Technical Security Controls Flashcards

1
Q

Technical Security Controls

A
  1. Malware:
    • Malware refers to malicious software designed to disrupt or damage computer systems.
    • Types of malware include viruses, worms, Trojans, ransomware, spyware, and adware.
    • Malware can cause various problems such as data loss, system instability, unauthorized access, and financial loss.
  2. Technical Control Measures:
    • Antivirus Software: Install and regularly update antivirus software to detect and remove malware.
    • Firewalls: Implement firewalls to monitor and control network traffic, preventing unauthorized access and blocking malicious activity.
    • Intrusion Detection and Prevention Systems (IDS/IPS): Deploy IDS/IPS to detect and prevent unauthorized access and suspicious network activity.
    • Patch Management: Keep software and operating systems up to date with the latest security patches to address known vulnerabilities.
    • Secure Configurations: Configure systems, applications, and network devices securely, following best practices and guidelines.

Access Controls: Implement strong user authentication mechanisms, such as passwords, multi-factor authentication, and access privileges.

  • Encryption: Use encryption techniques to protect sensitive data both at rest and during transmission.
  • Backup and Recovery: Regularly back up critical data and establish a disaster recovery plan to ensure business continuity.
  1. Limitations and Layered Approach:
    • Technical controls are not fool proof and can have limitations due to misconfiguration, lack of understanding, or misuse by users.
    • To enhance security, multiple layers of technical controls should be implemented.
    • Layered security involves combining different controls to create overlapping defence mechanisms, increasing the overall effectiveness of security measures.
    • By utilizing a combination of controls, organizations can mitigate risks and provide a more robust security posture.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Virus

A
  1. Definition of a Virus:
    • A virus is a piece of software code that attaches itself to executable programs.
    • It carries a malicious payload and replicates when the infected program executes in memory.
  2. Virus Behaviour:
    • Viruses replicate by attaching copies of themselves to other executable programs in memory.
    • They rely on the execution of their host program to activate and spread.
    • Viruses do not cause damage or replicate while sitting dormant on a hard disk.
  3. Spread and Replication:
    • Viruses only replicate or spread on the machine where their host program resides.
    • They do not spread automatically to other machines unless consciously transferred or shared through means like USB sticks or file sharing.
  4. Types of Viruses:
    • File Infectors: These viruses infect executable files, modifying their code to include the virus.
    • Boot Sector Viruses: These viruses infect the boot sector of a computer’s hard drive or other storage media.
    • Macro Viruses: These viruses infect documents or files that support macro functionality, such as Microsoft Office files.
    • Script Viruses: These viruses exploit scripting languages to infect and propagate through scripts, such as JavaScript or VBScript.

Note: Understanding the behaviour and characteristics of different types of viruses is essential for implementing effective countermeasures and mitigating their impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a virus?

A) A piece of software code that attaches itself to executable programs

B) A hardware component that stores data

C) A type of firewall used to protect networks

D) A physical disease that affects computers

A

A) A piece of software code that attaches itself to executable programs

A virus is a type of malicious software (malware) that infects executable programs by attaching its code to them. When an infected program is executed, the virus activates and can perform various malicious actions, such as replicating itself, altering or corrupting data, or causing damage to the system. Viruses rely on the execution of the host program to spread and carry out their intended actions. They do not function independently and require a host program to execute their code. This characteristic distinguishes viruses from other types of malware like worms or Trojans, which can operate on their own without needing a host program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of virus infects executable files by modifying their code?

A) File infector virus
B) Boot sector virus
C) Macro virus
D) Script virus

A

A) File infector virus

File infector viruses are a type of virus that infects executable files by modifying their code. When an infected program is executed, the virus replicates itself and attaches to other executable files, spreading the infection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What triggers the activation and spread of a virus?

A) Dormant state on a hard disk
B) Replication through email attachments
C) Execution of its host program
D) Automatic propagation to other machines

A

C) Execution of its host program

The activation and spread of a virus are triggered when its host program is executed. The virus requires the host program to execute in order to function and replicate itself. Without the execution of the host program, the virus remains dormant and does not cause any damage or spread to other files or systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of virus infects documents or files supporting macro functionality?

A) File infector virus
B) Boot sector virus
C) Macro virus
D) Script virus

A

C) Macro virus

Macro viruses are specifically designed to infect documents or files that support macro functionality, such as Word documents or Excel spreadsheets. They exploit the macro programming language to execute malicious code and spread the infection to other documents or files that are accessed or opened with macro support enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worms

A
  1. Characteristics of Worms:
  • Worms are self-replicating malicious software that spread over a network without human intervention.
  • Unlike viruses, worms do not require a host program to execute and can move independently across the network.
  1. Worm Propagation:
  • Worms typically exploit vulnerabilities in computer systems or network protocols to gain unauthorized access.
  • Once a worm infects a system, it scans the network for vulnerable devices or uses email addresses to spread copies of itself.
  • Worms can rapidly spread and infect numerous systems, causing network congestion and performance degradation.
  1. Impact of Worms:
  • Worms can consume significant network bandwidth as they propagate, leading to network slowdowns or even outages.
  • They can also compromise the security and confidentiality of sensitive data stored on infected systems.
  • Worms often have a payload that can cause further damage, such as installing backdoors, stealing information, or launching DDoS attacks.
  1. Containment and Prevention:
  • Detecting and containing worms can be challenging since they can spread quickly before detection.
  • Implementing strong network security measures, such as firewalls, intrusion detection systems (IDS), and antivirus software, can help prevent worm infections.
  • Regularly patching and updating software and systems can address vulnerabilities and reduce the risk of worm attacks.
  1. Incident Response and Recovery:
  • In the event of a worm outbreak, organizations should have an incident response plan in place to contain and mitigate the impact.
  • Isolating infected systems, disconnecting from the network, and deploying patches and antivirus updates are crucial steps.
  • After containing the worm, organizations should conduct a thorough analysis to understand the root cause and implement measures to prevent similar incidents in the future.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a worm?

A. A self-replicating program that spreads over a network without human intervention.

B. A type of computer virus that attaches itself to executable programs.

C. Malicious code that modifies the boot sector of a computer’s hard disk.

D. A program that automatically executes a sequence of commands or actions.

A

A) A self-replicating program that spreads over a network without human intervention.

A worm is a specific type of malware that is capable of independently spreading and replicating over a network without any human interaction. Unlike viruses, which require user actions or the execution of a host program, worms can move from one system to another automatically, infecting multiple computers along the way. This characteristic makes worms particularly dangerous and challenging to contain once they are unleashed on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a characteristic feature of worms?

A. They require human intervention to spread.
B. They attach themselves to executable programs.
C. They replicate independently over a network.
D. They can only infect email attachments.

A

C. They replicate independently over a network.

Unlike viruses that require human intervention or the execution of a host program, worms have the ability to spread and replicate over a network without any human interaction. This characteristic sets them apart from other types of malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do worms differ from viruses?

A. Worms spread over a network without human intervention.
B. Worms require a host program to execute and replicate.
C. Worms can only infect files in the boot sector.
D. Worms can only spread through email attachments.

A

A. Worms spread over a network without human intervention.

While viruses typically rely on user actions or the execution of a host program, worms can self-propagate and spread autonomously over a network, infecting multiple systems in a short amount of time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a common impact of worm infections?

A. Slow network performance and congestion.
B. Corruption of data stored on infected systems.
C. Execution of malicious code on the host program.
D. Physical damage to computer hardware.

A

A. Slow network performance and congestion.

Worm infections can lead to significant network congestion and reduced performance due to the rapid replication and distribution of the worm across multiple systems. The sheer volume of network traffic generated by worm propagation can overwhelm network infrastructure and cause disruptions. While other options may also occur in some cases, network performance issues are a common and prominent consequence of worm infections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rootkits & Logic Bombs

A

Rootkits:

  • A rootkit is malicious code that embeds itself into the core part of an operating system, such as the system kernel.
  • It gets its name from the fact that it resides at the “root” or core of the system.
  • Unlike viruses, rootkits do not replicate themselves.
  • Rootkits often have functions like intercepting system calls, modifying them, or capturing keystrokes.
  • Detecting rootkits can be extremely challenging due to their ability to evade traditional security measures.
  • Once a rootkit is discovered, the recommended method of removal is a complete system rebuild from trusted sources.

Logic Bombs:

  • A logic bomb is a malicious program that remains dormant until specific conditions or circumstances are met.
  • Typically, logic bombs are time-based, set to activate at a certain time or date, such as an anniversary.
  • The purpose of a logic bomb is to execute a destructive payload when triggered, often resulting in data loss or system damage.
  • Logic bombs do not possess replication capabilities like viruses.
  • Identifying a logic bomb can be difficult since it is often designed to blend in with legitimate system processes.
  • Mitigating the impact of a logic bomb requires proactive measures, such as robust system monitoring and access controls.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the primary characteristic of a rootkit?

A) It replicates itself across multiple systems
B) It inserts itself into the core part of the operating system
C) It triggers destructive actions at a specific time
D) It intercepts network traffic and captures sensitive data

A

B) It inserts itself into the core part of the operating system

A rootkit is malicious code that embeds itself into the core part of an operating system, typically the system kernel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do rootkits differ from viruses?

A) Rootkits replicate themselves, while viruses do not

B) viruses attach themselves to executable files, while Rootkits target the system kernel

C) Rootkits can be easily detected by antivirus software, while viruses are difficult to detect

D) Rootkits are spread through email attachments, while viruses spread through network vulnerabilities

A

B) viruses attach themselves to executable files, while Rootkits target the system kernel

Rootkits embed themselves into the core part of the operating system, while viruses typically attach themselves to executable files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What distinguishes a logic bomb from a virus or a rootkit?

A) Logic bombs can replicate themselves, while viruses and rootkits cannot

B) Logic bombs remain dormant until specific conditions are met, while viruses and rootkits are always active

C) Logic bombs intercept system calls and modify them, while viruses and rootkits capture keystrokes

D) Logic bombs require human intervention to spread, while viruses and rootkits spread automatically

A

B) Logic bombs remain dormant until specific conditions are met, while viruses and rootkits are always active

A logic bomb is a malicious program that remains inactive until specific circumstances or conditions occur, triggering its execution. In contrast, viruses and rootkits are active and can propagate without specific triggers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a logic bomb?

A) Malicious code that replicates itself across multiple systems

B) Malware that inserts itself into the core part of the operating system

C) A program that remains dormant until specific conditions are met, then executes destructive actions

D) Malicious software that intercepts system calls and modifies them

A

C) A program that remains dormant until specific conditions are met, then executes destructive actions

A logic bomb is a type of malicious program that is designed to remain inactive until certain conditions are met, such as a specific date or event. Once those conditions are fulfilled, the logic bomb activates and executes its destructive payload, which can involve actions like deleting files or formatting disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a rootkit?

A) Malware that spreads through network connections

B) Malicious software that intercepts system calls and modifies them

C) A program that remains dormant until specific conditions are met, then executes destructive actions

D) Malicious code that inserts itself into the core part of the operating system

A

D) Malicious code that inserts itself into the core part of the operating system

A rootkit is a type of malicious code that infiltrates the core components of an operating system, typically the system kernel. It operates at a privileged level and can intercept system calls, modify their behaviour, and evade detection by security measures. Rootkits are designed to give unauthorized control and access to an attacker while remaining hidden from normal system operations and security mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Code Injections

A
  • Code injection is a technique used to insert malicious code into a program to exploit vulnerabilities and achieve unauthorized actions or undesired outcomes.
  • It occurs due to poor programming practices that allow the program to accept and execute code without proper validation.
  • If all programs implemented robust input validation measures, code injection vulnerabilities would be mitigated.
  • Code injection is one of the most prevalent software flaws and has remained a significant threat for many years.
  • Various forms of code injection exist, such as SQL injection, OS command injection, and cross-site scripting (XSS).
  • SQL injection involves manipulating SQL queries to gain unauthorized access or retrieve sensitive information from a database.
  • OS command injection occurs when an attacker injects malicious commands to execute arbitrary system commands on the underlying operating system.
  • XSS, or cross-site scripting, allows attackers to inject malicious scripts into web pages viewed by other users, leading to session hijacking or theft of sensitive information.
  • Code injection attacks can result in serious consequences, including data breaches, unauthorized access, data manipulation, system compromise, and even remote code execution.
  • Preventing code injection requires implementing secure coding practices, such as input validation, parameterized queries, and output encoding.
  • Regular software updates and patching can help address known vulnerabilities and reduce the risk of code injection attacks.
  • Web application firewalls (WAFs) and security testing, such as vulnerability scanning and penetration testing, can also aid in detecting and mitigating code injection vulnerabilities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the primary cause of code injection vulnerabilities?

A) Weak network security measures
B) Insufficient hardware resources
C) Poor programming practices
D) Outdated antivirus software

A

C) Poor programming practices

Code injection vulnerabilities primarily occur due to poor programming practices that allow programs to accept and execute code without proper validation. This allows attackers to inject and execute malicious code, leading to unauthorized actions or undesired outcomes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following is an example of code injection?

A) Denial of Service (DoS) attack
B) Cross-Site Scripting (XSS)
C) Man-in-the-Middle (MitM) attack
D) Social engineering attack

A

B) Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is an example of code injection. It involves injecting malicious scripts into web pages viewed by other users. By doing so, attackers can manipulate the functionality of the web page and potentially steal sensitive information or perform unauthorized actions on behalf of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How can code injection attacks be mitigated?

