WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:22.380 --> 00:00:28.860
good evening everyone I'm Dr Mann and I'd like
to welcome you to tonight's review session

3
00:00:29.520 --> 00:00:37.020
for the Security Plus exam tonight's topic is
threat actors and intelligence Parts one and two

4
00:00:39.660 --> 00:00:47.700
okay our first question tonight involves
attack vectors while adding a new employee

5
00:00:47.700 --> 00:00:55.320
to the configured Network you realize that there
is an additional Wi-Fi network configured that

6
00:00:55.320 --> 00:01:02.580
you were not aware of as the system owner
what term describes what has taken place

7
00:01:03.420 --> 00:01:08.640
please take a few moments look over the answer
choices and then let's see what you're thinking

8
00:01:11.880 --> 00:01:19.620
okay so it looks like we've got
a few votes for d Shadow I.T

9
00:01:21.780 --> 00:01:28.320
and Shadow I.T is in fact the correct
answer Shadow I.T refers to Information

10
00:01:28.320 --> 00:01:33.420
Technology systems deployed by departments
other than the central I.T Department

11
00:01:34.620 --> 00:01:42.540
to perhaps work around perceived shortcomings
or maybe actual shortcomings of the network

12
00:01:44.460 --> 00:01:52.140
um this often introduces security and compliance
issues um kind that we really don't need

13
00:01:53.160 --> 00:02:00.180
the obviously incorrect answers here
are going to be penetration testing

14
00:02:00.900 --> 00:02:09.120
and pen testing or ethical hacking
authorized simulated Cyber attack on systems

15
00:02:10.620 --> 00:02:19.380
um it is not also industrial camouflage
industrial camouflage is really the act of

16
00:02:20.340 --> 00:02:31.620
designing buildings possibly even campuses so
as to hide their true size and nature or purpose

17
00:02:33.000 --> 00:02:43.980
and then automated indicators sharing um is
basically um a mechanism that allows the sharing

18
00:02:43.980 --> 00:02:51.960
of real-time threat information among communities
such as cisa cyber security infrastructure agency

19
00:02:52.680 --> 00:03:02.160
so it really leaves us with the best answer being
Shadow I.T okay let's move to the next question

20
00:03:05.580 --> 00:03:08.100
and it will be attack vectors too

21
00:03:11.880 --> 00:03:19.980
okay a company's I.T specialist Joe is
currently configuring the firewall settings

22
00:03:21.240 --> 00:03:27.720
he is configuring it so that the web server
which resides in the company server room only

23
00:03:27.720 --> 00:03:37.920
allows HTTP connections additionally there are
important customer data on the back end database

24
00:03:37.920 --> 00:03:45.840
that is stored on the same post which of the
following security problems best fit the scenario

25
00:03:46.620 --> 00:03:52.680
again take a few moments look over the
answers and let's see what you're thinking

26
00:03:57.180 --> 00:04:00.780
okay so we have several votes for Choice a

27
00:04:04.020 --> 00:04:15.780
and choice a indirect physical access Insider
threat is not the correct answer now as we

28
00:04:15.780 --> 00:04:21.240
look at these choices and let's say we have
another vote in the okay we have vote for d

29
00:04:22.080 --> 00:04:28.440
in the chat okay and so direct physical
access Insider threat is the correct answer

30
00:04:29.820 --> 00:04:32.700
um I think it's pretty clear
that phishing doesn't really

31
00:04:32.700 --> 00:04:40.200
have anything to do with the scenario so we
can pretty readily eliminate choices B and C

32
00:04:42.000 --> 00:04:52.260
so Joe who's the I.T specialist working for
the company um is directly interacting with

33
00:04:52.260 --> 00:05:02.280
firewall to only allow HTTP connections to
the server and this action by job constitutes

34
00:05:02.280 --> 00:05:09.420
an Insider threat because first of all by
only allowing HTTP connections to the server

35
00:05:09.960 --> 00:05:15.060
you know we're we're allowing unencrypted data
to be transmitted between server and client

