Module 05 Infrastructure Controls

Which of the following are the benefits of PAM?

- Implement governance to keep an eye on the privileged accounts - Record the privileged account activities to prevent misuse - Audit the privileged account activities and then add or remove privileges as deemed fit - Track and monitor every privileged account on the network

How many factors are involved in a multifactor authentication?

2

virtual private cloud (VPC)

A cloud-based service that creates a logically isolated virtual network.

honeypot

A computer located in an area with limited security that serves as "bait" to threat actors.

Change management

A formal process for making modifications to a system and keeping track of those changes.

Virtualization

A means of managing and presenting computer resources by function without regard to their physical layout or location.

jump box

A minimally configured administrator server (either physical or virtual) within a DMZ.

firewall

A network security appliance that performs bidirectional inspection by examining both outgoing and incoming network packets.

sinkholing

A process for steering unwanted traffic away from its intended destination to another device.

virtual private network (VPN)

A security technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network.

cloud access security broker (CASB)

A set of software tools or services that resides between an enterprise's on-prem infrastructure and the cloud provider's infrastructure.

federation

A system of networks all owned by different organizations.

What is a federation?

A system of networks that are owned by different organizations

data loss prevention (DLP)

A system of security tools used to recognize and identify data critical to the organization and ensure it is protected.

Network access control (NAC)

A technology for examining the current state of an endpoint before it can connect to the network.

software defined network (SDN)

A technology that virtualizes parts of the physical network so that it can be more quickly and easily reconfigured.

Which access control model uses flexible policies that can combine attributes?

ABAC

Daichi is preparing a presentation about active defense. Which of the following would he NOT include on the report as an advantage of active defense?

Active defense can replace multiple other security defenses at a lower cost.

Which of the following is NOT correct about a VPC?

Administrators have little control over the virtual networking environment.

asset tagging

Affixing physical tags to hardware and creating an approved listing of software that can be executed.

Identity and access management (IAM)

An umbrella term that describes the various products, processes, and policies used to manage a user's identity and to regulate access to resources.

Which of these is NOT a host virtualization security advantage?

Analyzing malware in a VM is much faster because all processes run more quickly in a VM.

Whitelisting

Approving in advance only specific applications to run so that any item not approved is either restricted or denied.

Role-Based Access Control (RBAC)

Assigning users' access controls based on job roles.

Mandatory Access Control (MAC)

Assigning users' access controls strictly according to the data custodian's desires.

Attribute-Based Access Control (ABAC)

Assigning users' access controls using flexible policies that can combine attributes.

Which of the following is NOT a cloud control for cybersecurity?

Avoid utilizing regions and zones.

Which of the following is a set of software tools or services that resides between an enterprise's on-prem infrastructure and the cloud provider's infrastructure and acts as the gatekeeper?

CASB

What is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate?

CR

What is a formal process for making modifications to a system and keeping track of those changes?

Change management

air gap

Completely isolating the network or endpoint from all external sources, including any network connection or external ports.

Kouki is discussing with his supervisor the advantages of containerization. Which of the following would Kouki NOT give as an advantage?

Containerization eliminates the need for an OS.

certificate management

Controlling digital certificates using a certificate repository and a means for certificate revocation.

blacklisting.

Creating in advance a list of unapproved software or websites so that any item not on the list of blacklisted applications can run or websites can be accessed

Aito is looking into solutions for DDoS mitigations. Which of the following should he consider?

DNS sinkhole

True or False: A honey pot is a decoy created by organizations to protect them from hackers attracted to a computer system.

False

True or False: Active defense is considered too weak to be of any value in cybersecurity defenses.

False

True or False: Blacklisting is approving in advance only specific applications to run so that any item not approved is either restricted or denied ("default-deny").

False

True or False: You have enabled smart card login for a user. Without the smart card, the user will be able to proceed further beyond the login screen.

False

Which firewall rule action is useful for determining if essential network services are able to communicate?

Force Allow

Which of the following contains honeyfiles and fake telemetry?

High-interaction honeypot

What is an umbrella term that describes the various products, processes, and policies that are used to manage a user's identity and to regulate access to resources?

IAM

Which of the following is NOT correct about SDN?

It separates the action plane from the data plane.

manual reviews

Mandated periodic evaluations of user of privileges.

physical networks

Networks that are found in an on-prem data center.

single sign-on (SSO)

One application of federation of one authentication credential to access multiple accounts or applications.

permission

Preapproval to perform an activity.

Asset management

Procedures for procuring and protecting assets.

multifactor authentication (MFA)

Requiring more than one type of authentication credential to be presented.

Which of the following virtualizes parts of a physical network?

SDN

cloud vs. on-premises

Securing data held and processed in the cloud as compared to securing the resources in the corporate data center.

active defense

Steps that make an attack more difficult for a threat actor to carry out.

intrusion prevention system (IPS) rules

Stipulations used for examining payloads in the session and application layers of the packet to make decisions.

privileged management

Technologies and strategies for controlling elevated (privileged) access and permissions.

encryption

The process of changing original text into a scrambled message.

system isolation

The process of dividing a network into small elements to provide the controls of separation and quarantining.

Virtual Desktop Infrastructure (VDI)

The process of running a user desktop inside a VM that resides on a server.

Physical segmentation

The process of using separate physical networks and infrastructures such as VLANs and DMZ.

True or False: A manual review is always a good method to perform log analysis.

True

True or False: A performance monitor collects data on important server resources such as CPU, memory, disk, and network interface.

True

True or False: Alerts are very useful when working with Data Collector Sets.

True

True or False: DESX is a variant of the data encryption standard (DES) of the US government.

True

True or False: Pentbox is a suite of security tools to streamline security activities in your network.

True

Which of the following is NOT a NAC option when it detects a vulnerable endpoint?

Update Active Directory to indicate the device is vulnerable.

Virtual segmentation

Using VMs to separate network functions.

containerization

Using containers as a more reduced instance of virtualization that holds only the necessary OS components (such as binary files and libraries) that are needed.

Which of the following is NOT a firewall rule parameter?

Visibility

monitoring and logging

Watching and recording the actions of the threat actors.

Which of these is a list of preapproved applications?

Whitelist

Which of the following would an administrator use to access a server in a DMZ?

jump box

What does PAM stand for?

privileged access management