A) Implementing robust input validation
B) Increasing network bandwidth
C) Disabling firewalls
D) Ignoring software updates

A

A) Implementing robust input validation

Code injection attacks can be mitigated by implementing robust input validation practices. This involves validating and sanitizing all user input to ensure it meets the expected format and does not contain any malicious code. By properly validating input, the risk of code injection vulnerabilities can be significantly reduced. The other options, such as increasing network bandwidth, disabling firewalls, or ignoring software updates, are not effective measures for mitigating code injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Adware and Spyware

A
  • Adware refers to unwanted software that displays advertisements on a user’s device. It typically manifests as pop-up ads, banners, or other forms of intrusive advertising.
  • Adware is designed to generate revenue for the developers by promoting products or services, often through deceptive or aggressive means.
  • Adware can be annoying and disrupt the user experience, but it is generally not as malicious as other forms of malware.
  • Spyware, on the other hand, is a type of malware that secretly collects user information without their consent or knowledge.
  • Spyware is often installed without the user’s consent through deceptive methods such as bundled software, malicious downloads, or phishing emails.
  • The purpose of spyware is to gather sensitive information like passwords, financial data, browsing habits, and personal details, which can be exploited for various malicious purposes.
  • Spyware can also lead to identity theft, unauthorized access to accounts, and financial losses.
  • Both adware and spyware can be distributed through malicious websites, free software downloads, or infected email attachments.
  • To protect against adware and spyware:
    • Use reputable antivirus and anti-malware software and keep them updated.
    • Exercise caution when downloading software from unfamiliar sources.
    • Be wary of clicking on suspicious ads or pop-ups and avoid visiting questionable websites.
    • Regularly update your operating system and applications to patch security vulnerabilities.
    • Enable firewalls and utilize pop-up blockers to reduce exposure to adware.
    • Practice safe browsing habits and be cautious of email attachments, especially from unknown senders.
  • If you suspect adware or spyware infection:
    • Run a full system scan using antivirus or anti-malware software.
    • Remove any detected threats and follow the software’s instructions.
    • Monitor your accounts for any suspicious activity and consider changing passwords.
    • If necessary, seek professional help to mitigate the impact and ensure the security of your system and personal information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following best describes adware?

A) Malicious software that secretly collects user information

B) Unwanted software that displays intrusive advertisements

C) Software that encrypts files and demands a ransom for their release

D) Software that exploits vulnerabilities to gain unauthorized access

A

B) Unwanted software that displays intrusive advertisements

Adware refers to unwanted software that displays intrusive advertisements on a user’s device. It is designed to generate revenue for the developers by promoting products or services through aggressive or deceptive means. While adware can be annoying, it is generally not as malicious as software that secretly collects user information or exploits vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How is spyware typically installed on a user’s device?

A) Through deceptive methods such as bundled software or malicious downloads

B) Via phishing emails that trick users into clicking on malicious links

C) By exploiting vulnerabilities in the device’s operating system

D) Through physical access to the device by an attacker

A

A) Through deceptive methods such as bundled software or malicious downloads

Spyware is typically installed on a user’s device through deceptive methods such as bundled software or malicious downloads. It may be included in software packages or downloads without the user’s knowledge or consent. It is important to exercise caution when downloading software from unfamiliar sources to avoid inadvertently installing spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the potential risks associated with adware and spyware?

A) Unauthorized access to user accounts

B) Loss of sensitive information and identity theft

C) Degraded system performance and unwanted advertisements

D) All of the above

A

D) All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Zero Day

A
  • Zero-day refers to vulnerabilities or exploits that are unknown to the software developers and antivirus companies.
  • Zero-day exploits are called so, because there is zero-day between the discovery of the vulnerability and the release of a fix or patch.
  • Zero-day vulnerabilities are highly valuable to attackers because they can target systems without being detected or protected against.
  • A zero-day virus or malware does not have a known signature, making it difficult for antivirus software to detect and prevent its execution.
  • Zero-day flaws are usually discovered by malicious actors or hackers who keep them secret to maximize their impact and exploit systems undetected.
  • Without prior knowledge of zero-day vulnerabilities, there is no guaranteed fix or protection against them.
  • To mitigate the risks associated with zero-day exploits:
    • Keep systems up to date with the latest patches and updates provided by software vendors.
    • Implement proactive monitoring systems to detect any unusual activity or indicators of compromise.
    • Use Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and prevent attacks targeting zero-day vulnerabilities.
    • Employ network segmentation and access controls to limit the impact of a potential zero-day attack.
    • Maintain regular backups of critical data to minimize the impact of data loss or system compromise.
    • Stay informed about emerging threats and vulnerabilities by following security news, advisories, and information from trusted sources.
  • Collaboration and information sharing within the cybersecurity community can help identify and address zero-day vulnerabilities effectively.
  • Responsible disclosure of zero-day vulnerabilities to software vendors and relevant authorities can facilitate the development of patches or mitigations to protect systems.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What characterizes a zero-day exploit?

A) An exploit that has been widely known for a long time

B) An exploit that targets zero-day-old systems only

C) An exploit that is unknown to software developers and antivirus companies

D) An exploit that requires zero technical expertise to execute

A

C) An exploit that is unknown to software developers and antivirus companies

A zero-day exploit refers to an exploit or vulnerability that is unknown to software developers and antivirus companies. It is called a “zero-day” because there is no prior knowledge or fix available for it. Attackers leverage these unknown vulnerabilities to launch attacks, taking advantage of the fact that there is no immediate defence or patch against them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Why are zero-day vulnerabilities highly valuable to attackers?

A) They have already been patched by software developers

B) They are well-documented and widely known in the cybersecurity community

C) They allow attackers to target systems without detection or protection

D) They only affect outdated software with no active user base

A

C) They allow attackers to target systems without detection or protection

Zero-day vulnerabilities are highly valuable to attackers because they are unknown to software developers and antivirus companies. This means that systems are not protected against these vulnerabilities, allowing attackers to exploit them without detection. By leveraging zero-day vulnerabilities, attackers can infiltrate systems, steal data, or carry out other malicious activities without being stopped by existing security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

How can organizations mitigate the risks associated with zero-day exploits?

A) Regularly update systems with the latest patches and updates

B) Maintain backups of critical data

C) Implement proactive monitoring systems

D) All of the above

A

D) All of the above

Organizations can mitigate the risks associated with zero-day exploits by implementing a combination of measures. Regularly updating systems with the latest patches and updates ensures that known vulnerabilities are addressed. Maintaining backups of critical data helps in the event of a successful attack. Implementing proactive monitoring systems allows for the detection of unusual activities or indicators of compromise. Employing all of these measures together enhances an organization’s ability to detect and respond to zero-day exploits effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Ransomware

A

Ransomware is a type of malicious software that encrypts files on a victim’s computer or network, rendering them inaccessible until a ransom is paid.

  • Ransomware is typically delivered through email attachments, malicious links, or exploit kits that target software vulnerabilities.
  • Once the ransomware infects a system, it encrypts files such as documents, spreadsheets, images, and more, making them unusable without the encryption key.
  • Attackers demand a ransom payment, often in cryptocurrencies like Bitcoin, in exchange for providing the decryption key to unlock the encrypted files.
  • Ransomware attacks can have severe consequences for businesses and individuals, causing financial losses, data breaches, and disruption of operations.
  • Some organizations choose to pay the ransom as a quick solution to restore their business operations, while others resist paying and seek alternative recovery methods.
  • It’s crucial to have robust and regular backups of system files and critical data to mitigate the impact of ransomware attacks.
  • Regularly test backups to ensure they are functioning correctly and can be restored if needed.
  • Implement a layered defence approach to prevent ransomware infections, including:
    • Up-to-date antivirus and anti-malware software.
    • Firewalls and network segmentation to restrict unauthorized access.
    • Regular software updates and patch management to address vulnerabilities.
    • User awareness training to educate employees about phishing emails and suspicious attachments or links.
  • Employ email and web filtering to block known malicious sources and prevent the delivery of ransomware.
  • Maintain strong password practices and enable multi-factor authentication to protect against unauthorized access.
  • Implement and regularly test incident response plans to ensure a timely and effective response in the event of a ransomware attack.
  • Engage in threat intelligence sharing to stay updated on the latest ransomware variants and tactics used by attackers.
  • Reporting ransomware incidents to law enforcement authorities can contribute to tracking and preventing future attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How does ransomware typically encrypt files on a victim’s computer?

A) By exploiting software vulnerabilities in the operating system

B) Through unauthorized access to the victim’s network shares

C) By encrypting files stored in cloud storage services

D) Via malicious email attachments or links

A

D) Via malicious email attachments or links

Ransomware typically encrypts files on a victim’s computer by using malicious email attachments or links. Victims are often tricked into opening an infected attachment or clicking on a malicious link, which then initiates the encryption process and renders the files inaccessible until a ransom is paid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the common demand made by attackers in a ransomware attack?

A) Immediate removal of the infected computer from the network

B) Public disclosure of the breach and payment of a fine

C) Payment of a ransom in cryptocurrencies to provide a decryption key

D) Surrendering control of the affected system to the attacker

A

C) Payment of a ransom in cryptocurrencies to provide a decryption key.

In a ransomware attack, the common demand made by attackers is the payment of a ransom in cryptocurrencies (such as Bitcoin) in exchange for a decryption key. Attackers leverage the encrypted files as leverage, demanding payment to unlock and restore access to the victim’s data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is a key measure to protect against ransomware attacks?

A) Regularly updating antivirus and anti-malware software

B) Implementing strong password policies for user accounts

C) Training employees on email phishing awareness

D) All of the above

A

D) All of the above

All the mentioned measures are key to protecting against ransomware attacks. Regularly updating antivirus and anti-malware software helps defend against known malware strains, including ransomware. Implementing strong password policies helps prevent unauthorized access to systems and network shares. Training employees on email phishing awareness educates them about recognizing and avoiding malicious email attachments or links, which are common ransomware infection vectors. Employing all these measures together strengthens the organization’s defence against ransomware attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Trojans

A

Trojan:
- A trojan is a type of malicious software that disguises itself as harmless software.

  • It typically carries hidden malicious software inside and executes it when the user runs the seemingly harmless software.
  • Trojans do not replicate like viruses; they are single instances of malicious code.
  • Trojans run in the background and perform various malicious activities without the user’s knowledge.
  • They can be discovered as running processes if properly identified.
  • Botnet Trojan:
  • A botnet trojan infects a computer, giving remote control to a handler.
  • The infected computer becomes part of a botnet, a network of compromised computers controlled by the handler.
  • Botnets can range from a few computers to tens of thousands under centralized control.
  • Computers in a botnet, known as bots, can be used for launching Distributed Denial of Service (DDoS) attacks.
  • Bots function normally until instructed by the handler to launch attacks against specific targets.
  • RAT: Remote Access Trojan:
  • RAT is a trojan that installs software on a computer, allowing unauthorized remote access.
  • It creates a backdoor or listens for connections from specific sources.
  • Once remote access is established, the attacker can launch attacks or repeatedly access the compromised system.
  • RATs can be used as a launchpad for attacks on other systems or for stealing/compromising data.
  • Intrusions by RATs often go undetected for a significant duration, with an average discovery time of approximately 200 days.
  • Proxy Trojan:
  • A proxy trojan uses a compromised computer as a proxy, acting on behalf of another computer.
  • Similar to how an ISP’s proxy connects to websites on behalf of a user, a proxy trojan makes connections to servers.
  • The destination server sees the connection as coming from the compromised computer, not the true source.
  • This can be used to hide the true source of malicious activity, making it appear as if the compromised computer is responsible.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What differentiates a trojan from other types of malware?

A) It replicates and spreads autonomously
B) It disguises itself as harmless software
C) It targets vulnerabilities in the operating system
D) It uses social engineering techniques to trick users

A

B) It disguises itself as harmless software

What sets trojans apart from other types of malware is their ability to disguise themselves as harmless software. Trojans often masquerade as legitimate or desirable programs to trick users into executing them. Once executed, the trojan carries out its hidden malicious activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the primary characteristic of a botnet trojan?

A) It encrypts files on the victim’s computer

B) It grants unauthorized remote access to the attacker

C) It forms a network of compromised computers under remote control

D) It steals sensitive information from the victim’s system

A

C) It forms a network of compromised computers under
remote control

The primary characteristic of a botnet trojan is its ability to create a network of compromised computers under remote control. Once infected, the computers become part of a botnet, which is then directed by a remote handler. The compromised computers, known as bots, can be used collectively to launch coordinated attacks, such as Distributed Denial of Service (DDoS) attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the purpose of a remote access trojan (RAT)?

A) To launch Distributed Denial of Service (DDoS) attacks

B) To act as a proxy server for internet connections

C) To provide unauthorized remote access to a compromised computer

D) To replicate and spread across multiple systems

A

C) To provide unauthorized remote access to a compromised computer

The purpose of a remote access trojan (RAT) is to provide unauthorized remote access to a compromised computer. Once installed, the RAT allows an attacker to control the compromised system remotely. This can enable the attacker to perform various malicious activities, such as exfiltrating data, launching additional attacks, or maintaining persistent access to the compromised system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the main purpose of a proxy trojan?

A) To encrypt sensitive files on the victim’s computer

B) To act as a communication intermediary between the user and the destination server

C) To replicate itself and spread across multiple computers

D) To disable antivirus software and firewall protection on the victim’s computer

A

B) To act as a communication intermediary between the user and the destination server

The main purpose of a proxy trojan is to act as a communication intermediary between the user and the destination server. When a computer is compromised by a proxy trojan, it sits between the user’s computer and the destination server, intercepting and relaying communications. The destination server sees the connection as originating from the compromised computer, rather than the true source. This allows the malicious actor to hide their identity and potentially engage in illicit activities, as the connection appears to come from the compromised computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Active Content

A
  • Active content refers to the code downloaded from the web that is executed locally by the browser, allowing for dynamic and interactive elements on websites.
  • Previously, web content was primarily static, consisting of text and graphics, but modern websites utilize active content to deliver animations, audio, video, and other dynamic features.
  • Technologies enabling active content include Java Applets, ActiveX, JavaScript, and Flash.
  • Active content raises concerns regarding the source and trustworthiness of the code, its intended actions, and potential access to other parts of the computer.
  • Instances of active content containing trojan software with malicious activities have been observed.
  • Browsers offer controls to restrict active content, such as warning prompts or blocking execution, but limiting active content can impact the browsing experience.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following technologies enables the execution of code locally within a web browser, allowing for dynamic and interactive content?

A) Cascading Style Sheets (CSS)
B) Hypertext Markup Language (HTML)
C) Java Applets
D) Secure Socket Layer (SSL)

A

C) Java Applets

Java Applets are one of the technologies that enable the execution of code locally within a web browser, allowing for dynamic and interactive content. Java Applets are small programs written in the Java programming language that can be embedded into web pages and run within a browser’s Java Virtual Machine (JVM). They provide enhanced functionality and interactivity on websites. However, it’s important to note that Java Applets have become less prevalent in modern web development due to security concerns and compatibility issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which technology enables client-side scripting and interactivity in web browsers?

