Exam (elaborations)
GIAC SEC530 Final Exam Study Guide Latest Update
- Course
- Institution
GIAC SEC530 Final Exam Study Guide Latest Update ...
[Show more]
Content preview
GIAC SEC530 Final Exam Study GuideLatest Update 2024-2025
802.11 (xx) - Solution 802.11ac/Wireless AC - Dual-band Wi-Fi supporting simultaneous
connections across bands. As much as 1300 Mbps on 5 GHz and up to 450 Mbps on
2.4GHz [p95 / b1]
802.11 x Standards - Solution 802.11 n, w, ac [p95 / b1]
802.11W Protected Management Frames - Solution - (PMF) Protected Management
Frames; add encryption to management frames. Key SHA256, broad/multi cast
cryptography / integrity, blocked spoofing attacks. [p96 / b1]
DMARC Domain-Based Message Authentication Reporting and Compliance - Unlike SPF
and DKIM both check whether email is from owner domain of sender, don't check the
display 'from' header address if the email is from the verified domain. function enables
enforcing of alignment of the visible 'from' in emails DMARC requires a different DNS
TXT record to define the policy and alignment. [p167 / b2]
DHCP Rogue Server - Answer Follows a DHCP starvation attack in which the rogue
DHCP server serves up addresses, launch man-in-the-middle attacks, forged DNS
responses. [p121 / b1]
File classification & File protection - Answer File classification is not directly securing
the data it is classifying. If anything, file classification is more closely akin to an access
control list. Furthermore, there is such a thing as file classification for labeling the data
in order for the systems and software to be guided on how to deal with it. It can be used
to enforce data policy, but its classification properties can be removed by a malicious
insider or hacker. The misconception, however, is that file classification is intended to
keep the hacker from stealing data. File classification is mostly to assist an organization
in managing its data properly and not really to prevent a hacker from stealing the data
[p88 / b4]
,Granular Auditing - Answer With the auditing tab of a file or folder conditional access
settings can be applied and then monitor the logs to see whether access be accidentally
denied. Enables testing and rule staging. [p116 / b4]
Hyper-converged Storage-Answer A virtualization platform pools CPU, memory, and
disks managed by a hypervisor. In these solutions, a VM acts as the controller that
manages the local disks or PCI storage cards to provide high-speed storage. The
controller VMs must constantly talk to each other over the network. A breach of one
controller administrator can reach all disks. To secure this, restrict SSH and other
network communication to only the controllers. Restrict access to console level to deny
unauthorized access. [p154 / b4]
IPv6 (Duplicate Address Detection) - Answer IPv6 hosts using privacy extension
addresses also perform duplicate address detection (DAD), per RFC 4941: The node
MUST perform duplicate address detection on the generated temporary address. If DAD
indicates the address is already in use, the node MUST generate a new randomized
interface identifier. Privacy-enhanced IPv6 addresses are used when the utilization of
SLAAC creates an IP address from the system. This is because, in SLAAC, the system's
globally unique MAC address is used in defining the IP address. This presents a concern
for privacy. The privacy extensions create a random host portion of the IPv6 address.
This brings up a very slight chance of duplicate addresses. [p90 / b2]
Physical Access (Switch Router Pots, SSHd) - Answer Physical access should be put in
secure locations such as locked mgmt. Closets, AUX secured w/ password or disabled if
console is used for terminal access, force SSHv2 only, default key 512, use ,
ssh authentication retries to 3 drop connection after 3 failed logins. [p16 / b2]
Segmentation - Answer It has to Segment with authentication and access control per
user/device. Segmentation can be defined as the ability to enforce separation either
logically or physically. In security, that would be interpreted as network segmentation. It
is where an organization invests enormous amounts of time in actually planning out the
networks, subnets, and methods for controlling access between each layer within a
design. The problem is, segmentation at the network level alone is simply not enough.
Organizations should plan and design how the segmentation is done at each endpoint
and system-to-system authorized through network segmentation to communicate.
Controls to access authority shall not stop at the network. Access controls shall involve
authentication and validation of users and devices. [p119 / b2]
, Virtualization (Segmentation productivity applications and privileged applications) -
Solution Virtualization solution such as VirtualBox or VMware Workstation/Fusion can be
implemented as a local version of jump boxes. One solution is to leverage the host
operating system for administrative or business applications but do productivity access
on a local virtual machine. Compromise will most likely be constrained to the local VM in
that design. Although it is possible for an attacker to break out of the virtual machine to
mount an attack on the host, this is far less likely than permitting a user to perform
administrative tasks and launch productivity applications directly on one system [p132 /
b3]
A_Content Discovery (SQL Query IF EXISTS) - Solution Stored SQL procedure creation
for usage. [p0 / b0]
A_Privileged Access View Console Permissions Answer View Console: obtain local
admin access, Copy & Paste possible use of data exfiltration, Clone: create offline
copies of systems, DVD/USB: autorun attacks or mounting malware, Snapshots: denial
of service to storage space. [p0 / b0]
Access Controls Mapping - Answer Powershell & Python script to find files that have
excessive permissions like everyone, email/report to owner recertifications using
automatic alerting using windows event ID's [p58 / b4]
Access-Denied Assistance - Answer Windows built in. notification of policy. Policy
enforced access, when it fails provide input to user, request assistance, policy enforce
data access. [p108 / b4]
Active Directory Account Management - Solution Sheet group changes: PowerShell
logging enable script block logs gets logged if enabled; Local account creation event ID:
4720 audit user account management; domain admins audit security group and
distribution groups less information than security groups, audit other account
management events. [p124 / b5]
Dynamic Access Control Advanced Example - Answer Device, training, member of AD
Group. Flow chart on the page. [p110 / b4]
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Stetson. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75759 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now