Computing Resources Security Techniques Flashcards
Which application testing methodology is commonly defined as a clear-box or “know all” test, where an analysis of the application source code, byte code, and binaries is carried out by the application test without executing the code?
A. DAST
B. SAST
C. DQ
D. PQ
B. SAST (Static Application Security Testing).
SAST involves analyzing the source code of an application to identify potential security vulnerabilities without actually running the application. This technique allows for early identification of issues like SQL injection, cross-site scripting (XSS), and buffer overflows.
Which mobile device provisioning model will a company typically give the employees devices that are provisioned from vendors and cellular providers without end-user input that users can then handle as if they were their own?
A. COPE
B. CMDB
C. BYOD
D. CYOD
A. COPE
In a COPE model, the company provides devices to employees, but users can also use them for personal purposes. The company maintains ownership and control over the devices, often using Mobile Device Management (MDM) solutions to enforce security policies and manage the devices remotely.
Which stage of an asset management process often involves the ongoing enumeration and tacking of all physical and logical assets typically leveraging SIEM and SOAR systems?
A. Retention/destruction
B. Monitoring/tracking
C. Acquisition/procurement
D. Sanitization/certification
B. Monitoring/tracking.
This stage involves the continuous observation and tracking of assets throughout their lifecycle. SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems are crucial tools for this purpose.
Which wireless security feature enhances privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks?
A. PPP
B. CMS
C. EAP
D. PMF
D. PMF (Protected Management Frames).
PMF is a security feature designed to enhance the security of wireless networks by protecting management frames from various attacks. These management frames are crucial for network operations but can be vulnerable to manipulation. PMF provides mechanisms to protect the integrity, confidentiality, and authenticity of these frames, making it more difficult for attackers to compromise the network.
Which specific tool generates a color-coded graphical representation of different wireless metrics such as signal strength, signal-to-noise ratio levels (SNR), and interference in different areas?
A. Wireless access point
B. Wireless heat map
C. Wireless gateway
D. Wireless packet sniffer
B. Wireless heat map.
A wireless heat map is a visual representation of the strength and quality of a wireless signal in a specific area. It uses color-coding to indicate different signal strengths, with stronger signals often represented by warmer colors (like red) and weaker signals by cooler colors (like blue). By analyzing these heat maps, network administrators can identify areas with weak signal coverage, interference, or other issues that may impact wireless performance. This information is crucial for optimizing wireless network deployment and troubleshooting.
Which of these are valid challenges to hardening specialty and embedded IoT Systems? Choose more than one option.
A. Commonly remotely deployed
B. Using industrial protocols
C. Longer device lifecycles
D. Using IPv4 instead of IPv6
E. Uneven security updates
F. Instructions in different languages
A. Commonly remotely deployed: Remote deployment makes it difficult to physically secure devices and apply security updates.
B. Using industrial protocols: Many industrial protocols were not designed with security as a primary concern, making them vulnerable to attacks.
C. Longer device lifecycles: Devices with long lifecycles may not receive timely security updates, leaving them exposed to vulnerabilities.
E. Uneven security updates: Inconsistent or infrequent security updates can compromise the security of IoT devices.
What is defined as the minimum amount of security controls needed for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection?
A. Secure gap analysis
B. Secure baselines
C. Secure thresholds
D. Secure defaults
B. Secure baselines.
Secure baselines define the minimum-security configuration standards for a specific IT system or environment. They are based on industry standards, regulatory requirements, and organizational policies. By establishing secure baselines, organizations can ensure that their systems are configured to meet specific security objectives and reduce the risk of attacks.
