Network Defense Essentials Flashcards

1
Q

Clark, a thief, escaped from the civil forces and tried to enter the nearest company’s premises. The security systems installed at the entrance identified the unauthorized entry into the organization’s premises and triggered an alarm to activate security teams.

Which of the following types of security control system triggered an alarm in the above scenario when the unauthorized intrusion attempt was made?

A

Detection controls
These are used to detect unauthorized access attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Clark, a network security specialist, was assigned to secure an organization’s network. Clark implemented a network defense approach that can tackle network attacks such as DoS and DDoS and includes security monitoring methods such as IDS, SIMS, TRS, and IPS.

A

Reactive approach
Consist of methods or techniques that are used to detect attacks on the target network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following components of technical security controls protects the information passing through the network and preserves the privacy and reliability of the data?

A

Encryption and protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sally, a security professional, implemented a protocol for authenticating requests in computer networks. The protocol implemented by Sally is based on the client-server model, and uses encryption technology and a “ticket” mechanism to prove the identity of a user on a non-secure network.

Identify the protocol implemented by Sally in the above scenario.

A

Kerberos
Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Margaret, a system administrator, regularly administers the devices connected to the organizational network. She found that certain devices are vulnerable to sniffing attacks. To protect the device from such attacks, Margaret employed a protocol that encrypts the entire communication between the client and the server, including the user’s password, which protects it from sniffing attacks.

Identify the protocol employed by Margaret in the above scenario.

A

TACACS+
provides authentication, authorization, and accounting (AAA) services for network communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following protocols provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server?

A

RADIUS
Remote authentication dial-in user service (RADIUS) is an authentication protocol which provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

James, a network administrator, was assigned a task to create a standard access control model for the organization’s confidential data. He implemented an access control model that determines the usage and access policies for the users. After its implementation, only users with appropriate access rights can access the resource.

Which of the following access control models James has implemented in the above scenario?

A

Mandatory access control (MAC)
The MAC determines the usage and access policies for the users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Identify the access control terminology that is referred to as an explicit resource on which an access restriction is imposed.

A

Object
An object is an explicit resource on which an access restriction is imposed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Identify the access control model in which the access permissions are beyond the user control, which implies that users cannot amend the access policies created by the system.

A

Role-Based access control (RBAC)
In a role-based access control, the access permissions are available based on the access policies determined by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following access control models can be termed as need-to-know access model where the decision can be taken by an owner to provide or deny access to specific user or a group of users?

A

Discretionary Access Control (DAC)
DAC determines the access control taken by any possessor of an object in order to decide the access control of a subject on that object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ronnie, a security professional got many tickets stating that certain miscreants have been accessing the files with the credentials of the employees and they are creating havoc in the organization. To prevent such incidents, Ronnie implemented an authentication mechanism that identifies human characteristics for authenticating people.

A

Biometric authentication
Biometrics is a technology which identifies human characteristics for authenticating people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rachel, a security professional plans to implement an added layer of defense to protect critical assets from sophisticated cyberattacks. She implemented an authentication technique that uses a physical entity such as a security token as one of the credentials and the other credential can include security codes.

Identify the type of authentication implemented by Rachel in the above scenario.

A

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Alice, a shopping freak, logged into an ecommerce app and added certain favorite items to her cart list. Before placing the order, she added her shipping address and debit card details along with the CVV number on the app. After adding her card details, Alice clicked on the proceed option to pay the bill. During the bill payment, Alice received an OTP on her mobile phone. Upon providing a valid OTP on the payment gateway, Alice’s order was successfully accepted.

Which of the following types of authentication method was demonstrated in the above scenario?

A

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Smith, a developer in a software company, has designed a banking application. For security reasons, he created an authentication mechanism that requires logging-in with user credentials as well as an OTP, which is sent to the user’s mobile number.

Which of the following authentication methods Smith has implemented in the above scenario?