36
00:05:15.720 --> 00:05:25.260
and so if there is anybody monitoring then you
know they can intercept data and read it but um

37
00:05:25.260 --> 00:05:37.200
this this Insider thread comes from the fact that
the I.T specialist working for the company has

38
00:05:37.200 --> 00:05:46.320
made what you might consider a grievous error but
really it's it's a little more than that certainly

39
00:05:46.320 --> 00:05:54.600
an I.T specialist is going to understand the
ramifications of allowing HTTP connections through

40
00:05:55.200 --> 00:06:04.500
the firewall so the best answer the security
problem that best fits this scenario is direct

41
00:06:04.500 --> 00:06:11.700
physical access inside or threat okay
all right let's go to the next question

42
00:06:17.040 --> 00:06:18.660
attack vectors pretty

43
00:06:21.960 --> 00:06:29.520
one Infamous example of this type of
security issue regarding attack vectors

44
00:06:30.480 --> 00:06:37.080
is the target data breach which
was made via targets HVAC supplier

45
00:06:40.140 --> 00:06:43.620
okay take a moment and see what you think

46
00:06:49.140 --> 00:06:57.120
okay that's good this did not take long
let's see what you what you're thinking okay

47
00:07:00.420 --> 00:07:08.820
so the majority of votes are for Choice
D we supply chain and that is correct

48
00:07:09.540 --> 00:07:14.340
the target data breach was an
example of a supply chain attack

49
00:07:15.900 --> 00:07:25.200
um this was way back in 2013 target was hit by
one of the largest data breaches in the history

50
00:07:25.200 --> 00:07:32.520
of retail industry and the attackers were able to
exploit third-party access to export trade payment

51
00:07:32.520 --> 00:07:41.460
information which ended up impacting more than
41 million customers so in supply chain attack

52
00:07:43.320 --> 00:07:49.440
um it's in the tax strategy that targets an
organization through vulnerabilities in its

53
00:07:49.440 --> 00:07:55.500
supply chain these vulnerable areas are usually
linked to vendors with poor security practices

54
00:07:56.340 --> 00:08:02.280
a data breach through a third party vendors
possible because vendors require access to

55
00:08:02.280 --> 00:08:12.720
sensitive data to integrate with internal systems
the choices the rest of the choices are not best

56
00:08:12.720 --> 00:08:22.860
bits or even good fits so with social media the
attack Vector of a big one a major one is phishing

57
00:08:24.180 --> 00:08:32.220
um email so an example of an attack using email
as the attack Vector would be spear phishing

58
00:08:33.000 --> 00:08:40.620
and cloud-based attacks attacked or attacks that
are focused on the cloud services provided to the

59
00:08:40.620 --> 00:08:46.560
company so the choice that best describes this
and is the most accurate is supply chain attack

60
00:08:48.840 --> 00:08:49.380
okay

61
00:08:58.200 --> 00:09:00.420
okay attack vectors for

62
00:09:02.940 --> 00:09:11.340
an employee named Janice is on her way to work
when she is walking into the office she stumbles

63
00:09:11.340 --> 00:09:18.060
Upon A mysterious thumb drive the next day
Janice's computer is filled with malware

64
00:09:18.840 --> 00:09:27.180
even though her company's Network is not
connected in any way to any external Networks

65
00:09:27.960 --> 00:09:32.340
what most most likely caused
the malware on her computer

66
00:09:36.300 --> 00:09:36.800
see

67
00:09:39.000 --> 00:09:47.760
okay was that b or d did you say d d yeah and
let's see what's in the chat yes lots of votes

68
00:09:47.760 --> 00:09:57.420
for deep so Janice connected the removable device
to her computer and it was infected okay so that

69
00:09:57.420 --> 00:10:06.300
is the clearly correct answer um and what is this
type of attack known as what would you call this

