Exam 6

Question 1

Which access control model allows for defining granular rules that consider user roles, time constraints, and network access restrictions?

Answer 1

A. ABAC
B. MAC
C. RuBAC
D. DAC
E. RBAC

Rule-based access control (RuBAC) is an access control system that allows user access to network resources according to pre-defined rules. In rule-based systems, administrators define the conditions users must meet before gaining access.

Question 2

Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:

Answer 2

A. Subject (i.e., user or process requesting access)
B. Type of action (for example “read”, “write”, “execute”)
C. Resource type (medical record, bank account etc.)
D. Environment (contextual data, such as time of day or geolocation)
E. All of the above

Attribute-based access control (ABAC), also referred to as **policy-based access control (PBAC) ** or claims-based access control (CBAC), is an authorization methodology that sets and enforces policies based on characteristics, such as department, location, manager, and time of day

Question 3

Which access control model defines access control rules with the use of statements that closely resemble natural language?

Answer 3

A. DAC
B. ABAC
C. MAC
D. RBAC

ABAC evaluates a user’s attributes against policies to determine if they can access an object. Attributes can include a user’s credentials, the environment, or the object’s properties. ABAC uses boolean logic to grant or deny access.

According to NIST, ABAC is defined as “an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environment conditions, and a set of policies that are specified in terms of those attributes and conditions.”

Question 4

Which of the access control models listed below enforces the strictest set of access rules?

Answer 4

A. MAC
B. RBAC
C. DAC
D. ABAC

Mandatory Access Control (MAC) is a computer security policy that limits a user’s ability to access or modify a target or object within a secured environment. MAC is a type of non-discretionary access control, meaning that users cannot override the system policy. Instead, MAC restricts access to system resources based on authorization and sensitivity

Question 5

Which of the following access control methods would be the most suitable for scheduling system maintenance tasks during periods of low user activity?

Answer 5

A. Resource provisioning
B. Time-of-day restrictions
C. Principle of least privilege
D. Just-in-time permissions

Time of day restrictions can ensure that a user has access to certain records only during certain hours. This would make it so that administrators could update records at night without interference from other users.

Question 6

The principle of least privilege is a security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities.

Answer 6

True
False

Question 7

In the context of IT security, the term “Biometrics” refers to both biological characteristics of the human body and behavioral traits that can be used for identification and access control purposes.

Answer 7

True
False

Question 8

A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is called:

Answer 8

A. FAR
B. CER
C. CRC
D. FRR

False Rejection Rate, or FRR, is a measure of how often a biometric authentication system incorrectly rejects an authorized user.

Question 9

Which of the answers listed below refer(s) to a medium type that can be used as a hardware authentication token? (Select all that apply)

Answer 9

A. Smart card
B. Key fob
C. Security key
D. Passphrase
E. Biometric reader
F. RFID badge

Question 10

Which of the following examples does not fall into the category of software authentication tokens?

Answer 10

A. QR code token
B. Security key
C. SMS-based OTP
D. Authenticator app
E. Email-based OTP

Question 11

Which of the answers listed below refer to the features of a security key? (Select 3 answers)

Answer 11

A. Used for OTP generation, remote vehicle access, and building access
B. Hardware authentication token
C. Typically, a physical USB stick or key fob-sized device
D. Primarily used for digital security (2FA/MFA)
E. Software authentication token
G.Typically, a credit card-sized plastic card with an embedded chip

Question 12

Authentication process can be based on various categories of authentication factors. These include knowledge-based factors such as usernames, passwords, PINs, or security question answers (“something you know”), possession-based factors (i.e., physical tokens) such as smart cards, key fobs, or security keys (“something you have”), inherence-based factors that include unique physical traits of each individual, such as fingerprints, iris scans, facial recognition, or voice patterns (“something you are”), or location-based factors such as geolocation data or IP addresses (“somewhere you are”). A multifactor authentication system requires the implementation of authentication factors from two or more distinct categories.

Answer 12

True
False

Question 13

The two factors that are considered important for creating strong passwords are: (Select 2 answers)

Answer 13

A. Password length
B. Minimum password age
C. Password History
D. Password complexity
E. Maximum password age

Question 14

A strong password that meets the password complexity requirement should contain: (Select the best answer)

Answer 14

A. Uppercase letters (A-Z)
B. Digits (0-9)
C. Non-alphanumeric characters if permitted (e.g., !, @, #, $)
D. Lowercase letters (a-z)
E. A combination of characters from at least 3 character groups

Question 15

Which of the following passwords is the most complex?

