Rainbow Fridays #2

DKIM (DomainKeys Identified Mail) is a method used to digitally sign outgoing emails to verify the authenticity of the sender and ensure the integrity of the message. By adding a digital signature to each outgoing email, DKIM helps prevent email tampering and forgeries, making it the best choice for digitally signing emails leaving the organization.

Ransomware is a type of malware that encrypts a victim's files and demands payment, usually in cryptocurrency, in exchange for the decryption key. The behavior described in the question, such as encrypting files and demanding a ransom, aligns with the characteristics of ransomware.

A web application firewall (WAF) is also known as a layer 7 firewall.

Wyjaśnienie Rule-based access control is a type of access control that enforces access restrictions based on rules defined by the system administrator. In the context of firewall configuration, rule-based access control involves setting up rules to allow or deny specific types of traffic based on criteria such as source IP address, destination IP address, port number, and protocol. This choice accurately describes the scenario where the technician is configuring the firewall to deny certain traffic based on rules.

Package monitoring: Running the command "sudo apt install proftpd" installs the ProFTPD package on a Linux system. Package monitoring involves monitoring software packages for changes, updates, or vulnerabilities. In this context, by installing the ProFTPD package, the penetration tester could monitor its behaviour or vulnerabilities for security testing purposes.

A logic bomb is a type of malicious code that is intentionally inserted into a system to execute a specific action at a predetermined time or when certain conditions are met. In this scenario, the disgruntled employee has set up a logic bomb to delete all files from the marketing department at a specific time, making this choice the correct answer.

Enabling multi-factor authentication (MFA) for administrator accounts is an effective security control to mitigate brute-force attacks. MFA adds an additional layer of security by requiring users to provide multiple forms of verification, such as a password and a one-time code sent to their mobile device, making it harder for attackers to gain unauthorized access.

The observed output indicates privilege escalation. The command "sudo su" is used to switch to the root user, and the subsequent "whoami" command shows that the user has escalated privileges to the root user, which is a common indicator of privilege escalation.

"Something you are" refers to biometric authentication factors such as fingerprint scans, facial recognition, or iris scans. Biometric authentication provides a high level of security as it is based on unique physical characteristics that are difficult to replicate or steal. This factor is considered the best authentication factor as it offers strong protection against unauthorized access.

CVSS stands for Common Vulnerability Scoring System, which is a framework used to assess the severity of vulnerabilities based on various factors. The information provided by the penetration tester is likely related to the CVSS scores of the vulnerabilities found during the scan.

Passive reconnaissance involves gathering information about a target without directly interacting with the target system or network. This type of reconnaissance is typically done using open-source tools and publicly available information, such as company name, IP address, and email address.

VLAN (Virtual Local Area Network) is a method of creating separate logical networks within a physical network infrastructure. It allows for the segmentation of network traffic based on criteria such as department, function, or application. By creating a separate VLAN for VoIP traffic, the security administrator can effectively isolate and prioritize VoIP traffic within the organization's network.

Message-based threats usually refer to phishing or scam messages that attempt to deceive users into providing sensitive information. The primary focus of the question was on the fact that this threat is message-based.

Assigning users the minimum level of permissions required for their job function is the most important aspect of the principle of least privilege. This ensures that users only have access to the resources necessary to perform their specific tasks, limiting the potential damage that could occur in case of a security breach.

SQLi (SQL Injection) attacks involve inserting malicious SQL queries into input fields to manipulate the database backend of a web application. In this case, the penetration tester is likely exploiting a vulnerability in the login portal's database query to bypass the authentication process and gain unauthorized access.