Architecture and Design (2)

Question 1

You have been asked to implement security for SCADA systems in your company. Which of the following standards will be most helpful to you?

NIST 800-82

PCI-DSS

NIST 800-30

Answer 1

NIST 800-82

The correct answer is NIST 800-82. Special Publication 800-82, Revision 2, “Guide to Industrial Control System (ICS) Security,” is specific to industrial control systems. Industrial systems include SCADA (Supervisor Control And Data Acquisition) and PLCs (primary logic controllers)

Question 2

Joanne works for a large insurance company. Some employees have wearable technology, such as smart watches. What is the most significant security concern from such devices?

These devices can distract employees.

These devices can be used to carry data in and out of the company.

These devices may not have encrypted drives.

Answer 2

These devices can be used to carry data in and out of the company.

Wearable devices have storage and thus can be used to bring in files to a network, or to exfiltrate data from the network

Question 3

John is installing an HVAC system in his datacenter. What will this HVAC have the most impact on?

Confidentiality

Availability

Fire suppression

Answer 3

Availability

A heating, ventilation, and air conditioning system will affect availability. By maintaining temperature and humidity, the servers in the datacenter are less likely to crash and thus be more available

Question 4

Maria is a security engineer with a manufacturing company. During a recent investigation, she discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. What should Maria do to mitigate this threat?

Install host-based antivirus software on the engineer’s system.

Implement account usage auditing on the SCADA system.

Implement an NIPS on the SCADA system.

Answer 4

Implement account usage auditing on the SCADA system.

Maria should implement ongoing auditing of the account usage on the SCADA system. This will provide a warning that someone’s account is being used when they are not actually using it

Question 5

Lucy works as a network administrator for a large company. She needs to administer several servers. Her objective is to make it easy to administer and secure these servers, as well as making the installation of new servers more streamlined. Which of the following best addresses these issues?

Setting up a cluster

Virtualizing the servers

Putting the servers on a VLAN

Answer 5

Virtualizing the servers

The correct answer is virtualization. By virtualizing the servers Lucy can administer them all in a single location, and it is very easy to set up a new virtual server, should it be needed

Question 6

Gerard is responsible for secure communications with his company’s e-commerce server. All communications with the server use TLS. What is the most secure option for Gerard to store the private key on the e-commerce server?

HSM

FDE

SED

Answer 6

HSM

A hardware security module (HSM) is the most secure way to store private keys for the e-commerce server. An HSM is a physical device that safeguards and manages digital keys

Question 7

You are the security officer for a large company. You have discovered malware on one of the workstations. You are concerned that the malware might have multiple functions and might have caused more security issues with the computer than you can currently detect. What is the best way to test this malware?

Leave the malware on that workstation until it is tested.

Place the malware in a sandbox environment for testing.

It is not important to test it; just remove it from the machine.

Answer 7

Place the malware in a sandbox environment for testing.

The correct answer is to use a sandboxed environment to test the malware and determine its complete functionality. A sandboxed system could be an isolated virtual machine or an actual physical machine that is entirely isolated from the network

Question 8

Web developers in your company currently have direct access to the production server and can deploy code directly to it. This can lead to unsecure code, or simply code flaws being deployed to the live system. What would be the best change you could make to mitigate this risk?

Implement sandboxing.

Implement virtualized servers.

Implement a staging server.

Answer 8

Implement a staging server.

You should implement a staging server so that code can be deployed to an intermediate staging environment. This will allow testing of security features, as well as checking to see that the code integrates with the entire system. Using third-party libraries and SDKs can help reduce errors and vulnerabilities in the code

Question 9

Denish is concerned about the security of embedded devices in his company. He is most concerned about the operating system security for such devices. Which of the following would be the best option for mitigating this threat?

RTOS

SCADA

FDE

Answer 9

RTOS

A real-time operating system is a secure system used for embedded devices. RTOSs were originally developed for military applications but were not available to the public

Question 10

Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?

802. 11a
803. 11b
804. 11i

Answer 10

802.11i

The WPA2 standard fully implements the 802.11i security standard

Question 11

Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?

WPA

CCMP

WEP

Answer 11

WPA

The encryption technology associated with WPA is TKIP

Question 12

Juan is responsible for wireless security in his company. He has decided to disable the SSID broadcast on the single AP the company uses. What will the effect be on client machines?

They will no longer be able to use wireless networking.

They will no longer see the SSID as a preferred network when they are connected.

They will no longer see the SSID as an available network.

Answer 12

They will no longer see the SSID as an available network.

Disabling the SSID broadcast keeps it from being seen in the list of available networks, but it is still possible to connect to it and use the wireless network

Question 13

Which cloud service model provides the consumer with the infrastructure to create applications and host them?

SaaS

PaaS

IaaS

Answer 13

PaaS

In the Platform as a Service (PaaS) model, the consumer has access to the infrastructure to create applications and host them

Question 14

Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet?

SaaS

PaaS

IaaS

Answer 14

SaaS

With the Software as a Service (SaaS) model, the consumer has the ability to use applications provided by the cloud provider over the Internet. SaaS is a subscription service where software is licensed on a subscription basis

Question 15

Which feature of cloud computing involves dynamically provisioning (or deprovisioning) resources as needed?

