Objective 3 Flashcards
Reed & Jamario Security Services has recommended your company use a port based system to prevent unauthorized users and devices. Which of the following are they recommending?
Fail-open
IDS
Fail-closed
802.1X
802.1X is the correct answer. 802.1X is a port-based network access control protocol that helps prevent unauthorized users and devices from accessing the network. It requires devices to authenticate before being granted access to the network, typically using methods like username/password or certificates.
Fail-open is incorrect because it refers to a security mechanism where, in the event of a failure, the system allows access instead of blocking it, which isn’t specifically related to port-based security. IDS (Intrusion Detection System) is incorrect because it monitors network traffic for suspicious activity but does not control access based on ports. Fail-closed is incorrect because it means that access is denied when a failure occurs, but it is not specifically a port-based security method like 802.1X.
What element of backup strategy involves making data copies regularly at set intervals?
Replication
Load balancing
Journaling
Frequency
Frequency is the correct answer. The frequency element of a backup strategy refers to how often data backups are performed at set intervals, ensuring that the data is regularly copied to safeguard against data loss.
Replication is incorrect because it involves duplicating data in real-time or near real-time to another location, not about making copies at set intervals. Load balancing is incorrect because it refers to distributing network or application traffic across multiple systems to optimize performance, not related to backup strategies. Journaling is incorrect because it involves tracking changes to data or files for recovery purposes, but it is not about making regular copies of the data.
Dion Training Solutions needs a network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities. At which layer of the OSI model would this appliance primarily operate?
Layer 7
Layer 6
Layer 3
Layer 5
Layer 7 is the correct answer. This appliance would primarily operate at Layer 7 of the OSI model, which is the Application layer. Layer 7 handles application-level protocols, such as HTTP, and can filter traffic based on URL, HTTP headers, and specific web application functionalities, making it suitable for the task described.
Layer 6 is incorrect because it refers to the Presentation layer, which is concerned with data translation and encryption, not web traffic filtering. Layer 3 is incorrect because it refers to the Network layer, which handles routing and addressing, but not content-based filtering. Layer 5 is incorrect because it refers to the Session layer, which manages session establishment and termination but doesn’t deal with filtering web application traffic.
Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?
SASE
SD-WAN
TLS
AH
SD-WAN is the correct answer. Software-Defined Wide Area Networking (SD-WAN) is designed to optimize WAN performance by intelligently routing traffic based on real-time conditions. It provides advanced network management, performance optimization, and can be deployed both on-premises and in the cloud, making it the ideal solution for Dion Training Solutions.
SASE (Secure Access Service Edge) is incorrect because it focuses more on security and access management, integrating SD-WAN with security features, but it is not the primary solution for WAN optimization alone. TLS (Transport Layer Security) is incorrect because it is a protocol for securing communications, not for optimizing or managing WAN performance. AH (Authentication Header) is incorrect because it is part of IPsec used for authentication and integrity of data packets, not for WAN management or optimization.
A power plant utilizes a specialized system to manage and monitor its daily operations, including machinery and sensor feedback. While these systems offer centralized control, what security concern is most associated with them?
Runtime efficiency constraints.
Optimization for containerized deployments.
Constrained memory use.
Limited security update capabilities.
Limited security update capabilities is the correct answer. Specialized systems used in critical infrastructures like power plants often run on legacy or custom hardware and software that may not support regular or timely security updates. This can make them vulnerable to exploits and attacks, as vulnerabilities may remain unpatched for long periods.
Runtime efficiency constraints are incorrect because they refer to system performance limitations, not directly related to security. Optimization for containerized deployments is incorrect because specialized systems in power plants are less likely to be optimized for containerized environments, and containerization is not a primary security concern in this context. Constrained memory use is incorrect because while memory constraints may affect performance, they do not directly relate to the security challenges faced by these systems, such as the difficulty of applying updates.
Clumsy Contraptions Engineering is seeking to change its security footing. In the past, they have found that too many pieces of malicious software have gotten past the system. Their Chief Security Officer believes they need a device which will actively evaluate traffic and reject or modify packets according to policies the company sets. What type of device is the CSO suggesting?
