Lesson 7 - 12

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Vince is choosing the symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorithm from the choices below. What algorithm should he choose?

AES

Brian is selecting a cloud access security broker (CASB) for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?

API-based CASB

Which one of the following statements about cryptographic keys is INCORRECT?

All crytographic key should be kept secret

How does technology diversity help ensure cybersecurity resilience?

All of these (vulnerability/misconfiguration/single vendor)

Which of the following statements is NOT true about type II hypervisor?

Also known as a bare-metal hypervisors operate directly on top of the underlying hardware

What type of physical security control is shown here?

An access control vestibule ( Door 1, Door 2, Secured Area)

Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve?

Confidentiality

What factor is a major reason organization do not use security guards?

Cost

Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?

Data sovereignty

If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?

David's private key

Alan's team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?

Homomorphic encryption

Which one of the following servers is almost always an offline CA in a large PKI deployment?

Root CA

Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?

SCADA

What type of cipher operates on one character of text at a time?

Stream cipher

Password complexity, password history, and password reuse are all examples of what?

account policies

Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?

an air gap

Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of the following domains would not be covered by this certificate?

dev. www . mydomain . com

Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach?

edge computing

Which of the following is not a common constraint of an embedded system?

form factor

What component of a virtualization platform is primarily responsible for preventing VM escape attacks?

hypervisor

Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?

the restoration order documentation

Acme Widgets has 10 employees and they all need the ability to communicate with one another using the symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?

10

Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?

A host-based intrusion detection system

Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server?

Certificate stapling

When Mike receives the digitally signed message from David, what key should he use to verify the digital signature?

David's public key

Which of the following include passwords, PINs, or the answer to a security question?

Something you know

Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode?

Time-based one-time passwords

Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?

Use a degausser

Which one of the following is NOT an example of infrastructure as code?

Using a cloud provider's web interface to provision resources

What scripting environment is native to Windows systems?

PowerShell

Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement?

RADIUS

Gabby wants to implement a mirrored drive solution. What RAID level does this describe?

RAID 1

James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?

Disable ARP on all accessible ports

What type of cryptographic attack attempts to force a user to reduce the level of encryption that they use to communicate with a remote server?

Downgrade

What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?

EV

Mike is sending David an encrypted message using the symmetric encryption algorithm. What key should he use to encrypt the message?

Shared secret key

Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?

LDAPS

Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?

Low CER

Which of the following is service organization that provides information technology as a service to their customer?

MSP (Managed Service Provider)

When Mike receives the message that David encrypted for him, what key should he use to decrypt the message using an asymmetric encryption algorithm?

Mike's private key

David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?

Mike's public key

Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?

OpenID

Which one of the following certificate formats is closely associated with Windows binary certificate files?

PFX

Gary wants to use secure protocols for email access for his end-users. Which of the following groups of protocols should he implement to accomplish this task?

POPS, IMAPS, HTTPS

Which of the following technologies is the LEASTeffective means of preventing shared accounts?

Password complexity requirements

Nina's organization uses SSH keys to provide secure access between systems. Which of the following is NOT a common security concern when using SSH keys?

WEAK ENCRYPTION

What type of NAC will provide the maximum amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network?

agent-based, pre-admission NAC

Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?

allow list application

Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this?

an air gap

Which of the following can be used to output files to standard output (your console) or to append files to other files?

cat

Which of the following lets you set permissions on files and directories, using either a symbol or a numeric representation of the permissions that you want to set?

chmod

Which of the following is a software tool that serves as intermediaries between cloud service users and cloud service providers?

cloud access security broker

Which one of the following statements about cloud computing is INCORRECT?

cloud computing customers provision resources through the service provider's sales team

Amanda wants to securely destroy data held on DVDs. Which of the following options is NOT a suitable solution for this?

degaussing

Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is NOT a common control used for this type of preventive defense?

degaussing

biometric factor is an example of what type of factor?

something you are

What is an HSM used for?

to generate, manage and securely store crytopgraphic keys

Why are Faraday cages deployed?

to prevent EMI

Which of the following controls helps prevent insider threats?

two person control

Which of the following shows the current TCP/IP network configuration for the host they are run on?

ipconfig

Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin's action?

vertical scaling

What technique is used to ensure that DNSSEC-protected DNS information is trustworthy?

it is digitally signed

Maddy wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?

motion recognition

Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?

none of these

Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?

pathping

Amanda is assessing a vehicle's internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?

CAN bus

Which one of the following would not be available as an IaaS service offering?

CRM

What type of security solution provides a hardware platform for the storage and management of encryption keys?

HSM

Which of the following statements about the security implications of IPv6 is not true?

IPv6's NAT implementation is insecure

Which type of multifactor authentication is considered the least secure?

SMS

Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?

a differential backup

Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?

resource policy

Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?

wireshark

Acme Widgets has 10 employees and they all need the ability to communicate with one another using the asymmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?

2

Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? 21 22 23 80 443

21, 23, and 80

The company that Theresa works for has deployed IoT (Internet of Things) sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?

Attackers may steal the SIM cards from the devices and use them for their own purposes.

What type of attack does an account lockout policy help to prevent?

Brute force

Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?

CSA CCM ( Cloud security alliance cloud controls matrix)

What type of access control scheme best describes the Linux filesystem?

DAC

What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices?

EDR

Gary identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?

Geographic dispersal

Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?

Hybrid cloud

Which of the following offerings allow customers to purchase and interact with the basic building blocks of a technology infrastructure?

IaaS

In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?

IaaS and PaaS

Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?

Public cloud

Ben wants to implement a Redundant Array of Independent (RAID) array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?

RAID 10

Theresa wants to implement an access control scheme that sets permissions based on what the individual's job requires. Which of the following schemes is most suited to this type of implementation?

RBAC

The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy?

RTOS

Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?

SRTP

Which protocol is a secure version of the Real-time Protocol, a protocol designed to provide audio and video streams via networks?

SRTP

Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?

SSH, port 22

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?

SaaS

Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?

Steganography

Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?

UEFI/Measured boot

Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?

a browser plug-in

Charles has implemented LDAP for his organization. What type of service has he enabled?

a directory service

Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?

a honeynet

The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it?

a microcontroller and on a physical security

Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?

a raspberry pi

What type of recovery site has some or most systems in place but does not have the data needed to take over operations?

a warm site

Maddy is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?

active/active

What does an SSL stripping attack look for to perform an on-path attack?

an unencrypted HTTP connection

Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?

arp/a

A person's name, age, location, or job title are all examples of what?

attributes

Which of the following is NOT a typical reason to use an IP addressing schema in an enterprise?

avoiding use of other organizations' IP addresses

Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?

bollard

Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users?

fingerprint scanner

Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization's main facility. What type of account policy should she set?

geofencing

Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation?

identity provider

Frank's organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?

implement and use a data classification scheme

Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?

load balancer

Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?

offline

Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design?

out-of-band management

Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?

snapshot

Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide?

something you can do

Charles wants to monitor changes to a log file via a command line in real-time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?

tail

Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending an SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?

tcpdump

Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?

third-party control

Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?

transit gateway

Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to have data stolen from it?

when the machine is off


Kaugnay na mga set ng pag-aaral

Present estates and Future Interests

View Set

AP European History: Chapter 1 (Medieval Legacies and Transforming Discoveries)

View Set

Mastering Bio: Biology Exam 2 Review

View Set

ECON 3311 Final Exam Review (CH 1-12)

View Set

Astronomy 101 Chapter 9; Mastering Astronomy Assignment

View Set

Chapter 40: Caring for Clients with Neurologic Deficits

View Set