Mock Exam 3 Flashcards
You are the systems administrator for a large multinational corporation that is going to open a new research and development department in their London office. The CEO has informed you that a new product is due to be released and he wants to prevent anyone logging into the research and development department’s desktops. What is the BEST way for these laptops to be set up?
a. VLAN
b. Port forwarding
c. Split tunnel
d. Air gap
When a computer or device is air gapped, it is not connected to the network.
- A company has rolled out new laptops with Windows 10; however, the auditor has observed that each of the laptops has different patches and updates. It has recommended that they are recalled and updated. Which of the following should have been done prior to the rollout to ensure they are patched?
a. Application whitelist
b. Secure baseline
c. Blocklist
d. Snapshot
A baseline is a list of installed applications, updates, and settings. If a baseline had been used, everyone would have the same settings.
- The security administrator has received an updated security bulletin that mentions that some new attacks have appeared in the last week. The security industry does not have much information on the attack vectors. What action should they take to gather more information on the new attacks?
a. Read the security bulletin weekly
b. Roll out a honeypot
c. Ensure Windows updates are current
d. Ensure antivirus updates are current
A honeypot allows the security administrator to attract potential attackers and monitor the attack method being utilized.
A company is rolling out new mobile phones and needs to secure them from data theft. Which of the following items should be implemented? Choose three.
a. Simple passwords
b. Containerization
c. Strong passwords
d. Content manager
e. FDE
f. Antivirus
g. Screen saver
When you use additional storage on a device such as an SD card, this is known as containerization or storage segmentation. Also, an isolated guest virtual machine is known as containers.
- Which of the following cloud models give you the MOST control?
a. SaaS
b. IaaS
c. MaaS
d. SECaaS
e. PaaS
Infrastructure as a service is where you install, configure, and patch the operating system, therefore having more control over how it is set up and configured.
- A sales person’s company phone has broken and it will take two weeks to replace it so he has agreed to use his personal phone as a BYOD device. The security administrator is not happy that he will have personal and company data on the same device, so they will put a SD card into the phone to host the business data. What is this technique known as? Choose TWO.
a. Separation
b. Isolation
c. Containerization
d. Splitting
e. Storage segmentation
When you use additional storage on a device such as an SD card, this is known as containerization or storage segmentation. Also, an isolated guest virtual machine is known as containers.
- What type of device category are tablets and life support systems? Select the BEST answer.
a. Hybrid
b. Digital
c. SoC
d. ICS
e. Electronic
Both the tablet and life support systems use integrated circuits known as chips. Apple watches, smartphones, and computer motherboards come under this category known as system on a chip (SoC).
8.A multinational corporation is going to employee a group of 20 contractors for six-month periods but want to create a secure environment for them to work in for that time. Which of the following would be the BEST solution?
a. VDE
b. VDI
c. RDP
d. SSH
e. VPN
VDI is a virtual desktop infrastructure where a pool of virtual desktops is created and each person has their own desktop that is accessed only by them. Note, the question did not say these workers were remote, therefore the VPN was ruled out.
- A systems administrator needs to choose a system that will provide fault tolerance and provides the most resilience. The system must be able to use four disks. Which of the following is the best choice?
a. RAID 0
b. RAID 1
c. RAID 5
d. RAID 6
Both RAID 5 and 6 can use four disks, however, RAID 5 has single parity and can only lose one disk. RAID 6 has dual parity and can lose two disks, making it more resilient. RAID 10 provides better redundancy than RAID 6.
- A company is replacing its existing Multi-Functional Devices (MFD) with more modern versions. A risk assessment was carried out, listing potential attack vectors. Which of the following poses the GREATEST risk?
a. Network interface
b. Driver shimming
c. Patching
d. Default passwords
e. Containerization
f. Malicious insiders
Most MFD devices have a network interface enabling them to be accessed by everyone on the network. The network interface could be used by a remote attacker.