A

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Williams, a network administrator, was assigned a duty to configure network security devices such as intrusion detection system (IDS) and intrusion prevention system (IPS) to protect the organization network from intrusion and block hackers’ traffic from entering the network.

Which of the following ISO/IES standards Williams must follow while configuring or modifying these security devices?

A

ISO/IEC 27039
provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS).
(An Incident Detection System (IDS) is a hardware or software program using known intrusion signatures to identify and analyze inbound and outbound network traffic for suspicious activities.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following ISO/IEC standards provides ISMS implementation guide for the telecom industry that was developed jointly by ITU Telecommunication Standardization Sector (ITU-T) and ISO/IEC JTC1/SC 27?

A

ISO/IEC 27011
specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following acts allows a provision for the regulation of the processing of information relating to individuals and to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information?

A

Data Protection Act 2018 (DPA)
The DPA is an act to make provision for the regulation of the processing of information relating to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following Internet access policy starts with all services blocked and enables safe and necessary services individually?

A

Prudent Policy
A prudent policy starts with all services blocked. The Network defender enables safe and necessary services individually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Sam, a system administrator, was assigned to configure the information security policy that focuses on the overall security of a particular system in an organization. Jack selected a security policy that includes DMZ policy, encryption policy, policies for IDS/IPS implementation, and acceptable use policy.

Which of the following security policies Jack has implemented in the above scenario?

A

System-specific security policy (SSSP)
SSSP directs users while configuring or maintaining a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following types of Internet policy accepts a majority of Internet traffic and only blocks known dangerous services/attacks?

A

Permissive policy
This policy is wide open, and only known dangerous services/attacks or behaviors are blocked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following security labels is given to a data or object that is only accessible by few people in the organization because of its technical, business, and personal issues?

A

Restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Stella, a security team member, was instructed to train new employees on securing the organization from unwanted issues. As a primary part of training, she instructed employees not to throw sensitive documents in the trash, and also trained them on how to shred documents and erase magnetic data before putting them into the trash.

Which of the following attacks were mitigated by grooming employees on the above techniques?

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following types of physical threat involves activities such as planting a vehicle bomb, human bomb, or a postal bomb in and around the organization’s premises that impacts the physical security of the organization?

A

Terrorism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Identify the type of man-made threat that includes former employees who try to compromise the system by willingly harming the system components.

A

Vandalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Identify the fire-fighting system that provides a pre-piped water system for organizations and provides water supply to hose lines in certain locations.

A

Standpipe system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following physical security barriers can affect the fast evacuation of occupants in case of a fire emergency as it allows entry of only one person at a time?

A

Turnstiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following activities is a physical security measure implemented for maintaining servers and backup devices?

A

Use rack mount servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Freddy, a network engineer, detects that the network cabling of his organization was flawed and insecure. To implement secure network cabling, he installed a type of cable where each pair of wires is individually guarded with foil and is less susceptible to external interference.

Identify the type of cable utilized by Freddy in the above scenario.

A

Shielded twisted pair cable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Williams, an infrastructure designer, was assigned to design the arrangement of servers in a data center. The requirement is that the arrangement of equipment should maintain airflow to save energy. The arrangement designed by Williams can save the hardware from humidity and heat and increases hardware performance.

Which of the following options was employed by Williams in the above scenario?

A

Hot and cold aisles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following practices is NOT a measure for strengthening the physical security of an organization?

A

Never follow copyright rules and licensing restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following types of bastion host is a firewall device with only one network interface and all the traffic is routed through the bastion host?

A

Single-homed bastion host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Finch, a network administrator in the process of securing the internal network, segregated the LAN creating an independent subnetwork. The newly created subnetwork has been placed between the organization’s internal network and the outside public network to enable high-level protection for the LAN.

Identify the independent network created by Finch in the above scenario to protect the LAN.

