Mitigating Security Threats Flashcards
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What term describes their actions?
Cross-site scripting
Fuzzing
Patching
Fuzzing
Fuzzing is a means of injecting data into an application that it does not expect in order to ensure that there are no weaknesses by using proper input validation
The process of disabling unneeded network services on a computer is referred to as what?
Patching
Fuzzing
Hardening
Hardening
Hardening includes actions such as disabling unneeded services to make a system more secure
You are on a conference call with your developers, Serena and Thomas, discussing the security of your new travel site. You express concern over a recent article describing how user submissions to web sites may contain malicious code that runs locally when others simply read the post. Serena suggests validating user input before allowing the user submissions. Which problem might validation solve?
Cross-site scripting
Fuzzing
Hardening
Cross-site scripting
Cross-site scripting attacks take advantage of dynamically generated web pages on sites that allow unvalidated user input. User submissions can be validated to ensure that malicious scripts do not exist on the site
Which of the following lessens the success of dictionary password attacks?
Password complexity requirements
Account lockout threshold
Password hints
Password complexity requirements
Complex password enforcement means dictionary words or username variations, to name just a few, cannot be used as passwords
A RADIUS server is used to authenticate your wireless network users. While creating a new user account, you notice there are many more user accounts than actual users. What should be done?
Disable all accounts not linked to a user.
Verify how accounts are used and then delete unnecessary accounts.
Verify how accounts are used and then disable unnecessary accounts.
Verify how accounts are used and then disable unnecessary accounts.
Disable only those accounts that are not required; the account may be needed later. Further investigation is needed to determine whether any accounts are used by network services and not users
The 802.11n wireless network in your department must be layer 2 secured. You would like to control which specific wireless devices are allowed to connect. How can you do this?
SIM card
NetBIOS computer name
MAC address
MAC address
The MAC address is an OSI layer 2 (Data Link layer) 48-bit unique hexadecimal address assigned to all network cards and is often used to restrict connecting wireless clients
What is the best definition of the IEEE 802.1x standard?
It defines the Ethernet standard.
It defines network access control only for wireless networks.
It defines network access control for wired and wireless networks.
It defines network access control for wired and wireless networks.
802.1x applies to wired and wireless networks. 802.1x connectivity devices forward authentication requests to an authentication server before allowing access to a network
You are hardening a Linux computer and have disabled SSH in favor of Telnet. You ensure that passwords are required for Telnet access. Identify your error.
Secure Telnet should have public key authentication enabled.
Only strong passwords should be used with Telnet.
SSH should have been used instead of Telnet.
SSH should have been used instead of Telnet.
Secure Shell (SSH) encrypts all packet payloads unlike Telnet and therefore should be used when hardening
As the IT director of a high school using Group Policy and Active Directory, you plan the appropriate standard security settings for newly deployed Windows 10 workstations. Some teachers require modifications to these settings because of the specialized software they use. Which term refers to the standardized security parameters?
Initial baseline configuration
Principle of least privilege
Sysprepped image
Initial baseline configuration
The initial baseline configuration implies blanket security settings that are the minimum standard
The periodic assessment of security policy compliance is referred to as what?
Remediation
Hardening
Continuous security monitoring
Continuous security monitoring
Continuous security monitoring ensures that security policies are adhered to and enforced
You are a Windows Server 2016 administrator. You install and configure the Network Policy Server (NPS) role and configure health policies that require all connecting clients to have firewall and spyware software enabled. Clients violating these health policies will receive an IP address placing them on a restricted subnet containing servers with client firewall and spyware software to install. What term accurately refers to the role the servers on this restricted subnet play?
Isolation
Remediation
Validation
Remediation
Remediation servers provide a method of correcting security deficiencies
IT security personnel respond to the repeated misuse of an authenticated user’s session cookie on an e-commerce web site. The affected user reports that he occasionally uses the site but not for the transactions in question. The security personnel decide to reduce the amount of time an authentication cookie is valid. What type of attack have they responded to?
