Random Question 61 - 80 Flashcards
Question 61:
A company wants to implement a secure file transfer protocol between its internal servers and remote offices while ensuring data confidentiality and integrity. Which of the following protocols should be used?
{
“protocol”: [
{
“name”: “SFP”,
“description”: “Secure File Transfer Protocol”
},
{
“name”: “FTP”,
“description”: “File Transfer Protocol”
}
]
}
Options:
A. SFTP.
B. FTP.
C. SCP.
D. HTTPS.
E. SMTP.
Correct Answer: A
Explanation: SFTP uses SSH for secure file transfers, ensuring both confidentiality and integrity of data.
Question 62:
You are tasked with configuring a network to ensure that sensitive data is protected from unauthorized access using IPsec tunnels. Which of the following steps should you take?
tunnel_config:
- protocol: ESP
encryption: AES-256-CBC
authentication: SHA384
Options:
A. Use TCP as the transport protocol.
B. Configure ESP with AES-128-CBC for encryption.
C. Use UDP as the transport protocol.
D. Configure ESP with AES-256-CBC and SHA384 for authentication.
E. Disable IPsec to allow free communication.
**Correct Answer: D **
Explanation: Using ESP (Encapsulating Security Payload) with AES-256-CBC encryption and SHA384 for authentication ensures secure data transfer over the IPsec.
Question 63:
Your organization is transitioning to a Zero Trust Architecture. You need to configure access control policies to ensure that only authorized users can access sensitive resources.
{
“access_control”: {
“application_id”: “app1”,
“permissions”: [
{“user _role”: “admin”, “allowed _actions”: [“read”,”write”] },
{“user _role”: “viewer”, “allowed _actions”: [“read”] }
]
}
}
Options:
A. Assign admin role to all users.
B. Restrict access based on user roles and necessary permissions.
C. Allow read/write actions for everyone.
D. Grant write-only permissions to users who need them.
E. Remove all permissions and re-evaluate every request.
Correct Answer: B, D
Explanation: Least privilege requires granting only the minimum necessary permissions; admin role should have both read and write access while viewers should have only read access. Write-only permissions can be granted as needed but must align with the principle of least privilege.
Question 64:
You are configuring a network security policy for a hybrid cloud environment that requires strict data governance and compliance adherence. You need to ensure that all communications between on-premises resources and cloud services use secure channels.
{
“security_policy”: {
“cloud_provider”: “AWS”,
“encryption_method”: “TLS1.2”,
“communication_type”: [“data_transfer”, “API_calls”]
}
}
Options:
A. Use TLS1.0 for on-premises to cloud communications.
B. Enable data transfer and API calls encryption.
C. Configure no specific security measures.
D. Limit cloud provider to a single vendor only.
E. Disable all network traffic between on-premises and cloud.
Correct Answer: B
Explanation: Using TLS1.2 ensures secure communication, and enabling both data transfer and API calls encryption is necessary for compliance.
Question 65:
Your organization wants to implement a password policy that aligns with industry best practices to enhance account security. Which of the following steps should be included in your policy?
{
“password_policy”: {
“min_length”: 12,
“require_special _characters”: true,
“expire_after _days”: 90
}
}
Options:
A. Set minimum password length to 8 characters.
B. Require special characters in passwords.
C. Disable password expiration for all users.
D. Allow passwords to contain common words only.
E. Enforce a 12-character minimum length.
Correct Answer: B, E
Explanation: Requiring special characters and setting a minimum password length of 12 characters are key components of strong password policies.
Question 66:
You need to configure network security settings for an organization’s remote access solution to ensure that all user sessions are encrypted and secure. Which of the following actions should you take?
