Section 15-16 Flashcards
A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?
a.
Insurance
b.
Patching
c.
Segmentation
d.
Replacement
c.
SegmentationCorrect Answer
Network segmentation isolates vulnerable devices into separate network segments, limiting the potential impact of a security breach and preventing the spread of attacks.
Which of the following would be the best way to handle a critical business application that is running on a legacy server?
a.
Segmentation.
b.
Isolation.
c.
Hardening.
d.
Decommissioning.
a.
Segmentation.Correct
Segmentation involves creating separate network segments to isolate critical systems, limiting the potential impact of security breaches and protecting the legacy server from other network traffic. This method helps ensure the continued operation of the critical business application while minimizing security risks.
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?
a.
Segmentation.
b.
Isolation.
c.
Patching.
d.
Encryption.
a.
Segmentation.Correct
Network segmentation divides a network into separate sections to enhance security, ensuring that customer data is stored on a separate part of the network inaccessible to users on the main corporate network.
An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
a.
Data in use.
b.
Data in transit.
c.
Geographic restrictions.
d.
Data sovereignty.
b.
Data in transit.Correct Answer
VPNs protect data as it travels between two points, ensuring secure communication and data privacy.
A systems administrator is working on a solution with the following requirements Provide a secure zone. Enforce a company-wide access control policy. Reduce the scope of threats. Which of the following is the systems administrator setting up?
a.
Zero Trust.
b.
AAA.
c.
Non-repudiation.
d.
CIA.
a.
Zero Trust.Correct
Zero Trust is a security model that requires strict verification for everyone trying to access resources in a network, ensuring that access is granted only to authenticated and authorized entities.
An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks. Which of the following solutions should most likely be implemented?
a.
EAP.
b.
IPSec.
c.
SD-WAN.
d.
TLS.
b.
IPSec.Correct Answer
IPSec provides encryption for data transmitted over IP networks, ensuring secure communication between the internal networks.
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
a.
ACL.
b.
DLP.
c.
IDS.
d.
IPS.
d.
IPS.Correct Answer
An Intrusion Prevention System (IPS) monitors and blocks known exploits based on signatures, providing protection against attacks targeting older browser versions.
A security analyst scans a company’s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
a.
Changing the remote desktop port to a non-standard number.
b.
Setting up a VPN and placing the jump server inside the firewall.
c.
Using a proxy for web connections from the remote desktop server.
d.
Connecting the remote server to the domain and increasing the password length.
b.
Setting up a VPN and placing the jump server inside the firewall.Correct Answer
Setting up a VPN and placing the jump server inside the firewall ensures secure remote access and protects the production network.
After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
a.
Console access.
b.
Routing protocols.
c.
VLANs.
d.
Web-based administration.
d.
Web-based administration.Correct Answer
Disabling web-based administration reduces the attack surface and potential vulnerabilities on the routers.
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
a.
Compensating control.
b.
Network segmentation.
c.
Transfer of risk.
d.
SNMP traps.
a.
Compensating control.Your Answer: Correct
A compensating control achieves security goals despite primary control limitations.
Which of the following can be used to identify potential attacker activities without affecting production servers?
a.
Honeypot.
b.
Video surveillance.
c.
Zero Trust.
d.
Geofencing.
a.
Honeypot.Correct
A honeypot is a security mechanism that creates a decoy environment designed to attract attackers. It allows organizations to monitor and analyze attacker behavior without risking production servers. Honeypots can gather valuable intelligence on attack methods and tactics, helping improve security measures.
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
a.
Data masking.
b.
Encryption.
c.
Geolocation policy.
d.
Data sovereignty regulation
c.
Geolocation policy.Correct Answer
A geolocation policy can restrict access to the SaaS application based on the geographic location of the user. By implementing such a policy, the company can ensure that individuals from high-risk countries are blocked from accessing the sensitive documents, thereby enhancing security and reducing the risk of unauthorized access.
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
a.
Group Policy.
b.
Content filtering.
c.
Data loss prevention.
d.
Access control lists.
a. Ease of recovery.Your Answer: Correct
High-availability networks must be able to quickly recover from failures to minimize downtime. Designing for ease of recovery ensures that when issues occur, systems can be restored swiftly and efficiently, maintaining the network’s availability.
d. Responsiveness.
Which of the following must be considered when designing a high-availability network? (Choose two).
a. Ease of recovery.
b. Ability to patch.
c. Physical isolation.
d. Responsiveness.
e. Attack surface.
f. Extensible authentication.
a. Ease of recovery.Your Answer: Correct
High-availability networks must be able to quickly recover from failures to minimize downtime. Designing for ease of recovery ensures that when issues occur, systems can be restored swiftly and efficiently, maintaining the network’s availability.
C. Responsiveness.
During a security incident, the security operations team identified sustained network traffic from a malicious IP address 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?
a.
‘access-list inbound deny ip source ‘0.0.0.0/0 destination 10.1.4.9/32.’
b.
‘access-list inbound deny ip source ‘10.1.4.9/32 destination 0.0.0.0/0’.
c.
‘access-list inbound permit ip source ‘10.1.4.9/32 destination 0.0.0.0/0.’
d.
‘access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32.’
b.
‘access-list inbound deny ip source ‘10.1.4.9/32 destination 0.0.0.0/0’.Correct Answer
This rule specifically denies any inbound traffic from the malicious IP address ‘(10.1.4.9)’ to any destination within the network, effectively blocking it.