Architecture and Design (2) Flashcards
You have been asked to implement security for SCADA systems in your company. Which of the following standards will be most helpful to you?
NIST 800-82
PCI-DSS
NIST 800-30
NIST 800-82
The correct answer is NIST 800-82. Special Publication 800-82, Revision 2, “Guide to Industrial Control System (ICS) Security,” is specific to industrial control systems. Industrial systems include SCADA (Supervisor Control And Data Acquisition) and PLCs (primary logic controllers)
Joanne works for a large insurance company. Some employees have wearable technology, such as smart watches. What is the most significant security concern from such devices?
These devices can distract employees.
These devices can be used to carry data in and out of the company.
These devices may not have encrypted drives.
These devices can be used to carry data in and out of the company.
Wearable devices have storage and thus can be used to bring in files to a network, or to exfiltrate data from the network
John is installing an HVAC system in his datacenter. What will this HVAC have the most impact on?
Confidentiality
Availability
Fire suppression
Availability
A heating, ventilation, and air conditioning system will affect availability. By maintaining temperature and humidity, the servers in the datacenter are less likely to crash and thus be more available
Maria is a security engineer with a manufacturing company. During a recent investigation, she discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. What should Maria do to mitigate this threat?
Install host-based antivirus software on the engineer’s system.
Implement account usage auditing on the SCADA system.
Implement an NIPS on the SCADA system.
Implement account usage auditing on the SCADA system.
Maria should implement ongoing auditing of the account usage on the SCADA system. This will provide a warning that someone’s account is being used when they are not actually using it
Lucy works as a network administrator for a large company. She needs to administer several servers. Her objective is to make it easy to administer and secure these servers, as well as making the installation of new servers more streamlined. Which of the following best addresses these issues?
Setting up a cluster
Virtualizing the servers
Putting the servers on a VLAN
Virtualizing the servers
The correct answer is virtualization. By virtualizing the servers Lucy can administer them all in a single location, and it is very easy to set up a new virtual server, should it be needed
Gerard is responsible for secure communications with his company’s e-commerce server. All communications with the server use TLS. What is the most secure option for Gerard to store the private key on the e-commerce server?
HSM
FDE
SED
HSM
A hardware security module (HSM) is the most secure way to store private keys for the e-commerce server. An HSM is a physical device that safeguards and manages digital keys
You are the security officer for a large company. You have discovered malware on one of the workstations. You are concerned that the malware might have multiple functions and might have caused more security issues with the computer than you can currently detect. What is the best way to test this malware?
Leave the malware on that workstation until it is tested.
Place the malware in a sandbox environment for testing.
It is not important to test it; just remove it from the machine.
Place the malware in a sandbox environment for testing.
The correct answer is to use a sandboxed environment to test the malware and determine its complete functionality. A sandboxed system could be an isolated virtual machine or an actual physical machine that is entirely isolated from the network
Web developers in your company currently have direct access to the production server and can deploy code directly to it. This can lead to unsecure code, or simply code flaws being deployed to the live system. What would be the best change you could make to mitigate this risk?
Implement sandboxing.
Implement virtualized servers.
Implement a staging server.
Implement a staging server.
You should implement a staging server so that code can be deployed to an intermediate staging environment. This will allow testing of security features, as well as checking to see that the code integrates with the entire system. Using third-party libraries and SDKs can help reduce errors and vulnerabilities in the code
Denish is concerned about the security of embedded devices in his company. He is most concerned about the operating system security for such devices. Which of the following would be the best option for mitigating this threat?
RTOS
SCADA
FDE
RTOS
A real-time operating system is a secure system used for embedded devices. RTOSs were originally developed for military applications but were not available to the public
Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?
- 11a
- 11b
- 11i
802.11i
The WPA2 standard fully implements the 802.11i security standard
Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?
WPA
CCMP
WEP
WPA
The encryption technology associated with WPA is TKIP
Juan is responsible for wireless security in his company. He has decided to disable the SSID broadcast on the single AP the company uses. What will the effect be on client machines?
They will no longer be able to use wireless networking.
They will no longer see the SSID as a preferred network when they are connected.
They will no longer see the SSID as an available network.
They will no longer see the SSID as an available network.
Disabling the SSID broadcast keeps it from being seen in the list of available networks, but it is still possible to connect to it and use the wireless network
Which cloud service model provides the consumer with the infrastructure to create applications and host them?
SaaS
PaaS
IaaS
PaaS
In the Platform as a Service (PaaS) model, the consumer has access to the infrastructure to create applications and host them
Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet?
SaaS
PaaS
IaaS
SaaS
With the Software as a Service (SaaS) model, the consumer has the ability to use applications provided by the cloud provider over the Internet. SaaS is a subscription service where software is licensed on a subscription basis
Which feature of cloud computing involves dynamically provisioning (or deprovisioning) resources as needed?
