Module 4: Endpoint & Application Development Security Q Flashcards
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform?
IOC
Indicator of compromise (IOC) shows suspected malicious activity occurring on the network
A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their various network activities?
KRI
A key risk indicator (KRI) is a matrix, stored in the logs, of upper and lower bounds of specific activity occurring across the network. This is a metric used to measure the probability of an event or threat in the network
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred.
Which of the following actions would help achieve this objective?
Checking the dark web
Security professionals can identify the nature of attacks using the dark web by checking the information or software exchanges by cybercriminals
Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?
AIS
Automated indicator sharing (AIS) can be used to exchange cybersecurity threats between computers through computer-to-computer communication. This mitigates the limitation on the speed of sharing information through public sharing centers in open source intelligence
Which HTTP response header should be used to prevent attackers from displaying their content on a website?
X-Frame-Option
The X-Frame-Option response header from the server tells the browser whether it should allow rendering a new page in a <frame>, <iframe>, <embed></embed>, or <object></object></frame>
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks.
As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?
Implement measured boot with UEFI
A measured boot with UEFI provides the highest degree of security. The operating system sends the boot process log to the server every time the system starts to confirm the secure start process
What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network?
Implement hardening at endpoints with patch management and operating system safeguards
Patches are normally software codes that arrest identified vulnerabilities in the operating system codes. Updating the patches along with operating system safeguards hardens the protective cover for the network and computers
What is meant by “the chain of trust” in boot security?
Each step in the boot sequence relies on the confirmation from the previous boot sequence step
Confirmation from each sequence in secure booting confirms the entire boot sequence has been completed securely as a chain of trust passed from one sequence to the other
Which of the following is a disadvantage of the secure boot process?
It makes third party non-vendor-approved software difficult to implement
In a secure boot process, nonsystem vendor-approved hardware or software would not be initialized by the boot sequence, thereby affecting the implementation of such third-party software or custom hardware
Which of the following is part of the OS security configuration?
Disabling default passwords and unnecessary ports
Disabling default passwords and unnecessary ports are the primary steps for OS security configuration
John is a project manager with an IT firm, and his current project of developing an ERP application is in the development stage. Currently, the application is not yet mature or stable enough to be placed in a test environment. Which of the following secure coding review techniques is applicable for his project?
Perform static code analysis
The static code analysis should be performed before the source code compliance is done
Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective?
Only visit websites that are hosted over HTTPS or HSTS
HTTPS and HSTS force the website to encrypt data information, making it difficult to intercept and decrypt the data
Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?
Social engineering and phishing attacks
Social engineering and phishing attacks are prominently performed by the attacker without accessing the victim’s system
ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company’s valuable data on the internet.
Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation?
The cybersecurity expert checked with CISCP and also investigated the dark web
CISCP can be used by the expert to check the TTP database to identify the threat actors behind the attack. Monitoring the dark web can give information on the sale of illegal data on the internet through the dark web by threat actors
A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again.
What procedure should you adopt to ensure that you don’t compromise the browser and the computer’s operating system?
Making sure that the OS’s security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server
OS security is deployed, viruses checked, data transmission is encrypted, stored data of the cookie is safe from intercepting by a third person
A cybercriminal attempts to trick a computer’s user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage.
What should the user implement to avoid this situation?
X-Frame
X-Frame prevents cybercriminals from overlaying content over the webpage
What is NOT a principle of agile development?
Follow rigid sequential processes
The agile development model takes an incremental approach instead of the rigid sequential processes followed in the waterfall method
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?
Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS
The newer updates are easy to install in BIOS when located in flash memory
Which cookie is created by the website a user is currently browsing to store the customer’s browsing preference information?
First-party cookie
A first-party cookie is created by the website a user is currently viewing and is used by the website to customize the user’s preferences for a better customer experience
Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device?
HIDS
Host intrusion detection system (HIDS) is a software-based application that detects when an attack has occurred in an endpoint device
What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system?
Windows 10 tamper protection
Windows 10 tamper protection prevents malicious applications from accessing the registry, providing the operating system with real-time protection
A machine where the operating system runs an application on top of an operating system is called _______.
A virtual machine
A virtual machine is a computer within a computer that runs like an application on an operating system
Which of the following uses vulnerable applications to modify Microsoft registry keys?
System tampering
System tampering attacks occur when a vulnerable application is used by the threat actor to modify key operating system areas like registry keys, startup files, etc
A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what?
Compiler
A compiler converts the high-level language code into binary, which is understood by the computer
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application.
What process did Mary use?
Fuzzing
Fuzzing is a process used by common dynamic software testing tools where random inputs are inputted to check exceptions, memory corruption, crashes, etc
In an application development model, which of the following uses a sequential development process?
Waterfall development
Waterfall development follows a sequential model of application development
You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps.
Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project’s development model?
Automation
Automation is a key feature in SecDevOps
What is meant by “infrastructure as code” in SecDevOps?
SecDevOps method of managing software and hardware using principles of developing code
“Infrastructure as code” is the SecDevOps method of managing both software and hardware in the same way as developing code
Ronald is a software architect at MindSpace Software. He has been approached to develop a critical application for a finance company. The company has asked him to ensure that the employed coding process is secure. They have also requested that the project be completed in a few months, with a minimum version of the identified functionalities provided. The other functionalities can be developed later and added to the software while the application is live.
Which development process would be ideal for Ronald to employ to achieve this objective?
Ronald can employ the SecDevOps model to meet the requirements of the client
SecDevOps provide elasticity, scalability, continuous deployment, and secure coding practices that would serve the client’s requirements and hence is the best model to implement
What is the secure coding technique that organizes data within the database for minimum redundancy?
Normalization
Normalization is a process that organizes data within the database for minimum redundancy
