Architecture and Design 2

Question 1

1. Departmental isolation uses a _______, whereas a computer isolation uses _________.

Answer 1

1. VLAN, airgaps

Question 2

2. A ______ is a boundary layer between the LAN and the ______. The website situated there is called an ___________ and is normally accessed using a username and a password.

Answer 2

2. DMZ, WAN, extranet

Question 3

3. System _________ is where a virtual machine is running out of resources.

Answer 3

3. Sprawl

Question 4

4. The best way to prevent a SQL injection attack is by using _________ ____________. Another method is to use _______ validation.

Answer 4

4. Store procedures, input

Question 5

5. A _____ is used is to hide the internal network, whereas _____ is multiple internal connections to one external connection.

Answer 5

5. NAT, PAT

Question 6

6. _______ code is source code that is never used by the application.

Answer 6

6. Dead

Question 7

7. A network intrusion detection system relies on __________ and _____________ to sense changes to the local network.

Answer 7

7. Sensors, collectors

Question 8

8. An _______________ switch can be used to connect multiple switches together and prevents looping.

Answer 8

8. Aggregation

Question 9

9. The cloud model ___________ as a Service is where you lease a bespoke application that cannot be _____________ and is normally accessed via a web browser.

Answer 9

9. Software, modified

Question 10

10. VM _________ is where an attacker gains access to a virtual machine and then attacks the host.

Answer 10

10. Escape

Question 11

11. If a company has the account lockout set to a maximum of three attempts, an attacker can log in twice to all of the computer systems without being detected. However, if the company installs a _______ system that uses a _____________ engine, once the third attempt is made, the attacker is locked out.

Answer 11

11. SIEM, correlation

Question 12

12. A company uses a lease line to connect two sites, London and Paris. Due to budget constraints, they are going to replace the lease line with a _____-__-_____ VPN using ________ __ mode.

Answer 12

12. Site-to-site, always on

Question 13

13. When a SIEM system produces a ________ positive, it could be that the wrong _______ filter is being used.

Answer 13

13. False, input

Question 14

14. _____________ _______ is where companies in the same industry share the cost of creating and hosting a cloud-based application.

Answer 14

14. Community cloud

Question 15

15. Group policy enforces policies for on-premise computers and ________ ________ _____________ __________ enforces policies for cloud-based computers.

Answer 15

15. Cloud access security broker

Question 16

16. A waterworks and an oil __________ and both examples of _________ networks.

Answer 16

16. Refinery, SCADA

Question 17

17. ___ ________ is where an unmanaged virtual machine has been placed on a virtual network. The administrator doesn’t know about it, so it will not be patched and end up as a vulnerability on the network.

Answer 17

17. VM sprawl

Question 18

18. _________________ can be used to mask data or code, whereas ________________ is used to embed data inside other data.

Answer 18

18. Obfuscation, steganography

Question 19

19. ____________ __________ is the cloud model that has more control, whereas _________________ as a Service is the cloud service that has most control as you have to install, ___________, and patch the operating system.

Answer 19

19. Private cloud, infrastructure, configure

Question 20

20. A company is building a new data center in Galway and is using ___________ to control access to the data center and using a ______ system to help provide availability of the computer systems and prevent them from _____________ and crashing.

Answer 20

20. Mantraps, HVAC, overheating

Question 21

21. A company has moved the desktops in the customer services departments so that people walking past the outside windows cannot ___________ surf and has installed ________ ________ as an additional precaution.

Answer 21

21. Shoulder, screen filters

Question 22

22. __________ is the process of testing a new application with production _______. This can be carried out by using _____________ to isolate them from the corporate network.

Answer 22

22. Staging, data, sandboxing

Question 23

23. Using a master __________ to roll out desktop computers ensures that they have a consistent security __________.

Answer 23

23. Image, baseline

Question 24

24. Different occupations can be regulated by __________ ____________ frameworks. An example of this would be PCI DSS for __________ ______ handling.

Answer 24

24. Industry frameworks, credit card

Question 25

25. A high volume of web traffic can be controlled by using a ______ ___________, whereas a high volume of DDoS traffic can be controlled by using a ______ ___________ or a stateful ___________.

