Book Cards (set 1)

Question 1

What prevents people from stealing PII and sensitive information?

Answer 1

Data Loss Prevention (DLP)

Question 2

What type of device could suffer an ARP attack?

Answer 2

A switch (because it works with MAC addresses)

Question 3

Which two devices use ACL?

Answer 3

Firewall and router

Question 4

What device sits in the screened subnet, authenticates incoming users, and decrypts incoming traffic?

Answer 4

Reverse Proxy

Question 5

What device could you install to manage a high volume of incoming web traffic?

Answer 5

A load balancer

Question 6

A network administrator is going to change firewall rules. What should they do FIRST?

Answer 6

Follow the Change Management Process

Question 7

What kind of records are created by DNS poisoning, and how can we prevent this attack?

Answer 7

DNS poisoning creates RRSIG records and can be prevented using DNSSEC

Question 8

What device joins multiple networks together?

Answer 8

A router

Question 9

What type of control does a SIEM system adopt?

Answer 9

Detective Control

Question 10

What type of attack affects weak database configuration? What are the symptoms?

Answer 10

SQL Injection, symptoms of which include the insertion of malicious code such as 1=1

Question 11

If an attacker is gathering information from a companys website and Facebook page, what type of reconnaissance is this?

Answer 11

Passive reconnaissance

Question 12

What type of data does a VPN protect?

Answer 12

Data in Transit

Question 13

Why would we use an Access Control Vestibule in a datacenter?

Answer 13

To control access

Question 14

What can you use to isolate an application from the underlying operating system?

Answer 14

Containers

Question 15

How will a company push out an update to their password policies?

Answer 15

GPO - Group Policy Update

Question 16

What do digital signatures and hashing have in common?

Answer 16

They both provide non-repudiation

Question 17

The company SIEM system has detected an attack on a file server, but a manual inspection of the file server finds nothing. What does this decribe?

Answer 17

A false positive

Question 18

How can you prevent buffer overflow, integer overflow, and SQL injection attacks?

Answer 18

Input validation can prevent all three of these attacks as it controls input to an application or database. A stored procedure is another prevention method that will prevent a SQL injection attack, and this should be the first choice for a database.

Question 19

What type of threat actor might be employed by the Nation State or APT?

Answer 19

Organized crime

Question 20

Which threat actor is socially or politically motivated?

Answer 20

Hacktivist

Question 21

Which threat actor wants your trade secrets?

Answer 21

Competitor

Question 22

Which threat actor would buy a program from the Dark Web?

Answer 22

Script kiddie

Question 23

What type of attack involves the insertion of too many characters into a data field on a web server?

Answer 23

Buffer overflow

Question 24

What can you do to check if a USB drive has a virus?

Answer 24

Inspect it using a sandbox. Use sandboxes for testing, checking patches, and investigating malware.

Question 25

What risk treatment is being used if you purchase insurance or outsource your IT?

Answer 25

Risk Transference