Mock exam 2 - Qs got wrong Flashcards
Order of the risk response process
What service can be used to bring shadow IT back under the corporate policy?
A cloud access security broker (CASB).
A CASB monitors user activities, notifies administrators about significant events, performs malware prevention and detection, and enforces compliance with security policies.
A CASB should report risks, see any shadow IT from one platform. Also use DLP to protect against data leaks.
What can you use secure cookies for?
To block vulnerabilities like XSS and session hijacking.
Why/how because they travel only over secure channels like HTTPS and can contain additional attributes including flags like ‘secure’ and ‘httponly’.
The Secure flag forces the cookie to only transmit over secure connections like https
Preventing cross-sited scripting can be done by preventing JavaScript from tampering with the cookie bia using the HttpOnly flag, blocking JavaScript.
What device do you install to ensure the computers on the network meet an org’s security policies.
NAC - network access control. Chekcs host for any devices connecting to the network, can allow or deny or place in quarantine.
Can be enforced based on location of the network user, group membership or other criteria.
MAC filtering is a form of NAC (MAC = Media Access Control).
When implementing a security solution for mobile devices, which two common use cases are of primary concern
** Lower power devices** - should use crypotgraphic techniques that need less time to encrypt and decrypt.
Low latency is a concern with any cipher. As = time plain text is input to cipher text being generated.
Which two options are threat vectors used against vulnerable software?
Client-based
Default Credentials
Unsupported systems/apps
Agentless
Client-based, Agentless
Client-based attacks exploit vulnerabilities to aquire info. (Doesn’t need software).
Agentless uses web apps and services to aquire info from a computer or mob device.
What use case involves the implementation of predefined policies and controls to enforce security standards and best practices
Guard rails.
What do you use to incorporate SAML and SSO into a web app?
Shibboleth = is an SSO system that uses an ID provider and hardwareAuth is OAuth - which can grant an app limited access to a 3rd party site.
Uses SAML (Security Assertion markup Language) which defines security authorizations on web pages as opposed to web page elements in HTML.
Open ID connect provides the auth for OAuth. It doesn’t work with SAML. A secure token is used by Open ID.
What are 2 concepts associates with the zero trust data plan
Implicit trust zones
Subject/system.
Control plans manages users and devices on a network
Data plane manages movement of data in a network.
In a secure network, what is the default access control config for the firewalls you deploy
Explicit deny
What is the primary goal of buffer overflow attacks
Memory injection - to put more info than can fit into an allocated area of memory.
What is pharming
attacke redirects a web stie’s traffic to another, bogus site.
Matching agreement names and their characteristics
What are the charateristics of an emphermal credential
Temporary, short-lived
Can be revoked on demand
and automatically after a predefined period.
Two disadvantaes of using a cold site
Recovery time
Testing availability
What port is telnet traffic on
23
Key benefit of automation and scripting
Enforcing baselines = consistent application of predefined security and config across an org infrastructure
For an SD-WAN (Software-defined WAN), what two actions do you use to secure it
Selecting effective controls
Conducting regular vulnerability scans
Types of access control
Classifications of access control
what is a rooted mobile device
A rooted mobile device, particularly an Android device, has gained superuser or administrative access, similar to jailbreaking an Apple device. This allows users to make modifications and changes to the device’s operating system that would otherwise be restricted by the manufacturer or carrier.