A) Cascading Style Sheets (CSS)
B) Hypertext Markup Language (HTML)
C) JavaScript
D) Secure Socket Layer (SSL)

A

C) JavaScript

JavaScript is the technology that enables client-side scripting and interactivity in web browsers. It is a programming language that runs on the client side, meaning it is executed by the user’s web browser rather than on the server. JavaScript allows developers to add dynamic behaviour to web pages, manipulate DOM elements, handle events, and interact with server-side data. It is widely used in modern web development for creating interactive and responsive user interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
A
  • Threat vectors are the various ways through which malware can enter a computer system.
  • Drive-by downloads occur when a user visits an infected website, leading to unintentional malware downloads onto their computer.
  • Downloading or installing software from the internet, especially from unknown or untrusted sources, can introduce malware onto a computer.
  • Infected media, such as USB sticks, can easily transport malware to a computer when plugged in.
  • Malware can also enter a system through network connections, taking advantage of vulnerabilities in the network.
  • Email attachments are a common method for malware dissemination, with users being tricked into opening attachments containing malware.
  • Email attachments are particularly notorious for spreading ransomware, a type of malware that encrypts files and demands a ransom for their release.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following is a common threat vector for disseminating ransomware?

A) Drive-by downloads from infected websites
B) Software downloaded from reputable sources
C) Infected media during production
D) Email attachments

A

D) Email attachments

Email attachments are particularly notorious for spreading ransomware, a type of malware that encrypts files and demands a ransom for their release.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Protective Measures

A
  • Firewalls: Personal firewalls on end-point computers and network firewalls can be configured to block certain types of traffic or traffic from specific sites or IP addresses.
  • Network Controls: Network filters, access lists on routers, gateway devices, and proxy servers can be implemented to control and filter traffic, including email attachments and web-based traffic.
  • Antivirus/Antimalware Solutions: Antivirus or antimalware software helps detect and block known malware by identifying unique signatures. However, they may not be effective against zero-day attacks.
  • Manual Controls: Measures such as using a sheep dip computer to scan external media, implementing Data Loss Prevention (DLP) systems to track data movement, and controlling software and file entry into the organization.
  • Intrusion Detection Systems (IDS): IDS detects patterns of malicious network activity based on a database of known signatures and raises alerts for further investigation.
  • Intrusion Prevention Systems (IPS): IPS, similar to a firewall, can dynamically block potentially malicious traffic based on signatures, providing more proactive protection than IDS.
  • Application Whitelisting: Also known as allow lists, application whitelisting allows only approved applications to run on a computer, preventing the execution of unauthorized software.
  • System Hardening: System hardening involves configuring a computer to eliminate unnecessary applications, network connections, and services that are not required, reducing potential attack surfaces.

Note: IDS and IPS can be implemented at the network level (NIDS/NIPS) to protect a segment of the network or at the host level (HIDS/HIPS) to protect individual computers. Host-based systems can provide additional protection by monitoring activities on specific hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which protective measure is designed to filter and block specific types of traffic based on defined rules?

a) Firewalls
b) Antivirus solutions
c) Intrusion Detection Systems (IDS)
d) Application whitelisting

A

a) Firewalls

Firewalls can be configured to deny certain types of traffic or block traffic from specific sites or IP addresses, providing network-level filtering and protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the primary purpose of antivirus or antimalware solutions?

a) Blocking unauthorized access to the network

b) Preventing Distributed Denial of Service (DDoS) attacks

c) Detecting and blocking known malware based on unique signatures

d) Monitoring and logging network traffic for analysis

A

c) Detecting and blocking known malware based on unique signatures

Antivirus or antimalware solutions are designed to identify and block known malware by recognizing their unique signatures, providing protection against viruses, worms, trojans, and other identified threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which protective measure involves scanning external media on an isolated computer before authorizing its installation into an internal network?

a) Intrusion Detection Systems (IDS)

b) Network controls

c) Manual controls

d) Application whitelisting

A

c) Manual controls

Manual controls include measures such as scanning external media on an isolated computer (sheep dip) before allowing installation into the internal network, ensuring the files are certified as clean.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which protective measure monitors network traffic patterns for known malicious activities and raises alerts for further investigation?

a) Intrusion Prevention Systems (IPS)

b) Application whitelisting

c) Intrusion Detection Systems (IDS)

d) System hardening

A

c) Intrusion Detection Systems (IDS)

IDS examines network traffic for patterns that match known malicious signatures, raising alerts to indicate potential security incidents that require investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is the key difference between Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)?

a) IDS blocks potentially malicious traffic, while IPS raises alerts for further investigation.

b) IDS raises alerts for potentially malicious traffic, while IPS blocks the traffic.

c) IDS and IPS are the same, just different names for the same technology.

d) IDS and IPS both block and raise alerts for potentially malicious traffic.

A

b) IDS raises alerts for potentially malicious traffic, while IPS blocks the traffic.

IDS detects and raises alerts for suspicious network activity, while IPS goes a step further and actively blocks potentially malicious traffic to prevent it from reaching its destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which protective measure restricts the execution of unauthorized software by allowing only approved applications to run on a particular computer?

a) Firewalls

b) Antivirus solutions

c) Application whitelisting

d) System hardening

A

c) Application whitelisting

Application whitelisting allows administrators to specify which applications are allowed to run on a computer, preventing the execution of unauthorized software and reducing the risk of malware infections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which protective measure involves configuring a computer to eliminate unnecessary applications, network connections, and services?

a) Intrusion Prevention Systems (IPS)

b) Application whitelisting

c) System hardening

d) Manual controls

A

c) System hardening

System hardening involves optimizing the configuration of a computer by removing unnecessary applications, network connections, and services, reducing potential vulnerabilities and attack surfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Additional Preventative Measures

A
  1. Additional Preventative Measures:
    • Patching: Implement a robust patching regime to keep systems up to date and remediate vulnerabilities.
    • Operational Policies: Follow best practices in system operation, use code from reliable sources, and adhere to safe coding practices.
    • User Awareness: Conduct comprehensive user awareness training programs to educate users about Internet risks, safe practices, and the importance of avoiding opening suspicious attachments.
  2. Technical Controls:
    • IDS and IPS: Intrusion Detection Systems (IDS) detect and raise alerts for suspicious network activity, while Intrusion Prevention Systems (IPS) actively block potentially malicious traffic.
    • Defence-in-Depth: Implement multiple layers of controls to ensure security, with each layer complementing the others and providing a backup in case of control failure.
    • Network Connectivity: With the expansion of networks, including the Internet, remote working, VPN connections, and various devices, it is crucial to secure multiple entry points and authorize only authorized connections.
    • Physical, Administrative, and Technical Layers: Defence-in-depth strategy includes physical security measures, administrative policies, and technical controls to provide comprehensive protection against malware threats.

Note: It’s important to have a holistic approach to security by combining technical measures with operational and user awareness practices to effectively mitigate the risks posed by malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the purpose of implementing a robust patching regime?

a) To improve network connectivity

b) To remediate vulnerabilities

c) To enhance user awareness

d) To install antivirus software

A

b) To remediate vulnerabilities

A robust patching regime ensures that all systems are kept up to date with the latest patches, which helps in addressing vulnerabilities and reducing the risk of malware exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the primary goal of user awareness training programs?

a) To enforce operational policies

b) To implement technical controls

c) To educate users about safe practices

d) To manage network connectivity

A

c) To educate users about safe practices

User awareness training programs aim to educate users about the risks associated with Internet usage, opening suspicious attachments, and following best practices to minimize the likelihood of malware entering the organization’s systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

How can operational policies contribute to malware prevention?

a) By securing physical entry points

b) By establishing defence-in-depth strategies

c) By following safe coding practices

d) By implementing intrusion detection system

A

c) By following safe coding practices

Operational policies that promote safe coding practices, such as using code from reliable sources and adhering to industry best practices, can help prevent the introduction of malware into the organization’s systems by ensuring the integrity and security of the software being developed and deployed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Network Intrusion Detection System (NIDS)

A

A Network Intrusion Detection System (NIDS) is a computer software application that can detect and report network security problems by monitoring network or system activities for malicious or anomalous behaviour.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Network Intrusion Preventions System (NIPS)

A

A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Host Intrusion Detection System (HIDS)

A

A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analysing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Host Intrusion Prevention System (HIPS)

A

The Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity attempting to negatively affect your computer. HIPS utilizes advanced behavioural analysis coupled with the detection capabilities of network filtering to monitor running processes, files and registry keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is the purpose of an Intrusion Detection System (IDS)?

a) To prevent unauthorized access to the network

b) To detect and raise alerts on malicious network activity

c) To encrypt data transmissions over the network

d) To filter and control web-based traffic

A

b) To detect and raise alerts on malicious network activity

An IDS is designed to monitor network traffic and identify patterns of potentially malicious activity. It detects known signatures of malicious traffic and raises alerts for further investigation and response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is the main difference between a Network Intrusion Detection System (NIDS) and a Host Intrusion Detection System (HIDS)?

a) NIDS is deployed on individual hosts, while HIDS covers the entire network.

b) NIDS can block malicious traffic, while HIDS can only raise alerts.

c) NIDS is signature-based, while HIDS is behaviour-based.

d) NIDS protects against external threats, while HIDS focuses on internal threats.

A

d) NIDS protects against external threats, while HIDS focuses on internal threats.

NIDS is deployed at the network level to monitor and detect external threats targeting the network. HIDS, on the other hand, is installed on individual hosts to monitor and detect internal threats originating from within the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is the function of an Intrusion Prevention System (IPS)?

a) To encrypt data transmissions over the network

b) To block potentially malicious network traffic

c) To detect and raise alerts on unauthorized access attempts

d) To filter and control web-based traffic

A

b) To block potentially malicious network traffic

An IPS is designed to actively block or prevent potentially malicious network traffic based on known signatures or patterns. It goes beyond detection (like an IDS) and can dynamically block or restrict traffic to prevent security breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is the purpose of application whitelisting?

a) To encrypt data transmissions over the network

b) To block all applications except those on an approved list

c) To detect and raise alerts on malicious applications

d) To filter and control web-based traffic

A

b) To block all applications except those on an approved list

Application whitelisting allows only authorized or approved applications to run on a computer or network. It restricts the execution of unapproved applications, reducing the risk of malware infiltration by allowing only known and trusted applications to operate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Defence in Depth

A

Defence in depth is a strategy that leverages multiple security measures to protect an organization’s assets. The thinking is that if one line of defence is compromised, additional layers exist as a backup to ensure that threats are stopped along the way. Defence in depth addresses the security vulnerabilities inherent not only with hardware and software but also with people, as negligence or human error are often the cause of a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is the primary concept behind Defence in Depth?

A) Deploying a single layer of security controls to protect the organization.

B) Creating multiple layers of security controls to provide overlapping defence.

C) Focusing solely on physical security measures to protect the perimeter.

D) Implementing strong encryption algorithms to secure network traffic.

A

B) Creating multiple layers of security controls to provide overlapping defence.

Defence in Depth is a strategy that involves implementing multiple layers of security controls to provide overlapping protection. This approach recognizes that no single security measure can provide complete security. By deploying a combination of physical, technical, and administrative controls, organizations create multiple barriers that make it more difficult for attackers to penetrate their systems. This multi-layered approach enhances the overall security posture and helps mitigate risks associated with single points of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Protecting the Perimeter

A

An organization has both a physical perimeter and a technical perimeter that require defence.

Physical Perimeter: Secured using physical measures like locks, fences, and access control.

Technical Perimeter: The entry point to the network from the outside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Firewall

A

The primary defence mechanism for the technical perimeter is a firewall. Firewall provides separation between two or more networks.

It acts as a barrier that filters and controls incoming and outgoing network traffic.

A firewall is a security device that can be either a physical hardware device or a software-based application. Its primary function is to protect the network by filtering and blocking traffic.

  • Two-way protection: A firewall performs filtering in both directions. It not only blocks inbound traffic to prevent unauthorized access to the internal network but also prevents unauthorized data leakage or loss by blocking certain outbound traffic.
  • Blocking unwanted traffic: Firewalls can block unwanted traffic and help prevent malicious software from entering the network. They can provide different levels of protection, ranging from blocking traffic from specific sources to blocking traffic based on content.
  • Gatekeeper function: Firewalls act as gatekeepers by controlling the flow of traffic through the firewall. They analyse the traffic and make forwarding decisions based on manually configured rules.
  • Rule-based configuration: Firewall rules define what traffic is allowed to pass through the firewall, while denying all other traffic. These rules can be configured based on the following criteria:
    • Source address of the traffic
    • Destination address of the traffic
    • Protocols being used (e.g., web, file transfer, email)
    • Content of the traffic
  • Effective firewall configuration: To ensure an effective firewall, it is important to determine what traffic needs to be controlled and in which direction. This requires proper configuration of rules and settings to align with the organization’s security policies and requirements.
  • Regular review and updates: Firewalls should be regularly reviewed and updated to adapt to changing security threats and to ensure they remain effective in protecting the network. This includes reviewing and modifying firewall rules as needed and keeping the firewall software up to date with the latest patches and firmware.
  • Integration with other security measures: Firewalls are an integral part of a layered security approach. They should be integrated with other security measures, such as intrusion detection and prevention systems (IDS/IPS), antivirus software, and access control mechanisms, to provide comprehensive network protection.
  • Ongoing monitoring and logging: Firewalls should be monitored and logged to track network traffic, detect anomalies, and investigate security incidents. Monitoring and logging data can be analysed to identify potential security breaches or policy violations.
  • Regular security audits: Periodic security audits should be conducted to assess the effectiveness of the firewall configuration and ensure compliance with security standards and regulations.
  • User awareness: Users should be educated about the role of firewalls and the importance of following security policies and best practices. User awareness training can help prevent unauthorized access attempts and ensure responsible use of network resources.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is the primary function of a firewall? (select two)

a) Filtering and blocking outbound traffic

b) Filtering and blocking inbound traffic

c) Encrypting network communications

d) Authenticating network users

A

a) Filtering and blocking outbound traffic
b) Filtering and blocking inbound traffic

