IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → Other → SY0-601 topic 1 question 852
During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?
A.
Updating the CRL
B.
Patching the CA
C.
Changing passwords
D.
Implementing SOAR
Patching the Certificate Authority (CA) is the most critical remediation task in this scenario because the flaw in the internal PKI system was exploited to gain unauthorized access. By patching the CA, the organization can address the vulnerability that allowed the exploitation to occur in the first place. This action helps prevent similar attacks in the future by fixing the underlying security issue within the PKI infrastructure.
If the flaw in the internal PKI allowed an attacker to gain domain administrator rights using specially crafted certificates, it indicates a serious security vulnerability within the CA infrastructure. Patching the CA involves fixing the vulnerability by applying software updates, security patches, or configuration changes to eliminate the exploited flaw. This helps prevent similar attacks in the future and ensures the integrity and security of the PKI.
Similarly, updating the Certificate Revocation List (CRL) (option A) is important for revoking compromised certificates, but it does not address the underlying flaw in the PKI.
Performed a search for CA patching, never came up. Going with A. Have to revoke the certificate and redo the process correctly. When a CA revokes a certificate, it updates the CRL. Then, the CRL is digitally signed by the issuer and distributed to all entities that rely on it. This process must run correctly, as errors can lead to significant security vulnerabilities. Related to Q#709.
B is correct
In this scenario, exploiting a flaw in the internal PKI system led to unauthorized access and the elevation of privileges. To prevent similar incidents in the future, it is crucial to address the root cause of the vulnerability, which in this case is the flaw in the Certificate Authority (CA)
B. Pentest-cleanup-remediation (CA patching)-final control retest.
B. In this scenario, the exploitation involved a flaw in the internal Public Key Infrastructure (PKI). Patching the Certificate Authority (CA) is crucial to address this vulnerability and prevent similar exploits in the future. By patching the CA software, any known security vulnerabilities or weaknesses can be addressed, enhancing the overall security of the PKI infrastructure.
Why isn't it A? A seems to be a good part of cleanup, revoking the specially crafted certificates
Share Test → Other → SY0-601 topic 1 question 852
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.