Asecurity guardis a human element in physical security, making them susceptible tosocial

engineering attacks. Social engineering exploits human behavior, and a guard can be tricked into

allowing unauthorized access through persuasion, manipulation, or deception.

Security guard (Answer A):Human elements are the most vulnerable to social engineering techniques

like impersonation or manipulation.

Access control vestibule (Option B):This is a physical security barrier, which is harder to exploit

through social engineering.

Perimeter fencing (Option C):This is a static physical barrier, not susceptible to social engineering.

Biometric locks (Option D):These rely on biological data and are not susceptible to social engineering

in the same way a human would be.

Bollards (Option E):Physical barriers that are not vulnerable to social engineering.

CompTIA Server+ Reference:This topic relates toSK0-005 Objective 4.4: Implement physical security

controls.

The best policy to deter a brute-force login attack is account lockout threshold. A brute-force login

attack is a type of attack that tries to guess a user’s password by trying different combinations of

characters until it finds the correct one. This attack can be performed manually or with automated

tools that use dictionaries, wordlists, or algorithms. An account lockout threshold is a policy that

specifies how many failed login attempts are allowed before an account is locked out temporarily or

permanently. This policy prevents an attacker from trying unlimited password guesses and reduces

the chances of finding the correct password.

The administrator should use an IP KVM to access the server’s console remotely for bare-metal

maintenance. An IP KVM stands for Internet Protocol Keyboard Video Mouse, which is a device that

allows remote control of a server’s keyboard, video, and mouse over a network connection, such as

LAN or Internet. An IP KVM enables an administrator to perform tasks such as BIOS configuration,

boot sequence selection, operating system installation, etc., without being physically present at the

server location.

The other options are not suitable for bare-metal maintenance because they require either physical

access to the server (a crash cart) or an operating system running on the server (VNC, RDP, SSH). A

crash cart is a mobile unit that contains a monitor, keyboard, mouse, and cables that can be plugged

into a server for direct access to its console. VNC stands for Virtual Network Computing, which is a

software that allows remote desktop sharing and control over a network connection using a

graphical user interface (GUI). RDP stands for Remote Desktop Protocol, which is a protocol that

allows remote desktop access and control over a network connection using a GUI or command-line

interface (CLI). SSH stands for Secure Shell, which is a protocol that allows secure remote login and

command execution over a network connection using a CLI.

Insider threat is the most likely system vulnerability in a company that deploys antivirus, anti-

malware, and firewalls that can be assumed to be functioning properly. An insider threat is a

malicious or negligent act by an authorized user of a system or network that compromises the

security or integrity of the system or network. An insider threat can include data theft, sabotage,

espionage, fraud, or other types of attacks. Antivirus, anti-malware, and firewalls are security tools

that can protect a system or network from external threats, such as viruses, worms, ransomware, or

open ports. However, these tools cannot prevent an insider threat from exploiting their access

privileges or credentials to harm the system or network.

The administrator must encrypt the data at rest to ensure data on the SAN is not compromised if it is

leaked. Data at rest refers to data that is stored on a device or a medium, such as a hard drive, a flash

drive, or a SAN (Storage Area Network). Data at rest can be leaked if the device or the medium is lost,

stolen, or accessed byunauthorized parties. Encrypting data at rest means applying an algorithm that

transforms the data into an unreadable format that can only be decrypted with a key. Encryption

protects data at rest from being exposed or misused by attackers who may obtain the device or the

medium.

The technician should use port 22 to configure a server that requires secure remote access. Port 22 is

the default port for Secure Shell (SSH), which is a protocol that allows secure remote login and

command execution over a network connection using a command-line interface (CLI). SSH encrypts

both the authentication and data transmission between the client and the server, preventing

eavesdropping, tampering, or spoofing. SSH can be used to perform various tasks on a server

remotely, such as configuration, administration, maintenance, troubleshooting, etc.

Cloud software licensing refers to the process of managing and storing software licenses in the cloud.

The benefits of cloud software licensing models are vast. The main and most attractive benefit has to

do with the ease of use for software vendors and the ability to provide customizable cloud software

license management based on customer needs and desires1. Cloud-based licensing gives software

developers and vendors the opportunity to deliver software easily and quickly and gives customers

full control over their licenses, their analytics, and more1. Cloud based licensing gives software

sellers the ability to add subscription models to their roster of services1. Subscription models are one

of the most popular forms of licensing today1. Users sign up for a subscription (often based on

various options and levels of use, features, etc.) and receive theirlicenses instantly1.

Reference: 1 Everything You Need to Know about Cloud Licensing | Thales

The administrator should close ports 21 and 23 to secure the server properly. Port 21 is used for FTP

(File Transfer Protocol), which is an unsecure protocol that allows file transfer between a client and a

server over a network connection. FTP does not encrypt the data or the credentials that are

transmitted, making them vulnerable to interception or modification by attackers. Port 23 is used for

Telnet, which is an unsecure protocol that allows remote login and command execution over a

network connection using a CLI. Telnet does not encrypt the data or the credentials that are

transmitted, making them vulnerable to interception or modification by attackers.

Reference:

https://www.csoonline.com/article/3191531/securing-risky-network-ports.html

The best way to protect an organization against social engineering is to provide recurring training and

support. Social engineering is a type of attack that exploits human psychology and behavior to

manipulate people into divulging confidential information or performing malicious actions. Social

engineering can take various forms, such as phishing emails, phone calls, impersonation, baiting, or

quid pro quo. The best defense against social engineering is to educate and empower the employees

to recognize and avoid common social engineering techniques and report any suspicious activities or

incidents. Recurring training and support can help raise awareness and reinforce best practices

among the employees.

The server is not joined to the domain is causing the issue. A domain is a logical grouping of

computers that share a common directory database and security policy on a network. Active

Directory is a Microsoft technology that provides domain services for Windows-based computers. To

use Active Directory credentials to log on to a server, the server must be joined to the domain that

hosts Active Directory. If the server is not joined to the domain, it will not be able to authenticate

with Active Directory and will only accept local accounts for logon. To join a server to a domain, the

administrator must have a valid domain account with sufficient privileges and must know the name

of the domain controller that hosts Active Directory.