At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which of the following criteria can be used to configure firewall rules?

a) Source address of the traffic

b) Destination address of the traffic

c) Protocols being used

d) All of the above

A

d) All of the above

Firewall rules can be configured based on the source address, destination address, and protocols being used to control the traffic flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is the purpose of a two-way protection in a firewall?

a) To prevent unauthorized access to the internal network

b) To prevent unauthorized data leakage or loss

c) To block inbound traffic only

d) To block outbound traffic only

A

b) To prevent unauthorized data leakage or loss

Two-way protection in a firewall ensures that not only inbound traffic is blocked but also unauthorized outbound traffic to prevent data leakage or loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

How does a firewall act as a gatekeeper?

a) By physically securing the network perimeter

b) By analysing and controlling the flow of traffic

c) By encrypting network communications

d) By monitoring user activities on the network

A

b) By analysing and controlling the flow of traffic

Firewalls act as gatekeepers by analysing network traffic and making decisions based on configured rules to control the flow of traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which of the following security measures should be integrated with a firewall?

a) Intrusion Detection and Prevention Systems (IDS/IPS)

b) Antivirus software

c) Access control mechanisms

d) All of the above

A

d) All of the above

A firewall should be integrated with other security measures like IDS/IPS, antivirus software, and access control mechanisms to provide comprehensive network protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Type of Firewall

A
  1. Packet Filter Firewall:
    - Most common type of firewall.
    - Filters traffic based on addresses and protocols.
    - Determines the source and destination addresses of packets and the protocol used.
    - Can allow or deny traffic based on predefined rules.
    - Primarily focuses on the form and type of traffic.
  2. Web Application Firewall (WAF):
    - Specifically designed for web traffic.
    - Examines the content of data packets to and from web applications.
    - Prevents undesirable content from being downloaded or uploaded.
    - Protects web applications from common web-based attacks.
  3. Proxy Firewall:
    - Acts as an intermediary between client browsers and web servers.
    - Analyses traffic passing through the proxy.
    - Can provide additional security measures and control over network traffic.
    - Offers enhanced privacy and anonymity by masking the client’s IP address.
  4. Multi-Layer Stateful Inspection Firewall:
    - Combines various functionalities in one firewall.
    - Performs packet filtering, content inspection, and connection analysis.
    - Verifies the integrity and state of network connections.
    - Provides advanced security features and comprehensive protection.
    - Ensures traffic is in the correct direction and meets specific criteria.
  5. Next-Generation Firewall (NGFW):
    - Incorporates features of multi-layer firewalls and adds advanced capabilities.
    - Includes antivirus scanning for incoming traffic.
    - Integrates identity and access management solutions.
    - Responds to advanced attacks with enhanced threat intelligence.
    - Offers comprehensive security controls and features.

Summary of Firewall Functions:
- Intercepts and controls traffic between two points.
- Uses rule sets to define allowed or denied traffic.
- Protects the technical perimeter of the network.
- Filters content to prevent undesirable or malicious data.
- Helps enforce the organization’s security policy.
- Generates an audit trail by logging all firewall activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which type of firewall is primarily based on addresses and protocols and filters traffic between two points?

a) Packet Filter Firewall

b) Web Application Firewall

c) Proxy Firewall

d) Next-Generation Firewall

A

a) Packet Filter Firewall

Packet Filter Firewall:
- Most common type of firewall.
- Filters traffic based on addresses and protocols.
- Determines the source and destination addresses of packets and the protocol used.
- Can allow or deny traffic based on predefined rules.
- Primarily focuses on the form and type of traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A firewall that specifically examines web traffic and prevents undesirable content from being downloaded or uploaded is known as:

a) Packet Filter Firewall

b) Web Application Firewall

c) Proxy Firewall

d) Next-Generation Firewall

A

b) Web Application Firewall

Web Application Firewall (WAF):
- Specifically designed for web traffic.
- Examines the content of data packets to and from web applications.
- Prevents undesirable content from being downloaded or uploaded.
- Protects web applications from common web-based attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which type of firewall acts as an intermediary between client browsers and web servers, providing enhanced security measures and control over network traffic?

a) Packet Filter Firewall

b) Web Application Firewall

c) Proxy Firewall

d) Next-Generation Firewall

A

c) Proxy Firewall

Proxy Firewall:
- Acts as an intermediary between client browsers and web servers.
- Analyses traffic passing through the proxy.
- Can provide additional security measures and control over network traffic.
- Offers enhanced privacy and anonymity by masking the client’s IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

A firewall that combines packet filtering, content inspection, and connection analysis into one device is called:

a) Packet Filter Firewall

b) Web Application Firewall

c) Proxy Firewall

d) Multi-Layer Stateful Inspection Firewall

A

d) Multi-Layer Stateful Inspection Firewall

Multi-Layer Stateful Inspection Firewall:
- Combines various functionalities in one firewall.
- Performs packet filtering, content inspection, and connection analysis.
- Verifies the integrity and state of network connections.
- Provides advanced security features and comprehensive protection.
- Ensures traffic is in the correct direction and meets specific criteria.

78
Q

Which type of firewall incorporates advanced capabilities such as antivirus scanning, identity and access management, and enhanced threat intelligence?

a) Packet Filter Firewall

b) Web Application Firewall

c) Proxy Firewall

d) Next-Generation Firewall

A

d) Next-Generation Firewall

Next-Generation Firewall (NGFW):
- Incorporates features of multi-layer firewalls and adds advanced capabilities.
- Includes antivirus scanning for incoming traffic.
- Integrates identity and access management solutions.
- Responds to advanced attacks with enhanced threat intelligence.
- Offers comprehensive security controls and features.

79
Q

The DMZ (Demilitarized Zone)

A
  1. DMZ (Demilitarized Zone):
  • A DMZ is a subnetwork that functions as a protected and monitored segment of an organization’s network.
  • It acts as an exposed point to untrusted networks, typically the Internet.
  • The goal of a DMZ is to add an extra layer of security to an organization’s local area network.
  • It allows external traffic to reach certain services while protecting the internal network from direct access.
  1. Purpose of a DMZ:
  • The DMZ exists to protect hosts that are vulnerable to attacks, such as email and web servers.
  • By placing these hosts in the DMZ, they are isolated from the internal network and provide a layer of protection.
  • A properly implemented DMZ helps detect and mitigate security breaches before they reach the internal network.
  1. Implementing a DMZ:
  • There are two common methods: a single firewall (three-legged model) or dual firewalls.
  • Single firewall: Involves using a single firewall with a minimum of 3 network interfaces. The DMZ is placed inside this firewall, creating separation from the external network and internal network.
  • Dual firewall: The more secure approach involves using two firewalls. The frontend firewall only allows traffic to the DMZ, while the backend firewall controls traffic from the DMZ to the internal network.
  1. Network Components:
  • Hubs: Basic network devices that provide connectivity by broadcasting data to all connected devices.
  • Switches: More advanced network devices that create a direct connection between devices, allowing for better performance and security.
  • Routers: Network devices that connect different networks together and direct traffic based on IP addresses.
80
Q

What is the purpose of a DMZ in a network architecture?

A) To provide additional storage capacity for network devices

B) To protect vulnerable hosts from external attacks

C) To establish secure VPN connections between different networks

D) To monitor network traffic for potential security breaches

A

B) To protect vulnerable hosts from external attacks

The primary purpose of a DMZ in network architecture is to provide an additional layer of security by isolating vulnerable hosts, such as web servers or email servers, from the internal network. It acts as a buffer zone between the trusted internal network and the untrusted external network.

81
Q

How does a DMZ enhance network security?

A) By blocking all incoming network traffic

B) By providing a secure platform for internal communication

C) By isolating vulnerable hosts from the internal network

D) By encrypting all data transmissions within the network

A

C) By isolating vulnerable hosts from the internal network

A DMZ enhances network security by isolating vulnerable hosts from the internal network. This helps to prevent unauthorized access to sensitive internal resources and reduces the risk of compromising the entire network if a DMZ host is compromised.

82
Q

Which of the following is a common example of a service hosted in a DMZ?

A) Database server for internal employee data

B) Internal email server for company communication

C) File server for storing sensitive customer information

D) Web server for hosting public-facing websites

A

D) Web server for hosting public-facing websites

Hosting a web server for public-facing websites is a common example of a service that is placed in a DMZ. By placing the web server in the DMZ, organizations can provide public access to the website while minimizing the risk to their internal network.

83
Q

What is the primary goal of implementing a DMZ in a network?

A) To create a barrier against unauthorized physical access

B) To optimize network performance and reduce latency

C) To ensure compliance with data protection regulations

D) To detect and mitigate security breaches before they reach the internal network

A

D) To detect and mitigate security breaches before they reach the internal network

The primary goal of implementing a DMZ is to detect and mitigate security breaches before they reach the internal network. By monitoring and controlling the traffic entering and leaving the DMZ, organizations can identify and respond to potential threats before they can impact the internal network.

84
Q

Which network architecture involves using two firewalls to create a DMZ?

A) Single firewall model

B) Triple firewall model

C) Dual firewall model

D) Quadruple firewall model

A

C) Dual firewall model

The network architecture that involves using two firewalls to create a DMZ is known as the dual firewall model. In this model, the first firewall allows traffic destined for the DMZ, while the second firewall controls the traffic that moves from the DMZ to the internal network. Using two firewalls adds an extra layer of protection and helps prevent unauthorized access to the internal network.

85
Q

Network Devices - The Hub

A

Provides physical connectivity for devices to connect and communicate with each other.

Lacks intelligence and does not have knowledge of the destination of traffic.

Forwards traffic to all connected devices, which can lead to interception of contents.

Operates in half-duplex mode, allowing communication in one direction at a time.

Collisions occur when data packets collide on the wire, leading to retransmissions and increased network delays.

86
Q

Which of the following statements accurately describes a hub?

a) A hub intelligently routes traffic between connected devices.

b) A hub provides physical connectivity but lacks intelligence.

c) A hub performs network address translation (NAT) for secure communication.

d) A hub enables wireless devices to connect to a wired network.

A

b) A hub provides physical connectivity but lacks intelligence.

A hub simply provides physical connectivity for devices to connect and communicate with each other. It lacks intelligence and does not have knowledge of the destination of traffic.

87
Q

What is a drawback of using a hub in a network?

a) Hubs can selectively forward traffic to specific devices.

b) Hubs operate in full-duplex mode, allowing simultaneous transmission and reception.

c) Hubs minimize collisions and improve network performance.

d) Hubs forward traffic to all connected devices, increasing the risk of interception and collisions.

A

d) Hubs forward traffic to all connected devices, increasing the risk of interception and collisions.

A hub forwards traffic to all connected devices, regardless of whether the intended recipient is there or not. This increases the risk of interception of contents and introduces collisions, leading to retransmissions and network delays.

88
Q

Network Devices - The Switch

A

The switch is an improved network device compared to the hub, offering more functionality and enhanced network security.

A switch provides physical connectivity like a hub but with the advantage of intelligence.

Devices connected to a network have both an IP address and a MAC address.

The MAC address is a unique identifier that stays with the device regardless of its IP address.

When devices connect to a switch, their MAC addresses are stored in a memory table.

A switch uses its intelligence to identify the destination device based on its MAC address and forwards traffic only to that device.

This ensures that other connected devices do not see the traffic, improving security.

Switches enable simultaneous communication in both directions, known as full duplex, using separate pairs of wires.
Unlike hubs, switches eliminate collisions on the network.

Switches can have additional capabilities, such as creating logical switches (VLANs) and implementing additional security measures on each switch port.

89
Q

What is the main advantage of using a switch instead of a hub in a network?

a) A switch provides physical connectivity.

b) A switch eliminates collisions on the network.

c) A switch allows simultaneous communication in both directions.

d) A switch stores IP addresses of connected devices.

A

b) A switch eliminates collisions on the network.

Unlike hubs, which operate in half-duplex mode and can cause collisions when data packets collide on the wire, switches operate in full-duplex mode and eliminate collisions. Switches provide separate pairs of wires for communication in each direction, ensuring efficient and collision-free data transmission.

90
Q

What is the purpose of the MAC address in a switch?

a) To identify the destination IP address.

b) To provide physical connectivity.

c) To uniquely identify a device on the network.

d) To create logical switches (VLANs).

A

c) To uniquely identify a device on the network.

The MAC address (Media Access Control) is a unique identifier assigned to a network interface card (NIC) of a device. In a switch, MAC addresses are stored in a memory table, allowing the switch to identify the destination device based on its MAC address and forward traffic only to that specific device.

91
Q

What feature enables simultaneous communication in both directions on a switch?

a) IP addressing

b) Full duplex

c) VLANs

d) Switch ports

A

b) Full duplex

Full duplex is the feature that enables simultaneous communication in both directions on a switch. Unlike half-duplex communication, where data can flow in only one direction at a time, full duplex allows data to be transmitted and received simultaneously on separate pairs of wires. This increases the efficiency and speed of data transmission in the network.

92
Q

Network Devices - The Router

A

The router connects networks together and acts as a point of connectivity for forwarding traffic from one network to another.

Routers make forwarding decisions based on the IP address of the traffic.

The Internet is composed of thousands of networks interconnected with routers.

Routers exchange information with neighbouring routers to determine the best path for forwarding traffic.

If a link between two routers breaks, the routers can dynamically select an alternative path if available, allowing the network to heal itself.

Routers maintain a routing table that contains information about networks, which is used to make forwarding decisions.
Routers can be configured with access lists, similar to firewall rules, to control traffic flow between neighbouring networks.

93
Q

Which of the following is a primary function of a router?

a) Connecting devices within a network

b) Filtering and blocking network traffic

c) Connecting networks and forwarding traffic

d) Providing wireless connectivity

A

c) Connecting networks and forwarding traffic

A router’s primary function is to connect networks together and forward traffic between them. Routers examine the IP address of incoming traffic and determine the best path for forwarding it to its destination across different networks.

