2.5

Question 1

True/False

Segmentation can help with performance as well as security

Answer 1

True

If there is an application that requires high bandwidth, you can put it on its own network segment. That way, the traffic of any other user on the same network will not interfere with the throughput.

Question 2

True/False

Segmentation makes change control more difficult

Answer 2

False

Segmentation makes change control much easier

Question 3

4 ways that applications are identified by an allow list/deny list.

Answer 3

Application hash - only allow the application with this unique identifier

Digital certificate - only allow digitally signed apps from certain publishers

Path - only run applications in these folders

Network zone - only run apps from this network zone (private/public) - this can change as you physically change locations. If you’re in your private corporate network, the app works. If you’re in public, the app will not.

Question 4

True/False

Auto-update is always the best option

Answer 4

False

It’s always best, in an enterprise environment, to test patches first before deploying them to other systems

Question 5

True/False

Some applications encrypt their own data, separate from the OS

Answer 5

True

Question 6

A check that makes sure you have the latest OS, applications are patched, virus signatures are updated, and configurations are secure.

This happens each time that a device logs into the network.

Also checks for certificate status, if your EDR are configured and turned on properly and the correct version, etc.

Answer 6

Posture assessment

Question 7

What happens when a system fails the posture assessment?

Answer 7

Quarantine into a private VLAN with limited access. Here, the system can implement the necessary changes.

Question 8

What is the first, most vital step to hardening a system?

Answer 8

Download the security updates

Question 9

What 3 things should you encrypt in order to harden a system?

Answer 9

Files
Full disk
Communications

Question 10

EDR stands for

Answer 10

Endpoint Detection and Response

Question 11

A new age threat detection technology. It runs completely autonomously and is API driven. This is a LIGHTWEIGHT agent on the endpoint.

It can detect known-bad malware through signatures, but it can also conduct behavioral analysis, machine learning, and process monitoring (for new/different processes) to set baselines and detect when something malicious might be occurring.

After finding an anomaly, it conducts root cause analysis. Then, it immediately takes action: isolating the system, quarantining the threat, or rolling back to a previous backup/configuration.

Answer 11

EDR

Question 12

What type of firewall is ideal when hardening a network? It has a lot of granularity in controlling both the port number and the service that uses the port number.

Answer 12

NGFW (Next-Generation Firewall)

Question 13

NGFW stands for

Answer 13

Next-Generation Firewall

Question 14

True/False

Applications can open ports without the user’s knowledge when installed

Answer 14

True

Question 15

Nmap is a

Answer 15

Port scanner