Chapter 3 and 5

Question 1

span

Answer 1

Switch Port Analyzer: known as mirrored ports, it allows a switch to mirror a port’s traffic to another port.

Question 2

Easiest way to deploy a VPN

Answer 2

An TLS/SSL vpn which does not require a client.

Question 3

Decentralized placement to manage multiple data centers.

Answer 3

can provide increased resilience because a failure or compromise of service will not disrupt other locations.

Question 4

Users want to have a simple experience connecting to company’s resources.

Answer 4

TLS VPN does not require a client.

Question 5

What is the primary reason for parallel processing

Answer 5

Allows for systems to be tested without taking them offline.

Question 6

What are the IPsec protocols

Answer 6

AH, ESP, IKE (internet key exchange)

Question 7

Can NAC tools allow for authentication?

Answer 7

Yes, it can allow for user groups, roles, and VLANS that separate the groups based on roles.

Question 8

ACL, VLANS, and firewalls can implement network segmentation.

Answer 8

air gaps create operational challenges so it’s unlikely.

Question 9

NAC

Answer 9

NAC helps divide networks into logical security zones for unauthorized access. It uses a software agent, which adds complexity, but it can be agentless.

Question 10

802.1X

Answer 10

standard for authenticating devices connected to wired and wireless networks using EAP. And it’s used for port based authenticating.

Question 11

Port Security

Answer 11

allows you to limit the number of MAC addresses that a single port on a switch can use.

Question 12

CVE

Answer 12

is a vulnerability feed

Question 13

Bug Bounty

Answer 13

A bug bounty is a program offered by organizations, companies, or even independent software developers to reward individuals (commonly referred to as ethical hackers, security researchers, or bug hunters) who discover and report vulnerabilities or security flaws in their systems.

Question 14

false negative

Answer 14

is when an issue exists and it is not identified

Question 15

false postive

Answer 15

is when a scanner picks up and issue but it doesn’t exists.

Question 16

Oauth

Answer 16

is a common authorization service used by cloud services.

Question 17

SAML

Answer 17

security authentication markup language is a language not a service

Question 18

Federation

Answer 18

federation refers to the ability of multiple systems, organizations, or platforms to work together while remaining independently managed. Social logins from Google or Facebook are an example of using a federated approach to using identifies.

Question 19

multifactor authentication

Answer 19

is based on something-you-have, something-you-are, and something-you-know.

Question 20

geofencing

Answer 20

is a location-based technology that creates a virtual geographic boundary around a specified area, enabling software to trigger pre-defined actions when a device enters, exits, or remains within that boundary.

Devices (e.g., smartphones) track their location through GPS, cellular networks, or Wi-Fi and compare it to the geofenced area.

Question 21

Mandatory Access Control (MAC)

Answer 21

is a security model that enforces access control policies based on predefined rules set by a central authority, rather than allowing individual users to make decisions about permissions. It will not allow lowered privileged users to see data from higher privileged users.

Question 22

Discretionary access control (DAC)

Answer 22

Is when each data owner configures their own security and then delegates the rights and permissions of those objects as they desire. For example assigning who can view, execute, delete files in a Linux OS

Question 23

Role Based Access Control

Answer 23

is an access control model that restricts system access based on the roles assigned to users. In this model, permissions are associated with roles, and users acquire permissions through their assigned roles.

Roles:

Represent job functions or responsibilities within an organization (e.g., “Admin,” “Manager,” “Sales Representative”).
Permissions:

Define what actions can be performed on specific resources (e.g., “read,” “write,” “delete”).
Users:

Individuals or entities assigned to one or more roles.

Question 24

ABAC

Answer 24

Attribute-Based Access Control (ABAC) is an advanced access control model that grants or denies access to resources based on attributes associated with users, resources, actions, and environmental conditions.

Attributes:

User Attributes: Characteristics of the user (e.g., job title, department, clearance level).

Resource Attributes: Metadata about the resource (e.g., file type, classification, owner).

Action Attributes: The type of action requested (e.g., read, write, delete).

Environmental Attributes: Contextual factors like time, location, or device used.

Question 25

What type of access control does Windows and Linux uses

Answer 25

DAC

Question 26

Does Windows log network traffic

Answer 26

Windows does not log network traffic.

Question 27

NetFlow

Answer 27

is a network protocol developed by Cisco that collects and monitors IP traffic information. It provides visibility into network usage and traffic patterns by capturing metadata about packets flowing through a network.

Question 28

Where does RedHat store authentication logs

Answer 28

/var/log/secure

Question 29

What is Cuckoo Sandbox for?

Answer 29

is an open-source automated malware analysis system designed to analyze suspicious files and URLs in a controlled and isolated environment. It provides detailed reports on the behavior of malware by executing it in a virtualized or emulated sandbox.

Question 30

What are the seven incident response process

Answer 30

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lesson learned

Question 31

CIS

Answer 31

Center for Internet Security provides information on how to secure OSs, applications, or other cover technology.

Question 32

Can IPS/IDS detect behavior patterns

Answer 32

No, EDR can and NACs cannot detect behaviors as well, they are designed for access

Question 33

exposure factor

Answer 33

the lost in value if an asset that is lost due to loss or damage

Question 34

What are the five Why’s?

Answer 34

Who, What, When, Where and Why

Question 35

ABAC

Answer 35

provides access based on attributes like location, age, rank, or attributes.

Question 36

What is COPE

Answer 36

Company owned personally enabled. Can be used for personal reasons.

Question 37

Quarantine and Isolation are common in what phase of the Incident response?

Answer 37

Containment

Question 38

Trend analysis

Answer 38

is commonly used for behavior based detection which can help identify new attacks.

Question 39

Where are the advantages of automation?

Answer 39

For the provisioning process, decreases the potential for mistakes, provides faster provisioning, improves constitency but it doesn’t address auditability.

Question 40

What are the three components of NIST

Question 41

What is a worm

Answer 41

They are self install malware and spread themselves

Question 42

ISAC

Answer 42

Information Sharing and Analysis Center