94
Q

What does a routing table in a router contain?

a) MAC addresses of connected devices

b) IP addresses of neighbouring routers

c) Information about connected networks

d) Access control rules for network traffic

A

c) Information about connected networks

A routing table in a router contains information about connected networks, including the network addresses and the corresponding interfaces through which traffic should be forwarded. This information helps the router make routing decisions and determine the next hop for traffic destined to different networks.

95
Q

How do routers handle network failures and maintain connectivity?

a) By rerouting traffic through neighbouring routers

b) By establishing secure VPN connections

c) By implementing firewall rules to block traffic

d) By prioritizing traffic based on QoS settings

A

a) By rerouting traffic through neighbouring routers

When a link between two routers breaks or a network becomes unavailable, routers exchange information with neighbouring routers and dynamically select alternative paths, if available, to reroute traffic and maintain connectivity. This helps ensure that network communication continues even in the event of failures or network changes.

96
Q

IP addressing

A

All devices connected to a network require a unique IP (Internet Protocol) address.

IP addresses consist of a source and destination address for communication, and routers use the destination address to forward traffic.

IPv4 is the most widely used version of IP addressing, based on a 32-bit binary number represented by four octets (four sets of eight binary bits).

The IP address space was originally divided into classes but became less relevant as address consumption increased.

Typical IP addresses encountered are those used by home broadband routers, such as 192.168.0.X, where X represents a specific host on the network.

Certain IP addresses are reserved for specific functions, such as private use within a network (e.g., 192.168.0.X).

The growth of the Internet led to the creation of IPv6, which uses a larger address space of 128 binary bits (converted to hexadecimal).

IPv6 addresses are much larger and represented in a shorter or longer form. E.G. 2001:0db8:85a3:0000:0000:8a2e:0370:7334

IPv6 provides an ample address space to accommodate the increasing number of devices connected to the Internet.

97
Q

Which version of IP addressing is based on a 32-bit binary number represented by four octets?

A) IPv4
B) IPv6
C) IPX/SPX
D) ICMP

A

A) IPv4

IPv4 is based on a 32-bit binary number represented by four octets (four sets of eight binary bits).

98
Q

What is the range of the highest IP address in the IPv4 address space?

A) 255.255.255.255
B) 192.168.0.1
C) 10.0.0.0
D) 127.0.0.1

A

A) 255.255.255.255

In the IPv4 address space, the highest IP address is represented as 255.255.255.255.

99
Q

What is the main reason for the development of IPv6?

A) To provide a larger address space
B) To improve network security
C) To increase network speed
D) To simplify network configuration

A

A) To provide a larger address space

IPv6 was developed to address the issue of IPv4 address exhaustion and to provide a significantly larger address space with 128 binary bits, accommodating the increasing number of devices connected to the Internet.

100
Q

VLANs

A
  • VLAN stands for Virtual LAN and it involves dividing a single physical switch into multiple logical switches.
  • VLANs create virtual networks that appear as separate devices, allowing for logical separation and improved network security.
  • Devices within the same VLAN can communicate with each other, while communication between VLANs requires the use of a router.
  • Multiple VLANs can be created on a single switch to accommodate different groups or functions.
  • To enable communication between VLANs across multiple switches, trunk connections are used.
  • Trunk connections carry data between switches and also identify the VLAN to which the data belongs.
  • VLAN trunking is the concept of establishing trunk connections between switches to facilitate communication between VLANs.
101
Q

What is the primary purpose of VLANs in a network?

A) To physically separate devices connected to a switch

B) To logically separate devices connected to a switch

C) To increase network bandwidth

D) To enhance wireless connectivity

A

B) To logically separate devices connected to a switch

VLANs create virtual networks within a physical switch, allowing devices to be logically separated and isolated from one another. This segregation improves network security and provides flexibility in grouping devices based on function or department.

102
Q

How can devices in different VLANs communicate with each other?

A) Through direct communication within the switch

B) By using a router

C) By establishing trunk connections

D) By configuring VLAN access control lists (ACLs)

A

B) By using a router

VLANs create separate broadcast domains, and communication between VLANs requires the use of a router. The router forwards traffic between VLANs based on their IP addresses, enabling inter-VLAN communication.

103
Q

What is the purpose of VLAN trunking?

A) To connect multiple switches physically

B) To enable communication between devices within the same VLAN

C) To establish logical separation within a VLAN

D) To facilitate communication between VLANs across multiple switches

A

D) To facilitate communication between VLANs across multiple switches

VLAN trunking involves establishing trunk connections between switches, allowing the transmission of data between VLANs. Trunk connections carry data and also identify the VLAN to which the data belongs, enabling communication between VLANs in different switches.

104
Q

Wireless Networks

A
  • Wireless networks combine wired and wireless connectivity or can be purely wireless, eliminating the need for physical cables.
  • Wireless networks transmit data as radio waves, making interception possible for anyone within range of the wireless signal.
  • Early wireless networks lacked security, making traffic interception straightforward. The radio waves extend beyond the network boundary, allowing potential interception from outside.
  • Each wireless network is identified by an SSID (Service Set Identifier), which is broadcasted regularly. Using a recognizable SSID can make a network a target. Hiding the network by disabling SSID broadcast provides some security but can still be discovered.
  • Wireless security has evolved over time to protect transmitted data:
    • WEP (Wired Equivalent Privacy): Totally obsolete and should not be used.
    • WPA (Wi-Fi Protected Access): Also obsolete and should not be used.
    • WPA2 (WPA version 2): Currently the most common wireless security and still recommended for use.
    • WPA3 (WPA version 3): The latest version, not yet widely adopted but provides enhanced security.
  • When configuring wireless networks, it is important to use the latest available security measures and evaluate network security before connecting.
  • Public places often offer free wireless networks without proper security measures. Using a VPN (Virtual Private Network) can provide additional security if the network lacks encryption.
105
Q

Which wireless security protocol is considered obsolete and should not be used?

a) WPA
b) WPA2
c) WEP
d) WPA3

A

c) WEP

WEP is an outdated wireless security protocol that is no longer considered secure and should not be used. It has known vulnerabilities that make it easy for attackers to compromise the network.

106
Q

What does SSID stand for in the context of wireless networks?

a) Secure Signal Identifier
b) Service Set Identifier
c) Wireless Network Identifier
d) Secure Network Identifier

A

b) Service Set Identifier

SSID is a unique name assigned to a wireless network. It helps identify and differentiate one wireless network from another. Devices use the SSID to determine which network to connect to when multiple networks are available.

107
Q

Why is it recommended to use a VPN when connecting to public wireless networks without encryption?

a) To hide the SSID and make the network invisible

b) To bypass any authentication requirements

c) To provide an extra layer of encryption and secure the connection

d) To increase the signal strength and improve connection speed

A

c) To provide an extra layer of encryption and secure the connection

When connecting to public wireless networks that do not have proper encryption, using a VPN (Virtual Private Network) can add an additional layer of security by encrypting the data transmitted between the device and the VPN server, protecting it from potential eavesdropping or interception by malicious actors.

108
Q

Security Activities

A
  1. Monitoring and Alerting:
  • Automated monitoring helps identify potential incidents and avert them.
  • Centralizing logs from devices to a central point improves efficiency.
  • SIEM (Security Information and Event Management) systems provide capabilities such as centralizing logs, correlating events, setting thresholds for alerting, and producing reports.
  1. Security Operations Centre (SOC):
  • SOC manages the SIEM and performs various security functions.
  • Activities of a SOC include continuous monitoring, preventative maintenance, alert management, threat response, incident recovery, log management, compliance management, and security process improvement.
  • SOC enhances security incident detection and response through ongoing analysis and continuous activity monitoring.
  1. Additional Security Activities:
  • Vulnerability assessments help identify weaknesses in systems and infrastructure.
  • Periodic penetration testing evaluates the effectiveness of security controls by simulating real-world attacks.
  • Digital forensic capabilities may be part of a SOC’s role to investigate incidents and gather evidence.
109
Q

What is the main purpose of a Security Information and Event Management (SIEM) system?

A) Centralize log information in one place

B) Conduct vulnerability assessments

C) Perform penetration testing

D) Manage access control systems

A

A) Centralize log information in one place

SIEM systems are designed to collect and centralize log entries from various devices and sources. They provide a centralized repository for log information, enabling correlation, analysis, and alerting functionalities.

110
Q

What is the primary responsibility of a Security Operations Centre (SOC)?

A) Conduct vulnerability assessments

B) Perform digital forensics

C) Monitor and manage security incidents

D) Develop security policies and procedures

A

C) Monitor and manage security incidents

The main responsibility of a SOC is to continuously monitor the security posture, detect and respond to security incidents, and manage the overall incident response process. They coordinate incident handling, investigate root causes, and ensure timely response and recovery.

111
Q

What is the purpose of conducting periodic penetration testing?

A) Identify vulnerabilities in systems and infrastructure

B) Centralize log information in one place

C) Continuously monitor security events

D) Manage access control systems

A

A) Identify vulnerabilities in systems and infrastructure

Periodic penetration testing involves simulating real-world attacks on systems and infrastructure to identify vulnerabilities and weaknesses in security controls. It helps organizations assess the effectiveness of their security measures and prioritize remediation efforts.

112
Q

Vulnerability Assessments

A
  1. Vulnerability assessments involve analysing systems for known vulnerabilities and flaws that could be exploited.
  2. Technical vulnerability assessments use applications like Nessus, which have a database of known vulnerabilities.
  3. Vulnerability scans are conducted against the vulnerability database to identify outstanding patches and assess the criticality of vulnerabilities.
  4. Vulnerability assessments may provide information about potential exploits that could be leveraged.
  5. Regular vulnerability scans should be conducted, and the scanning software should be kept up to date with the latest known vulnerabilities.
  6. Vulnerability assessment is a standalone activity, but it is also incorporated into a penetration test.
113
Q

What is the purpose of a vulnerability assessment?

A) To exploit system vulnerabilities for testing purposes

B) To analyse and identify known vulnerabilities in systems

C) To simulate real-world cyber attacks

D) To develop secure coding practices

A

B) To analyse and identify known vulnerabilities in systems

A vulnerability assessment aims to identify and assess vulnerabilities in systems or applications, providing insights into potential weaknesses that could be exploited by attackers.

114
Q

Which of the following tools is commonly used for conducting technical vulnerability assessments?

A) Firewall
B) Intrusion Detection System (IDS)
C) Nessus
D) Proxy Server

A

C) Nessus

Nessus is an example of an application used for technical vulnerability assessments. It contains a database of known vulnerabilities and performs scans against this database to identify vulnerabilities and provide information about patches and potential exploits.

115
Q

How often should vulnerability scans be conducted?

A) Once a year
B) Every six months
C) Quarterly
D) Regularly and on an ongoing basis

A

D) Regularly and on an ongoing basis

Vulnerability scans should be conducted regularly to ensure that systems are continuously assessed for known vulnerabilities. The frequency may vary depending on factors such as the organization’s risk appetite and the nature of the systems being assessed.

116
Q

Penetration Testing

A
  • Penetration testing is the process of simulating the actions of a malicious person to validate the security of a technical environment.
  • It involves using hacker tools and techniques to discover and exploit vulnerabilities.
  • Penetration tests can be conducted externally (testing what is visible to the outside world) or internally (simulating an attacker with access to the premises and network).
  • Different types of penetration tests include:
    Black Box Test (no knowledge of the target)
    Grey Box Test (partial knowledge)
    White Box Test (full knowledge)
  • Prior permission and agreement from the network and system owners are crucial before conducting any penetration test.
  • Actions to be carried out before a penetration test include defining the scope, signing a non-disclosure agreement, determining how vulnerabilities will be handled, specifying the tools and techniques to be used, considering potential disruptions, and addressing social engineering techniques.
  • The results of a penetration test are presented in a report, which includes findings, methods used, and recommendations for remediation.
  • The pen test report is a sensitive document that should be protected to prevent vulnerabilities from falling into the wrong hands.
117
Q

What is the primary objective of penetration testing?

A) To validate the security footprint of the organization

B) To gain unauthorized access to sensitive information

C) To disrupt normal operations of the network

D) To simulate the actions of an insider attacker

A

A) To validate the security footprint of the organization

Penetration testing aims to identify vulnerabilities and assess the security of a technical environment, not to gain unauthorized access or disrupt operations

118
Q

Which type of penetration test simulates a typical external attacker with no prior knowledge of the target network?

A) Black Box Test
B) Grey Box Test
C) White Box Test
D) Red Team Test

A

A) Black Box Test

In a Black Box Test, the tester has no knowledge of the target network and simulates a typical external attacker. Grey Box Test involves partial knowledge, and White Box Test involves full knowledge of the target network. Red Team Test refers to a broader, more comprehensive assessment involving multiple techniques.

119
Q

What should be carried out prior to conducting a penetration test?

A) Signing a non-disclosure agreement
B) Exploiting discovered vulnerabilities
C) Conducting a social engineering attack
D) Disrupting normal operations

A

A) Signing a non-disclosure agreement

Prior to conducting a penetration test, it is essential to establish the scope, sign a non-disclosure agreement, and obtain permission from the network and system owners. Exploiting vulnerabilities, conducting social engineering attacks, or disrupting normal operations may not be allowed or desired during the test.

120
Q

Acceptable Use Policy

A
  • Acceptable Use Policy (AUP) is an administrative control that supports technical security measures.
  • Policies are mandates and statements of intent that are mandatory within an organization.
  • A series of policies cover aspects of how technology should be used, including acceptable use, email, passwords, remote access, and home working.
  • The AUP defines the acceptable use of computer and network-related equipment and services within the organization.
  • A typical AUP may include “do not” statements to define unacceptable behaviour.
  • Common areas covered by the AUP include downloading/installing unauthorized software, infringing copyright, accessing inappropriate material, causing offense to others, affecting network infrastructure, using unauthorized identities/passwords, sharing personal credentials, and engaging in unauthorized activities on the network infrastructure.
  • The use of the Internet is a significant aspect of AUP, and access should be appropriate, legal, and aligned with corporate governance principles.
  • AUP helps protect individuals from engaging in illegal activities and safeguards the organization’s operations and reputation
121
Q

What is the purpose of an Acceptable Use Policy (AUP)?

