Securing Host and Data

Question 1

Your organization wants to reduce threats from zero day vulnerabilities. Of the following choices, what provides the best solution?

A. Opening ports on a server’s firewall
B. Disabling unnecessary services
C. Keep systems up to date with current patches D. Keep systems up to date with current service packs

Answer 1

B. Disabling unnecessary services helps reduce threats, including threats from zero day vulnerabilities. It also reduces the threat from open ports on a firewall if the associated services are disabled, but opening ports won’t reduce threats. Keeping systems up to date with patches and service packs protects against known vulnerabilities and is certainly a good practice. However, by definition there aren’t any patches or service packs available for zero day vulnerabilities.

Question 2

Of the following choices, what could you use to deploy baseline security configurations to multiple systems?

A. IDS
B. Security template
C. Change management
D. Performance baseline

Answer 2

B. You can use security templates to deploy baseline security configurations to multiple systems. An IDS can detect malicious activity after it occurs. A performance baseline identifies the overall performance of a system at a point in time. A change management system helps ensure that changes don’t result in unintended outages through a change, and includes the ability to document changes.

Question 3

An administrator wants to prevent users from installing software. Of the following choices, what is the easiest way to accomplish this?

A. Manually remove administrative rights
B. Implement port scanners
C. Use a security template
D. Implement a job rotation policy

Answer 3

C. You can use a security template to restrict user rights and control group membership so that users don’t have rights to install software. Manually removing administrative rights is possible, but it requires you to touch every system and isn’t as easy as using a security template. A port scanner can help determine what services and protocols are running on a remote system by identifying open ports. A job rotation policy rotates employees through different positions and can help prevent fraud.

Question 4

You are troubleshooting a server that users claim is running slow. You notice that the server frequently has about twenty active SSH sessions. What can you use to determine if this is normal behavior?      
A. Vendor documentation      
B. Security template      
C. Baseline report      
D. Imaging

Answer 4

C. Baseline reports document normal behavior of a system, and you can compare current activity against the baseline report to determine what is different or abnormal. Vendor documentation identifies methods of locking down an operating system or application but won’t document baseline activity. You can use security templates to deploy the same security settings to multiple systems. Images include mandated security configurations but don’t show normal operation.

Question 5

Your organization is considering deploying multiple servers using a standardized image. Of the following choices, what best describes the security benefit of this plan?

A. The image can include unnecessary protocols B. The image provides fault tolerance as a RAID 5 C. It eliminates Trojans
D. The image can include mandated security configurations

Answer 5

D. One of the benefits of an image used as a baseline is that it includes mandated security configurations to the operating system. It’s common to remove unnecessary protocols on an image, not include them. RAID provides fault tolerance and increases availability for disk drives, but a standardized image is unrelated to RAID. Trojans are a type of malware that look useful to the user but are malicious.

Question 6

Management is reviewing a hardware inventory in a datacenter. They realize that many of the servers are underutilized resulting in wasted resources. What can they do to improve the situation?

A. Implement virtualization
B. Implement VM escape
C. Increase the datacenter footprint
D. Add TPMs

Answer 6

A. Virtualization can reduce the number of physical servers used by an organization, reduce the datacenter’s footprint, and eliminate wasted resources. VM escape is an attack run on virtual machines allowing the attacker to access and control the physical host. Virtualization decreases the datacenter’s footprint, but increasing it will result in more wasted resources. A TPM is a hardware chip that stores encryption keys and provides full disk encryption, but it doesn’t reduce wasted resources.

Question 7

7. What type of attack starts on a virtual system but can affect the physical host?

A. TPM
B. DLP
C. VM escape
D. VMware

Answer 7

C. A VM escape attack runs on a virtual system and, if successful, allows the attacker to control the physical host server and all other virtual servers on the physical server. A TPM is a hardware chip that stores encryption keys and provides full disk encryption. A DLP is a device that reduces the risk of employees e-mailing confidential information outside the organization. VMware is a popular virtualization application.

Question 8

An organization is considering using virtualization in their datacenter. What benefits will this provide? (Choose all that apply.)

A. Increased footprint
B. Decreased footprint
C. Reduction in physical equipment needing security
D. Elimination of VM escape attacks

Answer 8

B, C. Virtualization can reduce the footprint of a datacenter, eliminate wasted resources, and result in less physical equipment needing physical security. Virtualization reduces the footprint, not increases it. Virtual systems are susceptible to VM escape attacks if they aren’t kept patched.

Question 9

You have created an image for a database server that you plan to deploy to five physical servers. At the last minute, management decides to deploy these as virtual servers. What additional security steps do you need to take with these virtual images before deploying them?

