Implementing Host-Based Security

Question 1

You have been tasked with deploying a security solution that will monitor activity related to a specific application server. The solution must be able to detect suspicious activity and take steps to prevent the activity from continuing. What should you deploy?

NIPS

HIDS

HIPS

Answer 1

HIPS

A host-based intrusion prevention system (HIPS) runs on a specific host such as an application server. A HIPS can be configured to detect anomalous behavior related to that specific host and is not limited only to reporting/alerting/logging the activity; it can also be configured to take action to stop the activity, such as blocking specific types of network traffic from specific hosts

Question 2

You need to implement a tool that can be configured to detect abnormal activity for a cloud-based virtual network. The solution must be configured to send alert notifications to administrators. What should you deploy?

NIDS

HSM

HIDS

Answer 2

NIDS

A NIDS is not specific to a host but instead analyzes network traffic from many sources to detect potentially malicious activity

Question 3

Your software development team is creating a custom app that will accept customer payments. The app calls upon existing third-party APIs, where those APIs result in a unique value generated from user payment methods and that unique value is sent over the network to complete payment transactions. Which technique is taking place when payments occur using this custom app?

Tokenization

Salting

Encryption

Answer 3

Tokenization

Tokenization is a security technique that uses a trusted centralized service to create a digital representation of sensitive data, such as credit card information. This “token” can then be used to authorize resource access or payments without ever sending the actual origin sensitive data

Question 4

Which close-range wireless system that supports “tap” payments is commonly used for debit and credit card payments with point-of-sale systems?

Wi-Fi

Bluetooth

NFC

Answer 4

NFC

Near Field Communication (NFC) is a wireless technology used to transfer small amounts of data between devices that are no more than approximately 10 centimeters (3.9 inches) apart. NFC is commonly used for “tap” contactless payment systems from smartphones or payment cards

Question 5

You plan on working remotely while vacationing in a rural location, where traditional wired phone service and electricity are unavailable. Your mobile phone has a data connection in this location, but the signal is very weak and unacceptably slow for work purposes over the Internet. You plan on using batteries and a power generator to run electrical devices. Which network connectivity options should you consider? (Choose two.)

DSL

Cable modem

Cellular signal booster

Satellite connectivity

Answer 5

Cellular signal booster

Satellite connectivity

Cellular signal boosters can amplify a weak cellular signal many times to enable voice calls, texting, and mobile device data usage that otherwise may be unacceptably slow or not be possible in a rural area. Always check with the nearest cell tower provider to register your cellular signal booster. Satellite connectivity requires a satellite dish installation to transmit and receive data through a wireless satellite system and can also be used to provide Internet connectivity to rural areas or ships at sea

Question 6

Your company-issued smartphone is configured to accept your fingerprint as a form of authentication. What type of authentication is this?

Context-aware

Multifactor

Biometric

Answer 6

Biometric

Biometric authentication uses a person’s physical characteristics for unique identification, such as through fingerprints, retinal scans, voice and speech recognition, and so on

Question 7

Some of your technically proficient users have modified their company-issued Android smartphone to provide full device access in order to install apps requiring this permission. Which term best describes this scenario?

Jailbreaking

sudo

Rooting

Answer 7

Rooting

Rooting an Android device means allowing full privileged access to a device and its operating system, which is required by some apps and provides the user full device configuration ability. One common way of rooting a phone is to download a developer toolkit or specialized firmware flashing app; you may also require a separate USB-connected computer to complete the process. The term “rooting” came about because the Android operating system is based on the Linux operating system kernel, which uses the root account as the fully privileged account. Users should be aware that rooting an Android device can introduce security risks (malware getting full control of the device) and may void a mobile carrier’s warranty

Question 8

You are configuring a mobile device management (MDM) solution to harden employee smartphones. The devices must be configured such that:

.Device location around the world cannot be tracked.

.Sensitive data cannot be viewed by unauthorized parties.

.Device configuration and data can be removed when devices are lost or stolen.

.Corporate apps and data are isolated from personal apps and data.

What do you need to do?

Disable GPS, enable full device hashing, enable remote wipe, and run apps in Docker containers.

Disable GPS enable full device encryption, enable remote wipe, and configure containerization.

Disable Bluetooth, enable full device encryption, enable remote access, and configure containerization.

Answer 8

Disable GPS enable full device encryption, enable remote wipe, and configure containerization.