Multitenancy
Elasticity
CMDB
Elasticity
Elasticity is a feature of cloud computing that involves dynamically provisioning (or deprovisioning) resources as needed
Which type of hypervisor implementation is known as “bare metal”?
Type I
Type II
Type III
Type I
Type I hypervisor implementations are known as “bare metal”
Mohaned is a security analyst and has just removed malware from a virtual server. What feature of virtualization would he use to return the virtual server to a last known good state?
Sandboxing
Hypervisor
Snapshot
Snapshot
A snapshot is an image of the virtual machine at some point in time. It is standard practice to periodically take a snapshot of a virtual system so that you can return that system to a last known good state
Lisa is concerned about fault tolerance for her database server. She wants to ensure that if any single drive fails, it can be recovered. What RAID level would support this goal while using distributed parity bits?
RAID 1
RAID 3
RAID 5
RAID 5
RAID level 5 is disk striping with distributed parity. It can withstand the loss of any single disk
Jarod is concerned about EMI affecting a key escrow server. Which method would be most effective in mitigating this risk?
VLAN
Trusted platform module
Faraday cage
Faraday cage
A Faraday cage, named after the famous physicist Michael Faraday, involves placing wire mesh around an area or device to block electromagnetic signals
John is responsible for physical security at his company. He is particularly concerned about an attacker driving a vehicle into the building. Which of the following would provide the best protection against this threat?
A gate
Bollards
A security guard on duty
Bollards
The correct answer is bollards. These are large objects, often made of concrete or similar material, designed specifically to prevent a vehicle getting past them
Mark is responsible for cybersecurity at a small college. There are many computer labs that are open for students to use. These labs are monitored only by a student worker, who may or may not be very attentive. Mark is concerned about the theft of computers. Which of the following would be the best way for him to mitigate this threat?
Cable locks
FDE on the lab computers
Strong passwords on the lab computers
Cable locks
The correct answer is to attach cable locks to the computers that lock them to the table. This makes it more difficult for someone to steal a computer
Joanne is responsible for security at a power plant. The facility is very sensitive and security is extremely important. She wants to incorporate two-factor authentication with physical security. What would be the best way to accomplish this?
Smart cards
A mantrap with a smart card at one door and a pin keypad at the other door
A mantrap with video surveillance
A mantrap with a smart card at one door and a pin keypad at the other door
The correct answer is to incorporate two-factor authentication with a mantrap. By having a smartcard at one door (type II authentication) and a pin number (type I authentication) at the other door, Joanne will combine strong two-factor authentication with physical security
Which of the following terms refers to the process of establishing a standard for security?
Baselining
Security evaluation
Hardening
Baselining
Baselining is the process of establishing a standard for security. A change from the original baseline value is referred to as baseline deviation
You are trying to increase security at your company. You’re currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a trusted OS?
FDE
Hardening
Baselining
Hardening
Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an trusted OS is to eliminate unneeded protocols. This is also known as creating a secure baseline that allows the OS to run safely and securely
Which level of RAID is a “stripe of mirrors”?
RAID 1+0
RAID 6
RAID 0
RAID 1+0
RAID 1+0 is a mirrored data set (RAID 1), which is then striped (RAID 0): a “stripe of mirrors”
Isabella is responsible for database management and security. She is attempting to remove redundancy in the database. What is this process called?
Deprovisioning
Baselining
Normalization
Normalization
Normalization is the process of removing duplication or redundant data from a database. There are typically four levels of normalization ranging from 1N at the lowest (i.e., the most duplication) to 4N at the highest (i.e., the least duplication)
A list of applications approved for use on your network would be known as which of the following?
Blacklist
Red list
Whitelist
Whitelist
“Whitelists” are lists of those items that are allowed (as opposed to a blacklist—things that are prohibited)
Hans is a security administrator for a large company. Users on his network visit a wide range of websites. He is concerned they might get malware from one of these many websites. Which of the following would be his best approach to mitigate this threat?
Implement host-based antivirus.
Blacklist known infected sites.
Set browsers to allow only signed components.
Set browsers to allow only signed components.
The correct answer is to only allow signed components to be loaded in the browser. Code signing verifies the originator of the component (such as an ActiveX component) and thus makes malware far less likely
Elizabeth has implemented agile development for her company. What is the primary difference between agile development and the waterfall method?
Waterfall has fewer phases.
Agile is more secure.
Agile repeats phases.
Agile repeats phases.
Agile development works in cycles, each cycle producing specific deliverables. This means that phases like design and development are repeated
John is using the waterfall method for application development. At which phase should he implement security measures?
Requirements
Design
Implementation
All
All
Security should be addressed at every stage of development. This means requirements, design, implementation, verification/testing, and maintenance
