Chapter 11 Endpoint Security Review Questions Flashcards
1- Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
A. logger
B. tail
C. chmod
D. head
- B. The Linux tail command with the -f flag will follow a file as it changes, showing the last 10 lines by default. Charles can use this to monitor a log file as it changes. logger adds text to the syslog file, chmod changes permissions, and head shows the first 10 lines of a file, which will typically be the oldest entries in a log file on a Linux system.
2- Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used?
21 22 23 80 443
A. 21, 22, and 80
B. 21 and 80
C. 21, 23, and 80
D. 22 and 443
2. C. The services listed are: 21 – FTP 22 – SSH 23 – Telnet 80 – HTTP 443 – HTTPS Of these services, SSH and HTTPS are secure options for remote shell access and HTTP. Although secure mode FTP (FTP/S) may run on TCP 21, there is not enough information to know for sure, and HTTPS can be used for secure file transfer if necessary. Thus, Naomi's best option is to disable all three likely unsecure protocols: FTP, Telnet, and HTTP.
3- Frank’s organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
A. Define data lifecycles for all nonsensitive data.
B. Encrypt all sensitive data.
C. Implement and use a data classification scheme.
D. Tag all data with the name of the creator or owner.
- C. Protecting data using a DLP requires data classification so that the DLP knows which data should be protected and what policies to apply to it. Defining data lifecycles can help prevent data from being kept longer than it should be and improves data security by limiting the data that needs to be secured, but it isn’t necessary as part of a DLP deployment. Encrypting all sensitive data may mean the DLP cannot recognize it and may not be appropriate for how it is used. Tagging all data with a creator or owner can be useful but is not required for a DLP rollout— instead, knowing the classification of the data is more important.
4- The company that Theresa works for has deployed IoT sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
A. Attackers may change the baseband frequency used by the devices, causing them to fail.
B. Attackers may switch the devices to a narrowband radio mode that limits the range of the cellular modems.
C. Attackers may steal the SIM cards from the devices and use them for their own purposes.
D. Attackers may clone the SIM cards from the devices to conduct attacks against one-time password systems.
- C. Physical theft of SIM cards is a threat that cellular-connected devices may face. Using an integrated SIM rather than a removable SIM, or making the SIM difficult or impossible toaccess without significant effort, may help. Although cloning SIM cards to help defeat one-time password systems is an actual attack, IoT devices typically do not use a cellular connection to present a one-time password since no user are involved. Both the narrowband and baseband answers are not concerns in this scenario.
5- Which of the following is not a typical security concern with MFPs?
A. Exposure of sensitive data from copies and scans
B. Acting as a reflector for network attacks
C. Acting as an amplifier for network attacks
D. Use of weak encryption
- D. MFPs, or multifunction printers, may contain sensitive data from copies or scans; some MFPs have built-in hard drives or other mass storage that can retain data for an extended period of time. They often have weak network security capabilities, making them useful as a reflector or amplifier in some network attacks. Fortunately, if a MFP supports protocols like TLS for web access, they support a reasonably secure implementation of the protocols needed to keep data transfers secure.
6- Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
A. A hardening application
B. An allow list application
C. A deny list application
D. A HIPS
- B. An allow list application will allow only specific permitted programs to be installed on a system. Deny list applications will prevent specified applications from being installed. Hardening applications are not a specific category of tool, although hardening scripts are in use, and a HIPS is a host intrusion prevention system.
7- What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices?
A. EDR
B. IAM
C. FDE
D. ESC
- A. Endpoint detection and response (EDR) systems provide monitoring, detection, and response capabilities for systems. EDR systems capture data from endpoints and send it to a central repository, where it can be analyzed for issues and indicators of compromise or used for incident response activities. IAM is identity and access management, FDE is full- disk encryption, and ESC is not a commonly used security acronym.
8- Which of the following is not typically part of a SoC?
A. A CPU
B. A display
C. Memory
D. I/O
- C. A system on a chip (SoC) is a chip that has most of the functions of a complete computer built into it. In fact, most SoCs have a CPU, memory, input/output, and storage as part of the chip. Adding a display to the chip is unlikely, but adding a display that the SoC can access and display to is very common in things like smartphones, smart watches, and other devices.
9- What scripting environment is native to Windows systems?
A. Python
B. PowerShell
C. Bash
D. CMD
- B. PowerShell is a native scripting environment for Windows systems. Although Python and Bash can be installed, they arenot automatically part of the operating system. CMD.exe will start the command prompt, but it is not a scripting environment.
10- Amanda is assessing a vehicle’s internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?
A. Narrowband bus
B. A Zigbee bus
C. A CAN bus
D. An SoC bus
- C. A controller area network (CAN) is a vehicle-specific standard designed to allow microcontrollers, sensors, and other components of the vehicle to communicate. Zigbee, a wireless protocol used for home automation and similar short-ranged purposes, would be poorly suited to use in vehicles. Narrowband describes a channel, not a bus type, and an SoC bus was made up for this question.
11- The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui’s organization deployed, and where should Hui place her focus on securing it?
A. An FPGA, and on network security
B. A microcontroller, and on physical security
C. A GPU, and on network security
D. An ICS, and on physical security
- B. Arduinos are a form of microcontroller, and since Arduinos in their default form do not have wired or wireless networking built in, Hui should focus on the physical security of the device.
12- Which of the following is not a typical reason to use an IP addressing schema in an enterprise?
A. Avoiding use of other organizations’ IP addresses
B. Avoiding IP address exhaustion in a subnet
C. Asset and system inventory
D. Consistency of practice with gateway and other IP addresses
- A. Organizations should use IP addresses that are specifically allocated to the organization or that are RFC 1918 addresses that are non-Internet routable. That means that an addressing scheme should not be necessary to avoid using another organization’s IP addresses. IP address schemas are commonly used to avoid IP address exhaustion when working in a subnet. The same tracking means that they are helpful when conducting asset and system inventory, since they help match a device on the network to a known physical system. Finally, consistently using the same IP address for default gateways and other common network components means that support staff do not have to learn unique configurations in each location or network.
13- Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?
A. SCADA
B. AVAD
C. SIM
D. HVAC
- A. SCADA (supervisory control and data acquisition) is a system architecture that combines data acquisition and control devices with communications methods and interfaces to oversee complex industrial and manufacturing processes, just like those used in utilities. A SIM (subscriber identity module) is the small card used to identify cell phones; HVAC stands for heating, ventilation, and air-conditioning; and AVAD was made up for this question.
14- The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn’s company need to deploy?
A. An MFP
B. A HIPS
C. An SoC
D. An RTOS
- D. A real-time operating system (RTOS) is an OS that is designed to handle data as it is fed to the operating system, rather than delaying handling it as other processes and programs are run. Real-time operating systems are used whenprocesses or procedures are sensitive to delays that might occur if responses do not happen immediately. An MFP is a multifunction printer, a HIPS is a host intrusion prevention system, and an SoC is a system on a chip—which is hardware, which might run an RTOS, but the answer does not mention what type of OS the SoC is running.
15- Which of the following is not a common constraint of an embedded system?
A. Compute
B. Form factor
C. Network
D. Authentication
- B. Embedded systems are available in a broad range of physical form factors, allowing them to be placed in many different types of systems and devices. Common constraints for embedded systems as described by the Security+ exam outline include power, compute, network, crypto, inability to patch, authentication, range, cost, and implied trust.