Disabling a global positioning system (GPS) on a mobile device, which is often used for device tracking, geolocation media tagging, and limiting location-based app usage with geolocation, prevents the device location from being tracked through GPS, although device tracking is still possible with cell-tower triangulation within a locality. Protecting sensitive data from unauthorized parties can be achieved with full device encryption. Remote wipe enables mobile device administrators to erase the device remotely over the network if the device is lost or stolen. Mobile device containerization separates work and personal apps, settings, and data for security purposes, including remote wiping of only the corporate container (partition). Mobile device administrators can also harden devices by enabling settings such as timeout screen locking, or disabling unneeded functionality provided by cameras, microphones, Bluetooth connectivity, and so on

Question 9

After sensitive data is leaked from within your organization, you decide to implement security solutions on all desktop computers that will ensure that sensitive documents are shared only with authorized parties. Desktop computers must also be protected from malicious code and must block network traffic not initiated by the desktop itself. Which of the following solutions will best address these concerns?

DLP, full disk backup, firewall

Anti-malware, disk encryption using TPM, firewall

DLP, anti-malware, firewall

Answer 9

DLP, anti-malware, firewall

Data loss prevention (DLP) software solutions can reduce the potential of intentional and unintentional sensitive data leaks, such as preventing the forwarding of confidential data to e-mail addresses outside the organization. Anti-malware, if kept up-to-date, can help protect devices from malicious code. A desktop computer with a host-based firewall configured can allow or block network traffic to or from that computer. Next-generation firewalls take this a step further by inspecting all details in the transmissions

Question 10

Users in your company use a web browser on their tablets to access their cloud-hosted Windows desktop and applications remotely. Which term best encompasses this scenario?

TPM

VDI

HSM

Answer 10

VDI

Virtual Desktop Infrastructure (VDI) provides remote desktop and apps access from any type of device, even if only a web browser is used

Question 11

Users complain that as they are travelling on a commuter train to and from work, they are unable to access e-mail and cloud-based files on their laptops. However, they are able to read e-mail messages on their company-issued smartphones. Cloud-based files can be edited only using specialized software installed on laptops. The train does not offer Wi-Fi Internet connectivity. Users must have access to e-mail and cloud-based files during their commute while minimizing costs and inconvenience. What should you do?

Teach users how to sideload applications.

Teach users how to enable GPS tagging.

Teach users how to enable smartphone tethering.

Answer 11

Teach users how to enable smartphone tethering.

Smartphone tethering enables you to connect other devices, such as laptops lacking cellular connectivity, to a smartphone Internet connection through the smartphone’s data services. Tethering can be done wirelessly between the smartphone and the laptop, or through a USB cable

Question 12

You are traveling on a bus with a colleague, and you both have your laptops. You need to share files with each other during the trip with a minimum of inconvenience and minimal cost. The bus does not offer Wi-Fi connectivity. What should you do?

Copy the files to external USB storage media.

Copy the files to a MicroSD HSM.

Enable Wi-Fi Direct.

Answer 12

Enable Wi-Fi Direct.

Desktop, laptop, and mobile devices can be quickly linked together wirelessly for transferring files using Wi-Fi Direct, even when no Internet connection is available

Question 13

Which technique should be employed when testing unfamiliar software to ensure it is benign?

Sandboxing

Push notifications

Firmware Over-The-Air updates

Answer 13

Sandboxing

Sandboxing uses an isolated network, host, or app environment for testing configurations, including unfamiliar software, without the risk of unintentionally harming other systems or components

Question 14

Which wireless technology is commonly used for inventory control?

Wi-Fi

RFID

NFC

Answer 14

RFID

Radio-frequency identification (RFID) uses wireless radio frequencies to track items or animals with RFID tags attached to them, such as for inventory control and animal location tracing

Question 15

Your manager has asked you to evaluate and recommend a single IT tool that can be used to manage desktops, laptops, as well as Android tablets and smartphones. What type of tool should you be looking at?

Trusted platform module

Unified end-point management

SEAndroid

Answer 15

Unified end-point management

A unified end-point management (UEM) solution allows for the centralized management of many types of devices and includes the functionality of mobile device management (MDM) and mobile application management (MAM) capabilities. UEM tools can deploy device configurations and apps, manage apps and security settings, and apply updates, which removes the need to work with multiple device management tools

Question 16

You have been tasked with disabling the SMS text messaging multimedia message service (MMS) on user smartphones. Which type of SMS texting risk is directly mitigated with this configuration?

Injection attack

Ransomware triggered from an e-mail message file attachment

Malicious code embedded in video files

Answer 16

Malicious code embedded in video files

When MMS is enabled, malicious code embedded in media files could be distributed through MMS. Disabling MMS reduces this likelihood. MMS is also sometimes referred to as rich communication services (RCS)

Question 17

You are evaluating IoT HVAC sensors for a commercial building. One concern is how device updates can be applied wirelessly when they are available. What should you search for in the IoT sensor documentation?

