mod 10
HealthCity Nursing Home is a newly opened hospital with many employees, doctors, nurses, and support staff. The upper management of the hospital wants to draft a security policy that outlines the guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing restricted access to some users. The doctors who have access to protected patient information must be informed what they can and can't do with that patient data and what special precautions they must take to protect patients' privacy. Certain checks and balances must also be maintained and defined in the policy measures in detail. Which of the following security policies should be used in this scenario?
A PUA (privileged user agreement)
Chelsea is a hacker who befriends Adele McCain over lunch at the cafeteria. Adele is the senior associate of Spandangle Ltd., a private law firm based in Alabama. Chelsea manages to successfully guess Adele's password to a sensitive database in the law firm. What kind of password attack did she use?
A brute-force attack
Must Eat is a company that allows online food delivery. Must Eat rolls out updates every month for better user interface. Recently, after one of its updates, the network team of the company detects certain unauthorized access to the main data frame of the company. On inspection, the team notices that there has been no breach of sensitive data. What kind of cybersecurity exploitation was attempted by the hackers in this scenario?
A zero-day attack might have been the cause.
An organization hires you to handle the security policies of the organization. In order to protect the organization's network from data breaches and potential hacks, you decide to draft a policy that will require the employees of the organization to adhere to a certain set of rules while accessing the network's resources. To ensure that these rules are followed without fail, you decide to impose certain penalties for situations where violations may occur. Which of the following will help you achieve these standards?
AUP
Andy Bryant is a network analyst at Freewoods Centre for Policy Research. There are approximately 35 employees currently working on various issues of policy making and research, and this requires access to the network's resources. He has been asked to set a list of dos and don'ts for all the employees to clarify what is acceptable use of company IT resources and what is not. He also needs to explain penalties for violations and describe how these measures protect the network's security. Analyze which of the following security policies Andy should implement in this scenario.
An AUP (acceptable use policy)
Ground Movers Ltd., a courier service provider, has recently encountered certain breaches that have led to packages being stolen and damaged. The company has contracted you, a network analyst, to fix this issue. You plan on installing a device that will be able to provide constant or periodic collection of information. This information can then be used by the management control software for monitoring and reporting. Which of the following devices will you install for Ground Movers Ltd.?
Asset tags
Youhan has been placed as the security in charge of an organization. Which of the following should he use to monitor the movement and condition of equipment, inventory, and people?
Asset tags
Which of the following devices scans an individual's unique physical characters such as iris color patterns to verify the person's identity?
Biometrics
Kickstart Securities provides network analysis and safety measurement services to various clients. Recently, one of its clients has requested a technician to run a cross-check on the network system to ensure that there are no vulnerabilities that are exposed. You have been sent in to assess the situation and fix the errors if there are any. Which of the following will you use in such a scenario to track the vulnerabilities across systems?
CVE
The University of Claudine plans on opening a new IT division for underprivileged students so that it can offer education free of cost to them. However, the university wants to ensure that there are no data breaches, so it has requested the network administrator to handle the configurations of the computers in order to comply with the organizational policies. Analyze which of the following practices the university should adopt in this scenario so that the network securities are not compromised.
CYOD
William has been working as a senior networking professional at Mediaworks Ltd. The company has a very strict policy regarding employees' access to certain key rooms in the organization. The company wants William to provide a specific access technology to only a few selected employees so that they can access those certain rooms. Which of the following options are best suited for William in this scenario?
Cipher Lock
Which of the following methods requires the entry of a code to open a door?
Cipher lock
Which of the following is a type of DoS (denial-of-service) attack that is bounced off uninfected computers before being directed at the target?
DRDoS attack
Game Zone is a well-known games park located in Manhattan that allows gamers to engage in multiplayer competitions. The competitions function smoothly on the opening day, but on the following days, there are multiple instances of the computers getting disconnected temporarily from the wireless network. These connections however function normally when they are reconnected. Which type of attack is this most likely to be?
Deauth attack
Gary is a freelance network analyst. A client approaches him to provide a solution for his firm wherein employees have been found to carry sensitive information out of the office premises. This data breach has led to a lot of market speculations as a result of which there has been a significant drop in the share market prices of the company's stocks. Gary is contracted to find a solution to this issue. Analyze which of the following options should be carried out by Gary keeping in mind the sensitivity of the situation.
Deploy a DLP solution
Which of the following is not a social engineering strategy?
DoS
Kristen has plans of starting an online food delivery company. She plans on making the company one of the most secured portals for online food delivery. She hires Brad, a network consultant, to guide her through the necessary security protocols. Brad conducts all the necessary security checks and involves a white hat hacker too to point out any vulnerability that might be overlooked. Analyze if Brad needs to conduct any other risk assessment procedures in this scenario.
He should conduct a vendor risk assessment.
Zeneth Computers is a software development company. It has received a random email claiming that there will be an attempt to hack and extract sensitive financial data of the company before the year end. The company has contacted you, a network analyst, to verify if such claims are indeed true. You have decided to set up a trap for the hackers by putting up a system containing false financial data. Which of the following will you use in this scenario?
