Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT & Data Assurance I (IST293) > Module 13: Incident Preparation, Response, & Investigation Q > Flashcards

Module 13: Incident Preparation, Response, & Investigation Q Flashcards

1
Q

While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks.

How should you reply?

A

An enterprise network will have more sensitive and confidential information

When multiple individuals could potentially have access to sensitive information in an enterprise, access control is essential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who implements access control based on the security level determined by the data owner?

A

Data custodian

Data custodians, or stewards, implement access control based on the security level determined by the data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?

A

Rule-based access control

Rule-based access control is the best fit in this case, as rule-based access control dynamically assigns roles to subjects based on a set of rules defined by a custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following access control schemes is most secure?

A

Mandatory access control

MAC is the most restrictive and most secure access control scheme, as the end user has no control over the objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.

Which of the following should you suggest?

A

Attribute-based access control

Attribute-based access control is highly flexible, as it uses policies that can combine different attributes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled “secret,” transactions.xlsx is labeled “top secret,” and employees.xlsx is labeled “confidential.” You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.

How should you configure the user clearance?

A

User A: top secret; User B: confidential

Top secret clearance allows User A to access all three files, and confidential clearance only allows User B to access employees.xlsx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who ensures the enterprise complies with data privacy laws and its own privacy policies?

A

Data privacy officer

The data privacy officer oversees data privacy compliance and manages data risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following access management controls best fits a home network?

A

Discretionary access control

DAS best fits a home network since it can be easily managed, and there are fewer restrictions imposed on home networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?

A

To prevent malware from tricking users by spoofing what appears on the screen

Secure Desktop Mode allows only integrity level system-trusted processes to run. This prevents malware from spoofing what appears on the screen to trick users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don’t.

Which of the following access control schemes should you choose?

A

Attribute-based access control

Attribute-based access control rules can be formatted using an if-then-else structure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are a data steward. You have been asked to restrict User A, who has an access clearance of “top secret” in a MAC-enabled network, from accessing files with the access label “secret.” This, in turn, does not affect any other user.

What action should you take?

A

Change the access clearance of User A to “confidential”

Changing User A’s access clearance to “confidential” will restrict User A from accessing “secret” files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner.

Which of the following actions should you take?

A

You should run a plausible simulated attack on the network

Simulating an attack using a realistic scenario allows for the most realistic analysis of every possible attack scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?

A

Cyber Kill Chain

Cyber Kill Chain illustrates that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal?

A

MITRE ATT&CK

MITRE ATT&CK is a knowledge base of attacker techniques that have been broken down and classified in detail. MITRE ATT&CK focuses on how threat actors interact with systems during an operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?

A

Network segmentation

Network segmentation helps contain attacks in properly designed networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?

A

Runbook

A runbook is a series of automated conditional steps that are part of an incident response procedure. A runbook usually has actions that are performed automatically

17
Q

Which of the following is performed during the incident response phase?

A

Making configuration changes

Making configuration changes to firewall rules, digital certificates, content/URL filters, data loss prevention settings, and mobile device management settings is part of the incident response phase. This is done to reduce the effect of or contain an attack

18
Q

A security breach recently occurred in your enterprise. During the incident investigation, you are asked to examine network-based device logs. Which of the following network devices should you examine first?

A

Firewall

Firewall log files should be examined first, as the firewall is the primary network device through which traffic passes

19
Q

Which of the following network-based device logs are the least important when performing an incident investigation?

A

Routers and Switches

Router and switch log files are the least important, as they cannot be directly targeted by outside attackers. Malicious traffic reaches routers and switches only after breaching all other security devices

20
Q

Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a “top secret” label cannot be accessed by any users while “secret” files remain accessible?

A

You should set the clearance of all users to “secret.”

When user clearance is set to “secret,” users cannot access “top secret” files but can still access “secret” files

21
Q

You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?

A

Secure the evidence

Immediately following a security breach, a digital forensic expert must secure the scene by securing evidence

22
Q

You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?

A

Use mirror image backups

Mirror image backups replicate every hard drive sector, including all files and any hidden data storage areas

23
Q

In an interview, you are asked to explain why software forensic tools are used more than forensic hardware workstations. How should you reply?

A

Forensic hardware workstations are more expensive than forensic software tools

Forensic hardware workstations are expensive, which makes software forensic tools more favorable to the majority

24
Q

Which of the following helps achieve data privacy in an enterprise network?

A

Access control schemes

Access control schemes help data privacy by restricting unauthorized access

25
Q

Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?

A

Jurisdictional applicability

Legal procedures will be based on the jurisdiction where the cloud resources are located, making legal actions on cloud forensics complicated because those laws will likely not be applicable in another jurisdiction in another country

26
Q

Which of the following is an example of evidence collected from metadata?

A

Time stamp

A time stamp is the recorded time that an event took place irrespective of the location of the endpoint. Time stamp metadata can be crucial evidence when investigating an incident

27
Q

You are a cybersecurity investigator who needs query log files for faster analysis during an incident investigation. Which of the following log management tools should you use?

A

journalctl

journalctl is a Linux utility used for querying and displaying log files

28
Q

Which of the following log management tools has content filtering?

A

syslog-ng

syslog-ng is an open-source utility for UNIX devices that includes content filtering

29
Q

Why are mobile devices critical to a digital forensics investigation?

A

Mobile devices are almost continually in a user’s possession

Mobile devices are almost always in a user’s possession, leaving them with significant evidence like call details, GPS data, and app data, making mobile devices more critical in cyber forensics

30
Q

Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?

A

DHCP server logs

DHCP server logs can identify new systems that mysteriously appear and then disappear as part of the network. They can also show what hardware device had which IP address at a specific time

IT & Data Assurance I (IST293) (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions