Architecture and Design (1)

Question 1

Caroline has been asked to find a standard to guide her company’s choices in implementing information security management systems. She is looking for a standard that is international. Which of the following would be the best choice for her?

ISO 27002

ISO 27017

NIST 800-12

Answer 1

ISO 27002

The correct answer is ISO 27002. ISO 27002 is an international standard for implementing and maintaining information security systems

Question 2

You are responsible for network security at an e-commerce company. You want to ensure that you are using best practices for the e-commerce website your company hosts. What standard would be the best for you to review?

OWASP

NERC

NIST

Answer 2

OWASP

The correct answer is the Open Web Application Security Project. It is the de facto standard for web application security

Question 3

Cheryl is responsible for cybersecurity at a mid-sized insurance company. She has decided to utilize a different vendor for network antimalware than she uses for host antimalware. Is this a recommended action, and why or why not?

This is not recommended; you should use a single vendor for a particular security control.

This is recommended; this is described as vendor diversity.

It is neutral. This does not improve or detract from security.

Answer 3

This is recommended; this is described as vendor diversity.

Vendor diversity gives two security benefits. The first is that there is not a single point of failure should one vendor cease operations. The second benefit is that each vendor has a specific methodology and algorithms used for detecting malware. If you use the same vendor at all points where you need malware detection, any flaw or weakness in that vendor’s methodology will persist across the network

Question 4

Maria is a security administrator for a large bank. She is concerned about malware, particularly spyware that could compromise customer data. Which of the following would be the best approach for her to mitigate the threat of spyware?

Computer usage policies, network antimalware, and host antimalware

Host and network antimalware, computer usage policies, and website whitelisting

Host and network antimalware, computer usage policies, and employee training

Answer 4

Host and network antimalware, computer usage policies, and employee training

Control diversity means utilizing different controls to mitigate the same threat. For malware, the use of technical controls, such as anti-malware, is critical. But it is also important to have administrative controls, such as good policies, and to ensure employees are properly trained

Question 5

Gabriel is setting up a new e-commerce server. He is concerned about security issues. Which of the following would be the best location to place an e-commerce server?

DMZ

Intranet

Guest network

Answer 5

DMZ

The demilitarized zone (DMZ) is a zone between an outer firewall and an inner firewall. It is specifically designed as a place to locate public-facing servers. The outer firewall is more permissive, thus allowing public access to the servers in the DMZ. However, the inner firewall is more secure, thus preventing outside access to the corporate network

Question 6

Enrique is concerned about backup data being infected by malware. The company backs up key servers to digital storage on a backup server. Which of the following would be most effective in preventing the backup data being infected by malware?

Place the backup server on a separate VLAN.

Air-gap the backup server.

Use a honeynet.

Answer 6

Air-gap the backup server.

Air gapping refers to the server not being on a network. This means literally that there is “air” between the server and the network. This prevents malware from infecting the backup server

Question 7

Janelle is the security administrator for a small company. She is trying to improve security throughout the network. Which of the following steps should she take first?

Implement antimalware on all computers.

Turn off unneeded services on all computers.

Turn on host-based firewalls on all computers.

Answer 7

Turn off unneeded services on all computers.

The first step in security is hardening the operating system, and one of the most elementary aspects of that is turning off unneeded services. This is true regardless of the operating system

Question 8

Mary is the CISO for a mid-sized company. She is attempting to mitigate the danger of computer viruses. Which administrative control can she implement to help achieve this goal?

Implement host-based antimalware.

Implement policies regarding email attachments and file downloads.

Implement network-based antimalware.

Answer 8

Implement network-based antimalware.

Administrative controls are policies and processes designed to mitigate some threat. The use of policies that govern the opening of email attachments and the downloading of files is an administrative control for malware

Question 9

You are the network administrator for a large company. Your company frequently has nonemployees in the company such as clients and vendors. You have been directed to provide these nonemployees with access to the Internet. Which of the following is the best way to implement this?

Establish a guest network.

Allow nonemployees to connect only to the DMZ.

Establish limited accounts on your network for nonemployees to use.