70
00:10:13.860 --> 00:10:14.460
anybody

71
00:10:19.620 --> 00:10:22.920
I read the help once I got that so

72
00:10:27.840 --> 00:10:31.980
so what what kind of attack
I did not hear you clearly

73
00:10:37.560 --> 00:10:49.260
okay that might have been ambient noise um
so this type of attack is known as baiting

74
00:10:49.920 --> 00:11:00.240
and um it really does play on human
nature and our curiosity about things

75
00:11:01.620 --> 00:11:08.520
um I've heard of it being done
with you know Optical disks but the

76
00:11:09.480 --> 00:11:17.280
probably the most expedient way to you know
Commit This attack is to use something like

77
00:11:17.280 --> 00:11:23.400
the flash drive okay so this is not
clicking on email filled with malware

78
00:11:24.900 --> 00:11:29.820
um it's not downloading a malicious
file on a web browser or Wii credentials

79
00:11:31.620 --> 00:11:38.160
um if you are talking about malicious
files on web browsers we're talking by

80
00:11:38.160 --> 00:11:47.820
Drive talking about drive by download tag um or
if we are talking about weak credentials uh the

81
00:11:47.820 --> 00:11:53.880
implication here is that um we're talking
about some type of brute forcing attack

82
00:11:55.140 --> 00:12:03.120
um and this obviously happens when you have
weak credentials um such as a password um

83
00:12:03.120 --> 00:12:12.300
that might be spelled uppercase P at symbol ssw0rd
I know you've all seen this one over and over

84
00:12:13.140 --> 00:12:20.100
so yeah this is a baiting attack
description okay I don't know

85
00:12:27.540 --> 00:12:35.940
okay attack vectors fifth question a blank will
verify that a vulnerability exists then we'll

86
00:12:35.940 --> 00:12:43.620
actively test and bypass security controls and
will finally exploit vulnerabilities on the system

87
00:12:45.900 --> 00:12:52.560
take a look at the choices which
term describes the situation

88
00:12:55.860 --> 00:13:00.000
okay we have answers coming into the chat

89
00:13:02.940 --> 00:13:09.240
and it looks like the majority of them
are for a we have some choices per d

90
00:13:12.660 --> 00:13:18.240
okay hmm and one for C okay

91
00:13:20.280 --> 00:13:30.960
so the correct answer here is a penetration test
okay so colloquially known as pen test or ethical

92
00:13:30.960 --> 00:13:38.940
hacking this is an authorized simulated Cyber
attack on a computer system or network performed

93
00:13:38.940 --> 00:13:45.600
to evaluate the security of the system and should
not be confused with the vulnerability assessment

94
00:13:47.580 --> 00:13:53.760
a cyber threat hunt or cyber threat hunting
is a proactive cyber defense activity

95
00:13:54.660 --> 00:14:01.440
it is the process of proactively and iteratively
searching through networks to detect and isolate

96
00:14:01.440 --> 00:14:11.040
Advanced threats that evade existing Security
Solutions now vulnerability assessment is the

97
00:14:11.040 --> 00:14:19.500
process of identifying quantifying and ranking
the vulnerabilities in a system it's a common

98
00:14:19.500 --> 00:14:25.920
security procedure as it provides a detailed view
of the security risks an organization May face

99
00:14:25.920 --> 00:14:32.340
enabling them to better protect their information
technology and sensitive data from cyber threats

100
00:14:33.600 --> 00:14:41.220
and finally finally the vulnerability scanner
is an automated vulnerability testing tool that

101
00:14:41.220 --> 00:14:48.060
monitors or misconfigurations or coding
flows cause pose cyber security threats

102
00:14:48.840 --> 00:14:56.700
vulnerability scanners either rely on a database
of known vulnerabilities or probe or common law

103
00:14:56.700 --> 00:15:04.620
types to discover other types of vulnerabilities
the best answer here is penetration test

104
00:15:07.200 --> 00:15:07.700
okay

105
00:15:14.700 --> 00:15:18.360
all right moving on to the next question dark net

106
00:15:22.260 --> 00:15:26.100
which of the following is an example of a dark net