Multitenancy

Elasticity

CMDB

Answer 15

Elasticity

Elasticity is a feature of cloud computing that involves dynamically provisioning (or deprovisioning) resources as needed

Question 16

Which type of hypervisor implementation is known as “bare metal”?

Type I

Type II

Type III

Answer 16

Type I

Type I hypervisor implementations are known as “bare metal”

Question 17

Mohaned is a security analyst and has just removed malware from a virtual server. What feature of virtualization would he use to return the virtual server to a last known good state?

Sandboxing

Hypervisor

Snapshot

Answer 17

Snapshot

A snapshot is an image of the virtual machine at some point in time. It is standard practice to periodically take a snapshot of a virtual system so that you can return that system to a last known good state

Question 18

Lisa is concerned about fault tolerance for her database server. She wants to ensure that if any single drive fails, it can be recovered. What RAID level would support this goal while using distributed parity bits?

RAID 1

RAID 3

RAID 5

Answer 18

RAID 5

RAID level 5 is disk striping with distributed parity. It can withstand the loss of any single disk

Question 19

Jarod is concerned about EMI affecting a key escrow server. Which method would be most effective in mitigating this risk?

VLAN

Trusted platform module

Faraday cage

Answer 19

Faraday cage

A Faraday cage, named after the famous physicist Michael Faraday, involves placing wire mesh around an area or device to block electromagnetic signals

Question 20

John is responsible for physical security at his company. He is particularly concerned about an attacker driving a vehicle into the building. Which of the following would provide the best protection against this threat?

A gate

Bollards

A security guard on duty

Answer 20

Bollards

The correct answer is bollards. These are large objects, often made of concrete or similar material, designed specifically to prevent a vehicle getting past them

Question 21

Mark is responsible for cybersecurity at a small college. There are many computer labs that are open for students to use. These labs are monitored only by a student worker, who may or may not be very attentive. Mark is concerned about the theft of computers. Which of the following would be the best way for him to mitigate this threat?

Cable locks

FDE on the lab computers

Strong passwords on the lab computers

Answer 21

Cable locks

The correct answer is to attach cable locks to the computers that lock them to the table. This makes it more difficult for someone to steal a computer

Question 22

Joanne is responsible for security at a power plant. The facility is very sensitive and security is extremely important. She wants to incorporate two-factor authentication with physical security. What would be the best way to accomplish this?

Smart cards

A mantrap with a smart card at one door and a pin keypad at the other door

A mantrap with video surveillance

Answer 22

A mantrap with a smart card at one door and a pin keypad at the other door

The correct answer is to incorporate two-factor authentication with a mantrap. By having a smartcard at one door (type II authentication) and a pin number (type I authentication) at the other door, Joanne will combine strong two-factor authentication with physical security

Question 23

Which of the following terms refers to the process of establishing a standard for security?

Baselining

Security evaluation

Hardening

Answer 23

Baselining

Baselining is the process of establishing a standard for security. A change from the original baseline value is referred to as baseline deviation

Question 24

You are trying to increase security at your company. You’re currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a trusted OS?

FDE

Hardening

Baselining

Answer 24

Hardening

Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an trusted OS is to eliminate unneeded protocols. This is also known as creating a secure baseline that allows the OS to run safely and securely

Question 25

Which level of RAID is a “stripe of mirrors”?

RAID 1+0

RAID 6

RAID 0

Answer 25

RAID 1+0

RAID 1+0 is a mirrored data set (RAID 1), which is then striped (RAID 0): a “stripe of mirrors”

Question 26

Isabella is responsible for database management and security. She is attempting to remove redundancy in the database. What is this process called?

Deprovisioning

Baselining

Normalization

Answer 26

Normalization

Normalization is the process of removing duplication or redundant data from a database. There are typically four levels of normalization ranging from 1N at the lowest (i.e., the most duplication) to 4N at the highest (i.e., the least duplication)

Question 27

A list of applications approved for use on your network would be known as which of the following?

Blacklist

Red list

Whitelist

Answer 27

Whitelist

“Whitelists” are lists of those items that are allowed (as opposed to a blacklist—things that are prohibited)

Question 28

Hans is a security administrator for a large company. Users on his network visit a wide range of websites. He is concerned they might get malware from one of these many websites. Which of the following would be his best approach to mitigate this threat?

Implement host-based antivirus.

Blacklist known infected sites.

Set browsers to allow only signed components.

Answer 28

Set browsers to allow only signed components.

The correct answer is to only allow signed components to be loaded in the browser. Code signing verifies the originator of the component (such as an ActiveX component) and thus makes malware far less likely

Question 29

Elizabeth has implemented agile development for her company. What is the primary difference between agile development and the waterfall method?

Waterfall has fewer phases.

Agile is more secure.

Agile repeats phases.

Answer 29

Agile repeats phases.

Agile development works in cycles, each cycle producing specific deliverables. This means that phases like design and development are repeated

Question 30

John is using the waterfall method for application development. At which phase should he implement security measures?

Requirements

Design

Implementation

All

Answer 30

All

Security should be addressed at every stage of development. This means requirements, design, implementation, verification/testing, and maintenance