- An attacker managed to use an unmanaged virtual machine to attack the virtual machine host. The security administrator conducted lessons learned. During his report, why did he say the virtual machine was not hardened? Select the BEST choice.
a. VM escape
b. System sprawl
c. Pivoting
d. VM sprawl
VM sprawl is where an unmanaged virtual machine is placed on your virtual network. Because the administrator does not know about its existence, it is never patched, making it vulnerable.
12.Which of the following can prevent data emissions from leaving the company network?
a. Security baseline
b. Disconnect the network cable
c. Patch management
d. Faraday cage
e. Host-based firewall
A Faraday cage acts as a force field to prevent electrical current and wireless emissions from coming into or leaving a network. The Faraday cage prevents electromagnetic radiation emanating from electronic equipment.
- Which of the following is a major benefit to a new successful company that’s using cloud technologies? Select the BEST answer.
a. Redundancy
b. Cost
c. Elasticity
d. Security
CSP can increase or decrease cloud resources at the drop of a hat. Therefore, as a new company increases its sales and number of employees, the CSP can provide them with the resources they need.
A developer, while creating a new application, has asked the cyber security analyst the best way for him to set up error handling. Which of the following options will the cyber security analyst recommend to the developer? Choose the three BEST answers.
a. Users should see the full error as a long version with all the required details.
b. The system administrator should see the full error as a long version with all the required details.
c. None of the errors should be logged so that the application runs.
d. All the errors should be logged and stop the application from running.
e. Users should see a shortened version of the error that is not detailed.
f. All the errors should be logged and the application should run.
g. The system administrator should see a shortened version of the error.
- A company is looking for a software development life cycle model that is incremental and very similar to scrum. Which of the following is the BEST solution?
a. Agile
b. Waterfall
c. PRINCE 2
d. V-shaped model
Agile and scrum are very similar where they can incrementally start different phases of the SDLC to provide faster delivery and customer satisfaction.
- Which of the following cloud models gives you more control?
a. Private
b. Public
c. Hybrid
d. Community
A private cloud is known as a single tenant where you have total control of the environment.
- A company needs to set up a web portal so that distributors can view their latest price list and order new products. Which of the following is the most suitable?
a. Intranet
b. LAN
c. Extranet
d. Internet
e. DMZ
An intranet website sits on your LAN and has company sensitive data. An extranet is located in the DMZ, a boundary layer, and is accessed by username and password. This would be used to share information with distributors or suppliers.
- A company wants to ensure that their customers don’t want to bring any lawsuits against them. Which of the following is the BEST to adopt?
a. Exceed regulatory framework standards
b. Exceed general-purpose guides
c. Exceed platform-specific guides
d. Exceed vendor-specific guides
Regulatory framework standards are legally enforceable whereas user guides are not. If we exceed the regulatory standards, we can prove to a court that we are very responsible and compliant with current regulations.
An attacker breaks into a company during the night and attempts to log into the employee’s computers. The following is a log file from a real-time security system:
Computer 1 – login attempt 1
Computer 2 – login attempt 2
Computer 3 – login attempt 3 – locked out
What type of security system is this from?
a. NIPS
b. NIDS
c. HIDS
d. SIEM
A SIEM system is a real-time monitoring system that has a correlation engine. In this example, the attacker is attempting to only log in once to each machine, so he does not get locked out and records events in the security log. If a SIEM system provides a false positive, it will be due to using the wrong input filter.
- system administrator tried to install a bespoke piece of software but keeps getting errors. What action does the system administrator need to take? Choose the MOST likely answer.
a. Remove the software from the blacklist
b. Add the software to the blacklist
c. Use a group policy to install the software
d. Add the software to the whitelist
e. Remove a group policy to prevent installation
f. Remove the software from the whitelist
Whitelists are used to control what software can be installed, therefore, if it is not on the whitelist, you can never install it. Blacklists are used to control banned applications.