{
“remote_access”: {
“encryption_protocol”: “TLS1.3”,
“authentication_method”: [“two _factor_auth”
“certificates”]
}
}
Options:
A. Use TLS1.2 for encryption.
B. Enable two-factor authentication and certificate-based login.
C. Disable all remote access sessions.
D. Allow clear-text password transmission.
E. Configure a single-factor authentication method.
Correct Answer: B
Explanation: Using TLS1.3 for encryption and enabling both two-factor authentication and certificates provide robust security for remote access
Question 67:
You are tasked with securing a hybrid cloud environment that involves both on-premises infrastructure and AWS services. You need to ensure secure data transfer between these environments while adhering to compliance requirements.
{
“security_policy”: {
“cloud_provider”: “AWS”,
“data_transfer_encryption”: true,
“compliance_standards”: [“PCI-DSS”, “GDPR”]
}
}
Options:
A. Disable data transfer encryption.
B. Enable data transfer encryption using TLS1.2.
C. Exclude compliance standards for simplicity.
D. Use only AWS services without on-premises integration.
E. Implement no security measures.
**Correct Answer: B, E **
Explanation: Enabling data transfer encryption ensures secure communication, but implementing no security measures is not advisable for compliance.
Question 68:
Your organization needs to implement a strong password policy that aligns with industry best practices. Which of the following steps should be included in your policy?
{
“password_policy”: {
“min _length”: 12,
“require_special_characters”: true,
“expire_after _days”: 90
}
}
Options:
A. Set minimum password length to 8 characters.
B. Require special characters in passwords.
C. Disable password expiration for all users.
D. Allow common words and easily guessable phrases.
E. Enforce a 12-character minimum length.
Correct Answer: B, E
Explanation: Requiring special characters and setting a minimum password length of 12 characters are key components of strong password policies.
Question 9:
You are setting up a firewall rule to protect sensitive data from unauthorized access in a multi-tenant environment.
Which of the following rules should you implement?
{
“firewall _rules”: {
“protocol”: “TCP”,
“source_ip_range”: [“192.168.0.0/24”],
“destination_ip_range”: [“172.31.0.0/16”],
“port_range”: [80, 443]
}
}
Options:
A. Allow all IP ranges and protocols.
B. Block all traffic to the destination range.
C. Permit TCP protocol from a specific source IP range to a specific destination range on certain ports.
D. Disable firewall rules for simplicity.
E. Apply random port ranges.
Correct Answer: C
Explanation: Permitting TCP traffic from a specific source IP range to a specific destination range on specific ports is the correct approach for securing sensitive.
Question 70:
A company is migrating its critical applications to a cloud environment and needs to ensure high availability and disaster recovery. Which two strategies should be implemented?
Options:
A. Implementing cold storage for backups.
B. Utilizing multi-region deployments.
C. Configuring load balancers with health checks.
D. Enforcing strict access controls using IAM policies.
E. Deploying a single cloud instance for efficiency.
Correct Answer: B, C
Explanation: Multi-region deployments ensure high availability and disaster recovery by distributing resources across multiple geographic locations. Load balancers with health checks help maintain service continuity and monitor application.
Question 71:
An organization is facing frequent security incidents due to misconfigured network devices. Which two configuration steps should be prioritized to enhance network security?
Options:
A. Disabling unnecessary services on servers.
B. Regularly updating firmware and software on devices.
C. Configuring default deny firewall rules.
D. Implementing strong password policies for end-users.
E. Conducting bi-weekly security audits.
Correct Answer: B, C
Explanation: Regularly updating firmware and software ensures that network devices are protected against known vulnerabilities. Default deny firewall rules help prevent unauthorized access by blocking all traffic not explicitly allowed.
Question 72:
A security analyst is tasked with setting up a secure communication channel for internal messaging between departments. Which configuration should be used?
apiVersion: v1
kind: Secret
metadata:
name: internal-messaging-secret
type: Opaque
data:
password: cGFzc3dvcmQ=
Options:
A. Using an Ingress controller.
B. Creating a Kubernetes secret with encrypted data.
C. Implementing a DMZ for external communications.
D. Deploying a virtual private network (VPN) tunnel.
E. Enforcing strict email policies.
Correct Answer: B
Explanation:
A Kubernetes secret can be used to securely store and manage sensitive information such as passwords. The provided YAML snippet creates a secret with an encrypted password.