Dictionary
Privilege escalation
Cross-site request forgery
Cross-site request forgery
Cross-site request forgeries involve the malicious use of a trusted party’s cookie against a web site
A network administrator places a network appliance on the DMZ network and configures it with various security thresholds, each of which will notify the IT group via e-mail. The IT group will then adhere to the incident response policy and take action. What will be triggered when any of these thresholds is violated?
Alarm
Alert
Remediation
Alarm
An alarm is a warning of danger that requires action (adherence to an incident response policy), such as a security threshold that might warn of excessive types of network traffic (which could imply a denial-of-service attack)
A user reports repeated instances of Windows 10 slowing down to the point where she can no longer be productive. You view the Windows Event Viewer logs for the past month and notice an exorbitant amount of SMTP traffic leaving the local machine each morning between 10 a.m. and 11 a.m. What type of analysis was performed to learn of this anomaly?
Forensic
Trend
Network statistical
Trend
A trend analysis seeks patterns within data sets, such as events happening around the same time each day
Roman is developing an application that controls the lighting system in a large industrial complex. A piece of code calls a function that controls a custom-built circuit board. While running his application, Roman’s application fails repeatedly because of unforeseen circumstances. Which secure coding guideline did Roman not adhere to?
Packet encryption
Digital signatures
Error handling
Error handling
Error handling is a secure coding guideline that requires developers to write code that will capture any unforeseen situations instead of allowing applications to fail
What can be done to harden the Windows operating system? (Choose three.)
Disable system restore points.
Disable unnecessary services.
Patch the operating system.
Configure EFS.
Disable Group Policy.
Disable unnecessary services.
Patch the operating system.
Configure EFS.
Hardening is defined as making hardware or software less vulnerable to security breaches. Disabling unnecessary services reduces the potential attack surface of an operating system. Patching applies solutions for known flaws and weaknesses. Encrypting File System (EFS) protects files and folders by encrypting them in such a way that parties without the decryption keys cannot decrypt the data
You are configuring a fleet of Windows laptops for traveling employees, some of whom prefer using USB mice. It is critical that the machines are as secure as possible. What should you configure? (Choose three.)
Disable USB ports.
Require USB device encryption.
Enable and configure the Windows firewall.
Install and configure antivirus software.
Enable a power management scheme.
Require USB device encryption.
Enable and configure the Windows firewall.
Install and configure antivirus software.
USB device encryption can be enforced, which disallows copying of data to USB drives unless the USB device is encrypted. This ensures copied data remains confidential even if the USB drive is lost. The Windows firewall is critical in controlling inbound and outbound network traffic. For example, when connected to public networks, the firewall might block all incoming traffic, but when connected to the Active Directory domain network, the firewall might allow inbound remote control. Antivirus software is always essential to protecting operating systems from the enormous amount of known malware
A shipment of new Windows computers has arrived for Accounting department employees. The computers have the operating system preinstalled but will require additional financial software. In which order should you perform all of the following?
Join the Active Directory domain.
Apply all operating system patches.
Ensure the virus scanner is up to date.
Log in to the Active Directory domain to receive Group Policy security settings.
Install the additional financial software.
Ensure the virus scanner is up to date.
Apply all operating system patches.
Join the Active Directory domain.
Log in to the Active Directory domain to receive Group Policy security settings.
Install the additional financial software.
The virus scanner must first be updated either manually or automatically to protect against malicious code while the system is updating. Applying operating system patches is the second thing to do to ensure that any software and security flaws are addressed. Next you would join the computer to the domain, but only after patching and ensuring that there are no viruses. Once the computer is joined to the domain, you would log in to ensure Group Policy security settings are applied. Finally, the financial software required by Accounting department employees should be installed and tested
Which of the following items can help prevent ARP cache poisoning? (Choose three.)
Use 802.1x security.
Disable ARP.
Patch the operating system.
Configure the use of digital signatures for all network traffic.
Disable unused switch ports.
Use 802.1x security.
Configure the use of digital signatures for all network traffic.
Disable unused switch ports.