107
00:15:29.820 --> 00:15:30.320
okay

108
00:15:33.060 --> 00:15:34.320
let's see what you're thinking

109
00:15:36.240 --> 00:15:47.340
okay so we have some votes for Choice B and D

110
00:15:49.560 --> 00:16:02.400
okay one for all d okay so in this situation the
correct answer is D all choices all answer choices

111
00:16:02.400 --> 00:16:14.760
are correct okay so freenet peer-to-peer platform
for censorship resistant Anonymous communication

112
00:16:15.660 --> 00:16:22.800
it uses a decentralized distributed data
store to keep and deliver information and

113
00:16:22.800 --> 00:16:28.500
has a suite of free software for publishing and
communicating on the web without clear censorship

114
00:16:31.320 --> 00:16:36.000
pre-net is considered a part of the
dark web it is a decentralized network

115
00:16:36.600 --> 00:16:44.880
that allows for the chain exchange and encrypted
data giving users more anonymity okay it's

116
00:16:44.880 --> 00:16:52.560
important to note that not all content on freenet
is illegal or harmful and it may be used by people

117
00:16:52.560 --> 00:17:01.080
who want to communicate Anonymous anonymously
and securely for legitimate reasons tour is what

118
00:17:08.160 --> 00:17:09.000
anybody

119
00:17:11.340 --> 00:17:16.560
I think most people know what tour
is okay we have some responses is

120
00:17:16.560 --> 00:17:21.600
it like a browser oh yeah it's
a browser okay what else is it

121
00:17:24.540 --> 00:17:25.620
or what does it use

122
00:17:28.980 --> 00:17:30.280
okay [Music]

123
00:17:32.940 --> 00:17:41.640
that's ipvpn okay so first of all it's short
for or an acronym for the onion router free open

124
00:17:41.640 --> 00:17:50.880
source web browser um and allows you of course
to use the internet anonymously it is open source

125
00:17:51.480 --> 00:17:59.460
and um the technique used is called onion routing
which involves encrypting your data multiple times

126
00:17:59.460 --> 00:18:06.660
then passing it through a network of volunteer run
servers so Tor is a critical part of the dark web

127
00:18:08.100 --> 00:18:14.100
um it is often used to create and access
the dark web however it is important to

128
00:18:14.100 --> 00:18:19.440
note that not all content on tour is
illegal or harmful and again people

129
00:18:19.440 --> 00:18:26.640
could be using it for perfectly legitimate
reasons and then i2p who knows what that is

130
00:18:29.040 --> 00:18:34.320
foreign

131
00:18:40.920 --> 00:18:49.560
so i2p the invisible internet project is
an anonymous Network layer that allows for

132
00:18:49.560 --> 00:18:56.340
censorship resistance peer-to-peer Communications
it is a peer-to-peer distributed communication

133
00:18:56.340 --> 00:19:03.840
layer designed to run any traditional
internet service like Usenet IRC file sharing

134
00:19:03.840 --> 00:19:13.560
Etc as well as more traditional distributed
applications okay so this also can provide an

135
00:19:13.560 --> 00:19:21.120
encrypted entrance to the dark web and therefore
it makes up a part of the dark web ecosystem

136
00:19:22.800 --> 00:19:33.780
okay um I guess also to note the i2p has stayed
somewhat clear of criminal and malicious activity

137
00:19:34.620 --> 00:19:41.580
it is still an important data source for Security
Professionals and you should be aware of it

138
00:19:44.160 --> 00:19:50.640
okay all right okay good let's move on

139
00:19:57.920 --> 00:19:58.920
[Music]

140
00:19:58.920 --> 00:20:03.060
okay data rules let's see is that
the one we're doing we are doing

141
00:20:06.300 --> 00:20:13.440
trying to do these in order so maybe
this is a yes here's the first one okay

142
00:20:14.280 --> 00:20:19.560
so which role is primarily
responsible for data quality

