CompTIA SY0-601 Practice Test - Questions Answers, Page 40

Spraying is a password attack that involves trying a few common passwords against a large number of usernames. Spraying is different from brute-force attacks, which try many possible passwords against one username, or dictionary attacks, which try a list of words from a dictionary file against

one username. Spraying is often used when the web application has a lockout policy that prevents multiple failed login attempts for the same username. Spraying can be detected by looking for patterns of failed login attempts from the same source IP address with different usernames and the

same or similar passwords.

Establishing persistence for future use is the next step that a network penetration tester should do after gaining access to a target machine. Persistence means creating a backdoor or a covert channel that allows the penetration tester to maintain access to the target machine even if the initial exploit is patched or the connection is lost. Persistence can be achieved by installing malware, creating hidden user accounts, modifying registry keys, or setting up remote access tools. Establishing persistence can help the penetration tester to perform further reconnaissance, move laterally to

other machines, or exfiltrate data from the target network.

Containment is the next step according to the incident response process after identifying affected devices that are running a malicious application with a unique hash. Containment involves isolating the compromised devices or systems from the rest of the network to prevent the spread of the attack and limit its impact. Containment can be done by disconnecting the devices from the network, blocking network traffic to or from them, or applying firewall rules or access control lists. Containment is a critical step in incident response because it helps to preserve evidence for

further analysis and remediation, and reduces the risk of data loss or exfiltration

https://www.fortinet.com/resources/cyberglossary/incident-response

https://www.ibm.com/topics/incident-response

Availability zones are the most appropriate cloud feature to address the concern of resiliency in case a cloud provider’s data center or network connection goes down. Availability zones are physically

separate locations within an Azure region that have independent power, cooling, and networking.

Each availability zone is made up of one or more data centers and houses infrastructure to support highly available, mission-critical applications. Availability zones are connected with high-speed,

private fiber-optic networks. Azure services that support availability zones fall into two categories:

Zonal services – you pin the resource to a specific zone (for example, virtual machines, managed disks, IP addresses), or Zone-redundant services – platform replicates automatically across zones (for

example, zone-redundant storage, SQL Database). To achieve comprehensive business continuity on Azure, build your application architecture using the combination of availability zones with Azure region pairs. You can synchronously replicate your applications and data using availability zones

within an Azure region for high-availability and asynchronously replicate across Azure regions for disaster recovery protection.

Wireshark is a tool that can analyze pcap files, which are files that capture network traffic. Wireshark can display the packets, protocols, and other details of the network traffic in a graphical user interface. Nmap is a tool that can scan networks and hosts for open ports and services. CURL is a tool that can transfer data from or to a server using various protocols. Neat is a tool that can test network performance and quality.

Data owner is the role that is responsible for defining the protection type and classification type for a given set of files. Data owner is a person in the organization who is accountable for a certain set of data and determines how it should be protected and classified. General counsel is the role that provides legal advice and guidance to the organization. Risk manager is the role that identifies, analyzes, and mitigates risks to the organization. Chief Information Officer is the role that oversees the information technology strategy and operations of the organization

https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/data-roles-andresponsibilities/

Time-based one-time password (TOTP) and hardware token are authentication methods that rely on the possession factor, which means that the user must have a specific device or object in their possession to authenticate. A TOTP is a password that is valid for a short period of time and is generated by an app or a device that the user has. A hardware token is a physical device that displays a code or a password that the user can enter to authenticate. A passphrase (Option A) is a knowledge factor, while facial recognition (Option C), retina scan (Option D), and fingerprints (Option F) are all inherence factors.

https://ptgmedia.pearsoncmg.com/imprint_downloads/pearsonitcertification/bookreg/9780136798675/9780136798675_tearcard.pdf

https://www.youtube.com/watch?v=yCJyPPvM-xg

Wireless jamming is a way for an attacker to disrupt a wireless network and create a denial of service situation by decreasing the signal-to-noise ratio at the receiving device. The attacker would need to be relatively close to the wireless network to overwhelm the good signal. The other options are not likely to cause a wireless network outage for users near the parking lot.

A pass-the-hash attack is a type of replay attack that captures and uses the hash of a password. The attacker then attempts to log on as the user with the stolen hash. This type of attack is possible because some authentication protocols send hashes over the network instead of plain text passwords.

The packet capture shows that the attacker used NTLM authentication, which is vulnerable to passthe-hash attacks