Objective 3 Flashcards
Reed & Jamario Security Services has recommended your company use a port based system to prevent unauthorized users and devices. Which of the following are they recommending?
Fail-open
IDS
Fail-closed
802.1X
802.1X is the correct answer. 802.1X is a port-based network access control protocol that helps prevent unauthorized users and devices from accessing the network. It requires devices to authenticate before being granted access to the network, typically using methods like username/password or certificates.
Fail-open is incorrect because it refers to a security mechanism where, in the event of a failure, the system allows access instead of blocking it, which isn’t specifically related to port-based security. IDS (Intrusion Detection System) is incorrect because it monitors network traffic for suspicious activity but does not control access based on ports. Fail-closed is incorrect because it means that access is denied when a failure occurs, but it is not specifically a port-based security method like 802.1X.
What element of backup strategy involves making data copies regularly at set intervals?
Replication
Load balancing
Journaling
Frequency
Frequency is the correct answer. The frequency element of a backup strategy refers to how often data backups are performed at set intervals, ensuring that the data is regularly copied to safeguard against data loss.
Replication is incorrect because it involves duplicating data in real-time or near real-time to another location, not about making copies at set intervals. Load balancing is incorrect because it refers to distributing network or application traffic across multiple systems to optimize performance, not related to backup strategies. Journaling is incorrect because it involves tracking changes to data or files for recovery purposes, but it is not about making regular copies of the data.
Dion Training Solutions needs a network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?
Layer 7
Layer 6
Layer 3
Layer 5
Layer 7 is the correct answer. This appliance would primarily operate at Layer 7 of the OSI model, which is the Application layer. Layer 7 handles application-level protocols, such as HTTP, and can filter traffic based on URL, HTTP headers, and specific web application functionalities, making it suitable for the task described.
Layer 6 is incorrect because it refers to the Presentation layer, which is concerned with data translation and encryption, not web traffic filtering. Layer 3 is incorrect because it refers to the Network layer, which handles routing and addressing, but not content-based filtering. Layer 5 is incorrect because it refers to the Session layer, which manages session establishment and termination but doesn’t deal with filtering web application traffic.
Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?
SASE
SD-WAN
TLS
AH
SD-WAN is the correct answer. Software-Defined Wide Area Networking (SD-WAN) is designed to optimize WAN performance by intelligently routing traffic based on real-time conditions. It provides advanced network management, performance optimization, and can be deployed both on-premises and in the cloud, making it the ideal solution for Dion Training Solutions.
SASE (Secure Access Service Edge) is incorrect because it focuses more on security and access management, integrating SD-WAN with security features, but it is not the primary solution for WAN optimization alone. TLS (Transport Layer Security) is incorrect because it is a protocol for securing communications, not for optimizing or managing WAN performance. AH (Authentication Header) is incorrect because it is part of IPsec used for authentication and integrity of data packets, not for WAN management or optimization.
A power plant utilizes a specialized system to manage and monitor its daily operations, including machinery and sensor feedback. While these systems offer centralized control, what security concern is most associated with them?
Runtime efficiency constraints.
Optimization for containerized deployments.
Constrained memory use.
Limited security update capabilities.
Limited security update capabilities is the correct answer. Specialized systems used in critical infrastructures like power plants often run on legacy or custom hardware and software that may not support regular or timely security updates. This can make them vulnerable to exploits and attacks, as vulnerabilities may remain unpatched for long periods.
Runtime efficiency constraints are incorrect because they refer to system performance limitations, not directly related to security. Optimization for containerized deployments is incorrect because specialized systems in power plants are less likely to be optimized for containerized environments, and containerization is not a primary security concern in this context. Constrained memory use is incorrect because while memory constraints may affect performance, they do not directly relate to the security challenges faced by these systems, such as the difficulty of applying updates.
Clumsy Contraptions Engineering is seeking to change its security footing. In the past, they have found that too many pieces of malicious software have gotten past the system. Their Chief Security Officer believes they need a device which will actively evaluate traffic and reject or modify packets according to policies the company sets. What type of device is the CSO suggesting?
