Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BYU-i CIT270 2021 > Module 13 > Flashcards

Module 13 Flashcards

1
Q

Which of the following is NOT part of the AAA framework?

a. Authentication
b. Access
c. Authorization
d. Accounting

A

b. Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

a. Data custodian/steward
b. Data privacy officer
c. Data controller
d. Data processor

A

a. Data custodian/steward

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which access control scheme is the most restrictive?

a. Role-Based Access Control

b. DAC
c. Rule-Based Access Control

d. MAC

A

d. MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of access control scheme uses predefined rules that makes it the most flexible scheme?

a. ABAC
b. DAC
c. MAC
d. NAC

A

a. ABAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which statement about Rule-Based Access Control is true?

a. It requires that a custodian set all rules.
b. It is no longer considered secure.
c. It dynamically assigns roles to subjects based on rules.
d. It is considered a real-world approach by linking a user’s job function with security

A

a. It requires that a custodian set all rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of these is a set of permissions that is attached to an object?

a. ACL
b. SRE
c. Object modifier
d. Entity attribute (EnATT)

A

a. ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can be used to provide both filesystem security and database security?

a. RBASEs
b. LDAPs
c. CHAPs
d. ACLs

A

d. ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?

a. Greenwich Mean Time (GMT)
b. Civil time
c. Daylight savings time
d. Time offset

A

d. Time offset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create?

a. Generic account
b. Service account
c. User account
d. Privilege account

A

b. Service account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of these is NOT an incident response process step?

a. Recovery
b. Reporting
c. Eradication
d. Lessons learned

A

b. Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan?

a. Walkthrough
b. Simulation
c. Tabletop
d. Incident Response Plan Evaluation (IRP-E)

A

c. Tabletop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose?

a. Diamond Model of Intrusion Analysis
b. Cyber Kill Chain
c. Mitre ATT&CK
d. Basic-Advanced Incident (BAI) Framework

A

a. Diamond Model of Intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create?

a. Playbook
b. Runbook
c. SIEM-book
d. ARC Codebook

A

a. Playbook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following should be performed in advance of an incident?

a. Containment
b. Segmentation
c. Isolation
d. Capture

A

b. Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor?

a. SIP
b. VoIP
c. Call manager
d. IP voice

A

c. Call manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is NOT a problem associated with log management?

a. Multiple devices generating logs
b. Large volume of log data
c. Different log formats
d. Time-stamped log data

A

d. Time-stamped log data

17
Q

Which tool is an open source utility for UNIX devices that includes content filtering?

a. syslog
b. nxlog
c. rsyslog
d. syslog-ng

A

a. syslog

18
Q

Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets?

a. NetFlow
b. sFlow
c. IPFIX
d. journalctl

A

b. sFlow

19
Q

Which of the following is the most fragile and should be captured first in a forensics investigation?

a. ARP cache
b. Kernel statistics
c. CPU cache
d. RAM

A

c. CPU cache

20
Q

Which of the following is a Linux utility that displays the contents of system memory?

a. Autopsy
b. WinHex
c. dd
d. memdump

A

d. memdump

21
Q
  1. Which of the following log management tools has content filtering?

journalctl
rsyslog
nxlog
syslog-ng

A

syslog-ng is an open-source utility for UNIX devices that includes content filtering.

22
Q

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.

Which of the following should you suggest?

  1. Attribute-based access control
  2. Role-based access control
  3. Rule-based access control
  4. Mandatory access control
A

Attribute-based access control is highly flexible, as it uses policies that can combine different attributes.

23
Q

A security breach recently occurred in your enterprise. During the incident investigation, you are asked to examine network-based device logs. Which of the following network devices should you examine first?

  1. DNS
  2. Routers and switches
  3. Firewall
  4. NIDS and NIPS
A

Firewall log files should be examined first, as the firewall is the primary network device through which traffic passes.

24
Q

Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?

  1. Total unavailability of digital evidence
  2. Jurisdictional applicability
  3. Time elapsed before noticing an incident
  4. High legal expenses
A

Legal procedures will be based on the jurisdiction where the cloud resources are located, making legal actions on cloud forensics complicated because those laws will likely not be applicable in another jurisdiction in another country.

25
Q

Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?

  1. To manage virtualized desktops in a secure manner
  2. To deny any authentication process when a security breach occurs
  3. To securely manage different instances of the desktop
  4. To prevent malware from tricking users by spoofing what appears on the screen
A

Secure Desktop Mode allows only integrity level system-trusted processes to run. This prevents malware from spoofing what appears on the screen to trick users.

