Security + CIAT QUESTIONS Flashcards
exam
CAPTCHA
used to mitigate high volume of fraudulent login attempts.
Implementing input validation techniques
used to ensure that its web application is secure from SQL injection attacks.
Virtual Private Network (VPN)
used to ensure the integrity of data transferred between its internal network and remote employees.
Data Loss Prevention (DLP) system
focuses on detecting and preventing the loss, leakage, or misuse of data through breaches, exfiltration transmissions, and unauthorized use.
Enabling MAC address filtering
It adds an extra layer of security by limiting the number of devices that can connect to a network.
prepared statements in database queries
used to ensure that its web server is **secure **from SQL injection attacks.
email gateway with anti-phishing features
reduce the risk of email phishing
malware infections from USB drives* prevention (company issue)*
Disable USB ports on all company computers
issues with BYOD
protection against data leakage
Port security
You can specify the maximum number of MAC addresses that can be learned on a port.
DHCP snooping
occurs when an attacker attempts to respond to DHCP requests and trying to list themselves (spoofs) as the default gateway or DNS server
SSID broadcast disabling
Unable to see SSID wi-fi network
website is frequently targeted by SQL injection attacks.
defense is to use parameterized queries in the website code
mobile device management (MDM) solution
ensure that mobile devices are secure against data leakage.
Data encryption
ensure the confidentiality and integrity of customer data
FIRST line of defense against malware
Antivirus software
unpatched vulnerability in a critical application.
Apply a temporary workaround
Firewall rules
determine which types of traffic your firewall accepts and which are denied
File integrity monitoring
examines the integrity of sensitive files, registry keys, and folders within the host operating system and checks whether files have been altered
something they have and something they know.
Multifactor authentication
Implementing a CDN (Content Delivery Network)
ensures that no single server bears the brunt of an attack, reducing the likelihood of a successful DDoS attack.
improve its email security
email encryption
Spam filters
designed to identify emails that attackers or marketers use to send unwanted or dangerous content
minimize security vulnerabilities of new software App
Conducting a code review
A DNS filtering service
the process of using the Domain Name System to block malicious websites and filter out harmful or inappropriate content.
HTTPS
is the secure version of HTTP,primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer.
Role-based access control (RBAC)
the idea of assigning permissions to users based on their role within an organization
Audit logging
the process of documenting activity within the software systems used across your organization
User access controls
identifying a user based on their credentials and then authorizing the appropriate level of access once they are authenticated
WPA2
secure its Wi-Fi network
TKIP
a security protocol used in the IEEE 802.11 wireless networking standard
WEP
was the first attempt at wireless protection. The aim was to add security to wireless networks by encrypting data.
WPA
is a security standard for computing devices with wireless internet connections.
Isolate the infected systems
several workstations on the network have been infected with malware.
network perimeter _protect against external threats and attacks
A network-based firewall
A host-based firewall
installed directly on individual networked devices to filter network traffic on a single device by inspecting both incoming and outgoing data.
NIDS (Network Intrusion Detection System)
provide continuous network monitoring across on-premise and cloud infrastructure to detect malicious activity like policy violations, lateral movement or data exfiltration.
web content filtering solution
a technicque that blocks and screens access to inappropriate or unsafe web content.
Degaussing
will not work on SSD only HDD
securely erase data from SSDs before disposal
Physical destruction
Overwriting
cannot be used on a SSD
WPA2-PSK encryption
uses a stronger encryption key and has built-in security features to prevent attacks like brute-force and dictionary attacks -prevent unauthorized access-
leaking confidential information being leaked
Review access logs for unusual activity
investigating a potential data breach.
Identification is the first step that needs to be taken
Eradication
to get rid of something completely
Data sovereignty
PRIMARY security concern, when transferring data
FTP
standard communication protocol used for the transfer of computer files from a server to a client on a computer network
SSL/TLS encryption
protocol or communication rule that allows computer systems to talk to each other on the internet safely.
Data classification policy
identifies and helps protect sensitive/confidential data with a framework of rules, processes, and procedures for each class
Protocol analyzer
is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel.
network scanner
a software tool used for diagnostic and investigative purposes to find and categorize what devices are running on a network.
