Architecture and Design (5) Flashcards
Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this?
Implement port mirroring for that segment.
Install an NIPS on that segment.
Upgrade to a more effective NIPS.
Implement port mirroring for that segment.
The NIPS is not seeing the traffic on that network segment. By implementing port mirroring, the traffic from that segment can be copied to the segment where the NIPS is installed
You have been instructed to find a VPN solution for your company. Your company uses TACACS+ for remote access. Which of the following would be the best VPN solution for your company?
PPTP
RADIUS
L2TP
L2TP
Layer 2 Tunneling Protocol is a VPN technology that supports a wide range of remote access methods, including TACACS+. L2TP also supports a range of protocols, including ATM and X.25
Jacob is the CIO for a mid-sized company. His company has very good security policies and procedures. The company has outsourced its web application development to a well-known web programming company. Which of the following should be the most important security issue for Jacob to address?
The web application vendor’s hiring practices
The financial stability of the web application vendor
Security practices of the web application vendor
Security practices of the web application vendor
Whenever any part of your business process is outsourced, you need to ensure that the vendor meets or exceeds all of your security policies and procedures. Supply chain assessment security is a critical issue
Gerard is responsible for physical security at his company. He is considering using cameras that would detect a burglar entering the building at night. Which of the following would be most useful in accomplishing this goal?
Motion-sensing camera
Infrared-sensing camera
Sound-activated camera
Infrared-sensing camera
Infrared can still detect at night. A burglar is likely to be in the building at dark, so detecting via infrared is important
Tim is implementing a Faraday cage around his server room. What is the primary purpose of a Faraday cage?
Regulate current
Block intrusions
Block EMI
Block EMI
A Faraday cage is a metal wire mesh designed to block electromagnetic interference. Options A, B, and C are all incorrect. These are not functions of a Faraday cage
You are working for a large company. You are trying to find a solution that will provide controlled physical access to the building and record every employee who enters the building. Which of the following would be the best for you to implement?
A security guard with a sign-in sheet
Smart card access
A camera by the entrance
Smart card access
Smartcards can be used to allow entrance into a building. The smartcard can also store information about the user, and thus the system can log who enters the building
David is responsible for cryptographic keys in his company. What is the best way to deauthorize a public key?
Send out a network alert.
Delete the digital certificate.
Publish that certificate in the CRL.
Publish that certificate in the CRL.
Certificate revocation lists are designed specifically for revoking certificates. Since public keys are distributed via certificates, this is the most effective way to deauthorize a public key
Thomas is trying to select the right fire extinguisher for his company’s server room. Which of the following would be his best choice?
Type A
Type B
Type C
Type C
Type C fire extinguishers are used for electrical fires, including computer equipment fires
Carole is concerned about security for her server room. She wants the most secure lock she can find for the server room door. Which of the following would be the best choice for her?
Combination lock
Key-in-knob
Deadbolt
Deadbolt
Of the locks listed here, deadbolts are the most secure. The locking bolt goes into the door frame, making it more secure
What is the ideal humidity range for a server room?
70% to 80%
40% to 60%
Below 30%
40% to 60%
Forty percent to 60 percent is considered ideal humidity. High humidity can cause corrosion, and low humidity can cause electrostatic discharge
Molly is implementing biometrics in her company. Which of the following should be her biggest concern?
FAR
FRR
CER
FAR
False acceptance rate is the rate at which the system incorrectly allows in someone it should not. This is clearly a significant concern
Daniel is responsible for physical security in his company. All external doors have electronic smart card access. In an emergency such as a power failure, how should the doors fail?
Fail secure
Fail closed
Fail open
Fail open
Physical locks must always fail open, which is also called fail safe. The safety of employees must take precedence over the safety of property. If the lock does not fail open, then employees could be trapped in the building
Donald is responsible for networking for a defense contractor. He is concerned that emanations from UTP cable could reveal classified information. Which of the following would be his most effective way to address this?
Migrate to CAT 7 cable.
Implement protected cabling.
Place all cable in a Faraday cage.
Implement protected cabling.
Protected cabling will secure the cable and prevent anyone from eavesdropping. These systems, also called protected distribution systems, use a variety of safeguards so that classified information can be sent unencrypted
Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?
Store the drives in a secure cabinet.
Encrypt the thumb drives.
Don’t store BitLocker keys on these drives.
Store the drives in a secure cabinet.
A secure cabinet is tamper proof and provides a good place to store anything you are trying to physically protect
Juanita is responsible for servers in her company. She is looking for a fault-tolerant solution that can handle two drives failing. Which of the following should she select?
RAID 3
RAID 5
RAID 6
RAID 6
RAID 6, disk striping with dual parity, uses a minimum of four disks with distributed parity bits. RAID 6 can handle up to two disks failing
You are a network administrator for a mid-sized company. You need all workstations to have the same configuration. What would be the best way for you to accomplish this?