143
00:20:23.340 --> 00:20:25.140
okay I have one response

144
00:20:27.240 --> 00:20:29.700
two responses for Choice B

145
00:20:34.140 --> 00:20:37.020
okay anybody else have some input into this

146
00:20:47.220 --> 00:20:48.660
may be an a

147
00:20:51.300 --> 00:21:01.740
okay so the correct answer here is data steward
now a data Steward is an oversight or data

148
00:21:01.740 --> 00:21:08.220
governance role within an organization and is
responsible for ensuring the quality and Fitness

149
00:21:09.060 --> 00:21:15.420
for purpose of the organization's data
assets including the metadata for those

150
00:21:16.620 --> 00:21:22.260
they create processes that allow members
of the company to interact with data

151
00:21:22.980 --> 00:21:29.700
for example they may create processes for how
to collect data how to enter it in databases

152
00:21:29.700 --> 00:21:37.320
and how to share it between databases data
stewards use their problem solving skills to

153
00:21:37.320 --> 00:21:45.720
detect the causes of errors in the data and to
determine solutions that protect the Integrity

154
00:21:45.720 --> 00:21:52.980
of the data they may also solve problems by
creating policies and processes that help

155
00:21:52.980 --> 00:21:59.700
prevent issues that may occur during
data collection and maintenance okay

156
00:22:02.160 --> 00:22:06.360
all right so we have several questions
involving data roles and responsibilities

157
00:22:06.360 --> 00:22:16.260
let's go to the next one foreign
that's [Music] right here okay ready

158
00:22:18.180 --> 00:22:22.860
so what is the data owner
primarily responsible for

159
00:22:25.560 --> 00:22:31.800
okay okay so I've heard a and yeah

160
00:22:33.900 --> 00:22:40.800
maintaining the confidentiality integrity
and availability of an information asset

161
00:22:42.720 --> 00:22:50.880
um so if you do some research including in
your textbook or other places like infosec

162
00:22:51.420 --> 00:22:57.480
the data owner has basically several
responsibilities including establishing the

163
00:22:57.480 --> 00:23:04.860
rules for data usage and protection cooperating
with information system owners on the security

164
00:23:04.860 --> 00:23:12.540
requirements and security controls for the
systems on which the data exists the data owner

165
00:23:12.540 --> 00:23:19.860
also determines how data is classified managed
and secured which plays an important role in

166
00:23:19.860 --> 00:23:28.920
the company's cyber security controls a data owner
holds accountability for a specific data set okay

167
00:23:30.300 --> 00:23:30.960
all right

168
00:23:33.540 --> 00:23:35.220
let's move on to the next question

169
00:23:47.580 --> 00:23:58.260
okay customer email data is sold to a third party
that then gets inadvertently used by spammers

170
00:24:00.360 --> 00:24:04.380
which data role is responsible for this data leak

171
00:24:07.740 --> 00:24:17.040
okay votes for B D and B in the chat okay
anybody else want to weigh in on this

172
00:24:24.600 --> 00:24:31.920
okay so the correct answer here is data
controller and the data controller is an

173
00:24:31.920 --> 00:24:38.820
individual organization that manages how the data
is processed and is responsible for complying

174
00:24:38.820 --> 00:24:46.920
with data protection regulations they manage
data processors dictating how the organization

175
00:24:46.920 --> 00:24:55.200
analyzes and uses personal data such as contact
information addresses and identification numbers

176
00:24:58.200 --> 00:25:00.300
okay

177
00:25:04.080 --> 00:25:05.700
let's move on to the next one

178
00:25:09.780 --> 00:25:19.740
that will be here okay good your data controller
picks a vendor to handle their marketing campaign

179
00:25:20.700 --> 00:25:27.780
but sensitive user information is leaked
what role is the third party plane

180
00:25:29.580 --> 00:25:34.380
B okay so you think data privacy officer

181
00:25:35.280 --> 00:25:42.660
or did you say deed data controller I
said uh b b okay all right anyone else