Question 73:
A network administrator needs to configure a firewall rule for a new service that requires both inbound and outbound traffic. Which configuration should be used?
- action: allow
ip_protocol: TCP
port_range_min: 80
port_range_max: 80 - action: deny
ip_protocol: TCP
port_range_min: 443
port_range_max: 443
Options:
A. Allow all inbound traffic.
B. Deny all outbound traffic.
C. Allow specific inbound and outbound ports.
D. Deny specific inbound and outbound ports.
E. Allow all traffic.
Correct Answer: C
Explanation:
The configuration should allow specific inbound (80) and outbound (443) TCP ports, ensuring that only necessary traffic is permitted while blocking others.
Question 74:
A company wants to implement a Zero Trust Architecture for its cloud services. Which two measures are essential in ZTA?
Options:
A. Multi-factor authentication (MFA)
B. Network segmentation
C. Regular security audits
D. Intrusion detection systems (IDS)
E. Strong password policies
Correct Answer: A, B
Explanation:
Multi-factor authentication and network segmentation are fundamental to Zero Trust Architecture, ensuring that only authorized entities can access resources while maintaining strict controls on internal traffic.
Question 75:
In implementing a Zero Trust architecture, which of the following best represents the fundamental principle of the Data Plane?
Options:
A. Manages authentication and authorization decisions.
B. Handles the actual movement of data packets.
C. Implements security policies and procedures.
D. Monitors user access patterns.
Correct Answer: B
Explanation:
The Data Plane in Zero Trust architecture is responsible for the actual movement and processing of data packets after access decisions have been made by the Control Plane.
Question 76:
In a complex network scenario, an organization needs to ensure that sensitive data stored in the cloud is protected. Which two measures should be implemented?
Options:
A. Data loss prevention (DLP) policies
B. Regular security audits
C. Multi-factor authentication (MFA)
D. Data encryption at rest and in transit
E. Intrusion detection systems (IDS)
Correct Answer: A, D
Explanation:
Implementing data encryption and DLP policies ensures that sensitive data is protected both when stored and when
Question 77:
Implementing secure authentication mechanisms is crucial for maintaining system integrity. You are tasked with configuring a multi-factor authentication (MFA) solution using Auth 2.0 for your organization’s web application.
{
“auth_mechanism”: “OAuth 2.0”,
“factors”: [
{
“factor_id”: “email”,
“description”: “Email verification”
},
{
“factor_id”: “top”,
“description”: “One-time password via SMS”
}
]
}
Options:
A. Use the ‘auth_mechanism’ field to specify OAuth 2.0.
B. Set up email as a factor for authentication.
C. Enable one-time passwords (OTP) through SMS as an additional factor.
D. Configure biometric factors like fingerprint scan.
E. Integrate with third-party MFA providers.
Correct Answer: A, B, C
Explanation:
The ‘auth_mechanism’ field must specify OAuth 2.0 for the MFA solution. Email and OTP via SMS are valid factors that can be configured as part of the MFA process.
Question 78:
In a complex network scenario, an organization needs to ensure that only authorized users from specific departments can access certain resources. Which two strategies should be implemented?
Options:
A. Enforcing multi-factor authentication (MFA) for all users.
B. Implementing role-based access control (RBAC).
C. Regularly changing default passwords.
D. Deploying a web application firewall (WAF).
E. Conducting security awareness training.
Correct Answer: A, B
Explanation: Role-based access control ensures that only authorized users have access to specific resources based on their roles within the organization. Multi-factor authentication adds an extra layer of security by requiring more than one method of verification.
Question 79:
You need to secure a web application from common attack vectors like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Which of the following measures should you implement?