Answer 9

Establish a guest network.

A guest network is separate from your production network; therefore, even if there is some breach of that network, it won’t affect your production network. It is a common security practice to establish a guest network so that guests can access the Internet, without providing them with access to the corporate network resources

Question 10

Juan is a network administrator for an insurance company. His company has a number of traveling salespeople. He is concerned about confidential data on their laptops. What is the best way for him to address this?

FDE

TPM

SDN

Answer 10

FDE

Full disk encryption fully encrypts the hard drive on a computer. This is an effective method for ensuring the security of data on a computer

Question 11

Terrance is responsible for secure communications on his company’s network. The company has a number of traveling salespeople who need to connect to network resources. What technology would be most helpful in addressing this need?

VPN concentrator

SSL accelerator

DMZ

Answer 11

VPN concentrator

A VPN concentrator is a hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security

Question 12

Mohaned is concerned about malware infecting machines on his network. One of his concerns is that malware would be able to access sensitive system functionality that requires administrative access. What technique would best address this issue?

Implementing host-based antimalware

Using a nonadministrative account for normal activities

Implementing FDE

Answer 12

Using a nonadministrative account for normal activities

If a system is infected with malware, the malware will operate with the privileges of the current user. If you use nonadministrative accounts, with least privileges, then the malware won’t be able to access administrative functionality

Question 13

John works for an insurance company. His company uses a number of operating systems, including Windows and Linux. In this mixed environment, what determines the network operating system?

The OS of the domain controller

The OS of the majority of servers

The OS of the majority of client computers

Answer 13

The OS of the domain controller

The network operating system is determined by the operating system running on a domain controller. A network could be mostly Windows, but as long as the domain controller is Unix, the network operating system is Unix

Question 14

Juanita is implementing virtualized systems in her network. She is using Type I hypervisors. What operating system should be on the machines for her to install the hypervisor?

None

Windows

Any operating system

Windows or Linux

Answer 14

None

A Type I hypervisor is also known as a bare-metal hypervisor. It installs directly onto hardware and does not require an operating system to be installed first

Question 15

You are responsible for security at your company. You want to improve cloud security by following the guidelines of an established international standard. What standard would be most helpful?

NIST 800-53

ISO 27017

ISO 27002

Answer 15

ISO 27002

ISO 27017 is an international standard for cloud security

Question 16

You are responsible for setting up a kiosk computer that will be in your company’s lobby. It will be accessible for visitors to locate employee offices, obtain the guest WiFi password, and retrieve general public company information. What is the most important thing to consider when configuring this system?

Using a strong administrator password

Limiting functionality to only what is needed

Implementing a host-based firewall

Answer 16

Limiting functionality to only what is needed

A kiosk computer must be limited to only those functions that are required. It is important to remove or disable any unnecessary functions, and to have the system logged in with the least privileges necessary for the kiosk functionality

Question 17

You are concerned about peripheral devices being exploited by an attacker. Which of the following is the first step you should take to mitigate this threat?

Disable WiFi for any peripheral that does not absolutely need it.

Enable BIOS protection for peripheral devices.

Configure antivirus on all peripherals.

Answer 17

Disable WiFi for any peripheral that does not absolutely need it.

The correct answer is to disable WiFi if it is not absolutely needed. Many peripheral devices are WiFi enabled. If you don’t require this functionality, then disabling it is a very basic and essential security measure you can take. For example, WiFi enabled MiroSD cards is vulnerable to attacks

Question 18

Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

DMZ

VLAN

Router

Answer 18

DMZ

A DMZ provides limited access to public facing servers, for outside users, but blocks outside users from accessing systems inside the LAN. It is a common practice to place web servers in the DMZ

Question 19

Which of the following is the equivalent of a VLAN from a physical security perspective?

Perimeter security

Partitioning

Security zones

Answer 19

Partitioning

Physically portioning your network is the physical equivalent of a VLAN. A VLAN is designed to emulate physical partitioning

Question 20

In an attempt to observe hacker techniques, a security administrator configures a nonproduction network to be used as a target so that he can covertly monitor network attacks. What is this type of network called?