A. None
B. Lock down the virtual images
C. Install virtual antivirus software
D. Install virtual patches

Answer 9

A. Virtual servers have the same security requirements as physical servers, so additional security steps are not required. The original image should include security settings and antivirus software, and should be up to date with current patches. Virtual servers use the same patches as physical systems and do not use virtual patches.

Question 10

Of the following choices, what indicates the best method of reducing operating system vulnerabilities?

A. Whole disk encryption
B. Patch management
C. Trusted Platform Module
D. File level encryption

Answer 10

B. Patch management is the most efficient way to combat operating system vulnerabilities. Whole disk encryption protects the confidentiality of data on a system and is useful in mobile devices, but doesn’t directly reduce operating system vulnerabilities. A Trusted Platform Module supports whole disk encryption. File level encryption can prevent users, including administrators, from accessing specific files.

Question 11

Of the following choices, what would you use in a patch management process?

A. VM escape
B. TPM
C. Penetration testing
D. Regression testing

Answer 11

D. Regression testing verifies that a patch has not introduced new errors. VM escape is an attack run on a virtual machine allowing the attacker to access physical host system. A TPM is a hardware chip that is included on the motherboard of many laptops, and it stores encryption keys used for full drive encryption. Penetration tests actively test security controls by attempting to exploit vulnerabilities and can cause system instability.

Question 12

An organization recently suffered a significant outage due to attacks on unpatched systems. Investigation showed that administrators did not have a clear idea of when they should apply the patches. What can they do to prevent a reoccurrence of this problem?

A. Apply all patches immediately
B. Apply the missing patches on the attacked systems immediately
C. Test the patches with regression testing in a test environment mirroring the production environment
D. Create a patch management policy

Answer 12

D. A patch management policy defines a timeline for installing patches and can help solve this problem. Patches should be tested before applying them, instead of applying them immediately. It’s appropriate to identify missing patches on these systems and test them with regression testing, but this only solves the immediate issue and won’t prevent a reoccurrence of the problem.

Question 13

Of the following choices, what best identifies the purpose of a change management program?

A. It defines the process and accounting structure for handling system modifications
B. It provides a method of defining a timeline for installing patches
C. It is a primary method of protecting against loss of confidentiality
D. It reduces the footprint of a datacenter

Answer 13

A. A change management system defines the process and accounting structure for system modifications. A patch management policy defines a timeline for installing patches, but change management isn’t restricted to only applying patches. Encryption and access controls protect against loss of confidentiality. Virtualization and cloud computing can reduce the footprint of a datacenter.

Question 14

Your organization wants to prevent unintended outages caused from changes to systems. What could it use?

A. Patch management
B. Regression testing
C. Change management
D. Security template

Answer 14

C. A change management system helps prevent unintended outages from unauthorized changes and provides a method of documenting all changes. Patch management ensures that systems are up to date with current patches. Regression testing verifies that a patch has not introduced new errors. You can use security templates to deploy multiple systems using the same settings.

Question 15

A file server within a network hosts files that employees throughout the company regularly access. Management wants to ensure that some personnel files on this server are not accessible by administrators. What provides the best protection?
A. Remove administrative access to the server B. Protect the files with permissions
C. Use file encryption
D. Use full disk encryption

Answer 15

C. File level encryption is a security control that provides an additional layer of protection and can prevent administrators from accessing specific files. Administrators need access to a server to manage and maintain it, so it’s not feasible to remove administrative access. Permissions provide access control, but an administrator can bypass permissions. Full disk encryption is appropriate for removable storage or mobile devices, but not to protect individual files on a server.

Question 16

You organization is considering purchasing new computers that include hardware encryption capabilities. What benefit does this provide?
A. It is faster than software encryption
B. It does not require a TPM
C. It does not require an HSM
D. Reduced confidentiality

Answer 16

A. A significant benefit of hardware encryption over software encryption is that it is faster. Hardware encryption methods can use a TPM or an HSM, but the absence of either isn’t a benefit of hardware encryption. Encryption helps ensure confidentiality, not reduce it.

Question 17

Your organization recently purchased several new laptop computers for employees. You’re asked to encrypt the laptop’s hard drives without purchasing any additional hardware. What would you use?

A. TPM
B. HSM
C. VM escape
D. DLP 18.

Answer 17

A. A Trusted Platform Module (TPM) is included in many new laptops, provides a mechanism for vendors to perform hard drive encryption, and does not require purchasing additional hardware. An HSM is a removable hardware device and is not included with laptops, so it requires an additional purchase. A VM escape attack runs on a virtual system, and if successful, it allows the attacker to control the physical host server and all other virtual servers on the physical server. A network-based Data Loss Protection (DLP) system can examine and analyze network traffic and detect if confidential company data is included.