SASE
Inline
Remote Access
Fail-close
Inline is the correct answer. An inline device actively inspects and processes traffic as it flows through the network. It can reject or modify packets according to the policies set by the company, providing real-time filtering and security control. This matches the CSO’s requirement for a device that actively evaluates traffic.
SASE (Secure Access Service Edge) is incorrect because it is a broader solution that combines network security services like SD-WAN with secure access but isn’t focused on directly filtering or modifying network traffic in the same way an inline device does. Remote Access is incorrect because it refers to enabling users to access the network remotely, not evaluating traffic or rejecting packets. Fail-close is incorrect because it refers to a mechanism where a system denies access or stops operations when it encounters an issue, but it doesn’t describe active traffic evaluation and modification.
Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?
Air-gapped network
Serverless architecture
Microservices architecture
IaC
IaC (Infrastructure as Code) is the correct answer. IaC is an approach where infrastructure setup, management, and configuration are handled using scripts and automated tools, rather than through manual, hands-on methods. This allows for more efficient, repeatable, and scalable management of infrastructure.
Air-gapped network is incorrect because it refers to a network that is physically isolated from other networks for security reasons, not related to automation or scripting of systems. Serverless architecture is incorrect because it refers to a model where the infrastructure is abstracted away and managed by a cloud provider, but it does not specifically focus on the automation of infrastructure setup. Microservices architecture is incorrect because it refers to a way of designing software applications as a collection of loosely coupled, independent services, not about automating infrastructure setup.
To improve security at their law firm, Norah, a security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?
802.1x
Layer 7 Firewall
Layer 4 Firewall
VPN
Layer 7 Firewall is the correct answer. A Layer 7 firewall, also known as an application firewall, operates at the Application layer of the OSI model. It can inspect the actual content of the traffic (e.g., HTTP requests, FTP commands) and make decisions based on the nature of the communication. This type of firewall is highly effective for selectively blocking or allowing traffic based on specific applications or behaviors, providing granular control.
802.1x is incorrect because it refers to a network access control protocol, not a firewall type. Layer 4 Firewall is incorrect because it operates at the Transport layer, filtering based on protocols like TCP/UDP and port numbers, but it doesn’t inspect the content of the traffic. VPN is incorrect because it is a method for creating secure remote connections, not a type of firewall.
A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise?
Inadequate buffer overflow protections.
Overhead from virtualization.
Lack of legacy protocol support.
Uncontrolled cloud access.
Inadequate buffer overflow protections is the correct answer. Real-time operating systems (RTOS) are often optimized for performance and responsiveness, which may lead to trade-offs in security. In particular, buffer overflow protections may be less robust, increasing the risk of vulnerabilities that could be exploited by attackers to corrupt memory or execute arbitrary code.
Overhead from virtualization is incorrect because RTOSs are typically designed to run on dedicated hardware for optimal performance, and virtualization is not typically a concern for real-time systems. Lack of legacy protocol support is incorrect because it refers to compatibility issues with older protocols, which is unrelated to real-time performance optimizations. Uncontrolled cloud access is incorrect because, while cloud access could pose a risk, it is not specifically related to the real-time nature of the operating system itself.
Kelly Innovations LLC wants to implement a network appliance that focuses on filtering traffic based on source and destination IP addresses, and port numbers. Which layer of the OSI model is this appliance primarily operating at?
Layer 4
Layer 2
Layer 5
Layer 3
Layer 4 is the correct answer. The appliance described focuses on filtering traffic based on source and destination IP addresses, as well as port numbers. This relates to the Transport layer (Layer 4) of the OSI model, where port numbers and transport protocols like TCP and UDP are used to filter traffic.
Layer 2 is incorrect because it pertains to the Data Link layer, which deals with MAC addresses and switching, not IP addresses or port numbers. Layer 5 is incorrect because it refers to the Session layer, which is responsible for managing sessions between applications, not traffic filtering based on IP and port. Layer 3 is incorrect because, although IP addresses are used at Layer 3 (Network layer), the filtering described here is more specific to Layer 4, which involves transport protocols and port numbers.