A

Demilitarized Zone (DMZ)
A computer subnetwork is placed between the organization’s private network such as a LAN, and an outside public network such as the Internet, and acts as an additional security layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following types of bastion host operates with multiple network connections but the network connections do not interact with each other?

A

Non-routing dual-homed host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Given below are the different steps involved in firewall implementation and deployment.

Planning
Testing
Managing and maintaining
Configuring
Deploying
What is the correct sequence of steps involved in firewall implementation and deployment?

A

1 -> 4 -> 2 -> 5 -> 3
Planning, Configuring, Testing, Deploying, and then Managing, and maintaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following firewall technologies works at the session layer of the OSI model or the TCP layer of TCP/IP model and filters the traffic based on specified session rules?

A

Circuit-Level Gateway
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

John, a network specialist at an organization, was instructed to monitor unusual behaviors in the network. He implemented an IDS system that first creates models of possible intrusions and then compares these models with incoming events to make a detection decision.

Identify the type of IDS detection method employed by John in the above scenario.

A

Misuse detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

David, a network specialist at an organization, was monitoring incidents on an IDS solution. The IDS solution detected suspicious activity performed by a threat actor over the organization’s network and had sent an email alert to David operating at the control room. David immediately took the pre-configured counter-action and blocked the attacker from further attempts on the organization’s network.

Identify the tool that helped David detect intrusion attempts in the above scenario.

A

Suricata
a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Jackson, a security analyst at an organization, was instructed to strengthen the security of their intranet. He deployed a honeypot solution the monitors attackers’ tricks and exploits by logging all their activity. As a result, Jackson can respond to such exploits quickly before the attacker can misuse or compromise the system.

Identify the honeypot solution that helps Jackson in the above scenario.

A

KFSensor
acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans. KFSensor is pre-configured to monitor all TCP and UDP ports, along with ICMP. It is also configured with the emulation of common services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following types of honeypot simulates only a limited number of services and applications of a target system or network and if the attacker does something that the emulation does not expect, the honeypot will simply generate an error?

A

Low-interaction honeypot
Low-interaction honeypots emulate only a limited number of services and applications of a target system or network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following types of proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests?

A

Anonymous Proxy
An anonymous proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Identify the proxy through which a client system connects to a server without its knowledge and is configured to be entirely invisible to an end user.

A

Transparent proxy
A transparent proxy is a proxy through which a client system connects to a server without its knowledge.

42
Q

Identify the VPN component that is a computer that accepts VPN connections from VPN clients.

A

Tunnel terminating device
A VPN termination device can be — for example — a router, firewall or VPN connector. For a remote-access VPN, traffic is encrypted from one end device to another, but for a site-to-site VPN, traffic from end devices is sent without encryption to a VPN gateway.

43
Q

Identify the VPN core functionality in which packets over a VPN are enclosed within another packet that has a different IP source and destination because concealing the source and destination of the packets can protect the integrity of the data sent

A

Encapsulation
Encapsulation is the method in which protocols have separate functions to communicate among each other by hiding the data.

44
Q

Which of the following tools is an analytics-driven SEIM solution that automates the collection, indexing, and alerting of real-time machine data that are critical to an organization’s operations?

A

Splunk Enterprise
is a data-centric, modern security information and event management (SIEM) solution that delivers data-driven insights for full breadth visibility into your security posture so you can protect your business and mitigate risk at scale.

45
Q

Identify the security control that performs real-time security operations center (SOC) functions like identifying, monitoring, recording, auditing, and analyzing security incidents and performs threat detection and security incident response activities.

A

SIEM
Security Incident and Event Management (SIEM)
SIEM performs real-time SOC (Security Operations Center) functions like identifying, monitoring, recording, auditing, and analyzing security incidents.

46
Q

Which of the following anti-malware tools helps network defenders identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices?

A

McAfee LiveSafe
is a antivirus protection that defends against viruses, online threats, and ransomware with online and offline protection.

47
Q

Which of the following components of virtualization is an application or firmware that enables multiple guest operating systems to share a host’s hardware resources?

