Security Operations Obj 4.6 Flashcards
What is the primary difference between sanitization and destruction in the disposal process?
Sanitization involves erasing data so it cannot be recovered; destruction is total physical demolition of the asset.
Patching
Patching is the process of identifying and fixing security vulnerabilities in software, firmware, and operating systems to prevent potential exploits.
Which method accurately demonstrates the authentication process used in WPA2 Personal mode?
WPA2-PSK leverages a passphrase to create a key, called the PMK, to encrypt communications. This is a distinguishing feature of WPA2’s personal authentication.
Dragonfly handshake
The Dragonfly handshake is a key feature of the WPA3’s Simultaneous Authentication of Equals (SAE) method.
Password Authenticated Key Exchange (PAKE).
PAKE is specifically a method associated with WPA3’s SAE protocol.
QR Codes
QR codes for configuration relate to the newer Easy Connect method.
TOC Time-of-Check
A TOC vulnerability occurs when an attacker exploits the time gap between the verification of data and its use, potentially leading to unauthorized or malicious activities
Memory Leaks
Memory leaks are when a program doesn’t release memory that it no longer needs, leading to potential system slowdowns or crashes.
Race Conditions
Race conditions relate to the unexpected order and timing of events in software execution but are not specifically about the data between data verification and use.
Resource Exhaustion
Refers to the overuse of system resources, be it COU time, memory, or others, which can lead to denial of service. It’s not specific to data manipulation after its verification.
Resilience in Context of Cloud Architecture
Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions.
SPF, email security standard
SPF (Sender Policy Framework) helps prevent email spoofing by enabling domain owners to define which servers can send emails on their behalf.
DMARC
Domain-based Message Authentication, Reporting, and Conformance
DMARC (Domain-based Message Authentication, Reporting, and Conformance) utilizes the results from DKIM and SPF checks to determine the action to take with non-conforming messages, but it doesn’t list authorized servers itself.
DKIM
Domain Keys Identified Mail
DKIM (Domain Keys Identified Mail) provides a method to validate the domain name identity associated with a message through cryptographic authentication, but it doesn’t specify server authorizations
Sasha, a system administrator at Dion Training Solutions, is looking to enhance the security of her Linux servers by restricting processes to minimum necessary privileges and defining their behavior. Which Linux feature should Sasha MOST likely implement?
SELinux
To enhance security, an organization requires employees to insert a small device into their computer’s USB port when logging in. This device proves their identity in combination with something they know, like a password. What are these devices called?
Physical security keys (correct)
Software tokens
Biometric scanners
Smart cards
Sasha, a security consultant at Kelly Innovations LLC, has been tasked with finding a solution that can monitor and filter the web traffic of employees who frequently travel or work remotely. Which of the following would be the MOST effective solution for ensuring consistent policy enforcement regardless of the user’s location?
Implementing an agent-based web filter
Which of the following systems would be BEST suited to alert network security personnel to an anomalous occurrence on the network?
IDS
An IDS (Intrusion Detection System) is specially designed to monitor network traffic, detect potential security incidents, and send alerts, making it the most suitable option in this scenario.
UTM
A UTM combines multiple security features and network services into one device but would not primarily detect and alert about possible security incidents.
Proxy Server
A proxy server serves as an intermediary for requests between a client and server but does not primarily detect and alert about possible security incidents.
SASE
A SASE (Secure Access Service Edge) combines WAN capabilities with cloud-native security functions but does not primarily serve to detect and alert about suspicious activities.
Which of the following statements BEST explains the importance of ‘E-discovery’ in incident response?
E-discovery involves examining drives to find data that is electronically stored to use them for evidence
Kelly Innovations LLC has discovered a vulnerability in one of its software applications. The vulnerability is difficult to exploit, and exploiting it would require a significant level of expertise. However, if successfully exploited, it could have severe consequences. Which of the following is the MOST appropriate CVSS vulnerability classification?
High (Correct)
Critical
Low
Informational