ARP cache poisoning is a process by which a malicious device sends unsolicited broadcasts including its MAC address and another node’s IP address, thus redirecting traffic through itself instead of to that other node. This can happen only if network access is granted. Unused switch ports should be disabled to prevent unauthorized access to the network. 802.1x security requires device authentication before allowing network access. Unauthorized computers should not be able to authenticate to the network. ARP cache poisoning requires having network access to transmit forged ARP broadcast packets. Digital signatures assure the recipient of a transmission that the sender is valid. This can be done in many ways, such as by using Internet Protocol Security (IPSec), which can require that computers first authenticate to Active Directory before they can participate in secure transmissions
our intranet provides employees with the ability to search through an SQL database for their past travel expenses once they have logged in. One employee from the IT department discovers that if she enters an SQL string such as SELECT * FROM EXPENSES WHERE EMPID = ‘x’=’x’;, it returns all employee travel expense records. What secure coding guideline was ignored?
SQL injection prevention
Input validation
Disabling of SQL indexes
Input validation
Had the SQL query string been properly validated, returning all records would have been prevented
You capture and examine network traffic weekly to ensure that the network is being used properly. In doing so, you notice traffic to TCP port 53 on your server from an unknown IP address. After reviewing your server logs, you notice repeated failed attempts to execute a zone transfer to your server. What type of attack was attempted?
ARP poisoning
Cross-site scripting
DNS poisoning
DNS poisoning
Domain Name Service (DNS) poisoning means including incorrect name resolution data with the intent of secretly redirecting users to malicious hosts. TCP port 53 is used by DNS servers to synchronize DNS records and, in this case, to, and not from, your server
A network security audit exposes three insecure wireless routers using default configurations. Which security principle has been ignored?
Application patch management
Device hardening
Input validation
Device hardening
Had the wireless routers been properly hardened, the default configurations would have been changed, such as lack of MAC filtering, encryption, and default admin passwords
Which of the following standards must authenticate computing devices before allowing network access?
Router
Hub
IEEE 802.1x
IEEE 802.1x
IEEE 802.1x is a standard that authenticates computers against a server before allowing access to wired or wireless networks
What will prevent frequent repeated malicious attacks against user account passwords?
Minimum password age
Password hints
Account lockout
Account lockout
Account lockout locks an account after a predetermined number of incorrect password attempts and renders the account unusable for a period of time, thus preventing further password attempts
Which item would best apply a standard security baseline to many computers?
A disk image of the operating system
Security templates distributed through Group Policy
Password settings distributed through Group Policy
Security templates distributed through Group Policy
Security templates can contain many security settings that are best distributed to groups of computers through Group Policy
After patching and hardening your computers, how would you determine whether your computers are secure?
Performance baseline
Security templates
Penetration testing
Penetration testing
Penetration testing exploits hardware and software vulnerabilities to determine how secure computing devices or networks really are
While hardening a Windows server, you decide to disable a number of services. How can you ensure that the services you are disabling will not adversely affect other services?
Run the net start ‘service name’ / dep command.
Right-click the service and choose Show Dependency Chain.
Double-click the service and view the Dependencies tab.
Double-click the service and view the Dependencies tab.
The Dependencies tab in a service’s properties lists other services that depend on the one you are considering disabling
Your company uses Microsoft IIS to host multiple intranet web sites on a two-node cluster. All sites store their configuration and content on drive C: and log files are stored on the D: drive. All sites share a common application pool. The IT director has asked that you ensure that a single hacked web site will not adversely affect other running web sites. What should you do?
Move each web site configuration to a separate hard disk.
Move each web site’s content to a separate hard disk.
Configure each web site to use its own application pool.
Configure each web site to use its own application pool.
Web sites running in separate application pools prevent one pool from affecting other pools in the event of a compromised web site
You are developing your Windows 8.1 enterprise rollout strategy. IT security policies have been updated to reflect the company’s stricter security standards. Which of the following will harden Windows 8.1? (Choose two.)
Use a Class C IP address.
Configure log archiving.
Configure USB device restrictions.
Disable unused services.
Configure USB device restrictions.
Disable unused services.