SASE
Inline
Remote Access
Fail-close
Inline is the correct answer. An inline device actively inspects and processes traffic as it flows through the network. It can reject or modify packets according to the policies set by the company, providing real-time filtering and security control. This matches the CSO’s requirement for a device that actively evaluates traffic.
SASE (Secure Access Service Edge) is incorrect because it is a broader solution that combines network security services like SD-WAN with secure access but isn’t focused on directly filtering or modifying network traffic in the same way an inline device does. Remote Access is incorrect because it refers to enabling users to access the network remotely, not evaluating traffic or rejecting packets. Fail-close is incorrect because it refers to a mechanism where a system denies access or stops operations when it encounters an issue, but it doesn’t describe active traffic evaluation and modification.
Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?
Air-gapped network
Serverless architecture
Microservices architecture
IaC
IaC (Infrastructure as Code) is the correct answer. IaC is an approach where infrastructure setup, management, and configuration are handled using scripts and automated tools, rather than through manual, hands-on methods. This allows for more efficient, repeatable, and scalable management of infrastructure.
Air-gapped network is incorrect because it refers to a network that is physically isolated from other networks for security reasons, not related to automation or scripting of systems. Serverless architecture is incorrect because it refers to a model where the infrastructure is abstracted away and managed by a cloud provider, but it does not specifically focus on the automation of infrastructure setup. Microservices architecture is incorrect because it refers to a way of designing software applications as a collection of loosely coupled, independent services, not about automating infrastructure setup.
To improve security at their law firm, Norah, a security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?
802.1x
Layer 7 Firewall
Layer 4 Firewall
VPN
Layer 7 Firewall is the correct answer. A Layer 7 firewall, also known as an application firewall, operates at the Application layer of the OSI model. It can inspect the actual content of the traffic (e.g., HTTP requests, FTP commands) and make decisions based on the nature of the communication. This type of firewall is highly effective for selectively blocking or allowing traffic based on specific applications or behaviors, providing granular control.
802.1x is incorrect because it refers to a network access control protocol, not a firewall type. Layer 4 Firewall is incorrect because it operates at the Transport layer, filtering based on protocols like TCP/UDP and port numbers, but it doesn’t inspect the content of the traffic. VPN is incorrect because it is a method for creating secure remote connections, not a type of firewall.
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
Inadequate buffer overflow protections.
Overhead from virtualization.
Lack of legacy protocol support.
Uncontrolled cloud access.
Inadequate buffer overflow protections is the correct answer. Real-time operating systems (RTOS) are often optimized for performance and responsiveness, which may lead to trade-offs in security. In particular, buffer overflow protections may be less robust, increasing the risk of vulnerabilities that could be exploited by attackers to corrupt memory or execute arbitrary code.
Overhead from virtualization is incorrect because RTOSs are typically designed to run on dedicated hardware for optimal performance, and virtualization is not typically a concern for real-time systems. Lack of legacy protocol support is incorrect because it refers to compatibility issues with older protocols, which is unrelated to real-time performance optimizations. Uncontrolled cloud access is incorrect because, while cloud access could pose a risk, it is not specifically related to the real-time nature of the operating system itself.
Kelly Innovations LLC wants to implement a network appliance that focuses on filtering traffic based on source and destination IP addresses, and port numbers. Which layer of the OSI model is this appliance primarily operating at?
Layer 4
Layer 2
Layer 5
Layer 3
Layer 4 is the correct answer. The appliance described focuses on filtering traffic based on source and destination IP addresses, as well as port numbers. This relates to the Transport layer (Layer 4) of the OSI model, where port numbers and transport protocols like TCP and UDP are used to filter traffic.
Layer 2 is incorrect because it pertains to the Data Link layer, which deals with MAC addresses and switching, not IP addresses or port numbers. Layer 5 is incorrect because it refers to the Session layer, which is responsible for managing sessions between applications, not traffic filtering based on IP and port. Layer 3 is incorrect because, although IP addresses are used at Layer 3 (Network layer), the filtering described here is more specific to Layer 4, which involves transport protocols and port numbers.
To protect customers’ financial records and adhere to standards set to prevent money laundering and fraud, which of the following is the BEST strategy a bank should adopt?
