SIMULATION -
You are a penetration tester who is reviewing the system hardening guidelines for a company's distribution center. The company's hardening guidelines indicate the following:
✑ There must be one primary server or service per device.
✑ Only default ports should be used.
✑ Non-secure protocols should be disabled.
✑ The corporate Internet presence should be placed in a protected subnet.
INSTRUCTIONS -
Using the tools available, discover devices on the corporate network and the services that are running on these devices.
You must determine:
✑ The IP address of each device.
✑ The primary server or service of each device.
✑ The protocols that should be disabled based on the hardening guidelines.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Correct Answer:
See explanation below.
A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the following types of testing does this describe?
Correct Answer: A
Acceptance testing is performed to ensure that the application meets the needs of the business and functions correctly for end-users. This type of testing involves the users verifying that the application does what it is supposed to do before it is released into production.
An analyst receives artifacts from a recent intrusion and is able to pull a domain, IP address, email address, and software version. Which of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?
Correct Answer: A
The domain, IP address, email address, and software version represent the 'Infrastructure' point of the Diamond Model of Intrusion Analysis. Infrastructure involves the physical or logical communication structures such as IP addresses, domain names, and email addresses employed by an adversary to perform the intrusion. By analyzing these elements, one can better understand the tools and systems the adversary used.
While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk. The analyst sees the following on the laptop's screen:
[*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.115
[SMBv2] NTLMv2-SSP Username : CORP\jsmith
[SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7...
[*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.24
[SMBv2] NTLMv2-SSP Username : CORP\progers
[SMBv2] NTLMv2-SSP Hash : 6D093BE2FDD70A...
Which of the following is the BEST action for the security analyst to take?
Correct Answer: B
The best action for the security analyst to take is to disconnect the laptop and ask the users jsmith and progers to log out. This action immediately stops the ongoing man-in-the-middle attack by removing the rogue device from the network and ensures that the affected users' sessions are terminated, preventing further misuse of their captured NTLMv2 hashes. Taking the FILE-SHARE-A server offline or scanning it for viruses does not address the immediate threat posed by the rogue laptop performing the network poisoning.
A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations. To help mitigate this risk, the Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?
Correct Answer: D
Data sovereignty concerns arise when data must comply with the laws and regulations of a specific geographic location. To mitigate data sovereignty issues, it is crucial to ensure that data remains within the legal boundaries of the jurisdiction where it originated. Geographic access requirements can control where data is stored and accessed, ensuring compliance with privacy regulations in those regions. Thus, implementing geographic access requirements is the appropriate technical control to meet the data sovereignty requirements.