182
00:25:47.040 --> 00:25:50.820
I was thinking D because
assembly to the last one okay

183
00:25:56.100 --> 00:25:59.400
the email scenario the response in the chat

184
00:26:00.300 --> 00:26:07.440
d okay so the correct answer
here is a data processor okay

185
00:26:09.480 --> 00:26:17.820
so um I I think you're seeing that or maybe
uh it's feeling like there's some overlap

186
00:26:17.820 --> 00:26:25.740
in the roles and um again especially
when preparing for um as part of the

187
00:26:25.740 --> 00:26:35.520
exam you want to be clear on the roles that are
related to each other but interact differently

188
00:26:36.960 --> 00:26:42.720
so the role that data processor is
to be responsible for carrying out

189
00:26:42.720 --> 00:26:50.040
the actual processing of the data Under The
Specific Instructions of the data controller

190
00:26:50.700 --> 00:27:01.860
okay the duties of the data processor may include
design create and implement it processes and

191
00:27:01.860 --> 00:27:09.600
systems that would enable the data controller to
gather personal data use tools and strategies to

192
00:27:09.600 --> 00:27:17.400
gather personal data and Implement security
measures that would Safeguard personal data

193
00:27:18.660 --> 00:27:25.380
the processor must ensure that the people
processing the data are subject to the duty

194
00:27:25.380 --> 00:27:32.100
of confidentiality appropriate measures need to
be taken to ensure the security of the processing

195
00:27:32.700 --> 00:27:39.180
under a written contract the processor
must only engage a sub-processor

196
00:27:39.180 --> 00:27:45.060
with the controller's prior approval
so there's a relationship there

197
00:27:46.260 --> 00:27:52.980
but they are different and they do have
different responsibilities okay so we have here

198
00:27:55.260 --> 00:28:01.260
yeah and and I see your point they are all similar
and vague is there a way to distinguish them

199
00:28:01.920 --> 00:28:11.760
and my suggestion is to use more than one
source of information and of course you want

200
00:28:11.760 --> 00:28:23.580
to use trusted sources and read through and make
notes um because you're right there there is some

201
00:28:24.660 --> 00:28:33.120
there can be confusion here and again it's because
when two roles like processor and controller

202
00:28:33.900 --> 00:28:41.040
can easily be confused you really need
to sort of delineate what each role does

203
00:28:41.700 --> 00:28:50.700
and you'll see that one sort of either feeds
into the other or manages the other and it

204
00:28:50.700 --> 00:28:57.840
really boils down to again careful research
and making some notes and the other thing

205
00:28:57.840 --> 00:29:06.540
the other advice that I can give you that I
know works is to try to come up with examples

206
00:29:07.200 --> 00:29:18.060
or finding samples if you find these confusing
um I have a few more notes Here that I want to

207
00:29:18.060 --> 00:29:28.620
give you on some of these roles and since we're on
data processor right now I would also like to say

208
00:29:28.620 --> 00:29:35.760
that data processors is responsible for creating
and implementing process implementing processes

209
00:29:35.760 --> 00:29:42.540
that enable the data controller to gather data
store it and transfer it if it's necessary

210
00:29:43.500 --> 00:29:49.740
a processor may be more or less involved in
the processing but the main differentiator

211
00:29:49.740 --> 00:29:59.280
is the fact that the controller determines the
overall purpose of the processing okay let's see

212
00:30:04.620 --> 00:30:13.140
okay and as far as a data custodian um the data
custodian is responsible for the implementation

213
00:30:13.140 --> 00:30:20.880
and maintenance of security controls in a
way that meets the requirements for security

214
00:30:21.900 --> 00:30:31.320
has determined by the data owner the data
custodian manages the technical environment where

215
00:30:31.320 --> 00:30:42.600
data resides and ensures safe custody transport
and storage of the data okay so are they like when

216
00:30:43.740 --> 00:30:47.880
when someone is leaving a company and they have or
someone has certain rules in the company do they