Honeypot
To ensure better security measures for the computers used in your organization, you, as a network administrator, have decided to update the passwords of each computer on a weekly basis. But managing and changing the passwords for all the computers is a tiresome task. Hence, you decide to apply a security measure with the help of a password management software. Which of the following software will you use in this scenario?
LastPass
Huey Dewey Ltd. is a talent management company with over a hundred employees. Gary has been appointed as a system analyst to ensure security across the office networks during and after the period of employment. Some user accounts are given privileged access, which allows the users to perform more sensitive tasks, such as viewing or changing financial information, making configuration changes, or adjusting access privileges for other users. Analyze which of the following security precautions Gary should implement so that he can avoid users logging into the accounts even after their termination.
Limited duration
As a network administrator, you have asked one of the contracted vendors of the company to ship a consignment of spare parts and components of all the network devices. You have decided to place this order to store the devices for a rainy day. Now, as the consignment has been received by your organization, you want to store these devices in a secure location. Which of the following will you use in this scenario?
Locking cabinets
The organization where you have been working as a network analyst decides to provide BYOD (bring your own device) options to the employees to cut down on its operating costs. The company has asked you to handle the BYOD policies and the necessary documentation. You have decided to install a software that will automatically handle the configuration process for the wireless clients when they require network access. Which of the following will you use in such a scenario?
MDM
Which of the following testing tools combines known scanning and exploit techniques to explore potentially new attack routes?
Metasploit
You, as a network engineer, want to have an insight into your network's weaknesses that need attention. You want to search for devices with open ports indicating which insecure service might be used to craft an attack and identify unencrypted sensitive data. Which of the following scanning tools will you use in this scenario?
Nessus
You are working as a network administrator, and you want to conduct simulated attacks on a network to determine its weaknesses. To do so, you want to check for open ports so that you can remote in using that port and craft an attack. Which of the following software will you use to scan for open ports in this scenario?
Nmap
In which of the following forms of attack can an attacker redirect and capture secure transmissions as they occur?
On-path attack
You have been appointed as a network administrator at JJ Securities. The CEO of the company has requested your presence to address some security concerns. The CEO feels that certain members of the senior management who have access to privileged accounts might be under serious social engineering attacks by potential hackers. So, the CEO wants you to monitor the activities of these privileged accounts. Which of the following software will you use in this situation?
PAM
Which of these DoS (denial-of-service) attacks damages a device's firmware beyond repair?
PDoS
You are working as a network analyst at BBM Infotech. The entire network of computers in the organization had recently been at the receiving end of an attempted hack that eventually turned out to be unsuccessful. However, certain computer systems have sustained sufficient damages. After inspection, it has been found that the firmware in few of the switches has been completely damaged because of the attack. What kind of an attack is this most likely to be?
PDoS attack
Bryden is a network analyst who has been recruited into Big Bay Burger's security management. Which of the following terminologies must he use to explain to the company's employees about the possibility of someone using a deception in following them into a restricted area?
Piggybacking
At a security training exercise, you had to devise a strategy to penetrate into an organization's data room by accessing one of their employee's ID cards. You decided to demonstrate this exercise by offering a free gift to one of the employees in exchange for a few hours of data room access. Which kind of social engineering method have you used in such a scenario?
Quid pro quo
In which of the following phases of the social engineering attack cycle will an attacker require the most time investment?
Research
Which of the following versions is the most recent iteration of SHA (Secure Hash Algorithm), which was developed by private designers for a public competition in 2012?
SHA-3
Which of the following anti-malware software will slow down your network performance considerably?
Server-based
The managing director of Seviicco Laminates wants to secure certain financial documents that can only be accessed by him and the finance team of the organization. He wants to install a sophisticated authentication process so that the documents are extremely safe. You have been contracted as a network analyst for this project. After having an overview of the office premises, you decide to provide this security via a specific barcode that will be used as a key to access the documents. Which of the following access control technologies will you install in this scenario?
Smart locker
You have been invited to the University of Bert to deliver a lecture on network security. In your presentation, you want to focus solely on malware that can harm a system or its resources by disguising itself as something useful. Which of the following categories of malware would be best suited to demonstrate such an example?
Trojan horse
Hammond Industries has appointed Gavin as the network administrator to set up a complete secured and flawless network throughout the office premises. One of the employees has come to him to fix an error message that keeps popping up every time he tries to open the web browser. He also states that this error started popping up after the external hard drive had been used to transfer some of the necessary documents to the HR's office. Analyze what kind of malware might possibly be behind this error.
Virus
Which of the following terms identifies the weakness of a system that could lead to compromised information or unauthorized access?
Vulnerability
Robert has been working as a network security expert for Indus Grow Wealth Management, which allows its clients to view their current loan status online. With the recent cases of attempted hacks in banking systems, Robert has decided to test the security systems by hiring hackers to try and analyze the security risks at Grow Wealth Management. Analyze who among the following would best suit Robert's requirement in this scenario.
White hat hackers
Rob has enrolled himself as a network security trainee in JV Internet Securities. Which of the following terms should he know to understand the advantage taken of a software vulnerability that hasn't yet or only very recently become public?
Zero-day exploit