Answer 25

25. Load balancer, DDoS mitigator, firewall

Question 26

26. A ________ box penetration tester can use a technique called __________ to carry out dynamic analysis of the ________ of a newly created application so that any _______________ can be addressed.

Answer 26

26. White, fuzzing, code, vulnerabilities

Question 27

27. PowerShell is an example of infrastructure as _______ where automation is paramount.

Answer 27

27. Code

Question 28

28. To protect data at rest on a laptop, full disk encryption can be used. However, this will require a _____ chip to be built into the laptop’s motherboard.

Answer 28

28. TPM

Question 29

29. The IT director is writing a new policy for the use of a new system and the technical lead is designing technical controls for this system. What they are both participating in is called _________ __________.

Answer 29

29. Control diversity

Question 30

30. ____________ ___________ is derived from legislation and ensures compliance.

Answer 30

30. Regulatory framework

Question 31

31. Using a mobile phone to provide internet access to a laptop is called ____________.

Answer 31

31. Tethering

Question 32

32. The cybersecurity incident response team has launched a new ____________ so that they can discover the new web-based attack methods being used.

Answer 32

32. Honeypot

Question 33

33. A __________ __ _______ model is where the security team uses multiple layers of protection so that if one layer fails, the _______ layer should prevent the attack.

Answer 33

33. Defence in depth, next

Question 34

34. In a BYOD environment, inserting an SD card to keep business data separate from your personal data is an example of ___________ _____________, also known as _________________.

Answer 34

34. Storage segmentation, containerization

Question 35

35. ____-_____________ configuration can be used to roll back to a previous state, should any unforeseen problems occur. In a virtual environment, a __________ can be used.

Answer 35

35. Non-persistent, snapshot

Question 36

36. PGP uses a _____ __ _________, FDE uses a _________ _____ __ ________, and two separate ______ use a bridge of trust model, commonly known as a _______ _________.

Answer 36

36. Web of trust, hardware root of trust, CAs, trust model

Question 37

37. A company has leased a SaaS application for its sales team, but they have complained about the interface and want customization to be carried out. The IT director has informed the sales team that these proposed changes _________ be made.

Answer 37

37. Cannot

Question 38

38. RAID 5 uses ________ parity and can lose ______ disk, whereas RAID 6 uses _________ parity and can afford to lose ______ disks. RAID __ is more resilient.

Answer 38

38. Single, one, double, two, 6

Question 39

39. To secure a mobile phone, you should use ________ passwords, ________ ______, and full disk _____________.

Answer 39

39. Strong, screen locks, encryption

Question 40

40. Vendor-specific _________ are rolled out with each piece of equipment to show you how they should be set up.

Answer 40

40. Guides

Question 41

41. If a company wishes to move its bespoke applications to the cloud but still maintain them, it will adopt the cloud model ___________ as a Service.

Answer 41

41. Platform

Question 42

42. A refrigerator is an example of an _____ device, whereas a life support system is an example of ______.

Answer 42

42. IoT, SoC

Question 43

43. ____________ is a development life cycle model that requires the whole stage to complete before we move on to the next stage. ________ can start multiple stages at one time and its aim is customer satisfaction. It is similar to scrum.

Answer 43

43. Waterfall, agile

Question 44

44. The ______ ______ protocol is used for voice traffic over IP networks and the secure version is called _______.

Answer 44

44. Real time, SRTP

Question 45

45. ___________ as a Service can provide identity management using _______ tokens.

Answer 45

45. Security, SAML

Question 46

46. Should a SIEM system find a false __________ on a known ____________ operating system, it may be using ________ input filters.

Answer 46

46. Positive, hardened, wrong

Question 47

47. Kerberos authentication and SIEM systems are both reliant on ______
    _______________.

Answer 47

47. Time synchronization

Question 48

48. To mitigate attacks on household IoT devices, ensure that the default _____________ ____ ___________ are changed ________________ and that they cannot ___________ access the internet.

Answer 48

48. Username and passwords, immediately, directly

Question 49

49. A cybersecurity response team can capture all of the traffic going to one port on a switch using a ______ _________ or _____.

Answer 49

49. Port mirror, tap

Question 50

50. Containers are __________ virtual machines, whereas containerization is __________ _______________ on a mobile device.

Answer 50

50. Isolated, storage segmentation