A

Hypervisor
An application or firmware that enables multiple guest operating systems to share a host’s hardware resources.

48
Q

Which of the following components of Docker engine manages the Docker images, containers, networks, and storage volume, and processes the requests of the Docker API?

A

Docker Daemon
( dockerd ) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

49
Q

Which of the following types of service enables the deployment of containers and container management through orchestrators and using which subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers?

A

CaaS
Container-as-a-Service (CaaS)
This cloud computing model provides containers and clusters as a service to its subscribers.

50
Q

An organization has recently leased an online cloud service. Using these services, subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers.

Identify the type of cloud computing service deployed by the organization in the above scenario.

A

CaaS
Container-as-a-Service (CaaS)
This cloud computing model provides containers and clusters as a service to its subscribers.

51
Q

Brian, a cloud architect, plans to share a pool of resources with another organization through the Internet to reduce costs. For this reason, he uses a cloud deployment model where the infrastructure is shared among organizations with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction.

Which of the following cloud deployment models helps Brian in the above scenario?

A

Community cloud
Shared infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.).

52
Q

Identify the actor in NIST cloud computing architecture who performs an independent examination of cloud service controls to express an opinion thereon and evaluates the services provided by a CSP based on security controls, privacy impact, and performance.

A

Cloud auditor
A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon.

53
Q

Which of the following features in AWS IAM initially provides minimum permissions to the user to ensure security and the permissions can be extended based on the requirement?

A

Grant least privilege
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

54
Q

Which of the following practices help security professionals in protecting the cloud environment?

A

Vendors should regularly undergo AICPA SAS 70 Type II audits

55
Q

Kevin, a security professional, plans to implement wireless technology in his organization for easy and fast transmission of data in a wireless network. For this purpose, he uses a technology that belongs to the IEEE 802.16 family of wireless networking standards and can function over several miles with data rates reaching up to 75 Mbps.

Identify the technology employed by Kevin in the above scenario.

A

WiMAX
The worldwide interoperability for microwave access (WiMAX) technology uses long distance wireless networking and high-speed Internet.

56
Q

Which of the following technologies belongs to the IEEE 802.16 family of wireless networking standards whose signals can function over several miles with data rates reaching up to 75 Mbps?

A

WiMAX
The worldwide interoperability for microwave access (WiMAX) technology uses long distance wireless networking and high-speed Internet.

57
Q

In which of the following wireless encryption techniques messages pass through a message integrity check using the TKIP to provide stronger encryption and authentication?

A

WPA
It is an advanced wireless encryption protocol using TKIP and Message Integrity Check(MIC) to provide strong encryption and authentication.

58
Q

Which of the following encryption algorithms is used on WPA2 wireless network encryption mechanism to provide stronger data protection and network access control?

A

AES-CCMP
is the strongest security in development for IEEE 802.11i.

59
Q

Annie, a security professional, has been tasked to implement Wi-Fi authentication in her organization to secure the wireless communication. For this purpose, she implemented an authentication process in which the station and AP use the same WEP key to provide authentication, and Annie enabled and configured the key manually on both the AP and client.

Identify the Wi-Fi authentication method employed by Annie in the above scenario.

A

Shared key authentication process

60
Q

In which of the following Wi-Fi authentication methods, each wireless station receives a secret key over a secure channel that is distinct from the 802.11 wireless network communication channels to establish a network connection?

A

Shared key authentication process

61
Q

Richard, a network engineer, performs advanced monitoring and detection of wireless network anomalies. He employed a Wi-Fi security auditing tool to detect, analyze, and identify wireless threats.

Identify the tool employed by Richard in the above scenario.

A

BoopSuite
is a set of tools written in Python designed for wireless auditing and security testing.

62
Q

Given below is the list of different cryptographic modes from stronger to weaker encryption.

