Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?
Correct Answer:B
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks. Here??s why:
✑ Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
✑ Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
✑ User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
✑ References:
A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?
Correct Answer:A
The scenario describes a sophisticated attack where the threat actor used steganography within LDAP to exfiltrate data. Given that the hardware and OS firmware were validated and found uncompromised, the attack vector likely exploited a network communication channel. To mitigate such risks, enforcing allow lists for authorized network ports and protocols is the most effective strategy.
Here??s why this option is optimal:
✑ Port and Protocol Restrictions: By creating an allow list, the organization can restrict communications to only those ports and protocols that are necessary for legitimate business operations. This reduces the attack surface by preventing unauthorized or unusual traffic.
✑ Network Segmentation: Enforcing such rules helps in segmenting the network and ensuring that only approved communications occur, which is critical in preventing data exfiltration methods like steganography.
✑ Preventing Unauthorized Access: Allow lists ensure that only predefined, trusted connections are allowed, blocking potential paths that attackers could use to infiltrate or exfiltrate data.
Other options, while beneficial in different contexts, are not directly addressing the network communication threat:
✑ B. Measuring and attesting to the entire boot chain: While this improves system
integrity, it doesn??t directly mitigate the risk of data exfiltration through network channels.
✑ C. Rolling the cryptographic keys used for hardware security modules: This is
useful for securing data and communications but doesn??t directly address the specific method of exfiltration described.
✑ D. Using code signing to verify the source of OS updates: Ensures updates are
from legitimate sources, but it doesn??t mitigate the risk of network-based data exfiltration.
References:
✑ CompTIA SecurityX Study Guide
✑ NIST Special Publication 800-41, "Guidelines on Firewalls and Firewall Policy"
✑ CIS Controls Version 8, Control 9: Limitation and Control of Network Ports, Protocols, and Services
A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''
Correct Answer:B
The best approach for managing and monitoring IoT devices, such as thermostats, is to operate them on a separate network with no access to other internal devices. This segmentation ensures that the IoT devices are isolated from the main network, reducing the risk of potential security breaches affecting other critical systems. Additionally, this setup allows for secure vendor updates without exposing the broader network to potential vulnerabilities inherent in IoT devices.
References:
✑ CompTIA SecurityX Study Guide: Recommends network segmentation for IoT devices to minimize security risks.
✑ NIST Special Publication 800-183, "Network of Things": Advises on the isolation of IoT devices to enhance security.
✑ "Practical IoT Security" by Brian Russell and Drew Van Duren: Discusses best practices for securing IoT devices, including network segmentation.
All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?
Correct Answer:E
The technique that best addresses the issue of insider threats from employees who have individual access to encrypted material is key splitting. Here??s why:
✑ Key Splitting: Key splitting involves dividing a cryptographic key into multiple parts and distributing these parts among different individuals or systems. This ensures that no single individual has complete access to the key, thereby mitigating the risk of insider threats.
✑ Increased Security: By requiring multiple parties to combine their key parts to access encrypted material, key splitting provides an additional layer of security. This approach is particularly useful in environments where sensitive data needs to be protected from unauthorized access by insiders.
✑ Compliance and Best Practices: Key splitting aligns with best practices and regulatory requirements for handling sensitive information, ensuring that access is tightly controlled and monitored.
✑ References:
By employing key splitting, organizations can effectively reduce the risk of insider threats and enhance the overall security of encrypted material.
Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?
Correct Answer:A
The best action to address the requirement of accessing the historian server within a SCADA system is to isolate the historian server for connections only from the SCADA environment. Here??s why:
✑ Security and Isolation: Isolating the historian server ensures that only authorized
devices within the SCADA environment can connect to it. This minimizes the attack surface and protects sensitive data from unauthorized access.
✑ Access Control: By restricting access to the historian server to only SCADA
devices, the organization can better control and monitor interactions, ensuring that only legitimate queries and data retrievals occur.
✑ Best Practices for Critical Infrastructure: Following the principle of least privilege,
isolating critical components like the historian server is a standard practice in securing SCADA systems, reducing the risk of cyberattacks.
✑ References: