Basic Knowledge Flashcards
Tom is preparing to build a credit card processing system. As he creates his design, he realizes that the operating environment will not allow him to include one of the PCI DSS required elements. What type of control should Tom discuss implementing?
A. Technical control
B. Operational control
C. Administrative control
D. Compensating control
D. Compensating controls are used to fulfill the same control objective as a required control when it is not feasible to implement that required control. The scenario describes a need for a compensating control. This control may be technical, operational, and/or administrative in nature.
Shane administers a Linux server running Apache. During the middle of his workday, tweets start to appear in his Twitter feed about compromises of Apache servers due to a flaw that had not been previously reported. What type of threat is this?
A. A local exploit
B. Advanced persistent threat
C. A zero-day exploit
D. A zero-knowledge threat
C. Zero-day exploits take advantage of a security vulnerability that is not known until the exploit has been used—there is no time (zero days) between the discovery and the attack.
Juan is analyzing systems on his network for known indicators of compromise. What term best describes the work he is performing?
A. Threat hunting
B. Vulnerability scanning
C. Intrusion prevention
D. Data mining
A. Threat hunting activities presume that a compromise has already taken place and search for indicators of that compromise. Vulnerability scanning activities probe systems for known vulnerabilities. Juan’s activity could be described as intrusion detection, but not as intrusion prevention because he is not taking any action to block future attacks. Data mining is a generic term used in machine learning activities and Juan is not leveraging data mining in this work.
Which one of the following controls may be used to attract the attention of intruders who gain access to a network segment so that they are distracted from high-value targets and may be monitored?
A. MAC
B. Honeypot
C. Intrusion prevention system
D. Rogue AP
B. Honeypots are decoy systems used to attract the attention of intruders so that they may be monitored in a controlled environment. Mandatory access controls (MACs) are used to enforce system security policies. Intrusion prevention systems are designed to detect and block malicious activity. Rogue access points provide an unauthorized means of wireless access.
While engaging in an attack, the attacker sends an email message to the targeted victim that contains malicious software as an attachment. What phase of the Cyber Kill Chain is occurring?
A. Weaponization
B. Delivery
C. Action on Objectives
D. Reconnaissance
B. This is an example of delivering the payload to the victim, so it is from the Delivery stage of the Cyber Kill Chain.
Betsy receives many requests from IT staff members for remote access to internal systems through the DMZ. What type of system might Betsy place in the DMZ to accommodate these requests?
A. Jump box
B. Virtual machine
C. Honeypot
D. Firewall
A. A jump box is a system designed to accept remote connection requests and act as an intermediary between those remote systems and local hosts. Virtual machines, honeypots, and firewalls may all exist in the DMZ but do not have the express purpose of providing remote administrative access.
Karen is configuring the host firewall on a web server that allows both encrypted and unencrypted web connections. It also must allow SSH access for users to securely drop off files. Which one of the following ports should not be open on the host firewall?
A. 22
B. 80
C. 443
D. 1433
D. Port 1433 is used for Microsoft SQL Server and should not be exposed on a web server. Ports 22, 80, and 443 are required for SSH, HTTP, and HTTPS connectivity, respectively.
Jacob has been tasked with using NetFlow to monitor network traffic flows in his organization, but the systems he is using are unable to keep up with the volume of data. What is his best option to deal with the traffic without adding new hardware while retaining visibility into the entire network?
A. Switch to RMON monitoring
B. Use flow sampling
C. Decrease the number of flows allowed for each user
D. Use packet shaping to reduce traffic rates to one that the flow collector can keep up with
B. Sampling is often used to retain flow visibility while reducing the overall flow rates to a reasonable level. Rates of 1:10, 1:100, or 1:1000 can significantly decrease the load that flows create while providing useful visibility. RMON does not provide visibility into flow data. Decreasing the number of flows per user would require reducing users’ ability to use the network, much like using packet shaping to reduce traffic rates would cause the network to be less usable—not a desirable option in almost any network!
Brooke is helping her organization implement a new cloud service. She is configuring the operating system on a server built in the cloud provider’s environment. What cloud service model is in use?
A. PaaS
B. FaaS
C. SaaS
D. IaaS
D. Infrastructure as a service (IaaS) is the only cloud service model where customers would configure operating systems themselves. In platform as a service (PaaS), function as a service (FaaS), and software as a service (SaaS) models, the cloud service provider is responsible for operating system configuration.
Barry joins a hotel wireless network and opens a web browser. No matter which page he visits, he is redirected to a web page requesting him to provide his name and room number. What type of network access control is the hotel using?
A. In-band
B. Out-of-band
C. 802.1x
D. Agent-based
A. This is an example of a captive portal network access control (NAC) solution, which is an in-band NAC because it inserts a device between Barry and the Internet. Out-of-band solutions, such as 802.1x, require that Barry’s system communicate with the network switch to support NAC. Agent-based solutions would require the installation of software on Barry’s computer.
Charles has been asked to secure the wired network that is normally a suite of offices that will be temporarily used by a visiting team from another company. If he wants to continue to allow members of his team to use the jacks, what technical means can he use to do this while also verifying the security posture of the systems that connect?
A. NAC
B. MAC filtering
C. Port security
D. HIPS
A. A network access control (NAC) system can allow Charles to require network authentication while performing security posture assessments on the systems that connect. This will allow his team to authenticate and use the network if they have secure systems.
Which one of the following components is built into most modern computer systems and is used to store disk encryption keys?
A. HSM
B. Trusted foundry
C. Root of trust
D. TPM
D. The Trusted Platform Module (TPM) is a hardware chip found inside most modern computers that is used to store disk encryption keys. Hardware security modules (HSMs) also store encryption keys, but they are dedicated, costly devices. Trusted foundries are trusted sources for hardware, and the root of trust is a concept used to describe how trust flows through the components of a secure system.
Which media disposition is typically the most expensive option from NIST’s options in NIST SP 800-88?
A. Clearing
B. Purging
C. Destruction
D. Obliteration
C. Destruction is both the most effective and the costliest option identified in the NIST Guidelines for Media Sanitization. Clearing by using logical methods to clear addressable storage locations and using overwriting and cryptographic erase techniques for purging are both cheaper and easier to perform. Obliteration is not an option in the NIST listing.
What type of firewall is able to incorporate contextual information about the user and application when making permit/deny decisions?
A. NGFW
B. Perimeter firewall
C. Stateful inspection
D. Packet filter
A. Next-generation firewalls (NGFWs) are able to incorporate contextual information about a connection attempt when making access control decisions. This capability is not available in packet filters or stateful inspection firewalls. While an NGFW may be a perimeter firewall, not all perimeter firewalls have next-generation capabilities.
During a network attack simulation exercise, which team is responsible for securing the targeted environment?
A. Red
B. White
C. Blue
D. Black
C. During a network attack simulation, the blue team is responsible for securing the targeted environment and keeping the attacking (red) team out. The white team serves as referees. There is no black team during a network attack simulation.
