Module 13: Quiz
Which of the following helps achieve data privacy in an enterprise network?
Access control schemes
In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources. Which of the following should you suggest?
Attribute-based access control
You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't. Which of the following access control schemes should you choose?
Attribute-based access control
Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?
Jurisdictional applicability
Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?
DHCP server logs
Who implements access control based on the security level determined by the data owner?
Data custodian
You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?
Secure the evidence
Which of the following is an example of evidence collected from metadata?
Time stamp
Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?
To prevent malware from tricking users by spoofing what appears on the screen
You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?
Use mirror image backups
Which of the following network-based device logs are the least important when performing an incident investigation?
Routers and Switches
You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?
Rule-based access control
In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?
Runbook
Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a "top secret" label cannot be accessed by any users while "secret" files remain accessible?
You should set the clearance of all users to "secret."
Which of the following log management tools has content filtering?
syslog-ng
Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?
Cyber Kill Chain
Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?
Network segmentation