Disabling or restricting the use of USB ports and services and their listening ports helps make operating systems more secure
How can you prevent rogue machines from connecting to your network?
Deploy an IEEE 802.1x configuration.
Use strong passwords for user accounts.
Use IPv6.
Deploy an IEEE 802.1x configuration.
The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, it might be configured for VPN appliances, network switches, and wireless access points that adhere to the IEEE 802.1x standard
What can be done to secure the network traffic that is generated when administering your wireless router?
Use HTTP with PKI.
Use HTTP with IPv6.
Use HTTPS with PKI.
Use HTTPS with PKI.
Hypertext Transfer Protocol Secure (HTTPS) uses at least one Public Key Infrastructure (PKI) security certificate to encrypt transmissions between the client web browser and the wireless router. This protects the router’s management interface
Your company is upgrading to a new office suite. The spreadsheet application must trust only macros digitally signed by the company certificate authority. You have servers installed in a single Windows Active Directory domain. What should you configure to ensure that macro security on all stations is configured properly?
Configure the spreadsheet application on each computer to trust company macros.
Create an EFS PKI certificate for signing the macros.
Use Group Policy to enforce the described application configuration baseline.
Use Group Policy to enforce the described application configuration baseline.
Group Policy can be used to configure these options centrally
Aidan is creating a Linux operating system image that will be used to deploy Linux virtual machines from a template. After patching the operating system, he installs the required application software, installs and updates the anti-malware software, creates the image, and stores it on the imaging server. What did Aidan forget to do?
He forgot to Sysprep the installation before capturing the image.
He forgot to patch the application software.
He forgot to turn on anti-malware real-time monitoring.
He forgot to patch the application software.
Application software patches must be applied regularly
You are the founder of Acme Data Mining. The business focuses on retrieving relevant consumer habits from various sources, and that data is then sold to retailers. Because of the amount of data that must be processed, you must implement the fastest possible solution. Which type of technology should you implement?
SQL
NoSQL
SATA
NoSQL
NoSQL is a simplified database standard (nonrelational) designed for quick retrieval when processing large volumes of data
You have been asked to develop a secure web application for a home brewing retailer. The app will read and write to a back-end database for customer transactions. The database has rules in place to check that data is valid. The web site uses HTTPS. What else should be done to secure the web app further?
Use JavaScript for server-side data validation.
Use PKI.
Use JavaScript for client-side data validation.
Use JavaScript for client-side data validation.
JavaScript code executes in the client web browser. Even though server-side database validation is in place, it is wise also to configure client-side validation to ensure invalid data does not even reach the server
Your company has issued Android-based smart phones to select employees. Your manager asks you to ensure that data on the smart phones is protected. How do you address your manager’s concerns?
Implement SCADA, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.
Implement PKI VPN authentication certificates, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.
Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating anti-malware, and disabling unnecessary features and software
While hardening your home office network, you decide to check that the firmware in all your network devices is updated. To which of the following devices would this apply?
Smart TV, gaming console, printer, HVAC, wireless router
Refrigerator, printer, wireless router, electrical outlets, printer
HVAC, fire extinguisher, gaming console, printer, wireless router
Smart TV, gaming console, printer, HVAC, wireless router
You should check that the firmware in your smart TV, gaming console, printer, HVAC system, wireless router, and printer are all up to date. Outdated firmware could expose device vulnerabilities
Which enterprise-class items within your organization should be patched regularly? (Choose all that apply.)
Mainframes
Thin clients
Public cloud virtualization hosts
IP addresses
Mainframes
Thin clients
Mainframe computers and thin client computers should be patched regularly
An application accesses memory outside of its allocated space. What is the issue?
Access violations
Certificate issues
Misconfigured content filter
Access violations
Access violations occur when an application attempts to access memory outside of its allocated space
A service on a local server cannot communicate with its database server running on another machine. The database server is functioning correctly and all network connections are working properly. What is the issue?
Insider threat
Unauthorized software
Misconfigured firewall
Misconfigured firewall
A misconfigured firewall would prevent the local service from being able to talk to a service on another machine over the network
An attacker has contacted one of your employees and has convinced her to give up her username and password, giving the attacker access to your network. What sort of attack is this?