Implement a policy requiring all workstations to be configured the same way.
Ensure all computers have the same version of the operating system and the same applications installed.
Use a master image that is properly configured and image all workstations from that.
Use a master image that is properly configured and image all workstations from that.
The correct answer is to use a master image that is properly configured and to create all workstations from that image. This is a standard way large corporations configure systems
Mike is a network administrator for an e-commerce company. There have been several updates to the operating system, the web server software, and the web application, all within the last 24 hours. It appears that one of these updates has caused a significant security problem. What would be the best approach for Mike to take to correct this problem?
Remove the updates one at a time to see which corrects the problem.
Roll the server back to the last known good state.
Investigate and find out which update caused the problem, and remove only that update.
Roll the server back to the last known good state.
There is now a serious security issue on the web server. The primary concern must be to correct this. Rolling back to the last known good state will immediately correct the problem; then Mike can investigate to find the cause
Ixxia is responsible for security at a mid-sized company. She wants to prevent users on her network from visiting job-hunting sites while at work. Which of the following would be the best device to accomplish this goal?
Proxy server
NAT
Firewall
Proxy server
A web proxy can be used to block certain websites. It is common practice for network administrators to block either individual sites or general classes of sites (like job-hunting sites)
You are responsible for an e-commerce site. The site is hosted in a cluster. Which of the following techniques would be best in assuring availability?
Aggregate switching
An SSL accelerator
Load balancing
Load balancing
Load balancing the cluster will prevent any single server from being overloaded. And if a given server is offline, other servers can take on its workload
When you are concerned about application security, what is the most important issue in memory management?
Never allocate a variable any larger than is needed.
Always check bounds on arrays.
Make sure you release any memory you allocate.
Make sure you release any memory you allocate.
Failure to release memory you have allocated can lead to a memory leak. Therefore, if you are using a programming language like C++ that allows you to allocate memory, make certain you deallocate that memory as soon as you are finished using it
Darrel is looking for a cloud solution for his company. One of the requirements is that the IT staff can make the transition with as little change to the existing infrastructure as possible. Which of the following would be his best choice?
Off-premises cloud
On-premises cloud
Hybrid solution
Off-premises cloud
Off-premises clouds are always less expensive and require less changes to the existing infrastructure. That is true for public, private, or community clouds
Ryan is concerned about the security of his company’s web application. Since the application processes confidential data, he is most concerned about data exposure. Which of the following would be the most important for him to implement?
WAF
TLS
NIPS
TLS
The correct answer is to encrypt all the web traffic to this application using Transport Layer Security (TLS). This is one of the most fundamental security steps to take with any website
Arjun has just taken over web application security for a small company. He notices that some values are temporarily stored in hidden fields on one of the web pages. What is this called and how would it be best characterized?
This is data hiding, a weak security measure.
This is obfuscation, a possible security flaw.
This is data hiding, a possible security flaw.
This is obfuscation, a possible security flaw.
This is commonly called obfuscation. Many years ago (i.e., late 1990s) it was thought of as a weak security measure. Today it can only be thought of as a possible security flaw and should not be used
What is the primary reason a company would consider implementing Agile programming?
To speed up development time
To focus more on design
To focus more on testing
To speed up development time
Agile programming was developed specifically to speed up development time. Although it is not appropriate for all projects, it has become quite popular
When you’re implementing security cameras in your company, which of the following is the most important concern?
High-definition video
How large an area the camera can cover
Security of the camera and video storage
Security of the camera and video storage
The most important issue is that the camera itself is tamper proof and that the data stored is tamper proof. Wireless security cameras are an example of home automation and is one of the driving factors behind the IoT movement
What is the primary security issue presented by monitors?
Unauthorized users may see confidential data.
Data can be detected from electromagnetic emanations.
Poor authentication
Unauthorized users may see confidential data.
A monitor displays data, and it is possible others can see that data. For example, traveling employees with laptops may inadvertently disclose data on their monitor that someone else can see. For this reason, screen filters are recommended for laptops
Clark is responsible for mobile device security in his company. Which of the following is the most important security measure for him to implement?
Encrypted drives
Patch management
Remote wiping
Patch management
Just like desktops, laptops, and servers, patch management is a fundamental security issue and must be addressed. Many malware outbreaks and other breaches can be prevented by simply having good patch management
Which of the following security measures is most effective against phishing attacks?
User training
NIPS
Spam filters
User training
Phishing depends on deceiving the user. The only true protection against that is proper user training. There are some technologies that can reduce the chance of phishing emails getting through, but none can stop all phishing emails. The best protection is user training
You are the CISO for a mid-sized health care company. Which of the following is the most important for you to implement?
Contractual requirements
Strong security policies
Regulatory requirements
Regulatory requirements
Regulatory requirements are enforced by law. You must implement these; therefore, they are the most important
