14

Question 1

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

Answer 1

DHCP snooping

Question 2

Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats?

Answer 2

** EDR **

Endpoint Detection and Response (EDR)

Question 3

A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:

Answer 3

** DLP **
DLP, or Data Loss Prevention, is a cybersecurity solution that detects and prevents data breaches.

Question 4

Which functionality allows a DLP system to fulfill its role?

Answer 4

Content inspection

Question 5

Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?

Answer 5

NGFW

Question 6

The term “Intrusion Detection System” (IDS) refers to a device or application designed to detect malicious activities and violations of security policies on a network or computer host. An IDS designed to monitor networks is known as Network Intrusion Detection System (NIDS), an IDS installed on a host monitoring only that host is called Host Intrusion Detection System (HIDS). IDSs do not take any active steps to prevent or stop the intrusion relying only on passive response which may include sending an alert to a management console or saving information about the event in logs.

Answer 6

True

Question 7

Which of the following answers illustrates the difference between passive and active network security breach response?

Answer 7

IDS vs. IPS

Question 8

Which of the following is a common firewall type used for protecting a single computer? (Select 2 answers)

Answer 8

• Host-based firewall
• Software firewall

Question 9

Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)

Answer 9

• Hardware firewall
• Network-based firewall

Question 10

Unified Extensible Firmware Interface (UEFI) is a firmware interface designed as a replacement for BIOS. UEFI offers a variety of improvements over BIOS, including Graphical User Interface (GUI), mouse support, or secure boot functionality designed to prevent the loading of malware and unauthorized operating systems during the computer startup process.

Answer 10

True

Question 11

The term “Measured Boot” refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.

Answer 11

True

Question 12

Which of the following security solutions can be used to protect database contents? (Select all that apply)

Answer 12

• Tokenization
  Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security
• Hashing
  Hashing is the practice of transforming a given key or string of characters into another value for the purpose of security

Question 13

The term “Secure cookie” refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).

Answer 13

True

Question 14

A web server and a client exchange data through HTTP messages. The two types of HTTP messages include: request from client to server (an HTTP request) and response from server to client (an HTTP response). An HTTP header is a name-value pair separated by a colon. It forms a part of the HTTP message and enables transferring additional information between the client and the server with the request or the response. Some HTTP headers can be used to improve security. As an example, for a website that has a valid SSL certificate (can be accessed via HTTPS), HTTP Strict Transport Security (HSTS) response header (if set) will block communication via HTTP and force the browser to use only secure HTTPS.

Answer 14

True

Question 15

What is the purpose of code signing? (Select 2 answers)

Answer 15

• Confirms the application’s source of origin
• Validates the application’s integrity

Question 16

The term “Static code analysis” refers to the process of discovering application run-time errors

Answer 16

False

Question 17

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code

Answer 17

False

Question 18

Which of the following terms refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

Answer 18

Static code analysis

Question 19

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Answer 19

** Fuzzing **
Fuzzing is a testing technique that involves sending malformed or unexpected data to an application to identify vulnerabilities. While it helps identify security weaknesses, it is not a method for protecting database contents itself.

Question 20

Which of the following measures can be used in the hardening process?

Answer 20

• Disabling unnecessary ports and services
• Introducing changes to the Registry (MS Windows)
• Implementing disk encryption
• Keeping the system up to date via patch management process
  All of the above

Question 21

Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?

Answer 21

** SED **

A data storage device equipped with hardware-level encryption functionality is referred to as “SED,” which stands for Self-Encrypting Drive. SEDs have built-in encryption capabilities, and they automatically encrypt data as it is written to the drive and decrypt it as it is read, all without the need for additional software or user intervention.

Question 22

A software technology designed to provide confidentiality for an entire data storage device is known as:

Answer 22

** FDE **
A software technology designed to provide confidentiality for an entire data storage device is known as “FDE,” which stands for Full Disk Encryption

Question 23

Which of the following answers refers to a specification for SEDs?

Answer 23

** Opal **

The specification for Self-Encrypting Drives (SEDs) is referred to as “Opal.” Opal is a set of specifications developed by the Trusted Computing Group (TCG) that defines standards for self-encrypting storage devices, including hard drives and solid-state drives, to ensure data security through hardware-based encryption.

Question 24

Which of the following answers list examples of hardware root of trust? (Select 2 answers)

Answer 24

** TPM **

TPM (Trusted Platform Module): TPM is a hardware-based security chip that provides a secure foundation for various security functions, including encryption, key management, and secure boot

** HSM **
HSM (Hardware Security Module): HSM is a hardware device or appliance designed to provide secure storage and management of cryptographic keys and perform cryptographic operations in a secure and tamper-resistant manner.

Question 25

Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops?

Answer 25

** TPM **

TPM (Trusted Platform Module): TPM is a hardware-based security chip that provides a secure foundation for various security functions, including encryption, key management, and secure boot