Domain 4: Security Operations Flashcards
Question 1 of 20
You’ve just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a server room that requires an ID for access. You’ve backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device? (Select two.)
answer
-Change the default administrative username and password.
-Use TFTP to back up the router configuration to a remote location.
-Use an SSH client to access the router configuration.
-Use a web browser to access the router configuration using an HTTP connection.
-Use encrypted Type 7 passwords.
Correct Answer:
Change the default administrative username and password.
Correct Answer:
Use an SSH client to access the router configuration.
Question 2 of 20
A multinational corporation is upgrading its IT infrastructure to enhance security governance and streamline its change management process. The IT department is considering various strategies to accomplish this update.
Which strategy MOST effectively achieves the corporation’s goals, considering the inherent risks and benefits?
answer
-Implementing automation and scripting to perform tasks quickly and efficiently
-Using proprietary security solutions without automation
-Manual monitoring of security controls and change management protocols
-Outsourcing the entire IT operations to a third-party vendor
Correct Answer:
Implementing automation and scripting to perform tasks quickly and efficiently
Question 3 of 20
BackNext
What is the primary goal of the containment phase of cybersecurity incident management during an incident response lifecycle? (Select two.)
answer
Notify stakeholders and identify other reporting requirements.
Analyze the incident and responses to identify whether procedures or systems could be improved.
Limit the immediate impact of the incident while securing data and notifying stakeholders.
Remove all traces of the incident from affected systems.
Reintegrate the system into the business process it supports with the cause of the incident eradicated.
Correct Answer:
Notify stakeholders and identify other reporting requirements.
Correct Answer:
Limit the immediate impact of the incident while securing data and notifying stakeholders.
Question 4 of 20
Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?
answer
VDI
BYOD
COPE
CYOD
Correct Answer:
COPE
Question 5 of 20
Which of the following applies the appropriate policies in order to provide a device with the access it’s defined to receive?
answer
Identity Services Engine
Authorization
Zero-trust security
Authentication
Correct Answer:
Authorization
Question 6 of 20
Which of the following processes identifies an operating system based on its response to different types of network traffic?
answer
Fingerprinting
Social engineering
Port scanning
Firewalking
Correct Answer:
Fingerprinting
Question 7 of 20
You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again.
Which policies should you configure? (Select two.)
answer
Correct Answer:
Enforce password history
Minimum password age
Password must meet complexity requirements
Maximum password age
Correct Answer:
Minimum password age
Question 8 of 20
Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?
answer
Remote management
App catalog
Self-service portal
BYOD
Correct Answer:
App catalog
Question 9 of 20
Keyboard Instructions
Match group 1 to correct Group 2
Group 1
MAC spoofing
ARP spoofing/poisoning
MAC flooding
Dynamic Trunking Protocol
Group 2
= Causes packets to fill up the forwarding table and consumes so much of the switch’s memory that it enters a state called Fail Open Mode.
MAC spoofing
= The source device sends frames to the attacker’s MAC address instead of to the correct device.
= Should be disabled on the switch’s end user (access) ports before implementing the switch configuration into the network.
MAC flooding
= Can be used to hide the identity of the attacker’s computer or impersonate another device on the network.
ARP spoofing/poisoning
Correct Answer:
The source device sends frames to the attacker’s MAC address instead of to the correct device.
Dynamic Trunking Protocol
Correct Answer:
Should be disabled on the switch’s end user (access) ports before implementing the switch configuration into the network.
MAC flooding
Correct Answer:
Causes packets to fill up the forwarding table and consumes so much of the switch’s memory that it enters a state called Fail Open Mode.
MAC spoofing
Correct Answer:
Can be used to hide the identity of the attacker’s computer or impersonate another device on the network.
Question 10 of 20
Which of the following BEST describes the role of event metadata in network security?
answer
=It provides the specific notification or alert the process raises.
=It is the data that is generated by processes running on network appliances and general computing hosts.
