CH 3 - Security Foundations

Question 1

To remove malware from the network before it gets to the endpoint, you would use which of the following?

A. Packer filter
B. Application layer gateway
C. Unified threat management appliance
D. Stateful firewall

Answer 1

C.
Unified threat management appliance

Question 2

If you were on a client engagement and discovered that you left an external hard drive with essential data on it at home, which security principle would you be violating?

A. Confidentiality
B. Integrity
C. Nonrepudiation
D. Availability

Answer 2

D.
Availability

Question 3

How would you calculate risk?

A. Probability * loss value
B. Probability * mitigation factor
C. (Loss value + mitigation factor) * (loss value / probability)
D. Probability * mitigation factor

Answer 3

A.
Probability * loss value

Question 4

Which of the following is one factor of a defense-in-depth approach to network design?

A. Switches
B. Using Linux on the desktop
C. Optical cable connections
D. Access control lists on routers

Answer 4

D.
Access control lists on routers

Question 5

How would you ensure that confidentiality is implemented in an organization?

A. Watchdog processes
B. Encryption
C. Cryptographic hashes
D. Web servers

Answer 5

B.
Encryption

Question 6

An intrusion detection system can perform which of the following functions?

A. Block traffic
B. Filter traffic based on headers
C. Generate alerts on traffic
D. Log system messages

Answer 6

C.
Generate alerts on traffic

Question 7

Which of these would be an example of a loss of integrity?

A. User making changes to a file and saving it
B. Bad blocks flagged on disk
C. Credit cards passed in cleartext
D. Memory failures causing disk drivers to run incorrectly

Answer 7

D.
Memory failures causing disk drivers to run incorrectly

Question 8

What would you use a
Security Information Event Manager (SIEM) for?

A. Aggregating and Providing search for log data
B. Managing security projects
C. Escalating security events
D. Storing open source intelligence

Answer 8

A.
Aggregating and providing search for log data

Question 9

Why is it important to store system logs remotely?

A. Local systems can’t handle it
B. Bandwidth is faster than disks
C. Attackers might delete local logs
D. It will defend against attacks

Answer 9

C.
Attackers might delete local logs

Question 10

What would be necessary for a TCP conversation to be considered established by a stateful firewall?

A. Final acknowledgment message
B. Three-way handshake complete
C. Sequence numbers aligned
D. SYN message received

Answer 10

B.
Three-way handshake complete

Question 11

What is the purpose of a security policy?

A. To provide high-level guidance on the role of security
B. To provide specific direction to security workers
C. To increase the bottom line of a company
D. To align standards and practices

Answer 11

A.
To provide high-level guidance on the role of security

Question 12

What additional properties does the Parkerian Hexad offer over the CIA triad?

A. Confidentiality, awareness, authenticity
B. Utility, awareness, possession
C. Utility, possession, authenticity
D. Possession, control, authenticity

Answer 12

C.
Utility, Possession, Authenticity

Question 13

What important event can be exposed by enabling auditing?

A. System shutdown
B. Service startup
C. Package installation
D. User login

Answer 13

D.
User login

Question 14

What can an intrusion prevention system do that an intrusion detection system can’t?

A. Generate alerts
B. Block or reject network traffic
C. Complete the three-way handshake to bogus messages
D. Log packets

Answer 14

B.
Block or reject network traffic

Question 15

Which of these is an example of an application layer gateway?

A. Web application firewall
B. Runtime application self-protection
C. Java applet
D. Intrusion prevention system

Answer 15

A.
Web application firewall

Question 16

Which information would a packet filter use to make decisions about what traffic to allow into the network?

A. HTTP REQUEST message
B. Ethernet type
C. UDP source port
D. SNMP OID

Answer 16

C.
UDP source port

Question 17

Which of the following products might be used as an intrusion detection system?

A. Elastic Stack
B. Prewikka
C. Snort
D. Snorby

Answer 17

C.
Snort

Question 18

Which of these isn’t an example of an attack that compromises integrity?

A. Buffer overflow
B. Man in the middle
C. Heap spraying
D. Watering hole

Answer 18

D.
Watering hole

Question 19

What type of attack could lead to a direct compromise of availability?

A. Watering hole
B. DoS
C. Phishing
D. Buffer overflow

Answer 19

B.
DoS

Question 20

What important function can EDR offer to security operations staff?

A. Host isolation
B. Malware detection
C. Remote data collection
D. All of the above

Answer 20

D.
All of the above

Question 21

Which type of security control is a firewall?

A. Administrative
B. Physical
C. Technical
D. Corrective

Answer 21

C.
Technical

Question 22

Management has been informed of a risk to PII data that results from an application being developed and managed by the company. They have chosen not to do anything with the risk. What risk management approach have they taken?

A. Risk transference
B. Risk avoidance
C. Risk mitigation
D. Risk acceptance

Answer 22

D.
Risk Acceptance

Question 23

You’ve been asked to implement a set of standards to support a policy. What type of security control are you developing?

A. Administrative
B. Corrective
C. Logical
D. Functional

Answer 23

A.
Administrative

Question 24

Your risk management team has asked for a technical control that could mitigate the risk that may be associated with insider threat. Which of these controls would work for that?

A. Security policy
B. Identity and access management (IAM) solution
C. Security standards
D. Host-based firewall

Answer 24

B.
Identity and access management (IAM) solution

Question 25

An attacker has registered the domain name facebookmailings.com which will be used to send phishing messages out. Which of the MITRE ATT&CK Framework categories would that fall into?

A. Initial access
B. Lateral movement
C. Credential access
D. Resource development

Answer 25

D.
Resource development