Test ?'s 7 Flashcards
A user receives access to a company system through the use of a smart card. The user can then access data they have privileges to access. A record of all events the user accomplishes or attempts to is recorded in a log for administrative purposes. What access management policy does this best describe?
AAA – Authentication, Authorization, and Accounting (AAA) provides a comprehensive access management approach to identifying, authorizing, and accounting for user activity.
Management is planning a secure network design for corporate mobile devices given to remote employees. One security suggestion involves only allowing corporate apps to access the corporate network when the mobile device is connected via a virtual private network (VPN). Which of the following will support this design?
Mobile Application Management, Unified endpoint management, and Context-aware authentication
A recent attack on a major retail chain reported that customers’ private information, including credit card information, was stolen. The report explained that a heating, ventilation, and air conditioning (HVAC) contractor copied the information to an external hard drive while servicing an air conditioner unit, and later uploaded the data to a cloud storage resource. A security engineer would classify this type of attack as which of the following?
Supply Chain Attack
What type of metadata could contain permissions in the form of an Access Control List?
File Metadata – includes information about when a file was created, accessed, and modified; access control lists defining who is authorized to read or modify the file; copyright information; or tags for indexing are all possible file metadata.
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
Address Resolution Protocol (ARP) poisoning – To sniff all traffic on a switched network, the switch must be overcome using ARP poisoning. ARP poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of an unintended computer.
Recommend types of data sanitation procedures the IT department should use before leaving the facility for good.
Pulverize USB drives, Degauss magnetic tape drives, and Crypto erase hard drives
Which of the following baseband radio technologies support higher bandwidth capacities?
LTE-Machine
An insider threat gained access to a server room and proceeded with connecting a laptop to the network. The laptop was configured with a spoofed network interface card (NIC) address to remain undetected by the network intrusion detection (IDS) systems. What layer 2 attack can the insider threat perform to disrupt the network?
MAC Flooding – (MAC) flooding is a layer 2 network attack. It exhausts the memory used to store a MAC address table on a switch, which results in flooding unicast traffic out of all ports and disrupting all connecting devices and network services.
Evaluate the properties and determine which describes the role of a gateway in an edge computing environment.
Performs some pre-processing of data to enable prioritization
A small business was robbed, and several workstations were stolen. The business stored customer data within a plain spreadsheet on one of the stolen workstations. Customer data and other business files are restored from an external hard drive soon after. Describe the issues that the business faced during this trying time.
Data was exfiltrated from the office and Business had a privacy breach
As a part of an effort toward a DevSecOps-based approach, a large tech company establishes a dedicated cyber incident response team (CIRT). The objective of the program is to exchange knowledge and insights and to work together to mitigate threats. Considering the team’s need for diversity among team members, decide which type of individual they should include.
Decision Maker – Members of such a team should be able to have the breadth of decision-making and technical expertise necessary to cope with various kinds of accidents. The team should include a person with the authority to authorize intervention.
A hacker modified a company photo by embedding malicious code in the picture. The hacker emailed the picture to company employees, and several employees opened the email. The hacker now has remote access to those employees’ computers. Which of the following can prevent this method of attack?
File integrity monitoring – is a feature available in most antivirus software or HIPS (Host-based Intrusion Prevention System). HIPS can capture a baseline of the image, any radical change (like an image), using hashing algorithms, will flag the incident, and quarantine the files.
A security engineer for a tech firm tests authentication mechanisms for multi-factor authentication. Which personality trait-based solution does the engineer test?
Something you exhibit – refers to behavioral-based authentication and authorization, with specific emphasis on personality traits.
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that would concern the engineer?
Spike in API calls and Average error rate of 78%
A company stages its computing power in a centralized environment. All workstations run off of one desktop hosted in the data center. When the admin makes changes at individual workstations, the changes only get saved locally, until a user signs off, and the system then reverts back to the previous state. What technology does this represent?
Non-persistent VDE VDE – utilizes a central desktop through a remote server. When a user accesses logs on to the desktop, changes and work completed are not saved locally long term. As soon as the user logs off, the desktop reverts back to the image on the central location.
An attacker caused a software program to calculate a value that exceeded the fixed lower and upper bounds, and caused a positive number to become a negative number. What vulnerability did the attacker exploit?
An integer overflow – attack causes the target software to calculate a value that exceeds the upper and lower bounds. This may cause a positive number to become negative.
An electronic company wants to begin developing a better and faster way to transfer data and power devices over a single cable for general consumer use at home and via the internet. The engineers will need to review current best practices on how data and power are transferred on the wire today. Which of the following activities will provide these engineers with the best information that will support the project?
Review Request for Comments (RFC) – are publications from the Internet Engineering Task Force (IETF) and other related bodies or organizations that detail how certain technologies are used and their best practices. For example, RFC 894 is “A Standard for the Transmission of IP Datagrams over Ethernet Networks.” Academic journals come from academic researchers and not-for-profit trade bodies and associations, such as the Institute of Electrical and Electronics Engineers (IEEE), that publish their findings as papers. Conferences are hosted and sponsored by various institutions and provide an opportunity for presentations on the latest threats and technologies. A local competitor or industry group will not freely share data about new technologies. Attempting to share information may jeopardize the project.
Using Unified Extensible Firmware Interface (UEFI) to boot a server, the system must also provide secure boot capabilities. Part of the secure boot process requires a secure boot platform key or self-signed certificate. Determine which of the following an engineer can use to generate keys within the server using an available Peripheral Component Interconnect Express (PCIe) slot.
A hardware security module (HSM) is an appliance designed to perform centralized public key infrastructure (PKI) management, key generation, or key escrow for devices. HSM can also be implemented as a plug-in PCIe adapter card to operate within a device.
Analyze and select the items demonstrating advantages Terminal Access Controller Access-Control System Plus (TACACS+) has over Remote Authentication Dial-In User Service (RADIUS).
It provides greater flexibility and reliability and It is easier to detect when a server is down
A basic installation of a web server will require which of the following to allow unauthenticated access?
A guest account is a special type of shared account with no password. It allows anonymous and unauthenticated access to a resource. Guest accounts are created when installing web services, as most web servers allow unauthenticated access.
Select the tools that do any form of network scanning, such as port scanning, IP scanning, etc.
Nmap, ping, and netcat
Which of the following is the service that provisions the user account and processes authentication requests?
Identity Provider (IdP)
Which of the following wireless technologies does not provide encryption and is known as a “bump”?
Near Field Communication (NFC) is known as a bump, named after an early mobile sharing app. It was later redeveloped as Android Beam. It is commonly used for mobile wallet apps like Google Pay.
An organization moves its data to the cloud. Engineers use regional replication to protect data. Review the descriptions and conclude which apply to this configuration.
Available access if a single data center is destroyed and Known as zone-redundant storage