Sideloading

Firmware OTA updates

WSUS

Answer 17

Firmware OTA updates

Firmware Over-The-Air can be used to deliver firmware updates wirelessly to devices without requiring updates to be manually downloaded or transferred using cables

Question 18

Upon entering your favorite hardware and tool store, the store app that you had previously installed welcomes you and lists that day’s sales items for that store location. You search the app for a wrench, and the app directs you within the store to the correct location of the item. What is being used in this scenario?

Firmware OTA updates

Geotagging

Geofencing

Answer 18

Geofencing

Geofencing uses device location tracking to present mobile device users with message when they are within a specific geographic boundary

Question 19

Your organization manages valuable pharmaceutical research data. Company security policies require Android mobile device users to use cryptographic keys to protect sensitive data. The keys cannot be stored on the device itself. What type of accompanying hardware should be used for securely storing cryptographic keys?

USB On-The-Go

Secondary SIM card

MicroSD HSM

Answer 19

MicroSD HSM

MicroSD hardware security modules (HSMs) plug directly into mobile devices to provide cryptographic authentication and management functions

Question 20

To which operating system does the term “jailbreaking” apply?

Android

iOS

Linux

Answer 20

iOS

Jailbreaking applies to Apple iOS devices such as the iPhone, iPad, and iPod. Like rooting an Android device, jailbreaking can be achieved with an installed app on the device, or it can be done using a USB-connected external computer to remove device restrictions, which provides the user full configuration flexibility, such as installing apps not available in the Apple App Store. Jailbreaking can void device and carrier warranties and increases the risk of device compromise due to malicious code with full device access

Question 21

In which device provisioning strategy does an organization pay for and provide a mobile device to employees while allowing employees personal use of the device?

CYOD

VDI

COPE

Answer 21

COPE

In the corporate owned personally enabled (COPE) mobile device provisioning strategy, the organization provides mobile devices to employees for both personal and business use. The organization will often pay partial or full monthly costs related to the mobile device, and in some jurisdictions this is considered an income tax benefit to the employee

Question 22

You no longer require data stored on a self-encrypting drive (SED). What is the quickest way to wipe the drive so that it can be reused, while ensuring data artifacts are not recoverable?

Overwrite all disk sectors with random data.

Overwrite all disk sectors with 0’s.

Remove and destroy SED cryptographic keys.

Answer 22

Remove and destroy SED cryptographic keys.

For encrypted drives, one quick method of wiping the drive is to destroy the drive decryption key, which renders all encrypted data on the drive unreadable, since the decryption key no longer exists. The drive can then be repartitioned and formatted for continued use while ensuring that the old data is not recoverable. This technique is often referred to as crypto erase

Question 23

Which abilities are unique to end-point detection and response solutions in comparison to host-based packet filtering firewalls? (Choose two.)

Block incoming traffic initiated from outside the machine

Allow incoming response traffic initiated from the machine

Stop attacks in progress

Detect threats

Answer 23

Stop attacks in progress

Detect threats

The “response” part of end-point detection and response solution refers to the ability to stop attacks from continuing after threats have been detected

Question 24

You have decided to use a different mobile network provider. Which process must be completed to use a new provider?

Containerization

Carrier unlock

Jailbreaking

Answer 24

Carrier unlock

Carrier unlocking enables a smartphone to be switched to a different mobile network provider. This process is often executed for free by the new carrier you are switching to

Question 25

Online payment services can use your credit card while never sending the actual credit card details to merchants during payment transactions. Which technique enables this to occur?

Encryption

Salting

Tokenization

Answer 25

Tokenization

Tokenization is a security technique that uses a trusted centralized service to create a digital representation of sensitive data, such as credit card information. This “token” can then be used to authorize resource access or payments without ever sending the actual origin sensitive data

Question 26

Which technique provides cryptographic one-way functions with randomized data in addition to the data that is to be protected?

Encryption

Hashing

Salting

Answer 26

Salting

Salting is a technique used to add random data to unique data prior to all of the data being fed into a one-way hashing algorithm. Linux user passwords stored in the /etc/shadow file are represented as a hash value generated from the salted user password string

Question 27

You work in the IT department at a military base. The IT department has secured issued smartphones to require that users must provide not only user credentials to sign in, but they must also be present at the base. Which term best describes this scenario?

Multifactor authentication

Identity federation

Context-aware authentication

Answer 27

Context-aware authentication

Context-aware authentication uses not only standard identification mechanisms such as usernames and passwords, but it also uses factors such as device location, type of configuration, time of day, and so on