Chap3 - Architecture and Design

Question 1

What type of documents should I review prior to creating policy documents related to the company’s computer systems?

Answer 1

Prior to creating policies, companies should look at all regulations and frameworks to ensure that they comply with them.

Question 2

What type of frameworks are COBIT and ITIL and are they legally enforceable?

Answer 2

COBIT and ITIL are non-regulatory and not legally enforceable as they are both good practice frameworks.

Question 3

Why would a multinational company purchase broadband from two different companies at the same time?

Answer 3

Purchasing broadband from two different companies provides vendor diversity, therefore, if one company fails, then the other still provides broadband.

Question 4

What is the name of the boundary layer between the LAN and WAN and what is the name of the web server located there?

Answer 4

The boundary layer between the LAN and the WAN is called the DMZ; it hosts the extranet web server that is normally used for suppliers and needs credentials to access it

Question 5

What would be the reason for the IT team to air gap a laptop computer?

Answer 5

If a laptop had sensitive information such as research and development data, the IT team could isolate it from the network by air gapping it so nobody could connect to it.

Question 6

When a company sets up full device encryption on a laptop, what hardware must be built into the motherboard to store the keys?

Answer 6

When full disk encryption such as BitLocker is used on a laptop, the laptop needs to have either a TPM chip or an HSM to store the encryption keys.

Question 7

Why would the IT security team roll out a honeypot and what would the benefits be?

Answer 7

An IT security team would roll out a honeypot when they want to observe the attack methods being used by an attacker. The benefits would be to enable them to defend against such an attack.

Question 8

You are the network administrator and need to deal with a high volume of website traffic, as well as an exceptionally large volume of DDoS traffic. What device(s) would you use?

Answer 8

A network administrator would use a load balancer to balance the website traffic so that each request would go to the least utilized host, but would use a firewall to prevent the DDoS traffic from entering the company network.

Question 9

A company has two different locations and has been paying $10,000 a year for a leased line. How can they connect the two locations with a much cheaper solution?

Answer 9

A site-to-site VPN is a solution that can connect two different locations as long as it is set to always on; this is a much cheaper solution that a leased line.

Question 10

How can a security analyst capture the network traffic going to one port on the switch?

Answer 10

Port mirroring or a tap can capture traffic going to a port on a switch and display it on another device for analysis.

Question 11

What is the role of a VPN concentrator?

Answer 11

The role of the VPN concentrator is to set up a secure session.

Question 12

What type of trust model is being used if I install BitLocker on my laptop to provide full disk encryption?

Answer 12

If I am using full disk encryption, the trust model being used is known as a hardware root of trust.

Question 13

Why would a company make standard operating procedures?

Answer 13

Standard operating procedures are the step-by-step instructions on how to carry out a task.

Question 14

The company research and development department needs a laptop for one of its employees. How should the security administrator set this machine up so that it isn’t on the normal network but isolated?

Answer 14

The company would set this laptop up so that it is air gapped—that would isolate it from the network.

Question 15

Your company leases business units and you have four different companies located on the same switch. How should you set up the switch so that they remain isolated from the other companies?

Answer 15

You would create four VLANs and put each company in its own VLAN, therefore, isolating them from each other. This would give control to each VLAN and reduce the broadcast domains.

Question 16

The application whitelist is a list of approved applications and the blacklist is a list of banned applications. If my new application called App1 does not run or install, is it because it is on the blacklist? What reason could there be for it not running or installing?

Answer 16

If an application will not run or install, it is simply because it has not been added to the whitelist; it does not necessarily need to be on the blacklist. The blacklist is for applications that will never be installed as they are banned.

Question 17

What common threat do printers and multi-functional devices both share as an attack vector against them?

Answer 17

The most common threat to printers and multifunction devices would be the network interface as most devices are now fully connected.

Question 18

A research and development department wants to test some applications that they have developed. However, some of these applications could be quite dangerous. What type of environment should the IT manager recommend for them to use but at the same time protect the company’s existing network with?

Answer 18

Sandboxing is where an isolated virtual machine can be used for patching, testing, or isolation of a dangerous application, therefore, the research and development department would put it in a sandbox.

Question 19

Your company houses one of the largest data centers in Europe and they have just expanded a site in London. But since then, there have been fluctuations in temperature at only that site. What is causing this temperature change and how can this be remedied?

Answer 19

The temperature rise is due to the additional increase in computers but it looks like they have not set up the hot aisles and cold aisles to regulate the temperature.

Question 20

A professor has just automated most of his household gadgets using IoT technology. He told a colleague that it was very simple as all of the devices worked straight out of the box. What are two security measures that he may have overlooked?

Answer 20

The professor has failed to change the default username or the default password of each of these devices, leaving himself vulnerable to attack.

Question 21

What are the two categories of devices that refrigerators and defibrillators each come under?

Answer 21

A refrigerator comes under the category of IoT and the defibrillator comes under the category SoC.

Question 22

How should a website developer set up the error information differently for the customer and the systems administrator?

Answer 22

Errors that are customer-facing should be bland, giving away very little information, whereas the errors for the IT team should be as long and detailed as possible. Errors should not cause a system to stop.

Question 23

What is the best method to protect a SQL server against a SQL injection attack and what would a secondary method be?

Answer 23

The best method for preventing a SQL injection attack would be to use a stored procedure where a sealed script is created and run by using the script name. The secondary way to prevent SQL injection would be input validation where the input is controlled.

Question 24

What is fuzzing and what two entities would use it as part of their working practices?

Answer 24

Both the black box and white box penetration testers use fuzzing, a technique that puts random information into an application to see what random output it provides. The white box tester is doing this with newly developed applications so that they are secure before moving into production.