Options:
A. Use parameterized queries in database interactions.
B. Implement input validation for all user inputs.
C. Set up a Content Security Policy (CSP) header.
D. Regularly update server software to patch known vulnerabilities.
E. Disable HTTP access
Correct Answer: A, B, C, D
Explanation:
Parameterized queries help prevent SQL injection;
1. input validation protects against XSS and 2. CSRF attacks; 3. CSP headers enhance security by controlling allowed sources of content; 4. Regularly updating software patches fixes known.
Question 80:
Your organization is transitioning to a Zero Trust Architecture. You are asked to implement least privilege access controls for a critical application.
{
“access_control”: {
“application_id”: “app1”,
“permissions”: [
{“user_role”: “admin”, “allowed _actions”: [“read”, “write”] },
{“user _role”: “viewer”, “allowed _actions”: [“read”] }
]
}
}
Options:
A. Assign admin role to all users.
B. Restrict access based on user roles and necessary permissions.
C. Allow read/write actions for everyone.
D. Grant write-only permissions to users who need them.
E. Remove all permissions and re-evaluate every request.
Correct Answer: B, D
Explanation: Least privilege requires granting only the minimum necessary permissions; admin role should have both read and write access while viewers should have only read access. Write-only permissions can be granted as needed but must align with the principle of least privilege.
What is the primary goal of conducting a cybersecurity gap analysis?
A - To compare an organization’s existing security measures against an ideal state and identify areas for improvement.
B - To implement the latest cybersecurity technologies and software.
C - To authorize user access to network resources.
D - To deny the validity of a cybersecurity incident.
** Answer:
To compare an organization’s existing security measures against an ideal state and identify areas for improvement.
**
The primary goal of conducting a cybersecurity gap analysis is to compare the organization’s existing security measures against an ideal state or industry standards to identify areas of improvement and vulnerability.
In terms of the CIA triad, what does availability ensure?
A - It protects data from unauthorized modification.
B - It ensures that systems and data are accessible and usable when needed.
C- It protects information from unauthorized access.
D - It provides a method to authenticate the sender of a message.
** Answer: B - It ensures that systems and data are accessible and usable when needed.**
In the CIA (Confidentiality, integrity, and availability) triad, availability ensures that systems and data are accessible and usable when needed by authorized users, safeguarding against interruptions in access.
In the AAA framework, what does the authentication process do?
A - It involves logging session statistics and usage information.
B - It controls access to computer resources and enforces policies.
C - It involves identifying a user, typically by having them enter a valid username and password.
D - It enforces policies regarding what types of activities or resources a user is permitted to access.
** Answer:
C - It involves identifying a user, typically by having them enter a valid username and password.
**
In the AAA(Authentication, Authorization, and Accounting) framework, authentication involves verifying the identity of a user, usually through the input of valid credentials like a username and password.
The confidentiality component of the CIA triad is designed to.
A - Ensure that data remains accurate and trustworthy over its lifecycle.
B - Guarantee that systems and data are accessible when it is needed by authorized users.
C - Protect information from unauthorized access and disclosure.
D - Provide assurance that someone cannot deny the validity of something.
** Answer:
C- Protect information from unauthorized access and disclosure.
**
The confidentiality component of the CIA triad is designed to protect information from unauthorized access and disclosure. Keeping it confidential and accessible to authorized users only.
Which vulnerability enables an attacker to introduce malicious code into system memory, making detection challenging?
A - Zero-day.
B - Malicious update.
C - Memory injection.
D - Race condition.
** Answer: C - Memory injection **
An attacker can introduce malicious code into system memory, making detection difficult, by using a technique called “code injection” where they inject their malicious code directly into the memory of a running process, allowing it to execute without creating a visible file on the system, thus evading traditional antivirus detection methods; this is often associated with “fileless malware” attacks.
Which indicator may signify unauthorized access or sharing of credentials when detected within a system?
A - Secure connection.
B - Account lockout.
C - Blocked content.
D - Concurrent session usage.
** Answer: D - Concurrent session usage **
Detecting multiple simultaneous sessions from a single user account may indicate unauthorized access or sharing of credentials, requiring analysis to determine the nature of the activity.
What type of password attack attempts to compromise a system by using a large number of usernames with a few commonly used passwords, avoiding rapid account lockouts?
A - Brute-force attack.
В - Passwords hashing.
C - Password spraying.
D - Dictionary attack.
** Answer: C - Password spraying.**
Password spraying attempts to compromise a system by using a large number of usernames with commonly used passwords, avoiding the rapid lockouts associated with brute-force attacks.
What kind of application attack exploits a flaw in an application’s memory handling, allowing for the execution of arbitrary code or causing the application to crash?
A - Injection.
B - Replay.
C - Buffer overflow.
D - Privilege escalation.
** Answer: C- Buffer overflow. **
Buffer overflow attacks exploit flaws in an application’s memory handling, allowing for the execution or arbitrary code or causing the application to crash.
What is the main difference between amplified and reflected DDoS attacks?
A - Amplified attacks use network protocols that respond with more data, whereas reflected attacks forge the victim’s IP address as the source.
B - Amplified attacks forge the victim’s IP address, whereas reflected attacks use network protocols that respond with more data.
C - Amplified attacks target DNS, whereas reflected attacks target Wi-Fi.
D - Amplified attacks are a type of ransomware, whereas reflected attacks are a type of virus.
** Answer:
A - Amplified attacks use network protocols that respond with more data, whereas reflected attacks forge the victim’s IP address as the source.
**
An amplified DDoS attack takes advantage of network protocols that send larger responses to small requests, thereby flooding the victim with substantial traffic. A reflected DDoS attack, on the other hand, uses the victim’s IP address at the source, directing responses from various servers to the victim, resulting in unwanted traffic.
Both types of attacks lead to denial-of-service conditions, but they use different mechanisms.
Which of the best description of a physical attack?
A - An attack that targets network services.
B - An attack on the tangible components of an information system.
C- A type of malware.
D- A method used to crack passwords.
** Answer:
B - An attack on the tangible components of an information system.
**
Physical attacks focus on tangible components like hardware, data storage mediums, and physical locations. They can result in visible damage to hardware, unauthorized physical access, or tampering with physical connections.
Which method is commonly used to infect a system with ransomware?
A - Amplified DDoS attack.
B - DNS attack.
C - Phishing or spear phishing attack.
D - Brute-force attack.
** Answer:
C - Phishing or spear phishing attack.
**
Phishing and spear-phishing attacks are common methods cybercriminals use to deliver ransomware. These deceptive tactics lure victims into clicking on malicious links or opening infected attachments that install ransomware on their systems.
What is ransomware?
A - A type of antivirus software.
B - A type of malware that restricts access to a computer system and demands payment to regain access.
C- A physical attack on a computer system.
D- A systematic method of trying all possible passwords.
** Answer:
B - A type of malware that restricts access to a computer system and demands payment to regain access.
**
Ransomware is a specific type of malicious software that locks or encrypts files on a victim’s computer and then demands a ransom, typically in cryptocurrency, to unlock or decrypt the files.
What does the term side loading refer to in the context of mobile device vulnerabilities?
A - Installing applications from official app stores.
B - Implementing additional security control.
C- Installing applications from sources outside of the official app store.
D - Regularly updating the mobile operating system.
** Answer:
C- Installing applications from sources outside of the official app store. **
Side loading refers to the practice of installing applications on a mobile device from sources outside the official app store. Side-loaded applications may contain malicious code or bypass security controls.
Which of the following strategies is essential for maintaining the security of software products in the context of supply chain vulnerability?
A - Side loading restriction.
B - Internal personnel audits
C - Patch management.
D- Jailbreaking restrictions.
