Missed Questions Flashcards
Christina is auditing the security procedures related to the use of a cloud-based online payment service. She notices that the access permissions are set so that a single person can not add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?
Separation of duties is the concept of having more than one person required to complete a task. In business, the separation by sharing more than one individual in a single task is an internal control intended to prevent fraud and error. In this case, one person can transfer money in, while another must transfer money out.
An independent cybersecurity researcher has contacted your company to prove a buffer overflow vulnerability exists in one of your applications. Which technique would have been most likely to identify this vulnerability in your application during development?
Buffer overflows are most easily detected by conducting a static code analysis. A static code analysis tool is designed to find buffer overflows more effectively.
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability.
Which of the following would NOT be useful in defending against a zero-day threat?
While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zero-day threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. This attack has no time (or days) between the time the vulnerability is discovered and the first attack, and therefore no patch would be available to combat it.
You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network’s default gateway. Additionally, the company’s CIO requests to block certain content types before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?
Due to the requirements provided, you should install a NIPS on the gateway router’s internal interface and a firewall on the external interface of the gateway router. The firewall on the external interface will allow the bulk of the malicious inbound traffic to be filtered before reaching the network. Then, the NIPS can be used to inspect the traffic entering the network and provide protection for the network using signature-based or behavior-based analysis. A NIPS is less powerful than a firewall and could easily “fail open” if it is overcome with traffic by being placed on the external interface. The NIPS installed on the internal interface would also allow various content types to be quickly blocked using custom signatures developed by the security team.
Dion Training is currently undergoing an audit of its information systems. The auditor wants to understand better how the PII data from a particular database is used within business operations. Which of the following employees should the auditor interview?
The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. They must understand how any privacy information is used within business operations. Therefore, they are the best person for the auditor to interview to get a complete picture of the data usage.
To improve the Dion Training corporate network’s security, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator** would like for NAT to no longer be required for extending the number of IP addresses available.** What protocol should the administrator implement on the wireless network to achieve their goals?
IPv6 includes IPsec built into the protocol by default. Additionally, IPv6 also provides an extended IP address range for networks, eliminating the need for using NAT.
Julie was just hired to conduct a security assessment of Dion Training’s security policies. During her assessment, she noticed that many users were sharing group accounts to conduct their work roles. Julie recommended that the group accounts be eliminated and instead have an account created for each user. What improvement will this recommended action provide for the company?
To adequately provide accountability, the use of shared or group accounts should be disabled. This allows you to log and track individual user actions based on individual user accounts. This enables the organization to hold users accountable for their actions, too.
Which of the following is exploited by an SQL injection to give the attacker access to a database?
SQL injections target the data stored in enterprise databases by exploiting flaws in client-facing applications. These vulnerabilities being exploited are most often found in web applications.
Which analysis framework provides a graphical depiction of the attacker’s approach relative to a kill chain?
The Diamond Model provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. The Diamond Model is constructed around a graphical representation of an attacker’s behavior.
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?
Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.
Which of the following terms is used to describe the timeframe following a disaster that an individual IT system may remain offline?
Recovery time objective (RTO) is when an individual IT system may remain offline following a disaster. This represents the amount of time it takes to identify a problem and then perform recovery (restore from backup or switch in an alternative system, for instance).
Your company is making a significant investment in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?
To mitigate the risk of data remanence, you should implement full disk encryption. This method will ensure that all data is encrypted and cannot be exposed to other organizations or the underlying IaaS provider.
**Which protocol relies on mutual authentication of the client and the server for its security?
The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc.). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.
Which role validates the user’s identity when using SAML for authentication?
The IdP provides the validation of the user’s identity. Security assertions markup language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. SAML is a solution for providing single sign-on (SSO) and federated identity management. It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP.
Which of the following functions is not provided by a TPM?
User authentication is performed at a much higher level in the operating system. Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software cannot tamper with the security functions of the TPM. The TPM provides random number generation, secure generation of cryptographic keys, remote attestation, binding, and sealing functions securely.
During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords?
A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. If you post a lot of personal information about yourself online, this password type can easily be bypassed. For example, during the 2008 elections, Vice Presidential candidate Sarah Palin’s email account was hacked because a high schooler used the “reset my password” feature on Yahoo’s email service to reset her password using the information that was publically available about Sarah Palin (like her birthday, high school, and other such information).
Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?
This is an example of behavior-based detection. Behavior-based detection (or statistical- or profile-based detection) means that the engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert.
Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly?
Continuous deployment is a software development method in which app and platform updates are committed to production rapidly.
You are trying to select the best device to install to proactively stop outside attackers from reaching your internal network. Which of the following devices would be the BEST for you to select?
An intrusion prevention system (IPS) is a form of network security that detects and prevents identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents, and capturing information about them. An IPS can block malicious network traffic.
Which of the following tools could be used to detect unexpected output from an application being managed or monitored?
A behavior-based analysis tool can capture/analyze normal behavior and then alert when an anomaly occurs. Configuring a behavior-based analysis tool requires more effort to set up properly, but it requires less work and manual monitoring once it is running.