=It is the source and time of the event, which can include a host or network address, a process name, and categorization/priority fields.
=It is used to synchronize each host to the same date, time value, and format.
Correct Answer:
It is the source and time of the event, which can include a host or network address, a process name, and categorization/priority fields.
Question 11 of 20
You’ve just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router’s console port. You’ve configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
answer
=Move the router to a secure data center.
=Use SCP to back up the router configuration to a remote location.
=Use encrypted Type 7 passwords.
=Use an SSH client to access the router configuration.
Correct Answer:
Use SCP to back up the router configuration to a remote location.
Question 12 of 20
A manufacturing company’s security manager plans to implement corrective operational controls to mitigate potential security threats.
Which of the following instances would be the appropriate control?
answer
=Regular penetration testing to uncover potential vulnerabilities.
=Enabling continuous monitoring to disable abnormal accounts.
=A security camera system monitoring the premises.
=A firewall that prevents unauthorized access to the network.
Correct Answer:
Enabling continuous monitoring to disable abnormal accounts.
Question 13 of 20
Which of the following is a commonly used attribute in Lightweight Directory Access Protocol (LDAP)?
answer
Firewall
Public network
Organizational Unit (OU)
Internet Protocol (IP)
Correct Answer:
Organizational Unit (OU)
Question 14 of 20
You have just finished developing a new application. Before putting it on the website for users to download, you want to provide a checksum to verify that the object has not been modified.
Which of the following would you implement?
answer
Code obfuscation
Memory management
Normalization
Code signing
Correct Answer:
Code signing
Question 15 of 20
An organization’s computer incident response team (CIRT) receives an alert that shows possible malicious activity on a critical server within the network, and they initiate the CompTIA incident response process.
The team follows the incident response lifecycle to address the situation, which involves several key steps.
What order must the CIRT follow when performing the CompTIA incident response process?
answer
=Preparation, analysis, isolation, containment, recovery
=Detection, analysis, containment, eradication, recovery
=Isolation, analysis, restoration, eradication, improvement
=Detection, analysis, eradication, restoration, improvement
Correct Answer:
Detection, analysis, containment, eradication, recovery
Isolation, analysis, restoration, eradication, improvement
Question 16 of 20
The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness.
The organization’s network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF).
Which deployment method provides the MOST comprehensive protection in this scenario?
answer
=Deploy the IPS/IDS devices in passive mode within the internal network.
=Deploy the IPS/IDS devices in tap/monitor mode at the entry and exit points of the VPN tunnel.
=Deploy the IPS/IDS devices in inline mode at the network perimeter.
Deploy the IPS/IDS devices in inline mode next to the WAF.
Correct Answer:
Deploy the IPS/IDS devices in inline mode at the network perimeter.
Question 17 of 20
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
answer
Virtual firewall
Hypervisor
Virtual switch
Virtual router
Correct Answer:
Hypervisor
Question 18 of 20
The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication.
Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure?
answer
=Disable all firewall rules for remote desktop connections
Correct Answer:
=Implement TLS for all remote desktop connections
=Establish VPN tunnels for all users without using any encryption protocols
=Enable open access to all remote desktop connections for easy manageability
Correct Answer:
Implement TLS for all remote desktop connections
Question 19 of 20
An IT specialist working for a multinational confectionery company needs to fortify its network security. The firm has been dealing with intrusions where raw User Datagram Protocol (UDP) packets bypass open ports due to a virus.
The specialist will analyze packet data to verify that the application protocol corresponds to the port. The company also wants to track the state of sessions and prevent fraudulent session initiations.
Which of the following tools should the IT specialist prioritize deploying?
answer
=Deep packet inspection firewall
=Packet filtering firewall
=Circuit-level gateway
=Transparent firewall
Correct Answer:
Deep packet inspection firewall
Question 20 of 20
Which VPN tunnel style routes only certain types of traffic?
answer
Full
Site-to-site
Host-to-host
Split
Correct Answer:
Split