** Answer:
C - Patch management.
**
Patch management, where the provider offers regular updates and patches for known issues, is essential for maintaining the security of software products in the context of supply chain vulnerability.
Which of the following types of clouds is involved when a service provider offers applications and storage space to the general public over the Internet?
A - Private cloud.
B - Community cloud.
C- Public cloud.
D - Hybrid cloud.
** Answer: C- Public cloud. **
A public cloud is a type of service in which a provider offers applications and storage space to the general public over the Internet. Examples include free, web-based email services and pay-as-you-go business-class services such as Google Cloud Platform, Microsoft Azure, and Amazon Web Services (AWS).
Which vulnerability in virtualization might allow one virtual machine to access data remnants from another virtual machine?
A - Virtual machine (VM) escape.
B - Buffer overflow.
C - Resource reuse.
D - Malicious update.
** Answer: C - Resource reuse. **
Resource reuse in virtualization involves sharing physical resources, and a vulnerability in this case might allow the virtual machine to access data remnants from another.
Which vulnerability occurs when hardware products no longer receive essential security updates from the manufacturer?
A - Buffer overflow.
В - Vulnerability scanning.
C - End-of-life (EOL) hardware vulnerability.
D - Race condition.
** Answer: C - End-of-life (EOL) hardware vulnerability. **
An end-of-life (EOL) hardware vulnerability occurs when a product no longer receives support and security updates from the manufacturer, leaving it susceptible to exploitation.
What are the three main types of cross-site scripting (XSS) vulnerabilities?
A - Stored XSS, buffer overflow XSS, DOM-based XSS.
B - Stored XSS, reflected XSS, DOM-based XSS.
C - Memory injection XSS, reflected XSS, TOU-based XSS.
D - Stored XSS, malicious update XSS, TOU-based XSS.
** Answer: B - Stored XSS, reflected XSS, DOM-based XSS. **
The three main types of XSS vulnerabilities are stored XSS, reflected XSS, and DOM-based XSS.
What is the common mitigation strategy for both SQL, vulnerabilities, and cross-site scripting (XSS) vulnerabilities?
A - Implementing a content security policy (CSP).
B - Proper input validation.
C - Regular updates to firmware.
D - Both A and B.
** Answer: D - Both A and B. **
Implementing a content security policy (CSP) and proper input validation are common strategies for mitigating both SQL injection and XSS vulnerabilities.
What is a key strategy for mitigating operating system-based vulnerabilities?
A - Parameterized queries.
B - Least-privilege principle.
C - Time-of-check synchronization.
D - Content security policy.
** Answer: В - Least-privilege principle. **
Applying the least-privilege principle helps mitigate OS-based vulnerabilities by restricting unnecessary access rights.
You are a new security support specialist for a large shipping and logistics organization. In your role, you provide support to your organization’s internal users via a helpdesk ticketing system. Currently, you’re reviewing, assessing, and diagnosing recent support tickets in your support system’s ticket queue. Each ticket provides a description of the issue and, in some cases, additional notes from other technicians. It is important to note that many end users do not have technical skills; therefore, some descriptions may require close review to fully interpret and understand the users’ issues.
Three tickets currently need your attention.
Ticket 1
Message: I received an email from what appeared to be one of our business partners. They were extremely friendly, referred to a recent dinner they had with our CEO, Mr. Daniels, and mentioned there was a pending invoice on their end from us. They indicated that given our close relationship and the importance of the upcoming project, the CEO suggested they reach out to me directly to sort this out. An hour later I received an email with a purchase order document attached. I clicked and opened it. It was a document that asked me to verify banking information, which I provided. HELP!
Updated: 9/12/2023 Notes (Tier 1 Support): Looked at the email message - received from ‹jim@t0pnOtchconsulting.com (Top Notch Consulting).