A) To enforce technical security measures

B) To define acceptable and unacceptable use of computer and network resources

C) To regulate administrative controls in an organization

D) To ensure compliance with legal regulations

A

B) To define acceptable and unacceptable use of computer and network resources

An Acceptable Use Policy (AUP) outlines the rules and guidelines for the appropriate use of technology resources within an organization, defining what is acceptable and what is not.

122
Q

Which of the following is a typical topic covered by an Acceptable Use Policy (AUP)?

A) Encryption standards

B) Social media usage guidelines

C) Disaster recovery procedures

D) Physical access control measures

A

B) Social media usage guidelines

An Acceptable Use Policy (AUP) may cover various topics, including acceptable use, email, passwords, remote access, and home working. Social media usage guidelines are commonly included in an AUP to provide guidance on appropriate behaviour when using social media platforms.

123
Q

Why is an Acceptable Use Policy (AUP) important for an organization?

A) It ensures compliance with legal and ethical standards.

B) It enables technical security measures to function effectively.

C) It establishes guidelines for physical access control.

D) It regulates software licensing agreements.

A

A) It ensures compliance with legal and ethical standards.

An Acceptable Use Policy (AUP) helps organizations establish guidelines and rules to ensure that employees and users of technology resources comply with legal regulations and ethical standards. It promotes responsible and appropriate use of resources to protect individuals and maintain the organization’s reputation

124
Q

Network Management

A

Network management involves routine tasks to ensure the functionality and security of the network.

Tasks include network monitoring, logging, anti-malware updates, patching, and vulnerability scanning.

Tools like IDS and IPS can be used to learn and distinguish between normal and malicious network behaviour.

Good network management requires an understanding of infrastructure, risks, countermeasures, business processes, policies, and regulatory requirements.

Metrics and measurement are essential for monitoring and improvement processes.

Regular reporting to senior management is necessary to demonstrate return on investment and progress towards goals.

125
Q

Which of the following tasks is NOT typically associated with network management?

A) Network monitoring
B) Patching
C) Anti-malware updates
D) Data encryption

A

D) Data encryption

Data encryption is not typically considered a task of network management. Data encryption is more closely related to securing services and protecting data during transmission. Network management tasks typically include network monitoring, patching, and anti-malware updates to ensure the functionality and security of the network.

126
Q

What is an essential component of effective network management?

A) Knowledge of infrastructure and system architecture
B) Strict enforcement of acceptable use policies
C) Regular reporting to senior management
D) Implementation of advanced intrusion detection systems

A

A) Knowledge of infrastructure and system architecture

Knowledge of infrastructure and system architecture is an essential component of effective network management. Understanding the network’s physical and intangible assets, system architecture, and interconnectivity helps in managing and securing the network effectively.

127
Q

Securing Services

A
  • Protective measures are needed for real-time activities such as communication, web services, e-commerce, and data exchange.
  • Remote working and collaborative tools have become more prevalent, requiring secure connections and encryption.
  • Awareness training is important to prevent social engineering and phishing attacks on social media platforms.
  • Legacy technologies like modems can be susceptible to attacks such as war-dialling.
  • Wi-Fi should use secure protocols, and remote workers must use VPN connections for added security on public wireless networks.
  • Mobile technologies and data capabilities of 3G, 4G, and 5G networks are growing in importance.
  • Web services should be protected with authentication and secure connections using the latest TLS version.
128
Q

Which of the following is a recommended measure for securing network services?

A) Implementing strong passwords
B) Enforcing physical access controls
C) Performing regular vulnerability scans
D) Conducting data backups

A

C) Performing regular vulnerability scans

Performing regular vulnerability scans is a recommended measure for securing network services. Vulnerability scans help identify potential weaknesses or vulnerabilities in the network infrastructure, allowing organizations to address them proactively and reduce the risk of exploitation.

129
Q

Cloud Computing

A
  • Cloud computing provides on-demand availability of computer system resources without direct user management.
  • It involves the use of a network of remote servers hosted on the Internet for storing, managing, and processing data.
  • Cloud computing relies on virtualization to create virtual machines (VMs) running on shared hardware resources.
  • Virtualization allows for greater hardware utilization and consolidation, providing a higher return on investment.
  • Cloud environments can host multiple VMs, with hardware resources allocated appropriately.
130
Q

What is the primary benefit of virtualization in cloud computing?

A) Greater hardware utilization
B) Reduced network latency
C) Enhanced data encryption
D) Improved end-user experience

A

A) Greater hardware utilization

Greater hardware utilization is the primary benefit of virtualization in cloud computing. Virtualization allows for the consolidation of multiple virtual machines (VMs) on shared hardware resources, resulting in more efficient use of the physical hardware and a higher return on investment.

131
Q

What is a characteristic of cloud computing?

A) Direct active management by the user
B) Exclusive use of physical servers
C) Distributed functions across multiple data centres
D) Reliance on local server infrastructure

A

C) Distributed functions across multiple data centres

Distributed functions across multiple data centres is a characteristic of cloud computing. Cloud computing involves the on-demand availability of computer system resources, with functions distributed over multiple locations, typically data centres. This distribution allows for scalability, redundancy, and increased availability of services.

132
Q

Cloud Computing Characteristics

A
  1. Terminology in cloud computing includes the cloud provider, consumer/subscriber, and tenant.
  2. There are six essential characteristics of cloud computing:a) On-demand self-service: Consumers can provision computing capabilities without human interaction.b) Broad network access: Capabilities are accessible over the network via various client platforms.c) Resource pooling: Computing resources are pooled and dynamically assigned to serve multiple consumers.d) Rapid elasticity: Capabilities can be quickly scaled up or down based on demand.e) Measured service: Resource usage is automatically monitored and metered, allowing for pay-as-you-use billing.f) Multi-tenancy: Resources are allocated and controlled to ensure isolation between different end user organizations.
  3. Cloud resources can be delivered using different service and deployment models.
  4. Service models describe how user organizations utilize services provided by cloud providers.
133
Q

Which cloud computing characteristic allows consumers to provision computing capabilities automatically without requiring human interaction with the service provider?

a) Broad network access
b) On-demand self-service
c) Resource pooling
d) Rapid elasticity

A

b) On-demand self-service

On-demand self-service is a cloud computing characteristic that enables consumers to unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without the need for human interaction with the service provider.

134
Q

Which cloud computing characteristic ensures that different end user organizations or tenants are isolated from and inaccessible to one another?

a) Multi-tenancy
b) Measured service
c) Rapid elasticity
d) Resource pooling

A

a) Multi-tenancy

Multi-tenancy is a cloud computing characteristic that involves allocating and controlling resources in a way that different end user organizations or tenants are isolated and cannot access each other’s processing and data. This ensures data privacy and security between different tenants.

135
Q

Which cloud computing characteristic allows for the automatic scaling of resources based on demand?

a) Resource pooling
b) Measured service
c) Rapid elasticity
d) On-demand self-service

A

c) Rapid elasticity

Rapid elasticity is a cloud computing characteristic that enables capabilities to be elastically provisioned and released, allowing for rapid scaling of resources outward and inward based on demand. This scalability ensures that computing resources can efficiently accommodate fluctuating workloads.

136
Q

Cloud Computing - Software as a Service (SaaS)

A

SaaS stands for Software as a Service.

In SaaS, the consumer uses applications provided by the cloud service provider.

The applications are accessed through client devices, either through a program interface or a web browser.

The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating system, or storage.

Configuration options for the application are limited to user settings.

Examples of SaaS include Microsoft Office 365, Adobe Creative Suite, and Salesforce.

SaaS is typically subscription-based, where users pay for the service on a recurring basis.

User files are typically stored within the cloud, which should be considered when terminating a subscription.

137
Q

Which of the following statements best describes Software as a Service (SaaS)?

A) SaaS allows consumers to manage and control the underlying cloud infrastructure.

B) SaaS provides physical servers and storage devices to consumers.

C) SaaS offers applications that can only be accessed through a specific web browser.

D) SaaS allows consumers to configure the underlying cloud infrastructure.

A

C) SaaS offers applications that can only be accessed through a specific web browser.

In the SaaS model, applications are provided by the cloud service provider and accessed by consumers through a web browser or program interface. Consumers do not manage or control the underlying cloud infrastructure.

138
Q

Which of the following is an example of Software as a Service (SaaS)?

A) Amazon Web Services (AWS)
B) Dropbox
C) VMware
D) Cisco Webex

A

D) Cisco Webex

Cisco Webex is a collaboration and communication tool that is delivered as a SaaS solution. Amazon Web Services (AWS) is an example of Infrastructure as a Service (IaaS), Dropbox is a cloud storage service, and VMware is a virtualization software provider.

139
Q

What is a characteristic of Software as a Service (SaaS)?

A) Consumers have full control over the underlying cloud infrastructure.

B) Configuration options for the application are highly customizable.

C) SaaS applications are typically accessed through a web browser.

D) SaaS offers unlimited storage space for user files.

A

C) SaaS applications are typically accessed through a web browser.

In the SaaS model, applications are accessed by consumers through a web browser or program interface. Consumers do not have full control over the underlying cloud infrastructure, and the configuration options for the application are usually limited. The amount of storage space provided may vary depending on the specific SaaS provider and subscription plan.

140
Q

Cloud Computing - Platform as a Service (PaaS)

A
  • Platform as a Service (PaaS) allows consumers to deploy their own or acquired applications into a cloud environment.
  • Consumers can execute their applications within the cloud using libraries and tools provided by the PaaS provider.
  • Consumers are responsible for configuring and managing their applications and any data created within the PaaS environment.
  • Consumers do not have access to the underlying operating system or have control over the cloud infrastructure.
  • Examples of PaaS include Microsoft Windows Azure and Force.com.
  • With PaaS, consumers have the ability to use and customize their own applications within the cloud environment, but they cannot access or manage the underlying infrastructure.
141
Q

What is a characteristic of Platform as a Service (PaaS)?

A) Consumers have complete control over the underlying cloud infrastructure.

B) Consumers can configure or manage the applications deployed in the cloud.

C) Consumers have access to the operating system of the cloud infrastructure.

D) Consumers are responsible for maintaining and managing the physical servers

A

B) Consumers can configure or manage the applications deployed in the cloud.

The consumer is responsible for and can configure the
application and manage any data created but the consumer does not have access
to the operating system or manage the underlying cloud infrastructure.

142
Q

Which of the following is an example of Platform as a Service (PaaS)?

A) Amazon Web Services (AWS)
B) Google Cloud Platform (GCP)
C) Microsoft Windows Azure
D) Salesforce

A

C) Microsoft Windows Azure

Windows Azure is a well-known example of a PaaS provider. It offers a platform for consumers to deploy and manage their own applications within the Azure cloud environment.

143
Q

What is the primary benefit of Platform as a Service (PaaS)?

A) Complete control over the cloud infrastructure.
B) Access to the underlying operating system.
C) Simplified application deployment and management.
D) Ability to customize the physical servers.

A

C) Simplified application deployment and management.

One of the key benefits of PaaS is that it provides a platform for consumers to deploy and manage their applications without having to worry about the underlying infrastructure. PaaS abstracts away the complexities of infrastructure management, allowing consumers to focus on their applications.

144
Q

Cloud Computing - Infrastructure as a Service (IaaS)

A
  1. Infrastructure as a Service (IaaS) is a cloud computing model that provides consumers with virtualized access to computing resources such as processing power, storage, and network infrastructure. The consumer has control over the operating system and software stack, while the underlying physical infrastructure is managed by the cloud provider.
  2. Consumer’s control and capabilities: With IaaS, the consumer has the ability to provision and manage virtual servers within the cloud environment. They can choose the operating system and software configurations for their servers, as well as scale resources up or down based on their needs. The consumer has administrative control over their virtual infrastructure, allowing them to configure and manage it as if it were a physical environment.
  3. Benefits of IaaS: IaaS offers several benefits to organizations, including:
    • Scalability: Consumers can easily scale their computing resources up or down based on demand, allowing for flexibility and cost optimization.
    • Cost savings: By using virtual infrastructure instead of investing in physical hardware, organizations can reduce capital expenditure and operational costs.
    • Agility: IaaS enables rapid deployment of new applications and services, allowing organizations to quickly respond to business needs and market changes.
    • Disaster recovery and business continuity: IaaS providers often offer built-in backup and disaster recovery capabilities, ensuring data resilience and minimizing downtime.
  4. Security considerations: While IaaS provides control and flexibility, it also introduces security considerations. Some key points to remember include:
    • Shared security responsibility: The cloud provider is responsible for securing the underlying infrastructure, while the consumer is responsible for securing their applications and data within the virtual environment.
    • Data protection: Consumers should implement appropriate encryption and access controls to protect sensitive data stored and transmitted within the IaaS environment.
    • Identity and access management: Strong authentication and access controls should be in place to prevent unauthorized access to the virtual infrastructure and resources.
    • Monitoring and logging: Implementing robust monitoring and logging mechanisms helps detect and respond to security incidents and ensures compliance with regulatory requirements.
  5. Examples of IaaS providers: Popular examples of IaaS providers include Amazon Web Services (AWS) Elastic Compute Cloud (EC2), Microsoft Azure Virtual Machines, and Google Cloud Platform (GCP) Compute Engine. These platforms offer a wide range of computing resources and services to support organizations’ infrastructure needs.
145
Q

Which of the following statements accurately describes Infrastructure as a Service (IaaS)?

A) IaaS provides access to virtual computer infrastructure with no control over the operating system.

B) IaaS allows consumers to provision processing, storage, and network resources with control over the operating system.

C) IaaS offers physical infrastructure management but limited control over the virtual environment.

D) IaaS focuses on software deployment and configuration rather than infrastructure provisioning.

A

B) IaaS allows consumers to provision processing, storage, and network resources with control over the operating system.

In IaaS, consumers have the flexibility to manage their virtual infrastructure, including the operating system and applications running on it.

146
Q

Which of the following is a key benefit of Infrastructure as a Service (IaaS)?

A) Limited scalability options for computing resources.
B) Direct access to the underlying physical infrastructure.
C) Control over the operating system and applications.
D) Minimal administrative responsibilities for the consumer.

A

C) Control over the operating system and applications.

With IaaS, consumers have the freedom to customize and configure their operating systems and applications according to their specific requirements.

147
Q

What is the primary responsibility of the consumer in Infrastructure as a Service (IaaS)?

