Implementation (2) Flashcards

1
Q

On a mobile device, __________ allow(s) more performance-intensive applications to execute within their own segment to improve performance.

Storage segmentation

VDI

Remote access controls

A

Storage segmentation

Storage segmentation allows more performance-intensive applications to be executed in a segment that increases the performance of those applications. Because mobile devices are somewhat less powerful than desktop or laptop computing systems, this can improve performance noticeably

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are creating a standard security baseline for all users who use company mobile phones. Which of the following is the most effective security measure to protect against unauthorized access to the mobile device?

Enforce the use of a screen lock password.

Enable the GPS chip.

Install personal firewall software.

A

Enforce the use of a screen lock password.

To prevent unauthorized access to the device in the event it is lost or stolen, you can enable a screen lock password. The user will not be able to access the device until he enters the password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

__________ is a term that is similar to jailbreaking but is Android specific.

Segmentation

Virtualization

Rooting

A

Rooting

Rooting is a term that is similar to jailbreaking but is Android specific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Apple’s Face ID is an example of using what?

VDI

Biometrics

Containerization

A

Biometrics

Apple’s Face ID is an example of using biometrics and is commonly used for authentication into newer Apple iPhones and iPads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A VPC __________ allows you to privately connect a VPC to supported services without requiring a NAT device, a VPN, or an Internet gateway.

endpoint

encryptor

firewall

A

endpoint

A virtual private cloud (VPC) endpoint allows you to privately connect a VPC to supported services without requiring a network address translation (NAT) device, a virtual private network (VPN), or an Internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following acts inline to screen and either block or allow incoming or outgoing web traffic to and from a virtual network?

CASB

API inspection tool

Next-generation SWG

A

Next-generation SWG

A next-generation secure web gateway (SWG) acts inline to screen and either block or allow incoming or outgoing web traffic to and from a virtual network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cloud storage permissions can be defined as which of the following types? (Choose two.)

Uniform

Mandatory

Fine-grained

Discretionary

A

Uniform

Fine-grained

Cloud storage permissions can be defined within two broad types: uniform and fine-grained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Rowan works for a company that has had a string of incidents where weak employee passwords have been hacked through brute-force methods and then used by unauthorized users to gain access to the network. Which of the following security policies would be best for Rowan to implement to prevent brute-force hacking attempts on employee passwords?

Password rotation

Password expiration

Password lockout

A

Password lockout

Rowan can lock out an account if an incorrect password has been entered too many times. Although password length, complexity, rotation, and expiration are helpful security measures, brute-force attacks can most efficiently be stopped by limiting the number of attempted logons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Alex has already implemented a password expiration and rotation policy that forces his organization’s users to change their password every 60 days. However, he is finding that many users are simply using their same password again. Which of the following can Alex implement to improve security?

Password history

Password complexity

Password lockout

A

Password history

When password history is enabled, the system can remember a user’s former passwords. When the current password expires, the system forces the user to use a new password that is not the same as one of her previous passwords, preventing password reuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An __________ creates, maintains, and manages identity information for an organization.

Identity manager

Identity provider

Identity validator

A

Identity provider

An identity provider (IdP) creates, maintains, and manages identity information for an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAML implementations have three basic roles: the identity, the identity provider, and the __________.

Internet provider

service provider

authentication provider

A

service provider

The service provider takes the token passed from the identity provider and either accepts the request and provides services to the user or denies the request and does not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your organization has several home users with Internet access who require remote access to your organization’s network. Which of the following remote access and authentication technologies would be the most secure?

Dial-up access to a Kerberos server

A VPN authenticated to a RADIUS server

Telnet access to a local password database

A

A VPN authenticated to a RADIUS server

By using a VPN authenticated to a RADIUS server, you ensure that your communications are encrypted and that secure authentication takes place to the RADIUS server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are creating an access control model that will allow you to assign specific access policies depending on which network a user is on and not necessarily on the actual identity of the specific user. Which privilege management access control model would you use?

Rule-based access control

Discretionary access control

Attribute-based access control

A

Rule-based access control

Rule-based access control is defined with an access control list (ACL), which specifies a set of rules that must be followed before access is granted. Rule-based access control does not necessarily have to be tied to an authorized identity and could involve access permissions based on network location, content of messages (such as e-mail text or attachments), and other types of content filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To improve the integrity and authentication of your encryption systems, you have contacted a CA to generate which of the following items for you?

Digital certificate and public/private key pair

Public key and a private hash

Private key and a certificate

A

Digital certificate and public/private key pair

When a user’s identification is established, the certificate authority (CA) generates public and private keys for the user. A certificate is then generated with the identification and public key information embedded within it. Once the user is registered and receives his certificate, he can begin using it to send encrypted messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have been tasked with contacting your CA and revoking your company’s current web server certificate. Which of the following is the most likely reason to revoke the certificate?

You renewed your certificate after it expired.

The previous network administrator who created the certificate was fired.

You installed a new web server.

A

The previous network administrator who created the certificate was fired.

The certificate should be revoked because the user assigned to that certificate is no longer with the company. This prevents the user from continuing to use that certificate for encryption and authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You need to look up the details of a certificate that was revoked. Where can you find this information?

Certificate expiry list

Registration suspension list

Certificate revocation list

A

Certificate revocation list

A certificate revocation list (CRL) is published by a CA to show certificates that have been revoked. A verifier can examine the list to check the validity of another user’s certificate

17
Q

You need to renew your company’s certificate for its public web server. When should you renew the certificate?

On its expiry date

After it’s revoked

Thirty days before expiry

A

Thirty days before expiry

Most certificate authorities require that a certificate be renewed within a certain amount of time before the actual expiry date. This provides the CA with enough time to renew the certificate and deliver it back to the client for distribution

18
Q

OCSP __________ improves upon the original OCSP efficiency by including a time-stamped, signed response with the TLS/SSL handshake.

pinning

stapling

assigning

A

stapling

The TLS Certificate Status Request extension, more commonly known as OCSP stapling, further improves efficiency by allowing the certificate holder to query the Online Certificate Status Protocol (OCSP) responder itself at set intervals and including (“stapling”) the signed response with the TLS/SSL handshake, rather than query the OCSP responder each time