False subnet

IDS

Honeynet

Answer 20

Honeynet

Honeypots are designed to attract a hacker by appearing to be security holes that are ripe and ready for exploitation. A honeynet is a network honeypot. This security technique is used to observe hackers in action while not exposing vital network resources

Question 21

You have instructed all administrators to disable all nonessential ports on servers at their sites. Why are nonessential protocols a security issue that you should be concerned about?

Nonessential ports provide additional areas of attack.

Nonessential ports can’t be secured.

Nonessential ports require more administrative effort to secure.

Answer 21

Nonessential ports provide additional areas of attack.

Nonessential protocols provide additional areas for attack. The fact that all protocols have weaknesses would be sufficient to eliminate nonessential protocols. Those nonessential protocols’ ports provide possible avenues of attack. You should always follow the principle of least privilege

Question 22

Which type of firewall examines the content and context of each packet it encounters?

Packet filtering firewall

Stateful packet filtering firewall

Application layer firewall

Answer 22

Stateful packet filtering firewall

A stateful inspection firewall examines the content and context of each packet it encounters. This means that an SPI firewall understands the preceding packets that came from the same IP address. This makes certain attacks, like a SYN flood, almost impossible

Question 23

Which of the following would prevent a user from installing a program on a company-owned mobile device?

Whitelisting

Blacklisting

ACL

Answer 23

Whitelisting

Whitelists are lists of approved software. Only if software appears on the whitelist can it be installed

Question 24

You’re designing a new network infrastructure so that your company can allow unauthenticated users connecting from the Internet to access certain areas. Your goal is to protect the internal network while providing access to those areas. You decide to put the web server on a separate subnet open to public contact. What is this subnet called?

Guest network

DMZ

Intranet

Answer 24

DMZ

A demilitarized zone (DMZ) is a separate subnet coming off the separate router interface. Public traffic may be allowed to pass from the external public interface to the DMZ, but it won’t be allowed to pass to the interface that connects to the internal private network

Question 25

Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?

Prevents unauthorized packets from entering the network

Allows all packets to leave the network

Eliminates collisions in the network

Answer 25

Prevents unauthorized packets from entering the network

Filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic

Question 26

You’re outlining your plans for implementing a wireless network to upper management. Which protocol was designed to provide security for a wireless network and is considered equivalent to the security of a wired network?

WAP

WPA

WPA2

Answer 26

WPA2

WiFi Protected Access 2 (WPA2) was intended to provide security that’s equivalent to that on a wired network, and it implements elements of the 802.11i standard

Question 27

An IV attack is usually associated with which of the following wireless protocols?

WEP

WAP

WPA

Answer 27

WEP

An IV attack is usually associated with the WEP wireless protocol. This is because WEP uses the RC4 stream cipher with an initialization vector. However, WEP improperly implements RC4 and reuses its IVs (an IV should only be used once, then discarded), making it vulnerable to IV attacks

Question 28

Suzan is responsible for application development in her company. She wants to have all web applications tested prior to being deployed live. She wants to use a test system that is identical to the live server. What is this called?

Production server

Development server

Test server

Answer 28

Test server

A test server should be identical to the production server. This can be used for functional testing as well as security testing, prior to deploying the application

Question 29

John is responsible for security in his company. He is implementing a kernel integrity subsystem for key servers. What is the primary benefit of this action?

To detect malware

To detect whether files have been altered

To detect rogue programs being installed

Answer 29

To detect whether files have been altered

Kernel integrity subsystems are a form of integrity measurement used to detect whether files have been accidentally or maliciously altered, both remotely and locally; to appraise a file’s measurement against a “good” value stored as an extended attribute; and to enforce local file integrity. These goals are complementary to Mandatory Access Control (MAC) protections provided by Linux Security Modules

Question 30

You are responsible for BIOS security in your company. Which of the following is the most fundamental BIOS integrity technique?

Verifying the BIOS version

Using a TPM

Managing BIOS passwords

Answer 30

Managing BIOS passwords

BIOS password management is the most basic security measure for the BIOS. Without this fundamental step, any other steps will be far less effective