  1. WPA2 Enterprise
  2. WPA Enterprise
  3. WPA2 Enterprise with RADIUS
  4. WPA
  5. WEP
  6. WPA2 PSK
  7. WPA3
    Identify the correct order of preference for choosing an encryption mode.
A

7 -> 3 -> 1 -> 6 -> 2 -> 4 -> 5
WPA3
WPA2 Enterprise with RADIUS
WPA2 Enterprise
WPA2 PSK
WPA Enterprise
WPA
WEP

63
Q

Which of the following mobile connection techniques is a wireless sensor protocol that enables communication between sensors and their controllers and is used in IoT devices such as heart rate or fitness monitoring equipment?

A

ANT
It is a wireless sensor protocol that enables communication between sensors and their controllers.

64
Q

Which of the following mobile device connection methods is based on a single network tower that serves devices located within a specific radius and are installed in urban, suburban, and rural areas and cover a large distance?

A

Cellular communication
is based on a single network tower that serves devices located within a specific radius.

65
Q

Ruben, a security engineer, received a complaint from an employee stating his mobile device has been misplaced by a miscreant, which contains certain confidential organizational data. For this reason, Ruben used a technique that allows him to erase all the device data by remotely executing a command.

Identify the technique used by Ruben in the above scenario.

A

Remote wipe
is a technique used for securing and protecting data from miscreants if a mobile device used by an employee was stolen or lost.

66
Q

Which of the following techniques separates the personal and organizational data in employee’s mobile devices and also helps in improving the security of organizational data?

A

Containerization
is a technique in which all personal and organizational data are segregated on an employee’s mobile device.

67
Q

Which of the following policies allows employees to use and manage the devices purchased by the organization and reduces the risks associated with BYOD by implementing stringent policies and protecting devices?

A

Corporate Owned, Personally Enabled (COPE)
refers to a policy that allows employees to use and manage the devices purchased by the organizations.

68
Q

Jack, an employee at an organization, was using his mobile device for enterprise purposes. The mobile device contained a vulnerable program that looked like a legitimate browsing app, which was downloaded from third-party website. The vulnerable program was exploited by an attacker to gain remote access and steal sensitive data.

Identify the mobile device security risk demonstrated in the above scenario.

A

Application-based risks

69
Q

Sam, a security professional, implemented a mobile policy in his organization to prevent phishing and malware attacks. He deployed a solution that uses machine learning and real-time analysis to protect mobile endpoints and also generates alerts for the enterprise mobility management solutions to perform appropriate actions.

Identify the solution deployed by Sam in the above scenario.

A

Mobile threat defense solution

70
Q

Which of the following measures allows security professionals to protect mobile data from unauthorized access?

A

Maintain access control for devices and data

71
Q

Which of the following components of IoT technology is used to bridge the gap between an IoT device and the end user, thereby allowing them to communicate with each other?

A

IoT gateway

72
Q

Bob, a patient with a paralyzed, wanted to turn on smart lights and AC in his room. As he cannot stand, Bob requested the hospital management to connect those device sensors to his mobile so that he can turn on/off the smart devices whenever he wants.

Which of the following IoT communication models was demonstrated in the above scenario?

A

Device-to-device
inter-connected devices interact with each other through the Internet, but they predominantly use protocols such as ZigBee, Z-Wave or Bluetooth.

73
Q

Which of the following features of an IoT-enabled IT environment involves the exchange of data between IoT-enabled organizations using different communication protocols?

A

Data collection

74
Q

In which of the following communication model IoT devices first communicate with the remote server rather than directly communicating with the client to send or receive data or commands?

A

Device-to-Cloud
devices communicate with the cloud directly, rather than directly communicating with the client to send or receive data or commands.

75
Q

Which of the following components of an IoT framework is referred to as the central point of data aggregation for most of the data in the ecosystem?

A

Cloud platform
In an IoT ecosystem, the cloud component is referred to as the central aggregation and data management point.