Question 18

Your organization is considering the purchase of new computers. A security professional stresses that these devices should include TPMs. What benefit does a TPM provide? (Choose all that apply.)

A. It uses hardware encryption, which is quicker than software encryption
B. It uses software encryption, which is quicker than hardware encryption
C. It includes an HSM file system
D. It stores RSA keys

Answer 18

A, D. A Trusted Platform Module (TPM) is a hardware chip that stores RSA encryption keys and uses hardware encryption, which is quicker than software encryption. A TPM does not use software encryption. An HSM is a removable hardware device that uses hardware encryption, but it does not have a file system and TPM does not provide HSM as a benefit.

Question 19

Of the following choices, what is the best choice to provide encryption services in a clustered environment?

A. Virtual servers
B. SaaS provider
C. HSM
D. TPM

Answer 19

C. A hardware security module (HSM) is a removable or external device that provides encryption services and can be used in a clustered environment. You may be able to configure virtual servers to provide encryption services in a clustered environment, but they will not be as efficient as the hardware-based encryption provided by an HSM. A SaaS provider provides software or applications, such as webmail, via the cloud. A TPM is a chip on the motherboard of a computer, and while it does provide full disk encryption services, it can’t be used in a clustered environment. 20. D. A hardware security module

Question 20

What functions does an HSM include?

A. Reduces the risk of employees e-mailing confidential information outside the organization B. Provides webmail to clients
C. Provides full drive encryption
D. Generates and store keys

Answer 20

D. A hardware security module (HSM) is a removable device that can generate and store RSA keys used for asymmetric encryption and decryption. A Data Loss Protection (DLP) device is a device that can reduce the risk of employees e-mailing confidential information outside the organization. A TPM provides full drive encryption and is included in many laptops. SaaS provides software or applications, such as webmail, via the cloud.

Question 21

21. Employees regularly send e-mail in and out of the company. The company suspects that some employees are sending out confidential data, and it wants to take steps to reduce this risk. What can it use?

A. HSM
B. TPM
C. A network-based DLP
D. Port scanner

Answer 21

C. A network-based Data Loss Prevention (DLP) system can examine and analyze network traffic and detect if confidential company data is included. An HSM is a removable hardware device that stores RSA keys and provides encryption services. A TPM is a hardware chip that is included on the motherboard of many laptops, and it stores encryption keys used for full drive encryption. A port scanner looks for open ports on a system to determine running services and protocols.

Question 22

Your organization wants to prevent losses due to data leakage on portable devices. What provides the best protection?

A. Smart cards
B. Full disk encryption
C. Permissions
D. SSH 23.

Answer 22

B. Encryption, including full disk encryption, provides the best protection against data leakage on portable devices, and any data at rest. Smart cards provide authentication but won’t protect data on a portable device if it falls into the wrong hands. Permissions provide access controls while a device is within a network, but an attacker can remove a portable device and bypass permissions. SSH is a good encryption protocol for data in transit, but not data at rest stored on a portable device.

Question 23

What technology can an organization use to assist with computing requirements in heavily utilized systems?

A. ISP
B. DLP
C. Cloud computing
D. Remote wipe

Answer 23

C. Cloud computing is very useful for heavily utilized systems and networks, and cloud providers provide the services. An ISP provides access to the Internet. A network-based DLP can examine and analyze network traffic and detect if confidential company data is included. Remote wipe can erase data on lost mobile devices, such as mobile phones.

Question 24

Employees in your organization access web-based e-mail using cloud-based technologies. What type of technology is this?

A. IaaS
B. PaaS
C. SaaS
D. Network-based DLP

Answer 24

C. Applications such as web-based e-mail provided over the Internet are Software as a Service (SaaS) cloud-based technologies. Organizations use IaaS to rent access to hardware such as servers to limit their hardware footprint and personnel costs. PaaS provides cloud customers with an easy-to-configure operating system, and on-demand computing capabilities. A DLP is a device that reduces the risk of employees e-mailing confidential information outside the organization.

Question 25

Of the following choices, what is the best explanation of what a PaaS provides to customers?

A. Web-based applications provided over the Internet.
B. A device that reduces the risk of employees e-mailing confidential information outside the organization
C. Protection against VM escape attacks
D. An easy-to-configure operating system and on-demand computing capabilities

Answer 25

25. D. Platform as a Service (PaaS) provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities. Applications such as web-based e-mail provided over the Internet are Software as a Service (SaaS) cloud-based technologies. A network-based DLP is a device that reduces the risk of employees e-mailing confidential information outside the organization. Keeping systems up to date protects virtual systems from VM escape attacks, but PaaS does not provide this protection.