** Correct Answer:
Diagnosis: Whaling Attack
Adversary Tactic: Familiarity
Mitigation: User Training
**
You are a new security support specialist for a large shipping and logistics organization. In your role, you provide support to your organization’s internal users via a helpdesk ticketing system. Currently, you’re reviewing, assessing, and diagnosing recent support tickets in your support system’s ticket queue. Each ticket provides a description of the issue and, in some cases, additional notes from other technicians. It is important to note that many end users do not have technical skills; therefore, some descriptions may require close review to fully interpret and understand the users’ issues.
Three tickets currently need your attention.
Ticket 2
Message: I received an email from IT to install the remote app to fix my PC. I had to ship out a few boxes, so I let the support person work as he was in a rush. When I came back my computer was on a pornography Site and it kept doing pop-ups. What were you fixing anyways?
Updated: 9/14/2023 Notes (Tier 1 Support): Found DNS (hosts file) to be misconfigured with malicious entries.
** Correct Answer:
Diagnosis: Phishing
Adversary Tactic: Urgency
Mitigation: Email Filtering
**
Which of the following practices is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely?
A. Regular maintenance cycle
B. User awareness training
C. Least functionality principle
D. Monitoring and encryption
** Correct Answer: C **
The least functionality principle is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely. It ensures that a system should run only the protocols and services required by legitimate users and no more, which reduces the attack surface.
Establishing a regular maintenance cycle is important for keeping devices updated with security threats and responses, but it is not specifically related to providing guidelines for device hardening.
User awareness training is essential for user-focused security strategies, but it is not directly related to providing guidelines for device hardening.
Monitoring and encryption are essential practices for enhancing device security, but they are not specifically related to providing standard guidelines or checklists for device hardening.
You are a new security support specialist for a large shipping and logistics organization. In your role, you provide support to your organization’s internal users via a helpdesk ticketing system. Currently, you’re reviewing, assessing, and diagnosing recent support tickets in your support system’s ticket queue. Each ticket provides a description of the issue and, in some cases, additional notes from other technicians. It is important to note that many end users do not have technical skills; therefore, some descriptions may require close review to fully interpret and understand the users’ issues.
Three tickets currently need your attention.
Ticket 3
Message: I received a call from one of our vice presidents. Well, he said he was a vice president. He was a little angry about faxes not working. I’m new here and thought it was best to help him. He sent me a file he needed faxed ASAP. I opened it and there was no document. It’s weird, but every hour my applications close, and my computer reboots. I keep losing my work!
Updated: 9/17/2023 Notes (Tier 1 Support): Found a script running in scheduled tasks to force a computer to restart.
** Correct Answer:
Diagnosis: Vishing
Adversary Tactic: Authority
Mitigation: CallerID
**
A security administrator plans to enhance the security posture of an organization’s computing infrastructure. The administrator starts by documenting the current state of all system configurations and intends to establish a foundation to enforce security standards. Given the scenario, which security technique is the security administrator preparing to implement that ensures consistent application of security configurations across all systems in the organization?
A. Secure baselines
B. Patch management
C. Multifactor authentication (MFA)
D. Intrusion detection system (IDS)
** Correct Answer: A **
Security professionals document and standardize secure baselines for specific types of devices or software. These baselines act as a starting point for system configurations and guarantee consistent application of security settings across an organization’s systems.
Patch management mainly involves maintaining, updating, and applying software patches to address security vulnerabilities. However, it does not centralize its focus on standardizing initial configurations.
MFA enforces stronger access controls by demanding multiple authentication methods. Though it bolsters security, it does not set standard configurations for systems.
A multinational corporation has hired a lead IT consultant to assess the security of its various systems, including Windows and Linux servers, desktops, and mobile devices in different countries.
To ensure consistent security across all these systems, which of the following tools would the consultant recommend the organization use to automate the deployment of secure baseline configurations?
