Securing Host and Data Flashcards
Your organizations wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution
a. opening ports on a server’s firewall
b. Disabling unnecessary services
c. Keeping systems up to date with current patches
d. Keeping systems up to date with current service packs
B. Disabling necessary services helps reduce threats, including threats from zero-day vulnerabilities. It also reduces the threat from open ports on a firewall if the associated services are disabled, but opening ports won’t reduce threats. keeping systems up to date with patches and service packs protects against known vulnerabilities and is certainly a good practice. however, by definition, there aren’t any patches or service packs available for zero-day vulnerabilities
You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?
a. Establishing baseline reporting
b. determining attack surface
c. Implementing patch management
d. Enabling sandboxing
A. Establishing baseline reporting process allows you to monitor the systems and identify any changes from the baseline that might affect their security posture. You would determine the attack surface prior to establishing a baseline. Patch management is important, but it doesn’t monitor the overall security posture of systems. Sandboxing allows you to isolate systems for testing, but isn’t used for online production systems.
Maggie is compiling a list of approved software for desktop operating system within a company. What is the MOST likely purpose of this list?
a. Host software baseline
b. Baseline reporting
c. Application configuration baseline
d. Code review
A. A host software baseline (also called an application baseline) identifies a list of approved software for systems and compares it with installed applications. Baseline reporting is a process that monitors systems for changes and reports discrepancies. An application configurations baseline identifies proper settings for applications. A code review looks at the actual code of the software, and doesn’t just create a list.
Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent this?
a. Security policy
b. Application whitelisting
c. Anti-malware software
d. Antivirus software
B. Application whitelisting identifies authorized applications and prevents user from installing or running any other applications. Alternately, you can use a blacklist to identify specific applications that cannot be installed or run on a system. A security policy (such as an acceptable use policy) can state a rule to discourage this behavior, but its doesn’t really enforce the rule by preventing users from installing or running the software. Anti-malware software and antivrius software can detect and block malware, but not applications.
An IT department recent had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?
a. Failover clusters
b. Virtualization
c. Bollards
d. Hashing
B. Virtualization provides increased availability because it is much easier to rebuild a virtual server than a physical server after a failure. Virtualization supports a reduced budget because virtual servers require less hardware, less space in a data center, less power, and less heating and cooling. Failover clusters are more expensive, bollards are physical barriers that block vehicles, and hashing provides integrity, not availability
You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?
a. Take a snapshot of the VM before deploying the new applications.
b. Take a snapshot of the VM after deploying the new applications
c. Apply blacklisting techniques on the server for the new applications.
d. Back up the server after installing the new application.
A. Taking a snapshot of the virtual machine (VM) before deploying it ensure that the VM can be reverted to the original configuration if the new application causes problems. Taking a snapshot after the installation doesn’t allow you to revert the image. Blacklisting prevents an application from running, so it isn’t appropriate for a new application. Backing up the server might be appropriate before installing the new application, but not after.
A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?
a. virtualization
b. sandboxing
c. IDS
d. patch management
D. Patch management procedures ensure that systems are kept up to date with the current security fixes and patches and help eliminate problems with known attack methods. The scenario indicates that these systems have been attacked, exploiting the vulnerabilities caused by not patching them. Virtualization will have the same problems if the systems are not kept up to date. Sandboxing isolates system for testing, but there isn’t any indication these servers should be isolated. an intrusion detection system (IDS) might identify some attacks, but the systems will still be exploited if they aren’t patched.
Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?
a. Application change management
b. Application patch management
c. Whole disk encryption
d. Application Hardening
B. Application patch management practices ensure that applications are kept up to date with relevant patches, similar to how the operating systems are kept up to date with patches. Application change management helps control changes to the applications. Whole disk encryption helps protect confidentiality, but is unrelated to this question. application hardening secures the applications when they are deployed, but it doesn’t keep them up to date with current patches.
Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further, they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?
a. Create an internal CA.
b. Implement WPA2 Enterprise
c. Implement patch management processes.
d. Configure the SCADA within a VLAN
D. The generators are likely controlled within a supervisory control and data acquisition (SCADA) system and isolating them within a virtual local area network (VLAN) will protect them from unauthorized access. An internal Certificate Authority (CA) issues and manages certificates with in a public key infrastructure (PKI), but there isn’t any indication certificates are in use. Wi-Fi protected Access II (WPA2) secures wireless network, but doesn’t protect SCADA
Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?
a. Disabling the use of removable media.
b. Installing an application that tracks the location of the device.
c. Implementing a BYOD policy
d. Enabling geo-tagging
1
Which of the following is the MOST likely negative result if administrators do not implement access controls correctly on an encrypted USB hard drive?
a. Data can be corrupted.
b. Security controls can be bypassed
d. Drives can be geo-tagged
c. Data is not encrypted
1
Your company provides electrical and plumbing services to homeowners. Employees use tables during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?
a. Mobile device management
b. Disabling unused features
c. Remote wiping
d. GPS tracking
21
Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?
a. Asset tracking
b. Screen lock
c. Mobile device management
d. GPS tracking
1
Which of the following represents a primary security concern when authorizing mobile devices on a network?
a. Cost of the device
b. Compatibility
c. Virtualization
d. Data security
1
Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?
a. WPA2 ENTERPRISE
b. VPN
c. GPS
d. VLAN
D