Strict adherence to AML/KYC regulations and secure data storage
Continuous security monitoring and intrusion detection systems
Integration of multi-factor authentication for user access
Creating a schedule for the creation of regular encrypted data backups
Strict adherence to AML/KYC regulations and secure data storage is the best strategy for protecting customers’ financial records and preventing money laundering and fraud. Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations are designed to ensure financial institutions can identify and prevent fraudulent activities. Adhering to these regulations, alongside secure data storage, is crucial for compliance and the protection of sensitive financial data.
Continuous security monitoring and intrusion detection systems are important for detecting and responding to potential threats but are more focused on preventing breaches rather than directly addressing AML/KYC concerns. Integration of multi-factor authentication for user access is a good security measure but addresses access control, not directly fraud prevention or compliance with financial regulations. Creating a schedule for the creation of regular encrypted data backups is an essential security practice but does not specifically address AML/KYC requirements or fraud prevention.
Which of the following terms refers to the ability to obtain and apply security updates or fixes for software or systems?
Responsiveness
Risk transference
Patch availability
Inability to patch
Patch availability is the correct answer. This term refers to the ability to obtain and apply security updates or fixes for software or systems. It ensures that vulnerabilities can be addressed in a timely manner through updates provided by the software vendor or developer.
Responsiveness refers to the ability to respond quickly to threats or incidents but is not specifically about security updates. Risk transference is a risk management strategy where an organization transfers risk to another party, such as through insurance, rather than addressing vulnerabilities directly. Inability to patch refers to situations where security updates cannot be applied, which is the opposite of patch availability.
Dion Training is implementing a security device tasked with inspecting live network traffic and taking immediate action to mitigate potential threats. Which of the following security items would MOST effectively satisfy this requirement?
Fail-open mode
An active device
A passive device
Fail-closed mode
An active device is the most effective solution for inspecting live network traffic and taking immediate action to mitigate potential threats. Active devices, such as Intrusion Prevention Systems (IPS), can not only monitor traffic but also actively block or mitigate malicious activities in real-time.
Fail-open mode refers to a device’s behavior when it fails, allowing traffic to flow freely even if the device is down, which is not suitable for immediate threat mitigation. A passive device only monitors traffic and does not take active steps to block or mitigate threats, making it less effective in this scenario. Fail-closed mode ensures that the device blocks traffic if it fails, but it does not inherently provide the ability to inspect and mitigate threats in real-time like an active device does.
Kelly Innovations LLC is implementing a wireless network and needs a flexible authentication method that supports multiple mechanisms for authenticating both wired and wireless users. Which protocol BEST fits their requirements?
EAP
RADIUS
WPA3
LDAP
EAP (Extensible Authentication Protocol) is the best fit for Kelly Innovations LLC’s requirements. EAP is a flexible authentication framework that supports multiple mechanisms for both wired and wireless network users. It can be used in various authentication scenarios and allows for different authentication methods like certificates, passwords, smart cards, or biometric data.
RADIUS is a protocol used for authentication, authorization, and accounting but does not directly handle the flexible authentication mechanisms that EAP supports. WPA3 is a security protocol specifically for securing wireless networks, but it does not focus on the flexible authentication methods that EAP can provide. LDAP is a directory access protocol primarily used for querying and modifying directory services and is not an authentication protocol on its own like EAP.
Kelly Innovations LLC needs to securely authenticate remote users and needs to be able to handle multiple authentication methods. Which of the following protocols would be BEST suited for this scenario?
EAP
IPSec
SD-WAN
ICMP
EAP (Extensible Authentication Protocol) would be the best protocol for securely authenticating remote users with multiple authentication methods. EAP supports a variety of authentication mechanisms, such as passwords, certificates, or biometrics, making it highly flexible for different scenarios, including remote user authentication.
IPSec is a security protocol used to secure IP communications through encryption and authentication, but it doesn’t inherently handle the authentication of users in a flexible way. SD-WAN is a technology that optimizes and secures WAN connections but is not specifically focused on user authentication. ICMP is a network diagnostic protocol (used for pinging and error reporting) and does not deal with authentication.
Dion Training Solutions is looking to upgrade their current firewall to one that can detect and block advanced threats, provide additional functions like intrusion prevention, and give them deep visibility into traffic. Which of the following types of firewalls is BEST described here?