A) Managing the physical infrastructure and data centres.

B) Provisioning and managing virtual computing resources.

C) Developing and maintaining applications on the infrastructure.

D) Ensuring network security and data encryption.

A

B) Provisioning and managing virtual computing resources.

In IaaS, the consumer is responsible for provisioning the required computing resources, such as servers, storage, and network, and managing them within the virtual environment provided by the IaaS provider. The physical infrastructure and data centre management are the responsibilities of the IaaS provider.

148
Q

Cloud Computing - Deployment Models

A

Private Cloud: Provisioned for exclusive use by a single organization and may be owned, managed, and operated by the organization or a third party. It can exist on or off-premise.

Community Cloud: Provisioned for the exclusive use of a specific community of users with shared concerns. It may be owned or managed by organizations within the community or a third party and can exist on or off-premise.

Public Cloud: Provisioned for open use by the public and not restricted to any particular entity or community. It can be owned, managed, and operated by businesses, academic or government organizations, and can be hosted anywhere in the world.

Hybrid Cloud: A composition of two or more deployment models bound together by standardized or proprietary technology to enable data and application portability.

149
Q

Which deployment model of cloud computing involves the provision of cloud infrastructure for exclusive use by a single organization, either owned and managed by the organization itself or a third party?

A) Private Cloud
B) Community Cloud
C) Public Cloud
D) Hybrid Cloud

A

A) Private Cloud

In the private cloud deployment model, the cloud infrastructure is provisioned for exclusive use by a single organization. It may be owned, managed, and operated by the organization or a third party. This model is designed to cater to the needs of a specific organization comprising multiple consumers.

150
Q

Which deployment model of cloud computing is provisioned for the exclusive use of a specific community of users with shared concerns, and may be owned or managed by one or more organizations in the community or a third party?

A) Private Cloud
B) Community Cloud
C) Public Cloud
D) Hybrid Cloud

A

B) Community Cloud

In the community cloud deployment model, the cloud infrastructure is provisioned for the exclusive use of a specific community of users with shared concerns. It may be owned or managed by one or more organizations in the community or a third party. This model allows organizations with similar requirements to share cloud resources.

151
Q

Which deployment model of cloud computing is provisioned for open use by the public and not restricted to any particular entity or community, and can be owned, managed, and operated by various entities?

A) Private Cloud
B) Community Cloud
C) Public Cloud
D) Hybrid Cloud

A

C) Public Cloud

In the public cloud deployment model, the cloud infrastructure is provisioned for open use by the public. It is not restricted to any particular entity or community and can be owned, managed, and operated by businesses, academic or government organizations, or any combination of these entities. Public cloud services are accessible to anyone over the internet.

152
Q

Which deployment model of cloud computing is a composition of two or more models, bound together by standardized or proprietary technology to enable data and application portability?

A) Private Cloud
B) Community Cloud
C) Public Cloud
D) Hybrid Cloud

A

D) Hybrid Cloud

The hybrid cloud deployment model combines two or more deployment models, such as private, community, or public clouds, which remain unique entities but are bound together by technology to enable data and application portability. This model allows organizations to leverage the benefits of multiple cloud models while maintaining flexibility and control over their resources.

153
Q

Benefits of Cloud Computing

A

Initial costs: Cloud deployment eliminates significant upfront capital expenditure as there is no need to purchase and configure company-owned infrastructure.

Ongoing costs: Local equipment does not depreciate, and maintenance is not required. The subscription model allows for better budgeting and predictability.

Economies of scale: Multi-tenanted physical servers in data centre’s are more cost-efficient than separate physical server environments.

Operational responsibilities: Cloud providers take responsibility for availability and a degree of protection, but ownership and accountability of data remain with the consumer or subscriber.

Eliminates knowledge of location: The cloud can be located anywhere, improving resilience and security, provided jurisdictional requirements are satisfied.

Scalability: Cloud resources can be rapidly scaled up or down based on demand, allowing businesses to have resources available when needed and return them when not required.

154
Q

Which of the following is a key economic benefit of cloud computing?

A) Enhanced data security
B) On-premises infrastructure maintenance
C) Increased network latency
D) Dependency on physical hardware

A

B) On-premises infrastructure maintenance

The economic benefit of cloud computing includes the reduction of on-premises infrastructure maintenance costs. With cloud computing, organizations do not have to bear the expenses of maintaining and managing their own physical infrastructure, including servers, networking equipment, and data centres. These responsibilities are transferred to the cloud service provider, resulting in cost savings for the organization.

155
Q

Which of the following is a scalability benefit of cloud computing?

A) Limited resource availability
B) Inflexible infrastructure
C) High upfront capital expenditure
D) Rapid provisioning of resources

A

D) Rapid provisioning of resources

Cloud computing offers the benefit of rapid provisioning of resources. Organizations can quickly scale up or down their computing resources based on demand. This agility allows them to accommodate fluctuations in workload and efficiently meet their resource requirements without delays or significant investments.

156
Q

Which of the following is a strategic advantage of cloud computing?

A) Increased data dependency
B) Geographical limitations
C) Improved business agility
D) Reduced connectivity options

A

C) Improved business agility

Cloud computing provides organizations with improved business agility, which is a strategic advantage. By leveraging the cloud, organizations can quickly adapt to market changes, deploy new services or applications, and respond to customer needs faster. The scalability, flexibility, and accessibility of cloud resources enable organizations to be more agile and responsive in their operations.

157
Q

Control and Vulnerabilities of Cloud Computing

A

Control:
Infrastructure as a Service (IaaS) provides the greatest control over resources

Platform as a Service (PaaS) limits control to applications

Software as a Service (SaaS) is the most restrictive with the cloud provider controlling all resources.

Vulnerabilities: Cloud computing introduces vulnerabilities such as dependency on connectivity, susceptibility to DDoS attacks, reliance on cloud providers’ management and configuration skills, and the need to manage hardware lifecycle to avoid performance issues.

158
Q

Which service model of cloud computing provides the subscriber with the greatest control over their resources?

A) Software as a Service (SaaS)
B) Platform as a Service (PaaS)
C) Infrastructure as a Service (IaaS)
D) Hybrid Cloud

A

C) Infrastructure as a Service (IaaS)

Among the given options, Infrastructure as a Service (IaaS) provides the subscriber with the greatest control over their resources. In the IaaS model, the consumer has control over the operating system, applications, and other elements within the cloud infrastructure. They can provision and manage their own servers, choose the operating system and software, and have more granular control compared to other service models.

159
Q

Which vulnerability is associated with the dependence on connectivity in cloud computing?

A) Misconfiguration
B) Exposure to external communication and access
C) Becoming outdated
D) Data breaches

A

B) Exposure to external communication and access

The vulnerability associated with the dependence on connectivity in cloud computing is exposure to external communication and access. Cloud computing heavily relies on network connectivity for users to access and interact with cloud services. Any disruption or outage in connectivity can impact the availability and accessibility of cloud resources. Additionally, cloud services are susceptible to distributed denial-of-service (DDoS) attacks, which can result in service unavailability.

160
Q

Cloud Computing Vulnerabilities - Exposure to external communication and access

A

Cloud computing relies entirely on connectivity, and without it, cloud services cannot function.

Disruptions in connectivity can have a significant impact on businesses relying on cloud services. For example, an outage in Microsoft Office 365, a commonly used cloud application, can disrupt business operations.

Cloud environments are vulnerable to Distributed Denial of Service (DDoS) attacks, where an overwhelming amount of traffic is directed at the cloud infrastructure, causing service unavailability.

It is essential to have measures in place to ensure continuous connectivity, such as redundant network connections and backup communication channels.

Robust security measures, including network monitoring and intrusion detection systems, should be implemented to mitigate the risk of DDoS attacks and unauthorized access to cloud resources.

161
Q

Which of the following best describes the vulnerability associated with exposure to external communication and access in cloud computing?

A) Dependence on physical infrastructure
B) Susceptibility to Distributed Denial of Service (DDoS) attacks
C) Limited control over resources
D) Lack of scalability

A

B) Susceptibility to Distributed Denial of Service (DDoS) attacks.

Exposure to external communication and access in cloud computing makes the cloud environment vulnerable to DDoS attacks. DDoS attacks involve overwhelming the cloud infrastructure with a massive amount of traffic, rendering the services unavailable to legitimate users. These attacks exploit the cloud’s reliance on connectivity and can disrupt business operations. It is essential for organizations to implement robust security measures to mitigate the risk of DDoS attacks and ensure the continuous availability of cloud services.

162
Q

Cloud Computing Vulnerabilities - Misconfiguration

A

Misconfiguration in cloud computing refers to improper setup or management of the cloud infrastructure.

Cloud providers are responsible for managing and configuring the physical infrastructure in all service models.

There is a reliance on the cloud provider to have the necessary skills and processes in place to ensure proper configuration.

In service models that allow subscribers to configure their own needs, prerequisite skills and knowledge are required within the subscriber organization.

Misconfiguration can lead to security vulnerabilities, performance issues, and operational disruptions.

It is important for both the cloud provider and the subscriber to have expertise and proper understanding of the cloud environment to mitigate the risks associated with misconfiguration.

163
Q

What is misconfiguration in cloud computing?

A

Cloud misconfigurations are vulnerabilities waiting to happen. Malicious attackers are always hunting for misconfigured cloud assets because they can be a doorway to the theft of location data, passwords, financial information, phone numbers, health records and other exploitable personal data.

164
Q

Which of the following statements is true regarding misconfiguration in cloud computing?

A) Misconfiguration refers to the responsibility of the cloud provider to manage and configure the physical infrastructure.

B) Misconfiguration can only occur in the Infrastructure as a Service (IaaS) model, where subscribers have control over their resources.

C) Misconfiguration can lead to security vulnerabilities, performance issues, and operational disruptions.

D) Misconfiguration is solely the responsibility of the subscriber, as they have the freedom to configure their cloud environment.

A

C) Misconfiguration can lead to security vulnerabilities, performance issues, and operational disruptions.

Misconfiguration refers to improper setup or management of the cloud infrastructure, which can have serious consequences for the overall functionality and security of the cloud environment. It is a shared responsibility between the cloud provider and the subscriber to ensure proper configuration and mitigate the risks associated with misconfiguration.

165
Q

Cloud Computing Vulnerabilities - Out Dated

A

Cloud environments rely on a large amount of physical infrastructure.

This infrastructure has a life cycle, and hardware becomes outdated over time.

Periodic replacement of hardware is necessary to maintain optimal performance.

Failure to manage technology updates and replacements can lead to degraded performance levels.

It is important for cloud providers to effectively manage hardware refresh cycles to ensure reliable and up-to-date infrastructure.

Subscribers should consider the cloud provider’s hardware management practices when evaluating cloud services.

166
Q

Which of the following statements best describes the concept of becoming outdated in cloud computing?

A) It refers to the dependency on physical infrastructure for cloud environments.

B) It highlights the need for periodic replacement of hardware in the cloud.

C) It emphasizes the importance of managing technology updates in the cloud.

D) It indicates the potential performance degradation due to outdated cloud software.

A

B) It highlights the need for periodic replacement of hardware in the cloud.

Becoming outdated in cloud computing refers to the fact that hardware used in cloud environments ages over time and requires regular replacement to maintain optimal performance. This is essential to ensure that the cloud infrastructure remains up to date and capable of meeting the demands of users. The other options in the question, while related to cloud computing, do not specifically address the concept of becoming outdated.

167
Q

Security in the cloud - Trust

A

Cloud computing involves outsourcing services to a third-party provider.

Trust is essential when relying on a cloud provider for service delivery.

The level of trust required for a cloud provider is often higher compared to other suppliers.

Trust is linked to the provider’s ability to deliver security, availability, and privacy.

Cloud users must have confidence in the reliability and integrity of the cloud provider.

Trust is a critical factor in ensuring the success and effectiveness of cloud computing services.

168
Q

Which of the following factors is essential for establishing trust in cloud computing?

A) Cost-effectiveness

B) Compliance with legal regulations

C) Hardware specifications

D) Network bandwidth availability

A

B) Compliance with legal regulations

Establishing trust in cloud computing requires adherence to legal regulations and compliance standards. This ensures that the cloud provider operates within legal frameworks and safeguards the confidentiality, integrity, and availability of data. Compliance with regulations such as data protection and privacy laws builds trust by demonstrating the provider’s commitment to protecting customer data and meeting industry-specific requirements. Factors like cost-effectiveness, hardware specifications, and network bandwidth availability are important but do not directly address the trust aspect in cloud computing.

169
Q

Security in the cloud - Legal Issues

A

Location of data centres: Legislation in many countries requires certain categories of data to be stored within specific jurisdictional boundaries.

Offshoring restrictions: Certain types of privacy and financial data cannot be offshore to ensure compliance with legal requirements.

Backup storage: Considerations arise when cloud providers make backups of data and store them in alternate data centres, ensuring compliance with data protection regulations.

Shared responsibilities: Data protection responsibilities are typically shared between the subscriber and the cloud provider, with clear definitions and accountability remaining with the data owner.

Confidentiality and IP protection: Legal requirements related to confidentiality and protection of intellectual property should be communicated and understood by the cloud provider to ensure compliance.

Note: It’s important to keep in mind that legal requirements may vary depending on the jurisdiction, and it’s advisable to consult relevant legal experts and regulations specific to your region

170
Q

Which of the following is a legal issue associated with cloud computing?

A) Scalability and resource allocation

B) Data centre location and jurisdictional requirements

C) Service level agreements (SLAs) and performance guarantees

D) Encryption and data protection mechanisms

A

B) Data centre location and jurisdictional requirements

Legal issues in cloud computing include considerations related to the location of data centres and compliance with jurisdictional requirements. Many countries have legislation that mandates certain categories of data to be stored within specific jurisdictional boundaries. Offshoring restrictions may apply, and the location of backups is also a factor to consider. Ensuring compliance with legal requirements regarding data centre location is crucial in cloud computing.

171
Q

Security in the cloud - Availability and Resilience

A

Availability is defined in the Service Level Agreement (SLA) between the subscriber and the cloud provider.

Understanding the supplier’s obligations and expected levels of availability is crucial for business-critical activities.