Answer 15

A. T$7C52WL4SU
B. GdL3tU8wxYz
C. @TxBL$nW@Xt
D. G$L3tU8wY@z

Question 16

Which password policy would be the most effective in decreasing the risk of a security breach across multiple accounts?

Answer 16

A. Password expiration policy
B. Minimum password age policy
C. Password reuse policy
D. Maximum password age policy

Question 17

Which password policy enforces a mandatory password change after a specific time?

Answer 17

A. Password expiration policy
B. Password history policy
C. Minimum password age policy
D. Password reuse policy

Question 18

The minimum password age policy setting determines the period of time that a password can be used before the system requires the user to change it.

Answer 18

True
False

The Minimum password age policy setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow password changes immediately by setting the number of days to 0.

Question 19

Which of the answers listed below refers to a software tool specifically designed to store and manage login credentials?

Answer 19

A. BitLocker
B. Password manager
C. Key escrow
D. Password vault

Question 20

Which of the following technologies cannot be used as a passwordless authentication method?

Answer 20

A. Biometrics
B. Hardware tokens
C. QR codes
D. OTPs
E. Passkeys
F. All of the above can be used as a means for passwordless authentication

Question 21

Which of the answers listed below refers to a solution designed to minimize the risk of unauthorized access to privileged accounts?

Answer 21

A. Principle of least privilege
B. Just-in-time-permissions
C. Passwordless authentication
D. Multifactor authentication

Question 22

A security solution that provides control over elevated (i.e., administrative type) accounts is referred to as:

Answer 22

A. MFA
B. IAM
C. SSO
D. PAM

Privileged access management (PAM) is a cybersecurity strategy that protects an organization’s critical resources by monitoring and controlling access to privileged accounts. PAM uses a combination of people, processes, and technology to help prevent unauthorized access to systems, applications, and data.

Question 23

Which of the terms listed below refer(s) to the concept of ephemeral access, where access to systems, resources, or permissions is provided for a limited duration? (Select all that apply)

Answer 23

A. TOTP
B. OTP
C. Just-in-time permissions
D. User password
E. API key

Question 23

Which of the following answers refers to an encrypted database that provides secure storage space for user credentials?

Answer 23

A. Secure enclave
B. Password manager
C. Rainbow table
D.Password vault

Question 24

Which of the answers listed below refer to the concept of data isolation? (Select 2 answers)

Answer 24

A. DLP
B. SDN
C. EFS
D. SWG
E. EDR

Question 25

A type of firewall used for protecting a single computer is commonly referred to as: (Select 2 answers)

Answer 25

A.Hardware firewall
B.Host-based firewall
C. Proxy firewall
D. Network-based firewall
E. Personal firewall

Question 26

Which of the following provides active network security breach response on an individual computer system?

Answer 26

A. NIDS
B. HIDS
C. NIPS
D. HIPS

A Host Intrusion Prevention System (HIPS) is a security mechanism that can detect and take action against threats to maintain the integrity of a computer system. It monitors various aspects like memory, kernel, network state, and process execution to prevent unauthorized access and attacks.

Question 27

The process of securing networking devices should include the practice of disabling unused physical and logical ports.

Answer 27

True
False

Question 28

The importance of changing default usernames and passwords can be illustrated on the example of certain network devices (such as routers) which are often shipped with default and well-known admin credentials that can be looked up on the web.

Answer 28

True
False

Question 29

A type of document outlining the shared responsibilities between a CSP and its customers for securing and managing data and resources is known as: (Select best answer)

Answer 29

A. Service level agreement
B. Acceptable use policies
C. Cloud responsibility matrix
D. Master Service agreement

Question 30

The term “Hybrid cloud” refers to a mixed computing environment that can include different cloud service models like public and private clouds, as well as on-premises infrastructure.

Answer 30

True
False

Question 31

Which of the terms listed below refers to a method for managing infrastructure resources through scripts and templates?

Answer 31

A. IaaS
B. ML
C. IaC
D. SDN

Infrastructure as Code (IaC) is a process that automates the provisioning and management of cloud resources. IaC software takes some input scripts describing the desired state and then communicates with the cloud vendor(s), typically through APIs, to make the reality match that desired state.