Packet-filtering firewall
Stateful firewall
Proxy firewall
NGFW
NGFW (Next-Generation Firewall) is the best choice for Dion Training Solutions. NGFWs offer advanced features like intrusion prevention, deep packet inspection, and advanced threat detection, which go beyond the capabilities of traditional firewalls. They can also provide greater visibility into traffic, making them ideal for handling more sophisticated security challenges.
Packet-filtering firewalls examine traffic based on predetermined rules but lack advanced capabilities like intrusion prevention or deep traffic analysis. Stateful firewalls track the state of active connections but are not as capable of handling advanced threats or providing deep visibility into traffic as an NGFW can. Proxy firewalls work by acting as an intermediary between users and the services they access but also do not offer the same level of advanced threat detection and traffic visibility as NGFWs.
When considering data storage, which of the following BEST describes a method to capture the state of a system at a specific point in time, offering a quick recovery solution without the need for a full backup?
Incremental backups
Full backups
Differential backups
Snapshots
Snapshots best describe the method to capture the state of a system at a specific point in time, offering a quick recovery solution. Snapshots allow you to preserve the current state of the system, enabling rapid restoration to that point without the need for a full backup. They typically capture the entire system state, including settings, configurations, and data.
Incremental backups only capture changes made since the last backup, making recovery slower compared to snapshots, as they may require multiple backup sets to restore. Full backups capture the entire system, but they require more storage space and time, making them less efficient for quick recoveries. Differential backups capture changes since the last full backup but can also become larger over time, requiring more time for recovery compared to snapshots.
Which of the following techniques replaces sensitive data with fictitious, but structurally similar, data to protect it in non-production or test environments?
Hashing
Encryption
Masking
Segmentation
Masking is the technique that replaces sensitive data with fictitious but structurally similar data to protect it in non-production or test environments. This ensures that the sensitive information remains confidential while still allowing developers and testers to work with realistic data patterns.
Hashing is a method of transforming data into a fixed-length string, typically for storing passwords, but it is not reversible and does not preserve the original structure of the data. Encryption involves converting data into an unreadable format, but it is meant for protecting data during storage or transmission rather than for replacing it in non-production environments. Segmentation involves dividing a network or system into smaller, isolated sections for security purposes, but it doesn’t directly address data protection in testing scenarios.
Which of the following strategies is MOST effective for organizations aiming to mitigate the risk of widespread disruptions due to a localized issue in their infrastructure?
Permission restrictions
Infrastructure diversification
Geographic restrictions
Data masking
The correct answer is Infrastructure diversification. This strategy involves spreading critical infrastructure across multiple locations or using different technologies to ensure that if one part of the system faces issues, others can take over, preventing a widespread disruption. By diversifying infrastructure, an organization can reduce the risk of a single point of failure affecting its entire operations.
The other options are less effective in this context. Permission restrictions focus on controlling user access to systems, which can prevent unauthorized access but does not address the risk of infrastructure failure. Geographic restrictions may limit access based on location but won’t solve infrastructure issues. Data masking is used to protect sensitive data, but it does not address the potential for infrastructure disruptions.
Croma Soft, a game company, wants to reduce the public-facing attack surface for their company. They hope to achieve this by using a device that can handle and relay requests for servers. Which type of network appliance would be MOST appropriate for this purpose?
IDS
Load balancer
Jump server
Proxy server
The correct answer is Proxy server. A proxy server acts as an intermediary between users and the resources they wish to access, relaying requests and responses. By using a proxy server, Croma Soft can hide their internal servers from direct exposure to the internet, thus reducing the public-facing attack surface. This helps protect their infrastructure by intercepting malicious traffic before it reaches sensitive servers.
The other options are less suited for this purpose. An IDS (Intrusion Detection System) detects malicious activity but does not act as an intermediary or relay traffic. A Load balancer distributes traffic across multiple servers but does not inherently reduce the attack surface in the way a proxy server does. A Jump server provides a secure entry point for administrative access to a network, but it is not designed to handle general internet-facing requests.
Which of the following terms refers to the delivery of computing services over the internet, such as servers, storage, databases, networking, software, analytics, and intelligence?