217
00:30:47.880 --> 00:30:52.320
manage who has access to that like say you go on
vacation and you're in control of certain parts

218
00:30:53.220 --> 00:30:57.720
um you do like a specific job and someone's
coming to take over that room light are they

219
00:30:57.720 --> 00:31:03.660
in control over like they divvy out who has
access while you're gone kind of yeah it kind

220
00:31:03.660 --> 00:31:12.120
of flows from the owner to the controller and the
processor so you know it's not exactly to correct

221
00:31:12.120 --> 00:31:21.720
to say that you know one entity manages it all I
really prefer to think of it as sort of the chain

222
00:31:22.440 --> 00:31:30.300
of actions and again typically starting with the
owner flowing through the controller the processor

223
00:31:31.680 --> 00:31:40.680
um the custodian has some say for example is um
that it was going to be stored on the cloud for

224
00:31:40.680 --> 00:31:48.900
example so so that's like a technical environment
where the data would reside and that falls in the

225
00:31:48.900 --> 00:31:57.660
purview of the data custodium so again you know
looking at the hierarchical flow could be very

226
00:31:57.660 --> 00:32:05.640
helpful or understanding this um and then there's
a question is there any flow chart of these roles

227
00:32:07.500 --> 00:32:18.600
um let's see I mean I've I've looked through the
text that these questions um are are developed

228
00:32:18.600 --> 00:32:27.660
from um I don't exactly see or have not seen
a flowchart but I think it'd be a great idea

229
00:32:27.660 --> 00:32:35.760
if you made something akin to that it could be
a flow chart of roles and responsibilities and

230
00:32:36.480 --> 00:32:47.040
um or or some other hierarchical flow diagram that
would you know sort of help you to delineate the

231
00:32:47.040 --> 00:32:56.040
functions associated with each role and again
examples usually help to clarify this as well

232
00:32:57.300 --> 00:33:04.740
it can be kind of confusing
so again careful notes and

233
00:33:04.740 --> 00:33:12.660
um again a type of a flow chart or a
hierarchical layout and organization

234
00:33:15.000 --> 00:33:19.500
okay all right let's move on

235
00:33:24.120 --> 00:33:33.960
let's see [Music] well yeah we've done that
one okay all right embedded image is next

236
00:33:35.100 --> 00:33:44.700
okay a detective believes that a terrorist
has embedded top secret military information

237
00:33:45.780 --> 00:33:55.380
in an image as a way to create a confidential
message Channel with an anonymous user which

238
00:33:55.380 --> 00:34:03.000
of the following techniques describes what the
detective believes that terrorists had perpetrated

239
00:34:07.080 --> 00:34:07.620
so

240
00:34:08.940 --> 00:34:16.320
okay so you got lots of responses right
away and I'm betting they're all going to

241
00:34:16.320 --> 00:34:26.220
be a that's really good so everybody's on this
and the correct answer is steganography okay so

242
00:34:27.180 --> 00:34:36.420
if we look at the other options that are incorrect
we should talk about those the key stretching it's

243
00:34:36.420 --> 00:34:42.720
also known as key strengthening and it's a
technique used to ensure that a weak key such

244
00:34:42.720 --> 00:34:51.540
as a password is not or does not fall victim
to a Brute Force attack um in key stretching a

245
00:34:51.540 --> 00:34:57.360
special algorithm it's used to convert a weak
credential or password into a stronger key

246
00:34:59.100 --> 00:35:10.980
um and there are two common algorithms used to
strengthen the key uh pbk dm2 and decrypt so pbk

247
00:35:10.980 --> 00:35:20.160
df2 I just have to love these acronyms stands
for password-based key derivation function two

248
00:35:22.980 --> 00:35:29.820
um it's a key derivation function with a
sliding computational cost used to reduce

249
00:35:29.820 --> 00:35:39.600
vulnerability to Brute Force attacks pvkdf2
applies a pseudo-random function such as a hash

