Technologies and Tools (5) Flashcards
You work for a large bank. The bank is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the best solution to this problem?
IDS
DLP
Content filtering
DLP
Data loss prevention (DLP) is a broad term encapsulating a family of technologies and policies designed to prevent data from being lost. Limiting the use of unapproved USB devices is one example of DLP
Francine is concerned about employees in her company jailbreaking their COPE devices. What would be the most critical security concern for jailbroken devices?
They would no longer get security patches.
It would disable FDE.
Unauthorized applications could be installed.
Unauthorized applications could be installed.
When a device is jailbroken—particularly an iOS device—the device owner can then install any application they wish onto the device. This can lead to unauthorized, and potentially malicious, applications being installed
You are responsible for mobile device security in your company. Employees have COPE devices. Many employees only enter the office infrequently, and you are concerned that their devices are not receiving firmware updates on time. What is the best solution for this problem?
Scheduled office visits for updates
OTA updates
Moving from COPE to BYOD
OTA updates
Over-the-air (OTA) updates are accomplished wirelessly. This can be done over a cellular network, wherever the device is. Using OTA updates for the mobile devices is the most efficient solution
Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?
RADIUS
Diameter
TACACS +
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is an older authentication and access control protocol, but it uses UDP. The other options mentioned do not use UDP
You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?
Disable wireless access.
Implement a WAF.
Implement a policy against tethering.
Implement a policy against tethering.
Employees using tethering can be a significant security issue. However, none of the technological solutions listed would solve it. Therefore, implementing (and enforcing) a clear policy against tethering is the only viable option
You work for a large bank. One of your responsibilities is to ensure that web banking logins are as secure as possible. You are concerned that a customer’s account login could be compromised and someone else would use that login to access the customer’s account. What is the best way to mitigate this threat?
Use SMS authentication for any logins from an unknown location or computer.
Require strong passwords.
Do not allow customers to log on from any place other than their home computer.
Use SMS authentication for any logins from an unknown location or computer.
Many banks already implement a policy of sending a customer an SMS message with an authentication code anytime someone tries to log into the bank website from an unknown location. This provides a second communications channel for authenticating the customer
You have discovered that some employees in your company have installed custom firmware on their portable devices. What security flaw would this most likely lead to?
Unauthorized software can run on the device.
The device may not connect to the network.
The device will overheat.
Unauthorized software can run on the device.
Although many things can occur from running custom firmware on a device, the most likely issue is that unauthorized software can be installed. This software could be malicious software
You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution?
Agentless NAC
Agent NAC
Digital certificate authentication
Agent NAC
Network Access Control (NAC) allows the network to enforce a level of host health checks on devices before allowing it to connect. With agent NAC, a software agent is installed on any device that wishes to connect to the network. That agent can do a much more thorough systems health check of the BYOD
You work for a large law firm and are responsible for network security. It is common for guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the firm’s WiFi. You wish to ensure that you provide the maximum security when these guests connect with their own devices, but you also wish to provide assurance to the guest that you will have minimal impact on their device. What is the best solution?
Permanent NAC agent
Agentless NAC
Dissolvable NAC agent
Dissolvable NAC agent
Network Access Control (NAC) performs a systems health check on devise and validates that the device meets minimum security standards before allowing it to connect. An agent-based NAC is more thorough in scanning the device. However, that leaves an agent on the visitor’s device. A dissolvable agent will delete after a period of time
Tom is concerned about how his company can best respond to breaches. He is interested in finding a way to identify files that have been changed during the breach. What would be the best solution for him to implement?
NAC
File integrity checker
Vulnerability scanner
File integrity checker
File integrity checkers work by storing hashes of various files. At any time, the administrator can use the file integrity checker to compare the stored hash to the hash of the “live” file on the network. This will detect whether any changes have been made to the file
Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs?
Hybrid NIDS
Out-of-band NIDS
NIPS
Out-of-band NIDS
An out-of-band network intrusion detection system (NIDS) places the management portion on a different network segment, making detection of the NIDS more difficult
Denish is responsible for security at a large financial services company. The company frequently uses SSL/TLS for connecting to external resources. He has concerns that an insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to this issue?
NIPS
SSL decryptor
SSL accelerator
SSL decryptor
An SSL decryptor is used to decrypt SSL/TLS transmission. The decryptor must have the appropriate encryption keys and certificate to accomplish this. It is a good way for a company to monitor outbound SSL/TLS traffic. The traffic is first decrypted before the network gateway, and then re-encrypted to leave the network. This allows outbound traffic to be analyzed
You want to allow a media gateway to be accessible through your firewall. What ports should you open? (Choose two.)
2427
1707
2227
1727
2427
2227
One for the gateway and one for the call agent. From the call agent to the gateway is using UDP port 2427, and if it’s from the gateway to the call agent, it uses UDP port 2727
Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem?
Put those machines on a different VLAN.
Deny wireless capability for those machines.
Put those machines on a separate wireless network with separate WAP.
Put those machines on a separate wireless network with separate WAP.