IoT
Cloud
On-premises
Virtualization
The correct answer is Cloud. Cloud computing refers to the delivery of various computing services—like servers, storage, databases, networking, software, analytics, and intelligence—over the internet. This enables users to access and use these services without the need for physical infrastructure on-site, offering scalability, flexibility, and cost-effectiveness.
The other options are not correct in this context. IoT (Internet of Things) refers to interconnected devices that communicate with each other, typically not focusing on the delivery of computing services like the cloud does. On-premises refers to computing resources or services hosted and maintained within an organization’s own physical location, as opposed to the cloud. Virtualization refers to creating virtual versions of physical resources like servers or storage but is a technique often used within cloud environments.
To enhance the privacy of its users, Kelly Innovations LLC is considering a system that can act as an intermediary for internet requests, hiding the origin of the request from the destination server. Which solution would BEST fit this purpose?
Jump server
Router
IPS
Proxy server
The correct answer is Proxy server. A proxy server acts as an intermediary between a client and the destination server. It forwards requests from users to the destination while hiding the user’s actual IP address, thus enhancing privacy. Proxy servers can be used for a variety of purposes, such as improving security, reducing latency, and controlling access to content.
The other options are incorrect in this context. A Jump server is a secure server used to access other servers within a network, typically in a segmented or controlled environment. A Router is responsible for directing traffic between different networks but does not necessarily hide the origin of requests like a proxy does. An IPS (Intrusion Prevention System) focuses on detecting and preventing malicious activity on the network rather than acting as an intermediary for privacy enhancement.
As part of their expansion, Kelly Innovations LLC decided to break their monolithic application into microservices. While this provides scalability, which of the following security implications should the organization be MOST concerned with?
Granular access controls requirements
Singular deployment cadence
Consolidation of data storage
Reduced monitoring endpoints
The correct answer is Granular access controls requirements. As Kelly Innovations LLC moves to a microservices architecture, each service becomes a smaller, independent unit that communicates with others over the network. This necessitates more granular access control, meaning each microservice needs its own specific security policies and access controls to ensure that only authorized users or services can interact with them. This increases the complexity of managing permissions and security for each microservice individually.
The other options are less of a concern. Singular deployment cadence typically becomes less relevant in microservices because each service can be deployed independently. Consolidation of data storage isn’t a direct security concern of microservices; instead, each microservice might have its own data store, which can even improve security by isolating data. Lastly, while reduced monitoring endpoints might be a challenge, it is not as critical as the need for granular access control, as it is a technical aspect that can be addressed with proper monitoring tools.
What kind of data typically requires processing by machines and specialized software?
Geographically restricted
Critical
Segmented
Non-human readable
The correct answer is Non-human readable. This type of data typically requires processing by machines and specialized software because it is not intended to be understood directly by humans. Examples include machine logs, raw sensor data, and encrypted data. Such data is often structured in a way that makes it difficult for humans to interpret directly without the aid of software designed to process and analyze it.
The other options are less relevant. Geographically restricted data refers to data that may be subject to access limitations based on location but doesn’t necessarily need specialized software to process. Critical data is important but doesn’t inherently require machine processing—it could be processed by humans with the appropriate tools. Segmented data refers to data that’s divided into parts, and while it may require special handling, it’s not specifically related to non-human readability.
Which of the following terms BEST represents the approach that divides a physical network into multiple distinct units to manage traffic and enhance security?
Containerization
High availability
Logical segmentation
Software-defined networking (SDN)
The correct answer is Logical segmentation. This approach involves dividing a physical network into multiple smaller, logically distinct units to manage traffic and improve security. By segmenting the network logically, an organization can apply specific policies, controls, and restrictions to different parts of the network, which helps to reduce the attack surface and prevent unauthorized access between segments.
The other options are incorrect because Containerization refers to isolating applications and their dependencies for easier deployment, High availability refers to designing systems to ensure that services are continuously available, and Software-defined networking (SDN) focuses on network management using software to control traffic and automate networking tasks, but it doesn’t specifically refer to dividing a physical network into units for security.
