Quiz: Module 05 Infrastructure Controls
Kouki is discussing with his supervisor the advantages of containerization. Which of the following would Kouki NOT give as an advantage? a. Containerization eliminates the need for an OS. b. Containerization allows containers to be easily moved between computers. c. Containerization can share binary files and libraries. d. Containerization reduces hard drive space and RAM requirements.
A
What is a federation? a. A system of networks that are owned by different organizations b. A system of networks that are owned by the same organization c. A system of networks that require the use of SSO d. A system of networks that prohibits the use of SSO
A
What is an umbrella term that describes the various products, processes, and policies that are used to manage a user's identity and to regulate access to resources? a. IAM b. MIA c. AIM d. MAI
A
Which of the following contains honeyfiles and fake telemetry? a. High-interaction honeypot b. Telemetry honeypot c. Honeypotnet d. Honeyserver
A
Which of these is a list of preapproved applications? a. Whitelist b. Greenlist c. Redlist d. Blacklist
A
Aito is looking into solutions for DDoS mitigations. Which of the following should he consider? a. DDoS Prevention System (DPS) b. DNS sinkhole c. DDoS pit d. IP filter
B
What is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate? a. DR b. CR c. RC d. XR
B
Which access control model uses flexible policies that can combine attributes? a. MAC b. ABAC c. RBAC d. RXAX
B
Which of the following is NOT a cloud control for cybersecurity? a. Implement secrets management. b. Avoid utilizing regions and zones. c. Enforce functional area mitigations. d. Conduct audits.
B
Which of the following is NOT correct about SDN? a. It virtualizes parts of the physical network so that it can be more quickly and easily reconfigured. b. It separates the action plane from the data plane. c. It utilizes flow tables. d. The communication between the SDN controller and the SDN switches uses a standardized protocol and API.
B
Which of the following is a set of software tools or services that resides between an enterprise's on-prem infrastructure and the cloud provider's infrastructure and acts as the gatekeeper? a. ASB b. CASB c. BSAC d. CBCB
B
Which of these is NOT a host virtualization security advantage? a. VMs can promote security segregation and isolation. b. Analyzing malware in a VM is much faster because all processes run more quickly in a VM. c. Testing the existing security configuration, known as security control testing, can be performed using a simulated network environment on a computer using multiple VMs. d. A snapshot of a state of a VM can be saved for later use.
B
Daichi is preparing a presentation about active defense. Which of the following would he NOT include on the report as an advantage of active defense? a. Active defense can cause the attacker to waste time and processing power. b. Active defense can cause a frustrated and weak-willed attacker to seek another target. c. Active defense can replace multiple other security defenses at a lower cost. d. Active defense can cause attackers to reveal their attack plans.
C
What is a formal process for making modifications to a system and keeping track of those changes? a. Change control b. Change tracking c. Change management d. Change regulation
C
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Deny access to the network. b. Give restricted access to the network. c. Update Active Directory to indicate the device is vulnerable. d. Connect to a quarantine network.
C
Which of the following is NOT a firewall rule parameter? a. Time b. Context c. Visibility d. Action
C
Which of the following is NOT correct about a VPC? a. An organization can create a public-facing subnet for web servers that have access to the Internet. b. It can be used for "backend systems," such as databases or application servers, in a private-facing subnet that has no Internet access. c. Administrators have little control over the virtual networking environment. d. VPCs are often used for cloud-based disaster recovery.
C
Which firewall rule action is useful for determining if essential network services are able to communicate? a. Allow b. Log only c. Force Deny d. Force Allow
D
Which of the following virtualizes parts of a physical network? a. SDA b. SDS c. SDX d. SDN
D
Which of the following would an administrator use to access a server in a DMZ? a. Air gap b. SDN c. DNS d. Jump box
D