76
Q

Which of the following measures is NOT a best practice for security of the IoT environment?

Allow only trusted IP addresses to access the device from the Internet

Enable the UPnP port on routers

Implement a strong authentication mechanism

Disable the “guest” and “demo” user accounts if enabled

A

Enable the UPnP port on routers
UPnP enables apps and devices to automatically open and close ports to connect with the LAN network.

77
Q

Jeffry, an IT administrator wants to monitor, manage the IoT devices to detect flaws and diagnose operational issues and update the firmware remotely. He installed a solution that can perform the above-mentioned functions.

A

Predix
ensures data and communications integrity from asset connection through the data life cycle. Data is shared via IT/OT environments, into the cloud, via storage, and back into the OT, while the runtime environment is monitored for anomalies requiring incident response.

78
Q

Jack, a security specialist, implemented an IoT network in his organization; it includes a communication aggregator in one of the parts of network that communicates with a trusted local network as well as with an untrusted public network through a secure connection.

A

Gateway
A web security gateway, also known as a secure web gateway, is a device, cloud service, or application that is deployed at the boundaries of a network to monitor and stop malicious traffic from entering the organization, and to block users from accessing malicious or suspicious web resources.

79
Q

Which of the following objectives of cryptography ensures that the information is accessible only to those who are authorized to access it?

A

Confidentiality

80
Q

An organization, CyberSol.org, developed a software product and implemented key exchange algorithms to share its resources with customers. The organization also handed over a copy of keys to the law enforcement agency or a trusted third party to keep them in escrow. These keys can be used during crises or after an incident to decipher digital evidence under authorization or a warrant from a court of law.

Which of the following concepts was demonstrated in the above scenario?

A

Government Access to Keys (GAK)
GAK refers to the statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies.

81
Q

Brenda, an encryption specialist, wants to use an advanced algorithm to encrypt the digital information in her organization. For this purpose, she uses a symmetric-key algorithm in which the encryption as well as decryption is performed using the same key and has a 128-bit block size.

Identify the encryption algorithm used by Brenda in the above scenario.

A

AES
Advanced Encryption Standard (AES)
The AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.

82
Q

John wants to send an email to Bob by attaching a confidential encrypted file. He employs an Internet encryption and authentication standard that uses modular arithmetic and elementary number theory for performing computations.

Identify the cryptographic algorithm employed by John in the above scenario.

A

RSA
is an Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman.

83
Q

Which of the following tools helps security professionals encrypt and decrypt files using 128-bit or 256-bit encryption?

A

AxCrypt
is secure because it endeavors to only use accepted practices and algorithms and does not attempt to invent any new encryption algorithms or methods.

84
Q

Identify the tool that allows security professionals to encrypt critical files stored on the computer and the cloud.

A

CryptoForge
employs four strong cryptographic algorithms to protect data: Blowfish, AES (Advanced Encryption Standard), TripleDES and Gost.

85
Q

Steve, HR of an organization, wants to send an important file containing employee data to the payroll department. He digitally signs the file and attaches a digital certificate to it before sending to the payroll team. The payroll team verify the signature and add the employee’ details to the database.

Identify the attribute of the digital certificate that helped the payroll team verify the digital signature of Steve.

A

Public key
is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.

86
Q

Identify the attribute of a digital certificate that specifies the hash value for the certificate, which is then used for verifying the certificate’s integrity.

A

digital certificate is a technology used to associate a user’s identity to a public key that has been digitally signed by a trusted third party.

87
Q

In which of the following states of data is it encrypted before being carried through the encrypted connections such as HTTPS, SSL, TLS and FTPS?

A

Data in transit

88
Q

Identify the data security technology that allows security professionals to makes a duplicate copy of critical data to be used for restoring and recovery purposes when the primary copy is lost or corrupted.

A

Data resilience and backup

89
Q

Which of the following media is considered as the best media for data backup and facilitates data backup at an enterprise level, has no storage capacity limits, and can be used to store large amounts of data?

