14 Flashcards
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP snooping
Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats?
** EDR **
Endpoint Detection and Response (EDR)
A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:
** DLP **
DLP, or Data Loss Prevention, is a cybersecurity solution that detects and prevents data breaches.
Which functionality allows a DLP system to fulfill its role?
Content inspection
Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?
NGFW
The term “Intrusion Detection System” (IDS) refers to a device or application designed to detect malicious activities and violations of security policies on a network or computer host. An IDS designed to monitor networks is known as Network Intrusion Detection System (NIDS), an IDS installed on a host monitoring only that host is called Host Intrusion Detection System (HIDS). IDSs do not take any active steps to prevent or stop the intrusion relying only on passive response which may include sending an alert to a management console or saving information about the event in logs.
True
Which of the following answers illustrates the difference between passive and active network security breach response?
IDS vs. IPS
Which of the following is a common firewall type used for protecting a single computer? (Select 2 answers)
- Host-based firewall
- Software firewall
Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)
- Hardware firewall
- Network-based firewall
Unified Extensible Firmware Interface (UEFI) is a firmware interface designed as a replacement for BIOS. UEFI offers a variety of improvements over BIOS, including Graphical User Interface (GUI), mouse support, or secure boot functionality designed to prevent the loading of malware and unauthorized operating systems during the computer startup process.
True
The term “Measured Boot” refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.
True
Which of the following security solutions can be used to protect database contents? (Select all that apply)
- Tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security - Hashing
Hashing is the practice of transforming a given key or string of characters into another value for the purpose of security
The term “Secure cookie” refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).
True
A web server and a client exchange data through HTTP messages. The two types of HTTP messages include: request from client to server (an HTTP request) and response from server to client (an HTTP response). An HTTP header is a name-value pair separated by a colon. It forms a part of the HTTP message and enables transferring additional information between the client and the server with the request or the response. Some HTTP headers can be used to improve security. As an example, for a website that has a valid SSL certificate (can be accessed via HTTPS), HTTP Strict Transport Security (HSTS) response header (if set) will block communication via HTTP and force the browser to use only secure HTTPS.
True
What is the purpose of code signing? (Select 2 answers)
- Confirms the application’s source of origin
- Validates the application’s integrity