Architecture and Design Flashcards
Nicole’s organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role?
A. SaaS
B. PaaS
C. MSSP
D. IaaS
C.MSSP
Which of the following cryptographic algorithms is classified as asymmetric?
A. Diffie Hellman
B. Blowfish
C. AES
D. RC4
A.Diffie-Hellman
Your organization requires the use of TLS or IPsec for all communications with an organization’s network. Which of the following is this an example of?
A. Data at Rest
B. Data in Use
C. DLP
D. Data in Transit
D. Data in Transit
You are attending a cybersecurity conference and just watched a security researcher demonstrating the exploitation of a web interface on a SCADA/ICS component. This caused the device to malfunction and be destroyed. You recognize that the same component is used throughout your company’s manufacturing plants. Which of the following mitigation strategies would provide you with the most immediate protection against this emergent threat?
A. Demand that the Manufacture
B. Elevate if the web interface
C. Replace the affected
D. Logically or Physically
B. Elevate if the web interface
Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested before deploying them into the production environment. What type of environment should his organization establish?
A. Honeypot
B. Staging
C. Development
D. Fuzzing
B. Staging
Fail to Pass Systems has recently moved its corporate offices from France to Westeros, a country with no meaningful privacy regulations. The marketing department believes that this move will allow the company to resell all of its customer’s data to third-party companies and shield the company from any legal responsibility. Which policy is violated by this scenario?
A. Data Minimization
B. Data Sovereignty
C. Data Enrichment
D. Data Limitation
B. Data Sovereignty
Dion Training has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher capable of encrypting 64 bits of data at a time before transmitting the files from the web developer’s workstation to the webserver. What of the following should be selected to meet this security requirement?
A. Block Cipher
B. Stream Cipher
C. CRC
D. Hashing Algorithm
A. Block Cipher
Dion Training wants to install a new accounting system and is considering moving to a cloud-based solution to reduce cost, reduce the information technology overhead costs, improve reliability, and improve availability. Your Chief Information Officer is supportive of this move since it will be more fiscally responsible. Still, the Chief Risk Officer is concerned with housing all of the company’s confidential financial data in a cloud provider’s network that might be shared with other companies. Since the Chief Information Officer is determined to move to the cloud, what type of cloud-based solution would you recommend to account for the Chief Risk Officer’s concerns?
A. PaaS in a hybrid cloud
B. SaaS in public cloud
C. PaaS in community cloud
D. SaaS in private Cloud
D. SaaS in a Private Cloud
You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security?
A. Network Segmentation
B. Defense in Depth
C. UTM
D. Load Balancer
B. Defense in Depth
A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?
A. Utilize formal methods of verification against the application processing the PHI
B. Utilize Saas model to processes the PHI data instead of an on premise solution
C. Use the DevSpecOps to build application that processes the Phi
D. Conduct tokeninzation of the PHI data before ingesting it into the big data application
D. Conduct tokeninzation of the PHI data before ingesting it into the big data application
(Sample Simulation – On the real exam for this type of question, you would drag and drop the authentication factor into the spot for the correct category.)
A. PIN, Signature, Fingerprint, Smart Card, and GPS Coordinator
B. Signature, Pin, Fingerprint, Smart Card, and GPS Coordinator
C. PIN, Smart Card, Fingerprint, Signature, GPS Coordinator
D. Smart Card, PIN, Fingerprint, Signature, GPS Coordinator
C. PIN, Smart Card, Fingerprint, Signature, GPS Coordinator
OBJ-2.4: For the exam, you need to know the different factors of authentication. If you use two or more of these factors, you are using multi-factor authentication. The five factors are something you know (knowledge), something you have (possession), something you are (biometrics), something you do (action), and somewhere you are (location).
Your company has decided to move all of its data into the cloud. Your company is concerned about the privacy of its data due to some recent data breaches that have been in the news. Therefore, they have decided to purchase cloud storage resources that will be dedicated solely for their use. Which of the following types of clouds is your company using?
A. Public
B. Hybrid
C. Community
D. Private
D. Private
What is a reverse proxy commonly used for?
A. Allowing access to a virtual private cloud
B. To obfuscate the origin of a user within the network
C. To prevent the unauthorized of the cloud service from the local network
D. Directing traffic to internal services if the contents of the traffic comply with the policy
D. Directing traffic to internal services if the contents of the traffic comply with the policy
You are developing a containment and remediation strategy to prevent the spread of an APT within your network. Your plan suggests creating a mirror of the company’s databases, routing all externally sourced network traffic to it, and gradually updating with pseudo-realistic data to confuse and deceive the APT as they attempt to exfiltrate the data. Once the attacker has downloaded the corrupted database, your company would then conduct remediation actions on the network and restore the correct database information to the production system. Which of the following types of containment strategies does the plan utilize?
A. Isolation Based Containment by disconnecting
B. Segmentation Based Containment disrupts the APT
C. Segmentation Based Containment that deceives the attack
D. Isolation Based Containment by removing
C. Segmentation Based Containment that deceives the attack
Which of the following cryptographic algorithms is classified as symmetric?
A. Blowfish
B. RSA
C. ECC
D. PGP
A. Blowfish
Which of the following hashing algorithms results in a 128-bit fixed output?
A. SHA -1
B. RIPEMD
C. SHA -2
D. MD -5
D. MD -5
You are installing Windows 2019 on a rack-mounted server and hosting multiple virtual machines within the physical server. You just finished the installation and now want to begin creating and provisioning the virtual machines. Which of the following should you utilize to allow you to create and provision virtual machines?
A. Terminal Service
B. Hypervisor
C. Device Manager
D. Disk Management
B. Hypervisor
The paparazzi have found copies of pictures of a celebrity’s new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider’s automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?
A. Unauthorized Camera Activation
B. Unintended Bluetooth Pairing
C. Leaked personal files
D. Unauthorized Root Access
C. Leaked personal files
Which of the following cryptographic algorithms is classified as asymmetric?
A. DSA
B. DES
C. AES
D. RC4
A. DSA
Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?
A. OpenID Connect
B. SAML
C. ADFS
D. Kerberos
A. OpenID Connect
Dave’s company utilizes Google’s G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used?
A. Multi-Cloud
B. Community
C. Public
D. Private
A. Multi-Cloud
You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?
A. Metered Service
B. On-Demand
C. Rapid Elasticity
D. Resource Pooling
C. Rapid Elasticity
Which of the following describes the overall accuracy of a biometric authentication system?
A. Crossover Error Rate
B. False Positive Rate
C. False Rejection Rate
D. False Acceptance Rate
A. Crossover Error Rate
Dion Training has added a salt and cryptographic hash to their passwords to increase the security before storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called?
A. Key Stretching
B. Salting
C. Collision Resistance
D. Rainbow Table
A. Key Stretching