DION DECK Flashcards
Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?
Compromised availability leading to operational disruptions.
To improve security at their law firm, Norah, a security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?
Layer 7 firewall
Which method accurately demonstrates the authentication process used in WPA2 Personal mode
Using a passphrase to generate a pairwise master key (PMK).
Lexicon, an AI company, wants to implement a security measure to identify and evaluate potential threats to their systems and networks. Which of the following is an example of a managerial security control that the company could implement?
Risk assessments
For ensuring the security of an HTTP application like WordPress or Magento against threats like SQL injection or cross-site scripting, which monitoring tool or method would be MOST appropriate?
Web application firewall (WAF)
When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message?
Public key
An investment firm allows a fluctuation of up to 10% in the value of its high-risk investment portfolio compared to the expected return on investment, but immediate action is required if this threshold is exceeded. This 10% fluctuation represents an example of:
Risk tolerance
When considering user interactions with a web service, which of the following are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?
Session management
Which of the following terms emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?
Encryption algorithm
Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure ( /users/[username]/profile ) the system registered requests like ( /users/../admin/config ). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?
Attempting to access files outside of directories
ravid is evaluating an attack that has occurred on his organization’s system. He sees that the attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack did Travid discover?
Buffer overflow
Which of the following terms BEST describe the affirmation of the validation of the accuracy and thoroughness of compliance-related reports?
Attestation
Which of the following BEST describes the Software Development Life Cycle (SDLC) in application security?
It emphasizes the integration of security in software creation and maintenance.
Which of the following BEST explains the difference between an Agent-based and Agentless NAC?
Agent based NACs use additional software to authenticate users, while Agentless NACs use network level protocols to authenticate users.
