Chapter 3: Architecture and Design2 Flashcards
Departmental isolation uses a _______, whereas a computer isolation uses _________.
VLAN, airgaps
A ______ is a boundary layer between the LAN and the ______. The website situated there is called an ___________ and is normally accessed using a username and a password.
DMZ, WAN, extranet
System _________ is where a virtual machine is running out of resources.
Sprawl
The best way to prevent a SQL injection attack is by using _________ ____________. Another method is to use _______ validation.
Store procedures, input
A _____ is used is to hide the internal network, whereas _____ is multiple internal connections to one external connection.
NAT, PAT
_______ code is source code that is never used by the application.
Dead
A network intrusion detection system relies on __________ and _____________ to sense changes to the local network.
Sensors, collectors
An _______________ switch can be used to connect multiple switches together and prevents looping.
Aggregation
The cloud model ___________ as a Service is where you lease a bespoke application that cannot be _____________ and is normally accessed via a web browser.
Software, modified
If a company has the account lockout set to a maximum of three attempts, an attacker can log in twice to all of the computer systems without being detected. However, if the company installs a _______ system that uses a _____________ engine, once the third attempt is made, the attacker is locked out.
SIEM, correlation
VM _________ is where an attacker gains access to a virtual machine and then attacks the host.
Escape
A company uses a lease line to connect two sites, London and Paris. Due to budget constraints, they are going to replace the lease line with a _____-__-_____ VPN using ________ __ mode.
Site-to-site, always on
_____________ _______ is where companies in the same industry share the cost of creating and hosting a cloud-based application.
Community cloud
When a SIEM system produces a ________ positive, it could be that the wrong _______ filter is being used.
False, input
Group policy enforces policies for on-premise computers and ________ ________ _____________ __________ enforces policies for cloud-based computers.
Cloud access security broker
A waterworks and an oil __________ and both examples of _________ networks.
Refinery, SCADA
________________ can be used to mask data or code, whereas ________________ is used to embed data inside other data.
Obfuscation, steganography
___ ________ is where an unmanaged virtual machine has been placed on a virtual network. The administrator doesn’t know about it, so it will not be patched and end up as a vulnerability on the network.
VM sprawl
A company is building a new data center in Galway and is using ___________ to control access to the data center and using a ______ system to help provide availability of the computer systems and prevent them from _____________ and crashing.
Mantraps, HVAC, overheating
____________ __________ is the cloud model that has more control, whereas _________________ as a Service is the cloud service that has most control as you have to install, ___________, and patch the operating system.
Private cloud, infrastructure, configure
A company has moved the desktops in the customer services departments so that people walking past the outside windows cannot ___________ surf and has installed ________ ________ as an additional precaution.
Shoulder, screen filters
__________ is the process of testing a new application with production _______. This can be carried out by using _____________ to isolate them from the corporate network.
Staging, data, sandboxing
Using a master __________ to roll out desktop computers ensures that they have a consistent security __________.
Image, baseline
Different occupations can be regulated by __________ ____________ frameworks. An example of this would be PCI DSS for __________ ______ handling.
Industry frameworks, credit card
A high volume of web traffic can be controlled by using a ______ ___________, whereas a high volume of DDoS traffic can be controlled by using a ______ ___________ or a stateful ___________.
Load balancer, DDoS mitigator, firewall
A ________ box penetration tester can use a technique called __________ to carry out dynamic analysis of the ________ of a newly created application so that any _______________ can be addressed.
White, fuzzing, code, vulnerabilities
PowerShell is an example of infrastructure as _______ where automation is paramount.
Code
To protect data at rest on a laptop, full disk encryption can be used. However, this will require a _____ chip to be built into the laptop’s motherboard.
TPM
The IT director is writing a new policy for the use of a new system and the technical lead is designing technical controls for this system. What they are both participating in is called _________ __________.
Control diversity
Using a mobile phone to provide internet access to a laptop is called ____________.
Tethering
____________ ___________ is derived from legislation and ensures compliance.
Regulatory framework
The cybersecurity incident response team has launched a new ____________ so that they can discover the new web-based attack methods being used.
Honeypot
A __________ __ _______ model is where the security team uses multiple layers of protection so that if one layer fails, the _______ layer should prevent the attack.
Defence in depth, next
In a BYOD environment, inserting an SD card to keep business data separate from your personal data is an example of ___________ _____________, also known as _________________.
Storage segmentation, containerization
____-_____________ configuration can be used to roll back to a previous state, should any unforeseen problems occur. In a virtual environment, a __________ can be used.
Non-persistent, snapshot
PGP uses a _____ __ _________, FDE uses a _________ _____ __ ________, and two separate ______ use a bridge of trust model, commonly known as a _______ _________.
Web of trust, hardware root of trust, CAs, trust model
A company has leased a SaaS application for its sales team, but they have complained about the interface and want customization to be carried out. The IT director has informed the sales team that these proposed changes _________ be made.
Cannot
RAID 5 uses ________ parity and can lose ______ disk, whereas RAID 6 uses _________ parity and can afford to lose ______ disks. RAID __ is more resilient.
Single, one, double, two, 6
To secure a mobile phone, you should use ________ passwords, ________ ______, and full disk _____________.
Strong, screen locks, encryption
Vendor-specific _________ are rolled out with each piece of equipment to show you how they should be set up.
Guides
If a company wishes to move its bespoke applications to the cloud but still maintain them, it will adopt the cloud model ___________ as a Service.
Platform
A refrigerator is an example of an _____ device, whereas a life support system is an example of ______.
IoT, SoC
____________ is a development life cycle model that requires the whole stage to complete before we move on to the next stage. ________ can start multiple stages at one time and its aim is customer satisfaction. It is similar to scrum.
Waterfall, agile
The ______ ______ protocol is used for voice traffic over IP networks and the secure version is called _______.
Real time, SRTP
___________ as a Service can provide identity management using _______ tokens.
Security, SAML
Should a SIEM system find a false __________ on a known ____________ operating system, it may be using ________ input filters.
Positive, hardened, wrong
Kerberos authentication and SIEM systems are both reliant on ______
_______________.
Time synchronization
To mitigate attacks on household IoT devices, ensure that the default _____________ ____ ___________ are changed ________________ and that they cannot ___________ access the internet.
Username and passwords, immediately, directly
A cybersecurity response team can capture all of the traffic going to one port on a switch using a ______ _________ or _____.
Port mirror, tap
Containers are __________ virtual machines, whereas containerization is __________ _______________ on a mobile device.
Isolated, storage segmentation
A boundary layer between the LAN and the WAN.
DMZ
Taking a list of applications on a laptop two months apart.
Baseline
Prevents a SQL injection attack.
Stored procedure
A control that helps you rekey an ID badge.
Administrative
Testing an application with real data prior to going into production.
Staging
Attack a virtual host from a guest virtual machine.
VM escape
Type of switch that connects multiple switches together.
Aggregation
Used to isolate applications for patching, isolation, or testing.
Sandboxing
Wireless network for visitors or employees at lunchtime.
Guest
The attack vector for visitors or employees.
Network interface
A life support machine is an example of this.
SoC
Leasing a software package on the cloud.
SaaS
A control that mitigates risk.
Technical
Putting an unmanaged VM onto a virtual network.
VM sprawl
To prevent an attack on a home IoT device, turn off the…
Internet connection