A

Tape drive

90
Q

David, a system administrator, was assigned a task to secure the organization’s data. He employed a data encryption tool that establishes and maintains an on-the-fly-encrypted volume, which means the tool automatically encrypts the data just before it is saved and decrypts just after it is loaded.

Identify the tool employed by David in the above scenario.

A

VeraCrypt
is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or (in Windows) the entire storage device with pre-boot authentication.

91
Q

Given below are the different steps involved in data backup strategy.

  1. Selecting the backup types
  2. Choosing the right backup solution
  3. Identifying the critical business data
  4. Selecting a backup technology
  5. Selecting the backup media
  6. Conducting a recovery drill test
  7. Selecting the appropriate RAID levels
  8. Selecting an appropriate backup
    method
    Identify the correct sequence of steps involved.
A

3 -> 5 -> 4 -> 7 -> 8 -> 1 -> 2 -> 6
Identifying the critical business data
Selecting the backup media
Selecting a backup technology
Selecting the appropriate RAID levels
Selecting an appropriate backup method
Selecting the backup types
Choosing the right backup solution
Conducting a recovery drill test

92
Q

Identify the RAID system feature that improves the read/write performance of data by dividing it into small chunks and spreading it over multiple disks.

A

Disk striping
RAID 0 (disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices, such as hard disks or solid-state drives (SSDs), in a redundant array of independent disks (RAID) group.

93
Q

Which of the following measures is the best practice for a successful DLP implementation?

A

Identify sensitive data for protection
(DLP includes a set of software products and processes that do not allow users to send confidential corporate data outside the organization.)

94
Q

Which of the following measures is NOT a best practice for a successful DLP implementation?

Implement DLP with a maximum base
Identify the roles and responsibilities of
individuals
Identify the main objective of DLP
Identify sensitive data for protection

A

Implement DLP with a maximum base

95
Q

Which of the following advantages of network traffic monitoring will be achieved by establishing SLAs and compliance applicable to users or consumers by providing complete infrastructure information while drafting the SLA?

A

Minimizing risk
(service-level agreement (SLA) sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems, and the metrics by which the effectiveness of the process is monitored and approved.)

96
Q

Identify the advantage of monitoring network traffic.

A

Finding unnecessary and vulnerable applications

97
Q

In which of the following types of attack signature analysis, security professionals need to analyze a series of packets over a long period of time to detect attack signatures?

A

Composite-signature-based analysis
is one that looks at a series of fragments from the same connection and determines whether the fragments are overlapping (this would be an obvious attack because a real fragmented packet can be reassembled, whereas overlapping fragments cannot).

98
Q

Which of the following attack signature analysis techniques allows network defenders to detect suspicious activity by analyzing the data in the payload and matching a text string to a specific set of characters?

A

Content-based signature analysis
that are designed to examine the content of such things as network packets or log entries. -Content-based signatures are typically easy to build and look for simple things, such as a certain string of characters or a certain flag set in a TCP packet.

99
Q

Which of the following Wireshark filters helps network administrators view only SMTP traffic over the network?

A

tcp.port eq 25
(Show only SMTP (port 25) and ICMP traffic.)

100
Q

Given below are the different steps to start capturing packets with Wireshark.

  1. An overview of the available interfaces
    can be obtained using the Capture
    Interface dialog box.
  2. Double-click on an interface in the main
    window.
  3. Start a capture from this dialog box
    using the Start button.
  4. A capture can be immediately started
    using the current settings by selecting
    Capture → Start or by clicking the first
    toolbar button.
    Identify the correct sequence of steps involved.
A

2 -> 1 -> 3 -> 4
Double-click on an interface in the main
window.
An overview of the available interfaces
can be obtained using the Capture Interface dialog box.
Start a capture from this dialog box
using the Start button.
A capture can be immediately started
using the current settings by selecting Capture → Start or by clicking the first toolbar button.