Data exfiltration
Social engineering
HIDS/HIPS
Social engineering
Social engineering is an attack based on deception. It involves convincing a user that the attacker is somebody else so that victims divulge private information
Important data about the internal network of your company has been leaked online. There has been no breach of your network by an attacker. What type of issue is this?
File integrity check
Host-based firewall
Social media
Social media
Employees can inadvertently leak important details about your network to online forums or social media. For example, an organization’s VPN acceptable use policy or a network diagram document could be mistakenly attached to a Facebook post
While monitoring network traffic, you notice a lot of IMAP communications between your network and an IP address that does not belong to the company e-mail server. What is the cause of this traffic?
Advanced malware tools
Whitelisted applications
Personal e-mail
Personal e-mail
Employees are most likely accessing their personal e-mail accounts from work, which may or may not be allowed depending on company policy
New company laptops have arrived, and before being deployed in the field, software is installed on them to allow them to be centrally tracked and managed. Which term best describes this scenario?
File integrity checks
Web application firewall
Asset management
Asset management
Tracking the location or configuration of laptops, which are assets, allows them to be better managed and located if lost or stolen. It also allows for centralized management on a small, medium, or large scale
The NIST Cybersecurity Framework is an example of what kind of industry-standard framework? (Choose two.)
Regulatory
National
Nonregulatory
International
National
Nonregulatory
It is nonregulatory and national, being created by the American National Institute of Standards and Technology
Why might you want to keep the diversity of end-user technologies in use to a minimum? (Choose all that apply.)
It takes less effort to maintain.
It reduces costs.
It takes more effort to maintain.
It improves the user experience.
It takes less effort to maintain.
It reduces costs.
It improves the user experience.
Keeping technological diversity to a minimum takes less effort to maintain, can reduce costs and complexity, and can also improve the user experience because of its simplicity. At the technical level, sometimes the use of diverse technologies increases security, such as using different vendor firewalls for external-facing and internal-facing networks
Which of the following is not an example of a smart (or IoT) device?
A watch
A lightbulb
A UAV/drone
Internet camera
System on a Chip
A watch
A lightbulb
A UAV/drone
Internet camera
A System on a Chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but unto itself it is not a smart/IoT device, much like firmware can be used in a firewall device but is itself not a firewall
You are approached by a company that wants your team to develop an application for them. They would like to be highly involved and would like a basic version of the software working as soon as possible. What development model is best suited for this?
Agile
Waterfall
SCADA
Agile
Agile is a method that involves the customer in the development of the product and can create basic versions of working software quickly
What can be used to validate SQL statements repetitively?
Data exposure
Normalization
Stored procedure
Stored procedure
A database stored procedure enables a subroutine to be called many times. Potential use cases include for fuzzing or data validation
What does Secure DevOps entail? (Choose all that apply.)
Security automation
Continuous integration
Immutable systems
Infrastructure as Code
Security automation
Continuous integration
Immutable systems
Infrastructure as Code
Security automation involves testing your code with automated security tools—for example, to ensure when it’s fed unexpected data, the app doesn’t crash or reveal sensitive information. Continuous integration allows the merging of all working copies of code into a single unified mainline, which facilitates code management involving multiple code versions and multiple developers. Immutable systems apply where components are replaced rather than changed. Infrastructure as Code is the process of managing computing systems and their configurations through code
You are joining a team of developers who use Git for their products. What primary benefit does Git provide?
SDK
Version control
Memory management
Version control
Git is an Internet-based code repository that provides version control, which is a way to manage changed code by giving each change its own unique identifier
The development team you are working with wants to analyze some code without executing it. How can this be achieved?
Static code analysis.
Dynamic analysis.
Sandboxing.
Static code analysis.
Static code analysis allows code to be analyzed without running it
You are asked to test the ability of a program to function correctly under heavy load conditions. What type of test should you run?
Baselining
Encryption
Stress testing
Stress testing
Stress testing determines how code will function under heavy loads