A. Center for Internet Security Configuration Assessment Tool (CIS-CAT) Pro
B. Security Content Automation Protocol (SCAP)
C. Puppet
D. Security Technical Implementation Guides (STIGs)
** Correct Answer: C **
Organizations can use configuration management tools like Puppet to automate the deployment of secure baseline configurations across various diverse systems. Puppet helps enforce consistency and detect deviations from the established baseline.
The Center for Internet Security Configuration Assessment Tool (CIS-CAT) Pro assesses system configurations against CIS’s secure baseline benchmarks, not for automating deployment.
SCAP is a protocol for measuring compliance with secure baselines, not automating deployment.
STIGs are specific secure baselines developed by the Defense Information Systems Agency (DISA) for the U.S. Department of Defense (DOD), not tools for automating deployments.
A security administrator has performed an audit of the organization’s production web servers, and the results have identified default configurations, web services running from a privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?
A. Server hardening
B. Multi-factor authentication
C. Enable HTTPS
D. Run operating system updates
** Correct Answer: A. Server hardening **
Many applications and services include secure configuration guides to assist in hardening the system. These hardening steps will make the system as secure as possible while simultaneously allowing the application to run efficiently.
A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?
A. Deterrent
B. Compensating
C. Directive
D. Detective
** Correct Answer: D. Detective **
An IPS can detect, alert, and log an intrusion attempt. The IPS could also be categorized as a preventive control since it can actively block known attacks.
The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:
A. Data owner
B. Data controller
C. Data steward
D. Data processor
** Correct Answer: A. Data owner **
The data owner is accountable for specific data, so this person is often a senior officer of the organization.
B. Data controller
A data controller manages the processing of the data. For example, a payroll department would be a data controller, and a payroll servicing company would be a data processor.
C. Data steward
The data steward manages access rights to the data. In this example, the IT team would be a data steward.
D. Data processor
The data processor is often a third party that processes data on behalf of the data controller.
In a complex network scenario, an organization needs to ensure that only authorized users from specific departments can access certain resources. Which two strategies should be implemented?
Options:
A. Enforcing multi-factor authentication (MFA) for all users.
B. Implementing role-based access control (RBAC).
C. Regularly changing default passwords.
D. Deploying a web application firewall (WAF).
E. Conducting security awareness training.
** Correct Answer: B, A **
Explanation: Role-based access control ensures that only authorized users have access to specific resources based on their roles within the organization. Multi-factor authentication adds an extra layer of security by requiring more than one method of verification.
Enhancing Security with MFA and RBAC Systems
Multi-Factor Authentication
– Adds an extra layer of security by requiring multiple verification methods.
Role-Based Access Control
– Restricts resource access based on user roles within the organization.
True/False: Digital signatures provide confidentiality for the message being sent.
** Correct Answer: False **
Digital signatures do not provide confidentiality; they provide integrity and authentication.
What is the primary purpose of a digital signature?
A) To encrypt the message for confidentiality
B) To authenticate the sender and prove the integrity of the message
C) To compress the message size
D) To ensure the message is sent quickly
** Correct Answer: B) To authenticate the sender and prove the integrity of the message. **
Describe the process of how Alice sends a message to Bob using a digital signature. What steps does she take to ensure the message’s integrity and authenticity?
Alice first encrypts her message using her private key and creates a digital signature. She then sends the message along with the signature and her public key to Bob. Bob decrypts the signature using Alice’s public key and computes a hash value of his own to compare with the reference value, ensuring the message has not been tampered with and confirming it came from Alice.
Explain the concept of perfect forward secrecy (PFS) and why it is important in secure communications.
Perfect forward secrecy (PFS) ensures that even if a server’s private key is compromised in the future, past session keys cannot be decrypted. It uses ephemeral session keys that are valid only for a single session, thus protecting the confidentiality of recorded data.
In a digital envelope, the symmetric key is encrypted using the recipient’s public key.
True. In a digital envelope, the symmetric key is encrypted using the recipient’s public key.