250
00:35:39.600 --> 00:35:49.080
based message authentication code to the input
password or passphrase along with the salt value

251
00:35:49.980 --> 00:35:58.320
and we've talked about that in the past and
repeats the process many times to produce a

252
00:35:58.320 --> 00:36:05.880
derived clean which can then be used as a
cryptographic key in subsequent operations

253
00:36:07.680 --> 00:36:19.200
okay all right let's see clustering is a type
of unsupervised machine learning that enables

254
00:36:19.200 --> 00:36:29.340
companies to uncover hidden patterns and
structures in large sets of data okay so not

255
00:36:30.000 --> 00:36:39.180
what steganography is it's it's looking for
these but steganography is actually doing this

256
00:36:39.180 --> 00:36:47.760
to embed something within something else um let's
see clustering means grouping together similar

257
00:36:47.760 --> 00:36:54.660
or related data points that are found throughout
the network making it possible to reveal unusual

258
00:36:54.660 --> 00:37:03.240
patterns of activity and detect attacks that would
not be detectable by analyzing a single point

259
00:37:04.500 --> 00:37:10.980
clustering techniques can help to uncover the
hidden patterns and structures from data sets

260
00:37:12.300 --> 00:37:22.380
okay all right well this is good I think everybody
got this very very quickly so good for you

261
00:37:23.700 --> 00:37:27.900
all right and let's take the next question

262
00:37:32.460 --> 00:37:40.620
okay the next question honey pots
your organization's I.T specialist

263
00:37:41.280 --> 00:37:49.200
has intentionally configured a honey pot on your
network to make sure that your vulnerability

264
00:37:49.200 --> 00:37:57.480
scans are accurate unfortunately the
vulnerability scans are not accurate

265
00:37:58.080 --> 00:38:06.540
because they did not report the honey pots
as being vulnerable which of the following

266
00:38:06.540 --> 00:38:14.580
is most likely a reason for this malfunction
okay take a moment and look at the choices

267
00:38:17.100 --> 00:38:20.520
okay so we have five responses pretty quickly

268
00:38:23.400 --> 00:38:32.220
and they are for Choice D Choice D is
correct all answer choices are correct okay

269
00:38:33.000 --> 00:38:42.180
so the scan was not as administered as root
so if performing a vulnerability scan you

270
00:38:42.180 --> 00:38:50.880
should ensure that you're performing it um uh
well first of all as an unauthenticated user

271
00:38:52.140 --> 00:38:59.820
it's non-credentialed to find out what information
is being exposed to unknown persons on the network

272
00:39:00.720 --> 00:39:07.560
and then you should perform the scam as or
logged in as an administrative account as

273
00:39:07.560 --> 00:39:15.180
root for example and this way you're unable to
collect as much system information as possible

274
00:39:15.840 --> 00:39:22.140
information you couldn't get if you weren't using
an administrative account or logged in as root

275
00:39:22.140 --> 00:39:27.900
okay um let's see the vulnerability database needs

276
00:39:27.900 --> 00:39:33.060
to be updated that's a possibility
if you're using that and finally

277
00:39:34.260 --> 00:39:42.660
nothing's perfect vulnerability scanners do not
always catch everything and that's a fact um

278
00:39:44.760 --> 00:39:51.960
on another note a vulnerability scanner
is different from a port scanner the

279
00:39:51.960 --> 00:39:58.860
vulnerability scanner will scan the system for
known vulnerabilities and then report the problems

280
00:39:58.860 --> 00:40:07.200
that have been found the vulnerability scanner
bases the decisions on a vulnerability database

281
00:40:07.980 --> 00:40:16.680
that is hopefully constantly updated when the
vulnerability scanner compares the patch level

282
00:40:16.680 --> 00:40:23.160
and configurations of the systems against
the information contained in the database

283
00:40:23.880 --> 00:40:31.500
then it enables you to know if you have been
following for example best practices or if

284
00:40:31.500 --> 00:40:39.840
in fact there are vulnerabilities okay all
right so that covers those responses okay