Module 4: Endpoint & Application Development Security Q

Question 1

While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform?

Answer 1

IOC

Indicator of compromise (IOC) shows suspected malicious activity occurring on the network

Question 2

A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their various network activities?

Answer 2

KRI

A key risk indicator (KRI) is a matrix, stored in the logs, of upper and lower bounds of specific activity occurring across the network. This is a metric used to measure the probability of an event or threat in the network

Question 3

A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred.

Which of the following actions would help achieve this objective?

Answer 3

Checking the dark web

Security professionals can identify the nature of attacks using the dark web by checking the information or software exchanges by cybercriminals

Question 4

Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?

Answer 4

AIS

Automated indicator sharing (AIS) can be used to exchange cybersecurity threats between computers through computer-to-computer communication. This mitigates the limitation on the speed of sharing information through public sharing centers in open source intelligence

Question 5

Which HTTP response header should be used to prevent attackers from displaying their content on a website?

Answer 5

X-Frame-Option

The X-Frame-Option response header from the server tells the browser whether it should allow rendering a new page in a <frame>, <iframe>, <embed></embed>, or <object></object></frame>

Question 6

An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks.

As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?

Answer 6

Implement measured boot with UEFI

A measured boot with UEFI provides the highest degree of security. The operating system sends the boot process log to the server every time the system starts to confirm the secure start process

Question 7

What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network?

Answer 7

Implement hardening at endpoints with patch management and operating system safeguards

Patches are normally software codes that arrest identified vulnerabilities in the operating system codes. Updating the patches along with operating system safeguards hardens the protective cover for the network and computers

Question 8

What is meant by “the chain of trust” in boot security?

Answer 8

Each step in the boot sequence relies on the confirmation from the previous boot sequence step

Confirmation from each sequence in secure booting confirms the entire boot sequence has been completed securely as a chain of trust passed from one sequence to the other

Question 9

Which of the following is a disadvantage of the secure boot process?

Answer 9

It makes third party non-vendor-approved software difficult to implement

In a secure boot process, nonsystem vendor-approved hardware or software would not be initialized by the boot sequence, thereby affecting the implementation of such third-party software or custom hardware

Question 10

Which of the following is part of the OS security configuration?

Answer 10

Disabling default passwords and unnecessary ports

Disabling default passwords and unnecessary ports are the primary steps for OS security configuration

Question 11

John is a project manager with an IT firm, and his current project of developing an ERP application is in the development stage. Currently, the application is not yet mature or stable enough to be placed in a test environment. Which of the following secure coding review techniques is applicable for his project?

Answer 11

Perform static code analysis

The static code analysis should be performed before the source code compliance is done

Question 12

Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective?

Answer 12

Only visit websites that are hosted over HTTPS or HSTS

HTTPS and HSTS force the website to encrypt data information, making it difficult to intercept and decrypt the data

Question 13

Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?

Answer 13

Social engineering and phishing attacks

Social engineering and phishing attacks are prominently performed by the attacker without accessing the victim’s system

Question 14

ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company’s valuable data on the internet.

Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation?

Answer 14

The cybersecurity expert checked with CISCP and also investigated the dark web

CISCP can be used by the expert to check the TTP database to identify the threat actors behind the attack. Monitoring the dark web can give information on the sale of illegal data on the internet through the dark web by threat actors

Question 15

A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again.

What procedure should you adopt to ensure that you don’t compromise the browser and the computer’s operating system?

Answer 15

Making sure that the OS’s security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server

OS security is deployed, viruses checked, data transmission is encrypted, stored data of the cookie is safe from intercepting by a third person

Question 16

A cybercriminal attempts to trick a computer’s user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage.

What should the user implement to avoid this situation?

Answer 16

X-Frame

X-Frame prevents cybercriminals from overlaying content over the webpage

Question 17

What is NOT a principle of agile development?

Answer 17

Follow rigid sequential processes

The agile development model takes an incremental approach instead of the rigid sequential processes followed in the waterfall method

Question 18

Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?

Answer 18

Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS

The newer updates are easy to install in BIOS when located in flash memory

Question 19

Which cookie is created by the website a user is currently browsing to store the customer’s browsing preference information?

Answer 19

First-party cookie

A first-party cookie is created by the website a user is currently viewing and is used by the website to customize the user’s preferences for a better customer experience

Question 20

Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device?

Answer 20

HIDS

Host intrusion detection system (HIDS) is a software-based application that detects when an attack has occurred in an endpoint device

Question 21

What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system?

Answer 21

Windows 10 tamper protection

Windows 10 tamper protection prevents malicious applications from accessing the registry, providing the operating system with real-time protection

Question 22

A machine where the operating system runs an application on top of an operating system is called _______.

Answer 22

A virtual machine

A virtual machine is a computer within a computer that runs like an application on an operating system

Question 23

Which of the following uses vulnerable applications to modify Microsoft registry keys?

Answer 23

System tampering

System tampering attacks occur when a vulnerable application is used by the threat actor to modify key operating system areas like registry keys, startup files, etc

Question 24

A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what?

Answer 24

Compiler

A compiler converts the high-level language code into binary, which is understood by the computer

Question 25

Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application.

What process did Mary use?

Answer 25

Fuzzing

Fuzzing is a process used by common dynamic software testing tools where random inputs are inputted to check exceptions, memory corruption, crashes, etc

Question 26

In an application development model, which of the following uses a sequential development process?

Answer 26

Waterfall development

Waterfall development follows a sequential model of application development

Question 27

You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps.

Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project’s development model?

Answer 27

Automation

Automation is a key feature in SecDevOps

Question 28

What is meant by “infrastructure as code” in SecDevOps?

Answer 28

SecDevOps method of managing software and hardware using principles of developing code

“Infrastructure as code” is the SecDevOps method of managing both software and hardware in the same way as developing code

Question 29

Ronald is a software architect at MindSpace Software. He has been approached to develop a critical application for a finance company. The company has asked him to ensure that the employed coding process is secure. They have also requested that the project be completed in a few months, with a minimum version of the identified functionalities provided. The other functionalities can be developed later and added to the software while the application is live.

Which development process would be ideal for Ronald to employ to achieve this objective?

Answer 29

Ronald can employ the SecDevOps model to meet the requirements of the client

SecDevOps provide elasticity, scalability, continuous deployment, and secure coding practices that would serve the client’s requirements and hence is the best model to implement

Question 30

What is the secure coding technique that organizes data within the database for minimum redundancy?

Answer 30

Normalization

Normalization is a process that organizes data within the database for minimum redundancy