
00:32:23.220 --> 00:32:32.640
that when they specifically ask about encryption
and also excuse me triple data encryption standard

212
00:32:33.180 --> 00:32:43.200
is also widely used and it's a fact that
currently SNMP version 3 supports both of these

213
00:32:45.360 --> 00:32:57.240
um excuse me so yeah those would be my two
choices and I believe they are the correct choices

214
00:32:58.740 --> 00:33:06.540
um tell you what we can take a look at what cyber
range thinks Let's test it out here oh yeah okay

215
00:33:08.040 --> 00:33:09.660
we have chosen wisely

216
00:33:12.060 --> 00:33:12.720
okay

217
00:33:14.340 --> 00:33:22.200
SNMP question mark simple Network management
protocol and in this case version three

218
00:33:24.900 --> 00:33:26.280
very important protocol

219
00:33:29.040 --> 00:33:29.640
okay

220
00:33:34.380 --> 00:33:36.840
all right so let's move on to the next question

221
00:33:42.060 --> 00:33:51.420
okay transport layer oh okay this is nice
when this happens by the way you get nice

222
00:33:51.420 --> 00:33:56.580
easy questions which of the following
is true regarding the transport layer

223
00:33:59.760 --> 00:34:09.000
I can tell you right now on the B and C are
incorrect okay yeah it's not layer seven what

224
00:34:09.000 --> 00:34:20.040
is layer seven in the OSI model application yeah
and so yes that is not correct this choice is

225
00:34:20.040 --> 00:34:25.500
not correct and the last choice that says no
options are correct I don't buy that either

226
00:34:26.820 --> 00:34:30.840
it's the first choice transport
layer involves port numbers

227
00:34:32.640 --> 00:34:42.420
um and I guess while we're we're on this um topic
here um and and you can do this however you wish

228
00:34:44.100 --> 00:34:57.120
for questions that involve memorization of
several related items such as the OSI model

229
00:34:58.380 --> 00:35:02.340
um it's nice to have a mnemonic
device to help you with this

230
00:35:02.940 --> 00:35:09.900
and you've probably heard this before but it Bears
out mentioning uh if you're trying to remember

231
00:35:11.220 --> 00:35:18.960
um the layers of the OSI model uh one of the
ones used is is from the top down actually from

232
00:35:20.100 --> 00:35:26.820
um layer seven to the bottom and that is
all people seem to need data processing

233
00:35:27.720 --> 00:35:33.660
and so the first letter of each of those
happen excuse me application presentation

234
00:35:34.500 --> 00:35:39.360
session transport network data link and physical

235
00:35:41.400 --> 00:35:44.460
um and then let's see there's another one

236
00:35:44.460 --> 00:35:48.540
that comes to mind please do
not throw sausage pizza away

237
00:35:49.320 --> 00:35:56.700
that's from the bottom up um but whatever works
for you okay let's move on to the next question

238
00:36:05.460 --> 00:36:09.180
okay this question involves registry access

239
00:36:11.340 --> 00:36:11.880
okay

240
00:36:14.040 --> 00:36:21.060
your developers have written an application
called Finance one that runs on a domain joined

241
00:36:21.060 --> 00:36:32.400
Windows Server called server 10. when Finance
one runs it writes to a specific registry team

242
00:36:33.480 --> 00:36:40.920
you need to allow this app to access writing
to the registry how should you accomplish this

243
00:36:42.780 --> 00:36:46.920
and of course the first thing that
comes to my mind is very very carefully

244
00:36:53.340 --> 00:36:57.120
okay take a look at choices and
let's see what you're thinking

245
00:37:01.320 --> 00:37:05.040
as usual looking for something
that's easily eliminated

246
00:37:05.940 --> 00:37:12.120
at least one eliminate a
because it's an executable file

247
00:37:14.880 --> 00:37:23.400
um okay no I don't think I do that are
you you're referring to using regedit.exe

248
00:37:26.460 --> 00:37:30.540
yeah so now I wouldn't eliminate a okay um

249
00:37:33.000 --> 00:37:38.220
B yeah yeah it kind of
doesn't make sense uh for me

250
00:37:40.200 --> 00:37:49.020
and maybe I've just been lucky enough to get
burned a few times by um messing with the registry

251
00:37:49.020 --> 00:37:58.140
not terribly bad though I always back it up of
course um but the last answer d um set server

252
00:37:58.140 --> 00:38:06.600
tends registry to be World writable I don't even
like the way that sounds right yeah not even close

253
00:38:07.380 --> 00:38:14.700
it is it does sound absolutely
like a disaster waiting to happen

254
00:38:15.600 --> 00:38:26.160
okay um let's see Choice C set up a scheduled
job to drop all right access to the registry

255
00:38:26.820 --> 00:38:33.180
for only the time that Finance one runs I
mean that's that's impractical that's really

256
00:38:34.380 --> 00:38:44.940
not a good choice so create a registry entry to
store Finance one's password yeah I don't think

257
00:38:44.940 --> 00:38:53.100
so the the correct answer here is in fact a create
a service account for finance one and assign the

258
00:38:53.100 --> 00:39:01.740
account the appropriate registry permissions
and it is done using regenerative um it

259
00:39:02.700 --> 00:39:08.880
it's it doesn't really necessarily have anything
to do with you know you're using a Microsoft

260
00:39:08.880 --> 00:39:17.040
operating system or whatever it is you're using
but when you were going to do things that involved

261
00:39:17.760 --> 00:39:24.000
changes to critical components especially
of things like operating systems

262
00:39:25.020 --> 00:39:31.620
um you always want to play by the
rules um and typically the rules

263
00:39:31.620 --> 00:39:38.040
of you know in this case Microsoft
so yeah a is the correct answer here

264
00:39:40.920 --> 00:39:44.640
okay and let's move on to the next question

265
00:39:55.200 --> 00:40:00.900
okay I think it's this one no it is not

266
00:40:03.540 --> 00:40:13.080
it's this one okay great okay ipsec how do
the ipsec tunnel mode and transport mode

267
00:40:13.080 --> 00:40:19.200
relate to each other take a moment look at
your choices let's see what you're thinking

268
00:40:25.260 --> 00:40:37.620
okay so we have some responses in the chat Let's
see we have votes for answer C okay wow all right

269
00:40:38.940 --> 00:40:45.300
tunnel mode encapsulates the original Ip
packets and transport mode encrypts payload data

270
00:40:45.840 --> 00:40:48.240
and this is the correct answer for this question

271
00:40:49.080 --> 00:40:56.700
if we look at the first both utilized router
implementation and that's really not true

272
00:40:58.020 --> 00:41:08.160
um tunnel mode is commonly used between gateways
transport mode is more of an end-to-end and you

273
00:41:08.160 --> 00:41:15.360
know I suppose a Gateway could be involved if it
was considered a host but that's not usual okay

274
00:41:15.360 --> 00:41:27.300
and then um let's see both ad and authentication
header after the IP header and that is incorrect

275
00:41:28.380 --> 00:41:36.660
um actually the do a little research to
remember this it's placed before the IP header

276
00:41:38.040 --> 00:41:43.680
and then tunnel mode is used to secure
Communications between hosts on a private Network

277
00:41:44.640 --> 00:41:50.040
and transport is used for communication
between VPN gateways and it's the opposite

278
00:41:50.040 --> 00:41:57.840
so that's incorrect so yeah C is the
correct answer here okay all right

279
00:42:05.460 --> 00:42:06.360
okay

280
00:42:14.280 --> 00:42:23.340
next question salting how would adding a salt to a
stored password prostrate an attacker who's trying

281
00:42:23.340 --> 00:42:29.880
to crack your password go ahead and take a couple
of seconds or a minute here and look this over

282
00:42:30.720 --> 00:42:33.540
and let's see what you think okay

283
00:42:39.660 --> 00:42:43.260
thanks okay all right

284
00:42:45.660 --> 00:42:52.800
we have more responses in the chat okay
so uh looks like several folks have jumped

285
00:42:52.800 --> 00:43:01.860
right out with the correct answer which is B by
adding a random value to the plain text input

286
00:43:02.460 --> 00:43:08.940
of a hashing algorithm so the attacker
cannot use pre-computed tables or patches

287
00:43:09.600 --> 00:43:20.340
okay um so slowing them down when you put oh
go ahead yes I didn't mean to disrupt I was

288
00:43:20.340 --> 00:43:25.140
just gonna ask you what does salting mean I
don't know if I heard you explain what salty

289
00:43:25.140 --> 00:43:38.340
wise so it is in fact the act of adding random
values to the hashing algorithm so that okay you

290
00:43:38.340 --> 00:43:47.700
know it just makes it that much more difficult for
someone to try to crack what you're hashing okay

291
00:43:49.080 --> 00:43:55.200
um in the First Choice slowing them down when
you put an initial key that's generated from

292
00:43:55.200 --> 00:44:00.060
a user password to thousands of rounds
of hashing now that doesn't make sense

293
00:44:01.260 --> 00:44:08.820
um combining the password hash with a shared
Secret to strengthen the password and integrity

294
00:44:08.820 --> 00:44:16.680
no no I'm not interested in shared Secrets here
including signs and warnings of legal penalty

295
00:44:16.680 --> 00:44:24.420
penalties so I guess at least this shows that
the test makers have this sense of humor um the

296
00:44:24.420 --> 00:44:35.520
correct answer which we've already said is B is
in fact the definition of solving okay all right

297
00:44:46.740 --> 00:44:50.400
okay and the next question

298
00:44:53.280 --> 00:44:54.360
types of hardware

299
00:44:56.400 --> 00:45:02.100
which type of Hardware is needed
if you must perform centralized

300
00:45:02.940 --> 00:45:08.760
public key infrastructure
management for a network of devices

301
00:45:12.660 --> 00:45:18.060
okay take a moment here
and look over these choices

302
00:45:23.880 --> 00:45:37.080
okay now we've got some responses in the chat
okay and they are a a okay so overwhelmingly

303
00:45:37.080 --> 00:45:47.520
the group has selected a and Hardware security
module is correct it's a special trusted Network

304
00:45:48.420 --> 00:45:56.580
computational device that performs cryptographic
operations like key management or key exchange

305
00:45:56.580 --> 00:46:04.320
it is not blockchain in fact the word
centralized just completely blows that

306
00:46:04.320 --> 00:46:12.720
out of the water neither sniper or password
vaults okay all right let's get rid of this

307
00:46:14.820 --> 00:46:26.460
and we have one more here to go over I believe
this one is a rerun and oldie but a goody

308
00:46:28.980 --> 00:46:34.320
oh inappropriate too which type of
Hardware is needed if you decide to

309
00:46:34.320 --> 00:46:38.220
store digital certificates and cryptographic keys

310
00:46:44.580 --> 00:46:50.340
this one should be I think pretty
easy especially after this session

311
00:46:54.060 --> 00:47:05.280
okay lots of responses um I'm betting nobody said
A or B let's take a look oh there it is okay it's

312
00:47:05.280 --> 00:47:14.520
all right this is why we're here so we really
really wouldn't do this um on a thumb drive the

313
00:47:14.520 --> 00:47:25.320
correct answer is trusted platform module okay
and um I wanted to bring this one back because

314
00:47:26.280 --> 00:47:37.680
um if you know by now I mean I think we've seen
HSM and TPM and at least uh three questions maybe

315
00:47:37.680 --> 00:47:46.320
maybe some more and hopefully uh this is really
solidifying the differences between the two

316
00:47:47.040 --> 00:47:56.160
okay um so clearly one HSM is
a network device and TPM is not

317
00:47:57.120 --> 00:48:08.220
okay um on that subject especially since it
may come up remember that BitLocker uses it

318
00:48:09.600 --> 00:48:19.260
um and if I remember correctly I believe one of
the requirements for upgrading to Windows 11 was

319
00:48:20.160 --> 00:48:24.900
that you needed TPM 2.0
module if I remember correctly

320
00:48:26.460 --> 00:48:37.200
um okay all right then so that's it for
the questions on uh part two um okay