Domain 4, Quiz 2 Flashcards
Which tool is responsible for collecting, storing, and analyzing log data from various sources in real-time or near real-time?
a. Simple Network Management Protocol (SNMP) traps
b. Antivirus
c.NetFlow
d.Security information and event management (SIEM)
Security information and event management (SIEM)
SIEM is the correct answer because it aggregates, stores, and analyzes log data in real time, providing security event correlation and alerting.
An organization wants to ensure that only HTTPS traffic is allowed while blocking HTTP. Which of the following would be the MOST effective in achieving this?
a.Modify firewall rules to block port 80.
b. Modify firewall rules to block port 443.
c.Implement data loss prevention (DLP) on all network traffic.
d.Adjust the group policy to deny web traffic.
Modify firewall rules to block port 80.
Modifying firewall rules is the correct answer because firewalls control traffic based on rules that specify allowed or denied protocols, ports, and IP addresses.
Which email security mechanism helps verify that an email was sent from an authenticated domain and has not been altered during transit?
a. Domain Keys Identified Mail (DKIM)
b. URL scanning
c. Gateway
d. Sender Policy Framework (SPF)
Domain Keys Identified Mail (DKIM)
DKIM is the correct answer because it uses cryptographic signatures to verify the authenticity and integrity of emails.
To control access to resources based on an employee’s job role, an organization should implement:
a.Discretionary access controls
b.Mandatory access controls
c. Attribute-based access controls
d.Role-based access controls
Role-based access controls
Role-based access controls are the correct answer because they grant permissions based on predefined job roles.
Which tool is used to ensure files on a system have not been changed or tampered with?
a. SIEM
b. Data loss prevention (DLP)
c.File integrity monitoring
d.DNS filtering
File integrity monitoring
File integrity monitoring is the correct answer because it checks and reports on any changes to files.
A cybersecurity analyst is reviewing the firewall and notices that there are rules to allow specific IP addresses, block certain protocols, and allow some based on the time of day. These rules are examples of:
a.Reputation-based rules
b.Access lists
c.Group Policy
d.URL scanning
Access lists
Access lists are the correct answer because they specify which IP addresses, protocols, or ports are allowed or denied.
An organization wants to protect sensitive data from being transferred outside. Which solution would detect and prevent this?
a. DNS filtering
b. NetFlow
c. Vulnerability scanners
d. Data loss prevention (DLP)
Data loss prevention (DLP)
Data loss prevention (DLP) is the correct answer because it detects and prevents unauthorized data transfers.
Given a scenario where a company wants to reduce the risks associated with users installing unauthorized software on Microsoft Windows Computers, which of the following would be MOST effective?
a.Set up SNMP traps
b. Implement DNS filtering.
c.Adjust the group policy.
d.Use NetFlow monitoring.
Adjust the group policy.
Adjusting the group policy is the correct answer because it can be used to restrict software installations on organizational devices.
When an organization wants to authenticate users based on a token they possess and a password they know, this is an example of:
a. Passwordless authentication
b. Multi-factor authentication
c. Just-in-time permissions
d. Single-factor authentication
Multi-factor authentication
Multifactor authentication is the correct answer because it uses multiple methods or factors to verify the user.
An organization has just implemented a solution that requires users to tap a physical device against a reader before accessing a system. Which type of authentication is this?
a.Hard authentication tokens
b. Password vaulting
c.Security keys based on knowledge
d.Biometrics
Hard authentication tokens
Hard authentication tokens are the correct answer because they are physical devices used in the authentication process.
A cybersecurity analyst wishes to secure network traffic using secure protocols. Which of the following ports should be open for HTTPS traffic?
a. 443
b. 53
c. 80
d. 21
443
Port 443 is the correct answer because it is used for HTTPS traffic.
Which tool is specifically designed to detect malicious activities on an endpoint and respond by removing or containing the threat?
a.URL scanner
b.Data loss prevention (DLP)
c.Endpoint detection and response (EDR)
d.File integrity monitoring
Endpoint detection and response (EDR)
EDR is the correct answer because it is designed to detect and respond to threats on endpoints.
A security administrator wants to ensure that emails sent from their domain can be trusted and have not been tampered with. Which of the following should they implement in addition to DKIM?
a. Domain-based Message Authentication Reporting and Conformance (DMARC)
b. Group Policy
c. NetFlow
d. SNMP traps
Simple Network Management Protocol (SNMP)
Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC is the correct answer because it uses SPF and DKIM to validate email authenticity and provides a method for recipients to report back on the authenticity of emails.
Sender Policy Framework (SPF)
Domain Keys Indentified Mail (DKIM)
What is primarily designed to provide confidentiality when discussing cryptographic algorithms?
a.Hash functions
b.Digital signatures
c.Symmetric encryption
d.Certificate revocation lists
Symmetric encryption
Symmetric encryption is the correct answer because it encrypts data to provide confidentiality.
Which cybersecurity concept involves dividing a network into segments to limit access and provide protection against malicious actors moving laterally through a network?
a.Network Address Translation (NAT)
b.Just-in-time permissions
c.Role-based access control
d.Network segmentation
Network segmentation
Network segmentation is the correct answer because it divides the network into different segments to limit access and movement.