Technologies and Tools (5) Flashcards
You work for a large bank. The bank is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the best solution to this problem?
IDS
DLP
Content filtering
DLP
Data loss prevention (DLP) is a broad term encapsulating a family of technologies and policies designed to prevent data from being lost. Limiting the use of unapproved USB devices is one example of DLP
Francine is concerned about employees in her company jailbreaking their COPE devices. What would be the most critical security concern for jailbroken devices?
They would no longer get security patches.
It would disable FDE.
Unauthorized applications could be installed.
Unauthorized applications could be installed.
When a device is jailbroken—particularly an iOS device—the device owner can then install any application they wish onto the device. This can lead to unauthorized, and potentially malicious, applications being installed
You are responsible for mobile device security in your company. Employees have COPE devices. Many employees only enter the office infrequently, and you are concerned that their devices are not receiving firmware updates on time. What is the best solution for this problem?
Scheduled office visits for updates
OTA updates
Moving from COPE to BYOD
OTA updates
Over-the-air (OTA) updates are accomplished wirelessly. This can be done over a cellular network, wherever the device is. Using OTA updates for the mobile devices is the most efficient solution
Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?
RADIUS
Diameter
TACACS +
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is an older authentication and access control protocol, but it uses UDP. The other options mentioned do not use UDP
You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?
Disable wireless access.
Implement a WAF.
Implement a policy against tethering.
Implement a policy against tethering.
Employees using tethering can be a significant security issue. However, none of the technological solutions listed would solve it. Therefore, implementing (and enforcing) a clear policy against tethering is the only viable option
You work for a large bank. One of your responsibilities is to ensure that web banking logins are as secure as possible. You are concerned that a customer’s account login could be compromised and someone else would use that login to access the customer’s account. What is the best way to mitigate this threat?
Use SMS authentication for any logins from an unknown location or computer.
Require strong passwords.
Do not allow customers to log on from any place other than their home computer.
Use SMS authentication for any logins from an unknown location or computer.
Many banks already implement a policy of sending a customer an SMS message with an authentication code anytime someone tries to log into the bank website from an unknown location. This provides a second communications channel for authenticating the customer
You have discovered that some employees in your company have installed custom firmware on their portable devices. What security flaw would this most likely lead to?
Unauthorized software can run on the device.
The device may not connect to the network.
The device will overheat.
Unauthorized software can run on the device.
Although many things can occur from running custom firmware on a device, the most likely issue is that unauthorized software can be installed. This software could be malicious software
You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution?
Agentless NAC
Agent NAC
Digital certificate authentication
Agent NAC
Network Access Control (NAC) allows the network to enforce a level of host health checks on devices before allowing it to connect. With agent NAC, a software agent is installed on any device that wishes to connect to the network. That agent can do a much more thorough systems health check of the BYOD
You work for a large law firm and are responsible for network security. It is common for guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the firm’s WiFi. You wish to ensure that you provide the maximum security when these guests connect with their own devices, but you also wish to provide assurance to the guest that you will have minimal impact on their device. What is the best solution?
Permanent NAC agent
Agentless NAC
Dissolvable NAC agent
Dissolvable NAC agent
Network Access Control (NAC) performs a systems health check on devise and validates that the device meets minimum security standards before allowing it to connect. An agent-based NAC is more thorough in scanning the device. However, that leaves an agent on the visitor’s device. A dissolvable agent will delete after a period of time
Tom is concerned about how his company can best respond to breaches. He is interested in finding a way to identify files that have been changed during the breach. What would be the best solution for him to implement?
NAC
File integrity checker
Vulnerability scanner
File integrity checker
File integrity checkers work by storing hashes of various files. At any time, the administrator can use the file integrity checker to compare the stored hash to the hash of the “live” file on the network. This will detect whether any changes have been made to the file
Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs?
Hybrid NIDS
Out-of-band NIDS
NIPS
Out-of-band NIDS
An out-of-band network intrusion detection system (NIDS) places the management portion on a different network segment, making detection of the NIDS more difficult
Denish is responsible for security at a large financial services company. The company frequently uses SSL/TLS for connecting to external resources. He has concerns that an insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to this issue?
NIPS
SSL decryptor
SSL accelerator
SSL decryptor
An SSL decryptor is used to decrypt SSL/TLS transmission. The decryptor must have the appropriate encryption keys and certificate to accomplish this. It is a good way for a company to monitor outbound SSL/TLS traffic. The traffic is first decrypted before the network gateway, and then re-encrypted to leave the network. This allows outbound traffic to be analyzed
You want to allow a media gateway to be accessible through your firewall. What ports should you open? (Choose two.)
2427
1707
2227
1727
2427
2227
One for the gateway and one for the call agent. From the call agent to the gateway is using UDP port 2427, and if it’s from the gateway to the call agent, it uses UDP port 2727
Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem?
Put those machines on a different VLAN.
Deny wireless capability for those machines.
Put those machines on a separate wireless network with separate WAP.
Put those machines on a separate wireless network with separate WAP.
When you must support machines that cannot connect to newer, more secure WiFi protocols, then put those machines on a separate WiFi network. That won’t prevent them from being breached, but it will prevent that breach from exposing your entire network
You are a security administrator for Acme Company. Employees in your company routinely upload and download files. You are looking for a method that allows users to remotely upload or download files in a secure manner. The solution must also support more advanced file operations such as creating directories, deleting files, and so forth. What is the best solution for this?
SFTP
SSH
SCP
SFTP
Secure File Transfer Protocol (SFTP) is a protocol based on Secure Shell, and it provides directory listing, remote file deletion, and other file management abilities. It is also secure