2-2 Practice Exam Flashcards
What is the primary purpose of a reverse proxy in network architecture?
A reverse proxy is used to direct traffic to internal services if the contents of the traffic comply with the policy. It is positioned at the network edge and can filter traffic to ensure it aligns with security policies before reaching the internal servers.
In a federated identity management, which entity provides services to members of the federation?
Relying Parties (RPs) provide services to federation members. Identity Providers (IdPs) provide identities and assertions about identities, not services.
What device should be recommended to maintain power during unstable conditions for a graceful shutdown of a computer?
An uninterruptible power supply (UPS) should be used to maintain power for a short time during outages to allow for a graceful shutdown and prevent data corruption.
Which solution is suitable for collecting malicious payloads without impacting normal business operations?
A honeypot is ideal for this purpose as it can lure attackers away from actual network resources and collect information on threats without affecting operations.
Which service is best suited for an organization looking to outsource 24/7 security monitoring due to budget constraints?
A Managed Security Service Provider (MSSP) is the correct choice for organizations needing external security monitoring services.
Is PGP cryptographic algorithms asymmetric?
Pretty Good Privacy (PGP) utilizes an asymmetric algorithm for encryption, which means it uses different keys for encryption and decryption.
What type of solution can prevent hosts from connecting to known malware distribution domains without impacting endpoint performance?
DNS blackholing is the process that can prevent connections to malicious domains by providing fake replies to DNS requests for those domains.
Which authentication method is commonly used with physical access control systems that use RFID technology?
Proximity cards are commonly used with physical access control systems for authentication via RFID.
Which tool is an exploitation framework that can be used during penetration testing to exploit vulnerabilities?
Metasploit is an exploitation framework designed for developing and executing exploit code against a remote target machine during penetration tests.
Which analysis framework assumes a unidirectional workflow without allowing for an adversary’s retreat?
The Lockheed Martin cyber kill chain framework assumes a linear path of progression for an attack, without accounting for the possibility of an adversary’s retreat.
What makes cloud services particularly challenging for digital forensic investigations?
Cloud services pose a challenge because they are often on-demand, meaning instances can be created and destroyed rapidly, leaving little opportunity for forensic data recovery.
How can you verify the integrity of a downloaded file?
The integrity of a downloaded file is commonly verified using an MD5 or SHA1 hash digest, by comparing the hash value provided by the source with the one generated from the downloaded file.
What type of authentication is used when only a username and password are required?
This is single-factor authentication, which relies on one category of credentials, typically something you know, such as a password.
Which authentication method is commonly used with physical access control systems that use RFID technology?
Proximity cards are used with physical access control systems and rely on RFID devices embedded into the token for authentication.
How can you determine which services are not operating from port scan results?
By knowing the standard port numbers associated with common services. For instance, SSH typically runs on port 22. If this port is not listed as open in a port scan, SSH is not currently operating on that server.