212-82 Exam Dumps : Certified Cybersecurity Technician (CCT)

The use of authorized RTU and PLC commands is the security control implemented by Hayes in the above scenario. RTU (Remote Terminal Unit) and PLC (Programmable Logic Controller) are devices that control and monitor industrial processes, such as power generation, water treatment, oil and gas production, etc. RTU and PLC commands are instructions that are sent from a master station to a slave station to perform certain actions or request certain data. The use of authorized RTU and PLC commands is a security control that fortifies the IDMZ (Industrial Demilitarized Zone) against cyber-attacks by ensuring that only valid and authenticated commands are executed by the RTU and PLC devices. Point-to-point communication is a communication method that establishes a direct connection between two endpoints. MAC authentication is an authentication method that verifies the MAC (Media Access Control) address of a device before granting access to a network. Anti-DoS solution is asecurity solution that protects a network from DoS (Denial-of-Service) attacks by filtering or blocking malicious traffic.

 hat@red is the FTP credential that was stolen using Cain and Abel in the above scenario. FTP (File Transfer Protocol) is a protocol that allows transferring files between a client and a server over a network. FTP requires a username and a password to authenticate the client and grant access to the server . Cain and Abel is a tool that can perform various network attacks, such as ARP poisoning, password cracking, sniffing, etc. Cain and Abel can poison the machine and fetch the FTP credentials used by the admin by intercepting and analyzing the network traffic . To validate the credentials that were stolen using Cain and Abel and read the file flag.txt, one has to follow these steps:

Navigate to the Documents folder of Attacker-1 machine.

Double-click on Cain.exe file to launch Cain and Abel tool.

Click on Sniffer tab.

Click on Start/Stop Sniffer icon.

Click on Configure icon.

Select the network adapter and click on OK button.

Click on + icon to add hosts to scan.

Select All hosts in my subnet option and click on OK button.

Wait for the hosts to appear in the list.

Right-click on 20.20.10.26 (FTP server) and select Resolve Host Name option.

Note down the host name as ftpserver.movieabc.com

Click on Passwords tab.

Click on + icon to add items to list.

Select Network Passwords option.

Select FTP option from Protocol drop-down list.

Click on OK button.

Wait for the FTP credentials to appear in the list.

Note down the username as hat and the password as red

Open a web browser and type ftp://hat:red@ftpserver.movieabc.com

Press Enter key to access the FTP server using the stolen credentials.

Navigate to flag.txt file and open it.

Read the file content.

The correct answer is B, as it describes the information security element that was described in the above scenario. Non-repudiation is an information security element that ensures that a party cannot deny sending or receiving a message or performing an action. In the above scenario, non-repudiation was described, as Kayden could not deny company’s message, and company could not deny Kayden’s signature. Option A is incorrect, as it does not describe the information security element that was described in the above scenario. Availability is an information security element that ensures that authorized users can access and use information and resources when needed. In the above scenario, availability was not described, as there was no mention of access or use of information and resources. Option C is incorrect, as it does not describe the information security element that was described in the above scenario. Integrity is an information security element that ensures that information and resources are accurate and complete and have not been modified by unauthorized parties. In the above scenario, integrity was not described, as there was no mention of accuracy or completeness of information and resources. Option D is incorrect, as it does not describe the information security element that was described in the above scenario. Confidentiality is an information security element that ensures that information and resources are protected from unauthorized access and disclosure.In the above scenario, confidentiality was not described, as there was no mention of protection or disclosure of information and resources.

References: , Section 3.1