Question 32

A serverless architecture allows developers to create apps and services without having to manage the required infrastructure resources (such as servers, databases, and storage systems), which are handled by:

Answer 32

A. CSP
B. ISP
C. MSP
D. IdP

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

Question 33

In software engineering, the term “Microservice” describes independent and self-contained code components that can be put together to form an application.

Answer 33

True
False

Question 34

Which of the following provides isolation from external computer networks?

Answer 34

A. Network segmentation
B. Air gap
C. Hardware firewall
D. Protected cable distribution

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection.

Question 35

Which of the answers listed below refers to a means for logical network segmentation?

Answer 35

A. Switch
B. VLAN
C. Screened subnet
D. Router

VLANs function by offering network segmentation, which can enhance management, security, and performance. VLANs can increase security by preventing unwanted access to critical data and network resources by segregating network traffic and limiting access to particular network resources.

Question 36

Which of the following answers refers to software technology designed to simplify network infrastructure management?

Answer 36

A. SDN
B. SaaS
C. VDI
D. SNMP

Software-Defined networking (SDN) is a modern, dynamic alternative to traditional networking that aims to make the network easier to administrate and troubleshoot. In place of hardware devices like routers and switches, SDN communicates within the infrastructure established using APIs or software-based controls.

Question 37

Which of the answers listed below refers to the process of packaging an application and its dependencies into a single, self-contained unit, which can run across different computing environments?

Answer 37

A. Edge computing
B. Containerization
C. Virtualization
D. Cloud computing

Containerization security is the practice of protecting containerized applications and their infrastructure from threats throughout their lifecycle. This includes the development, deployment, and runtime stages.

Question 38

Which of the following answers refers to a solution that allows multiple OSs to work simultaneously on the same hardware?

Answer 38

A. Clustering
B. Hyperthreading
C. Multitasking
D. Virtualization

Question 39

Which of the answers listed below refers to a network of interconnected devices equipped with sensors (such as wearable tech or home automation devices) that can interact with each other to perform various tasks and functions?

Answer 39

A. ICS
B. PAN
C. IoT
D. SoC

Question 40

Which of the following refers to a broad term that encompasses various control and automation systems used in industrial settings to control and monitor physical processes and machinery?

Answer 40

A. ICS
B. PLC
C. SCADA
D. HMI

Industrial control system (ICS) security focuses on ensuring the security and safe function of industrial control systems. This includes the hardware and software the system and its operators use.

Question 41

Which of the answers listed below refers to a specific type of ICS?

Answer 41

A. SoC
B. CMS
C. SCADA
D. RTOS

A Supervisory Control And Data Acquisition system (SCADA) involves monitoring and controlling processes from a central location. The system is intended for remote monitoring and management of complex processes, making it susceptible to ransomware, malware, and other cyberthreats.

Question 42

Which of the following answers refers to an OS type characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems?

Answer 42

A. Unix-like OS
B. SoC
C. Firmware
D. RTOS

Question 43

Which of the answers listed below refer(s) to embedded systems? (Select all that apply)

Answer 43

A. Often designed to operate in real-time or with low latency
B. Typically equipped with constrained computing resources and storage
C. Designed to perform a single task or a few closely related tasks within a larger system
D. Often integrated with hardware components like sensors and actuators

Question 44

Which of the following terms can be used to describe a system designed to aim for minimized downtime and uninterrupted operation?

Answer 44

A. ICS
B. HA
C. RTOS
D. SoC

Question 45

Which of the answers listed below refers to a device failure mode in which maintaining service availability is prioritized over security?

Answer 45

A. Fail-safe
B. Fail-close
C. Fail-open
D. Fail-secure

Fail-Open: In a fail-open scenario, if a system or device fails, it automatically opens or allows access. This is usually used in systems where availability is prioritized over security. For instance, in a firewall setting, if the firewall fails, all network traffic would be allowed through

Question 46

Which failure mode prioritizes security over availability, ensuring that no potentially malicious traffic can get through the device?

Answer 46

A. Fail-soft
B. Fail-through
C. Fail-safe
D. Fail-close

Failing Close is when a device or system is set, either physically or via software, to shut down and prevent further operation when failure conditions are detected.