When you must support machines that cannot connect to newer, more secure WiFi protocols, then put those machines on a separate WiFi network. That won’t prevent them from being breached, but it will prevent that breach from exposing your entire network
You are a security administrator for Acme Company. Employees in your company routinely upload and download files. You are looking for a method that allows users to remotely upload or download files in a secure manner. The solution must also support more advanced file operations such as creating directories, deleting files, and so forth. What is the best solution for this?
SFTP
SSH
SCP
SFTP
Secure File Transfer Protocol (SFTP) is a protocol based on Secure Shell, and it provides directory listing, remote file deletion, and other file management abilities. It is also secure
Your company allows BYOD on the network. You are concerned about the risk of malicious apps being introduced to your network. Which of the following policies would be most helpful in mitigating that risk?
Prohibiting apps from third-party stores
Application blacklisting
Antimalware scanning
Prohibiting apps from third-party stores
Third-party app stores are stores run by someone other than the vendor. They don’t have restrictions on what apps can be placed in them. This can lead to malicious apps being in the store. By only using vendor stores (iTunes, Google Play, etc.), you can be assured that the apps have been scanned for malware
John is the CISO for a small company. The company has password policies, but John is not sure the policies are adequate. He is concerned that someone might be able to “crack” company passwords. What is the best way for John to determine whether his passwords are vulnerable?
Run a good vulnerability scan.
Perform a password policy audit.
Use one or more password crackers himself.
Use one or more password crackers himself.
The best way to see if passwords are crackable is to attempt to crack them. This is done by using one or more well-known and reliable password crackers. If you are able to crack your passwords, that demonstrates they are not adequate
You are scanning your network using a packet sniffer. You are seeing traffic on ports 25 and 110. What security flaw would you most likely notice on these ports?
Website vulnerabilities
Unencrypted credentials
Misconfigured FTP
Unencrypted credentials
Port 25 is for Simple Mail Transfer Protocol (SMTP), which is used to send email. Port 110 is for Post Office Protocol (POP) version 3, which is used to receive email. These two ports are used for the unencrypted versions of these email protocols. So if these are being used, then you will see unencrypted email credentials. The username and password will be sent in clear text
Abigail is a network administrator with ACME Company. She believes that a network breach has occurred in the data center as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should she search for in the logs to confirm if such a breach occurred?
Traffic on port 23
Traffic on port 22
Unencrypted credentials
Traffic on port 22
Secure Shell (SSH) uses port 22. If there was a breach that allowed external access to the SSH server, there will be traffic on port 22
Gianna is evaluating the security of her company. The company has a number of mobile apps that were developed in house for use on COPE devices. She wants to ensure that these apps are updated as soon as an update is available. What should she ensure is being used?
Firmware OTA
Push notifications
Scheduled updates
Push notifications
Push notifications are used to send out updates when they are ready. With push notifications, you do not wait for the user to check for an update; the update is sent as soon as it is ready
Liam is concerned about the security of both COPE and BYOD devices. His company uses a lot of Android-based devices, and he is concerned about users getting administrative access and altering security features. What should he prohibit in his company?
Jailbreaking
Custom firmware
Rooting
Rooting
Rooting is a process that allows you to attain root access to the Android operating system code. Rooting allows the user to do virtually anything, including modify the software code on the device or install other software that normally would be blocked
Heidi works for a large company that issues various mobile devices (tablets and phones) to employees. She is concerned about unauthorized access to mobile devices. Which of the following would be the best way to mitigate that concern?
Biometrics
Screen lock
Context-aware authentication
Biometrics
Biometrics, type III authentication, are very robust. Biometrics are based on a biological part of the authorized user, so they are very difficult to fake and impossible for the user to lose
You are looking for a point-to-point connection method that would allow two devices to synchronize data. The solution you pick should not be affected by EMI (electromagnetic interference) and should be usable over distances exceeding 10 meters, provided there is a line-of-sight connection. What would be the best solution?
Bluetooth
WiFi
Infrared
Infrared
Infrared uses a wavelength of light that is not visible to humans. Since it is light, it is not susceptible to EMI. It can be used over most distances, provided there is a line of sight. The disadvantage is that any break in the line of sight breaks communication
Ethan has noticed some users on his network accessing inappropriate videos. His network uses a proxy server that has content filtering with blacklisting. What is the most likely cause of this issue?
Sites not on the blacklist
Misconfigured content filtering
Someone circumventing the proxy server
Sites not on the blacklist
Blacklisting blocks any sites or content specifically on the blacklist. However, it is impossible to list every inappropriate site on the Internet, so some are not going to be listed and thus are accessible
You are looking for tools to assist in penetration testing your network. Which of the following best describes Metasploit?
Hacking tool
Vulnerability scanner
Exploit framework
Exploit framework
Metasploit is a widely used exploit framework. It provides a complete suite of tools that allow you to scan targets, locate vulnerabilities, and then attempt to exploit those vulnerabilities
Logan is responsible for enforcing security policies in his company. There are a number of policies regarding the proper configuration of public-facing servers. Which of the following would be the best way for Logan to check to see if such policies are being enforced?
Periodically audit selected servers.
Implement a configuration compliance scanning solution.
Conduct routine penetration tests of those servers.
Implement a configuration compliance scanning solution.
Configuration compliance scanning solutions take the configuration settings that the administrator provides and scans targeted devices and computers to see whether they comply. This is an effective method for checking compliance