Question 25

What two secure coding techniques would a security administrator use to mask information and to embed information?

Answer 25

The first technique to mask data would be obfuscation as it obscures the data; the second technique for embedding data would be steganography as it hides data inside other data.

Question 26

What is one of the major benefits that a security administrator would gain by using an imaging package or machine template when rolling out new computers?

Answer 26

The benefit of using a machine template or an imaging package such as a ghost to image a computer is that it produces a consistent baseline.

Question 26

What is the only technique that can be used to detect a zero-day attack?

Answer 26

A zero-day virus cannot be detected by any monitoring system or antivirus solution; it can only be detected by using a baseline where an earlier baseline is compared to the current baseline.

Question 27

A company wishes to move its bespoke applications to the cloud while still maintaining them. What model would they adopt?

Answer 27

The only cloud model that allows you to host bespoke systems in the cloud and maintain them is Platform as a service (PaaS). An example would be Azure.

Question 28

A security administrator has been told that one of his systems was categorized as an immutable system. Can you explain what method he will use for patch management?

Answer 28

An immutable system is where the complete components are replaced rather than updated, therefore, it would never be patched as it would be fully replaced.

Question 29

How easy is it to customize a Software as a Service payroll package?

Answer 29

Software as a service is where a vendor writes an application and then leases it but customization is forbidden. Examples would be Spotify or Office 365.

Question 30

What are the main differences between Type I and Type II hypervisors?

Answer 30

Type I hypervisors are bare metal and require no operating system, whereas a Type II hypervisor sits on top of an operating system, for example, Oracle’s VirtualBox.

Question 31

If the US Army decided to move all of its systems to the cloud, what cloud model would they adopt?

Answer 31

If the US Army decided to move all of their systems to the cloud, they would adopt a private cloud where they would own the whole environment and be isolated from everyone else due to security.

Question 32

What are the benefits that an IT training company receives by using cloud-based images for their classroom environments?

Answer 32

If an IT training company needed an environment for a word-processing course, they would lease little resources from the cloud provider but if they required a Skype or SharePoint environment, they could lease high-end servers—all they have to do is to send the image to the cloud provider, who would roll it out.

Question 33

Explain the main differences between waterfall and agile development life cycle models.

Answer 33

Waterfall is where one stage must be completed fully before the next stage commences. Agile can start all phases at the same time; its main aim is customer satisfaction. It is very similar to scrum.

Question 33

A newly formed company is going through a settling-in phase. They keep rewriting policy documents and none of the staff are sure what the latest policy on email is. What can the company do to alleviate their concerns?

Answer 33

The company needs to put version control on each document and have a master list on the intranet as to what is the latest version. That way, older versions could be destroyed.

Question 34

When a new application is being tested with real data, what phase of the software development life cycle are they using?

Answer 34

The staging phase in SDLC is where the application is tested with production data.

Question 35

What type of physical security control would be used to capture moving images and at the same time provide non-repudiation?

Answer 35

A camera is a physical device that can capture both pictures and video, therefore, capturing motion and providing non-repudiation as the person is captured on film.

Question 36

When you arrive at the company each morning, you must sign for your office key and when your working day ends, you must sign the key back in. What process is the company using?

Answer 36

The company is adopting key management where they ensure that all keys are accounted for and do not leave the premises so keys cannot be cut.

Question 37

What can be used within a company that uses a WLAN to prevent wireless communication from being captured by anyone outside of the company?

Answer 37

A Faraday cage can be built over a WLAN, preventing emissions from escaping and blocking incoming wireless communications.

Question 38

What can a network administrator do with the cabling throughout the company to prevent rodents chewing through the cables and at the same time make it more secure?

Answer 38

Protected distribution or conduits can be used to house cabling and prevent them from being attacked by rodents.

Question 39

If your company is adopting virtualization for its network, what danger does VM escape pose?

Answer 39

VM escape is where an attacker launches an attack from a vulnerable virtual machine and attacks the host housing all of the virtual machines.

Question 40

What danger does VM sprawl pose to your network security?

Answer 40

VM sprawl is where an unmanaged virtual machine has been added to your virtual network, as it is not known, it will not be regularly patched and will become vulnerable to attack.

Question 41

What security benefit does a NAT provide?

Answer 41

A NAT hides the internal network and protects it from attack by a third party.

Question 42

What can be used to prevent DNS poisoning and what resource records does it produce?

Answer 42

DNSSEC can be used to encrypt all DNS traffic and prevent DNS poisoning and it produces RRSIG records.

Question 43

Why would a network administrator adopt DHCP snooping?

Answer 43

DHCP snooping can prevent IP addresses from rogue access points from operating in your network. It prevents those addresses from being offered to client computers.

Question 44

What is the security benefit of using COYD over BYOD?

Answer 44

The company owns the equipment in a CYOD environment, therefore, when someone leaves the company, there can be no argument over who owns the data, whereas, in a BYOD environment, problems relating to data ownership could arise.

Question 45

If I am using my personal cell phone as a BYOD device, what can I use to keep my business data separate from that of my family and friends?

Answer 45

I could insert an SD card or similar card to keep my business data separate from my personal data; this is known as containerization or storage segmentation.

Question 46

What protocol does wireless credit card payment utilize?

Answer 46

Near Field Communication (NFC) is used for contactless card payments.

Question 47

If my network load balancer is set to affinity, how does it differ from normal load balancing operations?

Answer 47

When a network load balancer is set to affinity, it sends the client request to the same web server and does not balance it across all of the hosts.

Question 48

What can I use to manage a high volume of web traffic if my load balancer is broken?

Answer 48

If I don’t have a load balancer, I can use DNS round robin to rotate the incoming requests to each web server by going to each of the DNS records in turn.