Question 47

Which of the following answers refer to passive network monitoring techniques? (Select 2 answers)

Answer 47

A. Network tap
B. Trunk port
C. Port mirroring
D. SNMP trap
E. Registered port

Question 48

A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is called:

Answer 48

A. C2 server
B. Jump server
C. UC server
D. Proxy server

Question 49

In SNMP, each node in a MIB is uniquely identified by a(n):

Answer 49

A. DSU
B. OID
C. CSU
D. OUI

An Object Identifier (OID) is a string of decimal numbers that uniquely identifies an object in a directory or within a Management Information Base (MIB)

Question 50

Which of the answers listed below refers to a network protocol developed by Cisco for collecting information about IP traffic flowing across network devices like routers, switches, and firewalls?

Answer 50

A. OpenVAS
B. iPerf
C. pfSense
D. NetFlow

NetFlow is a network protocol developed by Cisco Systems that collects metadata about IP traffic flowing across network devices. NetFlow tools can be used to help with cybersecurity by detecting and mitigating network threats

Question 51

Firewall rules are evaluated based on their order of precedence. Rules at the top of the list take precedence over rules further down the list. Once a matching rule is found, no further evaluation of subsequent rules occurs. The “implicit deny” policy on a firewall is a common default behavior in which any traffic that does not explicitly match any of the configured allow rules is automatically denied or blocked. In other words, if a packet does not meet the criteria of any allow rule, the default behavior of the firewall is to deny the traffic.

Answer 51

True
False

Question 52

Which of the following refers to a set of rules defining how a firewall manages network traffic?

Answer 52

A. MAC
B. ACL
C. NAC
D. DLP

An Access Control List (ACL) is made up of rules that either allow access to a computer environment or deny it. In a way, an access control list is like a guest list at an exclusive club. Only those on the list are allowed in the doors.

Question 53

A lightly protected subnet (a.k.a. DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is known as:

Answer 53

A. Captive portal
B. Quarantine network
C. Extranet
D. Screened subnet

Question 54

Which of the answers listed below most accurately describes patterns or behaviors observed in network traffic over time?

Answer 54

A. Trends
B. Anomalies
C. Threats
D. Signatures

Cybersecurity trends are increasing day by day, fueled by responses to rising cyber threats, evolving long-term security goals, and innovative new technologies. These cybersecurity trends are driving organizations to adopt zero trust principles, least privilege access, and continuous verifications more frequently.

Question 55

Which of the following terms refers to predefined patterns or characteristics of known threats or attack methods?

Answer 55

A. Security logs
B. Baselines
C. Trends
D. Signatures

A signature is a unique pattern or identifier: It may be a byte sequence in network traffic or inside a file or a series of instructions. It is often compared to a fingerprint or DNA sample in that it belongs solely to that particular pattern.

Question 56

A type of IDS/IPS that compares current network traffic against a database of known attack patterns is called:

Answer 56

A. Heuristic
B. Anomaly-based
C. Behavioral
D. Signature-based

Question 57

Agent-based web filtering: (Select 3 answers)

Answer 57

A. Requires installing software on each device that needs to be monitored
B. Provides flexibility and granular control over web activity at the device level
C. Involves increased management overhead and system resource consumption.
D. Simplifies administration and ensures consistent enforcement of web filtering policies across the network
E. Does not require software to be installed on each individual device
Requires a functioning central server for web filtering to operate

Question 58

Web filtering via centralized proxy: (Select 3 answers)

Answer 58

A. Involves increased management overhead and system resource consumption
B. Does not require software to be installed on each individual device.
C. Requires installing software on each device that needs to be monitored
D. Simplifies administration and ensures consistent enforcement of web filtering policies across the network.
E. Provides flexibility and granular control over web activity at the device level
F. Requires a functioning central server for web filtering to operate.

Question 59

Which of the answers listed below refer to filtering techniques that can allow or block access to a site based on its web address? (Select 2 answers)

Answer 59

A. SSL/TLS inspection
B. URL scanning
C. Content categorization
D. DNS filtering
E. Reputation-based filtering

URL filtering and DNS filtering are two of these methods. Basically, URL filtering blocks URLs (individual webpages) while DNS filtering blocks Domain Name System (DNS) requests and therefore IP addresses (whole websites).