22.4.2 Endpoint Protection Quiz
Which security endpoint setting would be used by a security analyst to determine if a computer has been configured to prevent a particular application from running? A. Block listing B. Baselining C. Services D. Allow listing
A. Block listing
Which HIDS is an open-source based product? A. OSSEC B. AlienVault USM C. Cisco AMP D. Tripwire
A. OSSEC
Which antimalware software approach can recognize various characteristics of known malware files to detect a threat? A. Signature-based B. Routing-based C. Heuristics-based D. Behavior-based
A. Signature-based
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location? A. Telemetry B. Anti-phishing C. Safe browsing D. Intrusion Detection and Prevention
A. Telemetry
Which technology might increase the security challenge to the implementation of IoT in an enterprise environment? A. Network bandwidth B. Cloud computing C. CPU processing speed D. Data storage
B. Cloud computing
Which statement describes the term attack surface? A. It is a group of hosts that experience the same attack. B. It is the total number of attacks on an organization within a day. C. It is the network interface where attacks originate. D. It is the total sum of vulnerabilities in a system that is accessible to an attacker.
D. It is the total sum of vulnerabilities in a system that is accessible to an attacker.
As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices? A. Internet attack surface. B. Human attack surface. C. Software attack surface. D. Network attack surface.
D. Network attack surface.
As described by the SANS Institute, which attack surface includes the use of social engineering? A. Software attack surface B. Network attack surface C. Internet attack surface D. Human attack surface
D. Human attack surface
In Windows Firewall, when is the Domain profile applied? A. When the host is connected to a trusted network such as an internal business network. B. When the host is connected to an isolated network from the Internet by another security device. C. When the host checks emails from an enterprise email server. D. When the host accesses the Internet.
A. When the host is connected to a trusted network such as an internal business network.
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks? A. Server B. Firewall C. Switch D. Workstation
C. Switch
Which statement describes agentless antivirus protection? A. The antivirus protection is provided by the ISP. B. Host-based antivirus systems provide agentless antivirus protection. C. The antivirus protection is provided by the router that is connected to a cloud service. D. Antivirus scans are performed on hosts from a centralized system.
D. Antivirus scans are performed on hosts from a centralized system.
What is a host-based intrusion detection system (HIDS)? A. It detects and stops potential direct attacks but doesn't scan for malware. B. It is an agentless system that scans files on a host for potential malware. C. It identifies potential attacks and sends alerts but doesn't stop the traffic. D. It combines the functionalities of antimalware applications with firewall protection.
D. It combines the functionalities of antimalware applications with firewall protection.