26
Q

In an interview, you are asked to explain why software forensic tools are used more than forensic hardware workstations. How should you reply?

  1. Forensic hardware workstations are slower than forensic software tools.
  2. Forensic hardware workstations have limited functionalities compared to forensic software tools.
  3. Forensic hardware workstations make forensic operations more difficult to perform than forensic operations performed by forensic software tools.
  4. Forensic hardware workstations are more expensive than forensic software tools.
A

Forensic hardware workstations are expensive, which makes software forensic tools more favorable to the majority.

27
Q

In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal?

  1. SEAndroid
  2. MITRE ATT&CK
  3. Cyber Kill Chain
  4. The Diamond Model of Intrusion Analysis
A

MITRE ATT&CK is a knowledge base of attacker techniques that have been broken down and classified in detail. MITRE ATT&CK focuses on how threat actors interact with systems during an operation.

28
Q

Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?

  1. MITRE ATT&CK
  2. The Diamond Model of Intrusion Analysis
  3. Command and Control
  4. Cyber Kill Chain
A

Cyber Kill Chain illustrates that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process.

29
Q

You are a data steward. You have been asked to restrict User A, who has an access clearance of “top secret” in a MAC-enabled network, from accessing files with the access label “secret.” This, in turn, does not affect any other user.

What action should you take?

  1. Change the access label of the files to “top secret”
  2. Change the access clearance of User A to “secret”
  3. Change the access label of the files to “confidential”
  4. Change the access clearance of User A to “confidential”
A

Changing User A’s access clearance to “confidential” will restrict User A from accessing “secret” files.

30
Q

Which of the following is an example of evidence collected from metadata?

  1. RAM slack
  2. Time stamp
  3. Drive file slack
  4. Chain of custody
A

A time stamp is the recorded time that an event took place irrespective of the location of the endpoint. Time stamp metadata can be crucial evidence when investigating an incident.

31
Q

You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner.

Which of the following actions should you take?

  1. You should walk through the proposed recovery procedures.
  2. You should challenge an attacker to breach enterprise security.
  3. You should run a plausible simulated attack on the network.
  4. You should conduct a tabletop exercise.
A

You should run a plausible simulated attack on the network. (not for certain)

32
Q

Which of the following access management controls best fits a home network?

  1. Rule-based access control
  2. Discretionary access control
  3. Mandatory access control
  4. Role-based access control
A

DAS best fits a home network since it can be easily managed, and there are fewer restrictions imposed on home networks.

33
Q

You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?

  1. Rule-based access control
  2. Discretionary access control
  3. Mandatory access control
  4. Role-based access control
A

Rule-based access control is the best fit in this case, as rule-based access control dynamically assigns roles to subjects based on a set of rules defined by a custodian.

34
Q

Who ensures the enterprise complies with data privacy laws and its own privacy policies?

  1. Data controller
  2. Data privacy officer
  3. Data owner
  4. Data custodian/steward
A

The data privacy officer oversees data privacy compliance and manages data risk.

35
Q

Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a “top secret” label cannot be accessed by any users while “secret” files remain accessible?

  1. You should set the clearance of all users to “confidential.”
  2. You should change the label of “top secret” files to “confidential.”
  3. You should set the clearance of all users to “top secret.”
  4. You should set the clearance of all users to “secret.”
A

When user clearance is set to “secret,” users cannot access “top secret” files but can still access “secret” files.

36
Q

The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled “secret,” transactions.xlsx is labeled “top secret,” and employees.xlsx is labeled “confidential.” You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.

How should you configure the user clearance?

  1. User A: top secret; User B: confidential
  2. User A: confidential; User B: top secret
  3. User A: top secret; User B: secret
  4. User A: confidential; User B: secret
A

Top secret clearance allows User A to access all three files, and confidential clearance only allows User B to access employees.xlsx.

37
Q

Which of the following access control schemes is most secure?

  1. Mandatory access control
  2. Rule-based access control
  3. Role-based access control
  4. Discretionary access control
A

Correct. MAC is the most restrictive and most secure access control scheme, as the end user has no control over the objects.

38
Q

ou are a cybersecurity investigator who needs query log files for faster analysis during an incident investigation. Which of the following log management tools should you use?

  1. journalctl
  2. nxlog
  3. rsyslog
  4. syslog-ng
A

journalctl

BYU-i CIT270 2021 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions