Cybersecurity Analyst Flashcards
Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality
Answer:
B. The three primary objectives of cybersecurity professionals are confidentiality, integrity, and availability.
Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?
A. Risk
B. Vulnerability
C. Hacker
D. Threat
Answer:
B. In this scenario, Tommy identified a deficiency in the security of his web server that renders it vulnerable to attack. This is a security vulnerability. Tommy has not yet identified a specific risk because he has not identified a threat (such as a hacker) that might exploit this vulnerability.
Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first?
A. Determine likelihood
B. Determine impact
C. Identify threats
D. Identify vulnerabilities
Answer:
C. The NIST risk assessment process says that organizations should identify threats before identifying vulnerabilities or determining the likelihood and impact of risks.
Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city’s power grid might have on the organization. What type of threat is she considering?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Answer:
D. Widespread infrastructure failures, such as those affecting the power grid or telecommunications circuits, are considered man-made disasters and fall under the category of environmental threats.
Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
Answer:
A. Adversarial threat analysis requires examining the capability of the threat source, the intent of the threat source, and the likelihood that the threat will target the organization.
Vincent is responding to a security incident that compromised one of his organization’s web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization’s website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
Answer:
D. In an availability attack, the attacker disrupts access to information or a service by legitimate users. In this attack, the attacker disrupted access to the organization’s website, violating the principle of availability.
Which one of the following is an example of an operational security control?
A. Encryption software
B. Network firewall
C. Antivirus software
D. Penetration tests
Answer:
D. Penetration tests are an example of an operational security control. Encryption software, network firewalls, and antivirus software are all examples of technical security controls.
Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?
A. Risk mitigation
B. Risk avoidance
C. Risk transference
D. Risk acceptance
Answer:
A. Any action that an organization takes to reduce the likelihood or impact of a risk is an example of risk mitigation. In this case, Paul chose to implement a technical control—a network firewall—to mitigate the likelihood of a successful attack.
Robert’s organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?
A. Network firewall
B. Network access control (NAC)
C. Network segmentation
D. Virtual private network
Answer:
B. Network access control (NAC) solutions are able to verify the security status of devices before granting them access to the organization’s network. Devices not meeting minimum security standards may be placed on a quarantine network until they are remediated.
When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server?
A. 802.11g
B. EAP
C. PEAP
D. RADIUS
Answer:
D. The Remote Access Dial-In User Service (RADIUS) is an authentication protocol used for communications between authenticators and the authentication server during the 802.1x authentication process.
uan is configuring a new device that will join his organization’s wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?
A. Supplicant
B. Authenticator
C. Authentication server
D. Command and control
Answer:
A. Any device that wishes to join an 802.1x network must be running an 802.1x supplicant that can communicate with the authenticator before joining the network.
Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?
A. 25
B. 80
C. 143
D. 443
Answer:
D. The Secure HTTP (HTTPS) protocol uses TCP port 443 for communications between web browsers and the web server.
What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?
A. NGFW
B. WAF
C. Packet filter
D. Stateful inspection
Answer:
A. Next-generation firewalls (NGFWs) incorporate contextual information about users, applications, and business processes in their decision-making process.
Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which one of the following ports should definitely not be open on the jump box?
A. 22
B. 23
C. 443
D. 3389
Answer:
B. Port 23, used by the Telnet protocol, is unencrypted and insecure. Connections should not be permitted to the jump box on unencrypted ports. The services running on ports 22 (SSH), 443 (HTTPS), and 3389 (RDP) all use encryption.
Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?
A. GPO
B. HIPS
C. IPS
D. DNS
Answer:
A. Administrators may use Group Policy Objects (GPOs) to control a wide variety of Windows settings and create different policies that apply to different classes of system.