Fall back arrangements should be considered if there is a need for alternative options in case of service disruptions.

Resilience measures, such as distributed and replicated file systems and storage, help prevent data loss in the event of failures.

Legal requirements regarding data distribution across multiple centres should be taken into account.

Using multiple cloud providers can enhance resilience by diversifying resources.

Maintaining off-site backups external to the cloud can provide additional protection against major incidents that may disrupt business operations.

172
Q

Which of the following measures can enhance the availability and resilience of cloud computing environments?

a) Implementing distributed and replicated file systems and storage

b) Relying solely on a single cloud provider for all services

c) Storing backups and data exclusively within the cloud

d) Ignoring legal requirements for data distribution across multiple centres

A

a) Implementing distributed and replicated file systems and storage

This measure helps ensure data redundancy and minimizes the risk of data loss in case of failures. Option b) is incorrect because relying solely on a single cloud provider may increase the vulnerability to service disruptions. Option c) is not recommended as storing backups and data exclusively within the cloud may be insufficient for major incidents that could disrupt business. Option d) is incorrect because legal requirements for data distribution across multiple centres should be considered to meet compliance obligations.

173
Q

Security Responsibilities

A

Security responsibilities in cloud computing vary depending on the service model used.

In traditional on-premises environments, the organization is responsible for all aspects of its infrastructure and security.

In IaaS (Infrastructure as a Service) deployments, the subscriber is responsible for securing applications and operating systems.

In PaaS (Platform as a Service) deployments, the subscriber’s security responsibility is limited to protecting the application and data.

In SaaS (Software as a Service) deployments, the cloud provider assumes responsibility for all aspects of security.

It is essential to have a clear understanding of security responsibilities in the chosen service model to ensure appropriate security measures are implemented.

174
Q

In a cloud computing environment, which service model typically requires the subscriber to be responsible for securing applications and operating systems?

A) Infrastructure as a Service (IaaS)
B) Platform as a Service (PaaS)
C) Software as a Service (SaaS)
D) On-premises deployment

A

A) Infrastructure as a Service (IaaS)

In an IaaS deployment, the cloud provider offers virtualized infrastructure resources, and the subscriber is responsible for managing and securing applications and operating systems. This includes implementing security measures such as access controls, patch management, and configuring firewalls. In contrast, in PaaS and SaaS models, the security responsibilities are typically shared or primarily handled by the cloud provider.

175
Q

Which cloud service model typically places the responsibility for securing applications and data primarily on the cloud provider?

A) Infrastructure as a Service (IaaS)
B) Platform as a Service (PaaS)
C) Software as a Service (SaaS)
D) Hybrid Cloud deployment

A

C) Software as a Service (SaaS)

In a SaaS model, the cloud provider delivers applications over the internet, and they are responsible for securing the applications and the underlying infrastructure. This includes implementing security measures such as access controls, encryption, and vulnerability management. The subscriber’s responsibility mainly revolves around ensuring the security of their own data and user access to the SaaS application.

176
Q

In which cloud service model does the subscriber have the highest level of responsibility for security?

A) Infrastructure as a Service (IaaS)

B) Platform as a Service (PaaS)

C) Software as a Service (SaaS)

D) Public Cloud deployment

A

A) Infrastructure as a Service (IaaS)

In an IaaS model, the cloud provider offers virtualized infrastructure resources, such as servers, storage, and networking, while the subscriber has control over the operating system, applications, and data. With this level of control, the subscriber also assumes the highest level of responsibility for securing the infrastructure, operating systems, applications, and data within their environment. They are responsible for implementing security measures, managing access controls, applying patches and updates, and ensuring the overall security posture of their infrastructure.

In PaaS and SaaS models, the cloud provider takes on more responsibility for security, with the subscriber’s responsibilities focused on securing their applications and data, rather than the underlying infrastructure. Public Cloud deployment refers to the deployment model rather than the specific security responsibilities within a service model.

177
Q

In a Software as a Service (SaaS) model, which of the following security responsibilities typically lies with the cloud provider?

A) Data encryption
B) Application security
C) User access management
D) Network firewall configuration

A

C) User access management

In a Software as a Service (SaaS) model, the cloud provider is responsible for managing user access to the application. This includes tasks such as user authentication, authorization, and identity management. The cloud provider ensures that appropriate access controls are in place to protect the application and its data from unauthorized access.

Data encryption (option A) may be a shared responsibility, with the cloud provider handling encryption of data at rest and in transit, while the subscriber may be responsible for encrypting data within the application. Application security (option B) is typically the responsibility of the subscriber, who is responsible for securing the application code, implementing secure coding practices, and addressing vulnerabilities. Network firewall configuration (option D) is also usually the responsibility of the subscriber, as they configure their own network security controls to protect their application and data.

Therefore, the correct answer is C) User access management, as it is a security responsibility typically handled by the cloud provider in a SaaS model.

178
Q

Security in the cloud - Audit

A

Audit is an important aspect of ensuring trust and security in cloud computing.

  • Cloud providers can undergo security or accreditation processes to gain assurance for their services.
  • The Cloud Security Alliance (CSA) offers programs such as: CSA STAR for formal accreditation of cloud providers.
  • ISO 27001 is a well-known standard for Information Security Management Systems (ISMS) that can be used for accreditation.
  • SOC (Service Organization Control) reports provide third-party audits of the cloud provider’s security.
  • confidentiality, integrity, availability, privacy, business continuity, and operational capabilities.
  • SOC reports are not ISO audits but are closely aligned with similar subject areas. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance
  • Cloud providers may make their SOC reports available to subscribers for assurance.
  • Amazon Web Services (AWS) and Microsoft Azure are examples of cloud providers that publish their latest SOC reports for subscribers to review.
179
Q

Which organization provides a formal accreditation process for cloud providers and maintains a list of accredited suppliers in their Security Trust and Assurance Registry (STAR)?

A) ISO 27001
B) Cloud Security Alliance (CSA)
C) Service Organization Control (SOC)
D) Amazon Web Services (AWS)

A

B) Cloud Security Alliance (CSA)

The Cloud Security Alliance (CSA) offers a formal accreditation process for cloud providers through their Security Trust and Assurance Registry (STAR). They maintain a list of suppliers who have completed this process.

180
Q

What is the purpose of SOC (Service Organization Control) reports in cloud computing?

A) To verify operational capabilities of cloud providers

B) To provide formal ISO audits for cloud providers

C) To certify the compliance of cloud providers with data privacy laws

D) To evaluate the physical security of cloud data centres

A

A) To verify operational capabilities of cloud providers

SOC reports are third-party audits that cover various aspects of security, including operational capabilities, confidentiality, integrity, availability, privacy, and business continuity. They provide assurance regarding the operational capabilities of cloud providers.

181
Q

Cloud Computing - Staffing

A

The subscriber should be concerned about who is running the cloud data centre and ensure the cloud provider has appropriately trained and skilled staff.

Background checks on staff and appropriate security clearances are important factors in building trust with the cloud provider.

When negotiating a contract with a cloud provider, the subscriber should inquire about the background checks conducted during employee hiring, the training provided to staff, and their qualifications and certifications.

The cloud provider’s internal and external audit processes should be examined to ensure proper oversight and accountability.

Employee activities should be tracked and logged, and all processes and procedures should be adequately documented.

Administrators may require a higher level of audit access due to their privileged roles.

Off-boarding processes for staff leaving the cloud provider should be considered to protect data and ensure security.

The same level of diligence and questioning should be applied to staffing in the cloud environment as in managing an on-premises environment.

182
Q

Which of the following questions is important for a subscriber to ask when assessing the staffing practices of a cloud provider?

A) How many data centres does the cloud provider operate?

B) What level of encryption is used to secure the data in the cloud?

C) What background checks do you carry out when employing staff?

D) What are the disaster recovery plans in place for the cloud infrastructure?

A

C) What background checks do you carry out when employing staff?

When assessing the staffing practices of a cloud provider, it is crucial for the subscriber to inquire about the background checks conducted during employee hiring. This helps ensure that the cloud provider has appropriate measures in place to maintain the trust and security of the subscriber’s data. Options A, B, and D are not directly related to staffing practices and do not address the specific concern of verifying the qualifications and trustworthiness of the cloud provider’s staff.

183
Q

Which of the following factors should a subscriber consider when evaluating the staffing practices of a cloud provider?

A) The number of years the cloud provider has been in operation.

B) The physical location of the cloud data centres.

C) The training and qualifications of the cloud provider’s staff.

D) The pricing structure and cost of the cloud services.

A

C) The training and qualifications of the cloud provider’s staff.

When evaluating the staffing practices of a cloud provider, it is essential for the subscriber to consider the training and qualifications of the staff. This ensures that the cloud provider has competent and knowledgeable personnel managing their environment. Options A, B, and D are not directly related to staffing practices and do not address the specific concern of assessing the expertise and qualifications of the cloud provider’s staff.

184
Q

When negotiating a contract with a cloud provider, which of the following questions is relevant to assess the staffing practices?

A) What is the physical location of the cloud data centres?

B) Are all processes and procedures adequately documented?

C) What is the pricing structure for the cloud services?

D) How often does the cloud provider perform backups of the data?

A

B) Are all processes and procedures adequately documented?

When negotiating a contract with a cloud provider, it is important to assess the documentation of processes and procedures. This ensures that the cloud provider has a systematic approach to managing their operations and that their staffing practices are well-documented. Options A, C, and D are not directly related to staffing practices and do not address the specific concern of evaluating the documentation of processes and procedures.

185
Q

Cloud Computing - Data Separation and removal

A

Data separation ensures that your organization’s data stored in the cloud is only accessible by your organization and not by other tenants.

It is crucial to have assurance from the cloud provider regarding how they ensure data separation, especially for highly sensitive data.

When data is no longer needed or is deleted, it is important to have assurance that the data has been permanently removed and cannot be recovered.

The process of data deletion in the cloud should be clearly defined and implemented by the cloud provider.

When exiting the cloud, proper measures should be taken to ensure that all data is removed, without leaving any residual data behind.

Cloud providers may provide verification, such as a destruction certificate, to confirm that all data has been removed.

Alternatively, organizations may choose to copy their data off the cloud and perform a crypto erase, where the storage is encrypted and the encryption key is destroyed to prevent decryption.

After data removal, the cloud provider should delete the storage containers and make them available for new subscribers.

186
Q

Which of the following is a key concern when it comes to data separation in cloud computing?

A) Ensuring high availability of data
B) Minimizing data storage costs
C) Preventing unauthorized access to data
D) Optimizing data processing speed

A

C) Preventing unauthorized access to data

Data separation in cloud computing focuses on preventing unauthorized access to data by ensuring that the data of different organizations or tenants is isolated and inaccessible to others.

187
Q

What is the purpose of data deletion in the context of cloud computing?

A) To recover accidentally deleted data
B) To minimize storage costs for unused data
C) To permanently remove data and prevent recovery
D) To migrate data to a different cloud provider

A

C) To permanently remove data and prevent recovery

Data deletion in cloud computing is performed to permanently remove data and prevent any possibility of recovery, ensuring data privacy and security

188
Q

How can organizations ensure proper data removal when exiting the cloud?

A) Revoke user access rights to the cloud environment

B) Encrypt all data stored in the cloud

C) Obtain a destruction certificate from the cloud provider

D) Perform a crypto erase of the encrypted cloud storage

A

D) Perform a crypto erase of the encrypted cloud storage

When exiting the cloud, organizations can ensure proper data removal by revoking user access rights, encrypting data, and either obtaining a destruction certificate or performing a crypto erase of the encrypted cloud storage.

189
Q

Risk Management in the cloud

A

Risk management in cloud computing is essential and encompasses various areas.

In the traditional on-premises model, organizations are responsible for managing risks such as business continuity and disaster recovery (BCDR), availability, incident management, and legal/regulatory compliance.

When transitioning to the cloud, these areas of risk may still apply but with potential implications and modifications.

BCDR: Assess the cloud provider’s capabilities and contractual obligations for BCDR, and consider modifying your plan in case of cloud failure.

Availability: Understand the level of availability you have subscribed to in the cloud, as it may vary based on your payment and service agreements.

Incident management: Cloud-related incidents may require joint management efforts, and it is crucial to ensure the cloud provider has the necessary capabilities to support investigations and provide relevant incident information.

Legal and regulatory compliance: Jurisdictional differences can complicate compliance efforts, and it is important to understand the legal requirements in the jurisdictions where your cloud provider operates.

190
Q

Which of the following areas may require modifications when managing risk in the cloud compared to the traditional on-premises model?

A) Incident management

B) Legal and regulatory compliance

C) Business continuity and disaster recovery (BCDR)

D) All of the above

A

D) All of the above

In the cloud environment, organizations may need to modify their approach to risk management in various areas, including incident management, legal and regulatory compliance, and business continuity and disaster recovery (BCDR). The cloud introduces new considerations and responsibilities in these domains, requiring organizations to adapt their risk management practices accordingly.

191
Q

What should organizations consider when assessing the cloud provider’s capabilities for business continuity and disaster recovery (BCDR)?

A) The level of availability provided by the cloud provider

B) The contractual obligations regarding BCDR

C) The cloud provider’s incident management procedures

D) The jurisdictional differences in legal compliance

A

B) The contractual obligations regarding BCDR

When assessing the cloud provider’s capabilities for business continuity and disaster recovery (BCDR), organizations should carefully review the contractual obligations specified in their agreement. The contract should outline the cloud provider’s commitments and responsibilities regarding BCDR, ensuring that the provider meets the required standards and can effectively support the organization during disruptions or disasters

192
Q

When managing risk in the cloud, why is understanding the legal requirements in different jurisdictions important?

A) It helps determine the level of availability in the cloud

B) It guides incident management processes

C) It ensures compliance with data protection laws

D) It establishes the cloud provider’s capabilities for business continuity

A

C) It ensures compliance with data protection laws

Understanding the legal requirements in different jurisdictions is crucial for managing risk in the cloud. Each jurisdiction has its own data protection laws and regulations, and organizations must ensure compliance with these laws to protect sensitive data. Failing to meet legal requirements can lead to legal and regulatory consequences, making it essential for organizations to align their cloud operations with the applicable jurisdictional regulations.