Mary works at Kelly Innovations LLC, where she is tasked with developing and testing new software releases. She is looking at updating the backup system since she noticed that sometimes they need to revert to a previous build several times a day due to unexpected issues. Which backup frequency would be the most appropriate for her to implement?
Differential backups
Continuous backups
Daily incremental backups
Weekly full backups
The correct answer is Continuous backups, because this backup method allows for real-time or near-real-time backups of data, which is ideal for environments where frequent updates and changes occur, such as Mary’s situation with software releases. Continuous backups ensure that data is always available for recovery, reducing the risk of losing important changes between backup intervals.
The other answers are incorrect because differential backups only back up changes made since the last full backup, which may not be frequent enough for Mary’s needs. Daily incremental backups back up only the changes since the last backup (full or incremental), which could still leave gaps if several updates are made in a day. Weekly full backups would not provide the frequent protection needed for daily or multiple daily changes in the software environment.
Which of the following techniques involves maintaining a log of all transactions and changes, allowing a system to recover to the exact point of failure after a crash?
Replication
Journaling
Snapshots
Incremental backups
The correct answer is Journaling, because it involves maintaining a log of all transactions and changes made to a system or database. This log allows the system to recover to the exact point of failure by replaying the journal entries, ensuring that no data is lost during a crash.
The other answers are incorrect because replication involves copying data to another location for redundancy, but it does not log changes to enable precise recovery after a failure. Snapshots capture the state of the system at a specific point in time, but they do not provide the granularity needed to recover exactly to the point of failure. Incremental backups save only the changes since the last backup but do not provide the same level of detail as journaling for crash recovery.
In an environment utilizing ICS, which of the following aspects is critical to assess, given that certain components might not allow modifications for security improvements?
Ease of Deployment
Inability to Patch
Ease of Recovery
Risk Transference
The correct answer is Inability to Patch, because in Industrial Control Systems (ICS), certain components may not allow modifications or regular patching due to their critical role in real-time operations. This makes it difficult to implement security improvements or fix vulnerabilities, which is a key concern when assessing ICS security.
The other answers are incorrect because ease of deployment refers to how easily a system can be implemented, which is not as critical when dealing with the security of ICS components. Ease of recovery focuses on how quickly a system can be restored after failure, which is important but not specific to the security context of patching. Risk transference refers to shifting risk to another party (e.g., insurance) and does not directly address the security challenge of patching ICS components.
Which of the following is a form of obfuscation where data strings are replaced with a single character like an X or a * but the structure of the data string remains the same?
Key stretching
Steganography
Tokenization
Data Masking
The correct answer is Data Masking, because it involves replacing sensitive data with non-sensitive placeholders (such as X or *) while retaining the structure of the original data. This allows for data to be used in non-sensitive contexts without exposing the original sensitive information.
The other answers are incorrect because key stretching refers to the process of enhancing the strength of cryptographic keys, steganography is about hiding data within other data, and tokenization involves replacing sensitive data with a unique identifier, not just masking it with placeholder characters.
Which of the following systems would be BEST suited to alert network security personnel to an anomalous occurrence on the network?
Proxy server
IDS
SASE
UTM
The correct answer is IDS (Intrusion Detection System), because an IDS is specifically designed to monitor network traffic for signs of malicious activity or anomalies, alerting security personnel when it detects suspicious patterns.
The other answers are incorrect because a proxy server is used for controlling and filtering outbound traffic, SASE (Secure Access Service Edge) is a cloud-based security framework that integrates various security functions, and UTM (Unified Threat Management) is a device that consolidates several security features like firewall and antivirus but isn’t primarily focused on anomaly detection.
Which of the following BEST describes the concept where network control is managed by a software application, independent of the hardware?
Containerization
Virtualization
SDN
Logical segmentation
The correct answer is SDN (Software-Defined Networking), because SDN involves separating the control plane from the data plane, allowing network control to be managed by software applications rather than relying on hardware devices. This approach provides flexibility, scalability, and easier management of network resources.
The other answers are incorrect because containerization refers to packaging software and its dependencies into containers, virtualization involves running multiple virtual machines on a physical server, and logical segmentation pertains to dividing a network into logical parts without physical separation, which doesn’t specifically address software-based network control.
