sec160 ch 10 ALL
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.) 802.1x authentication FTP transfers HTTPS web service local NTP server file and directory access permission
-HTTPS web service -802.1x Authentication
Agent-based
BLANK
provides dynamic IP addresses to authenticated endpoints
BLANK
Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
Exploitability
Which regulatory compliance regulation specifies security standards for U.S. government systems and contractors to the U.S. government?
Federal Information Security Management Act of 2002 (FISMA)
On a Windows host, which tool can be used to create and maintain blacklists and whitelists? Group Policy Editor Local Users and Groups Computer Management Task Manager
Group Policy Editor
Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Impact metrics Confidentiality Requirement Exploitability Exploit Code Maturity Modified Base
Impact metrics Exploitability
Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known intrusion database. It compares the behavior of a host to an established baseline to identify potential intrusions. It compares the antivirus definition file to a cloud based repository for latest updates.
It compares the behavior of a host to an established baseline to identify potential intrusions.
Which statement describes the term iptables? It is a file used by a DHCP server to store current active IP addresses. It is a rule-based firewall application in Linux. It is a DHCP application in Windows. It is a DNS daemon in Linux.
It is a rule-based firewall application in Linux.
Which statement describes the term attack surface? It is the total number of attacks toward an organization within a day. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the network interface where attacks originate. It is the group of hosts that experiences the same attack.
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
Which statement describes the use of a Network Admission Control (NAC) solution? It provides network access to only authorized and compliant systems. It provides endpoint protection from viruses and malware. A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint. It provides filtering and blacklisting of websites being accessed by end users.
It provides network access to only authorized and compliant systems.
Which HIDS is an open-source based product?
OSSEC
Which protocol should be recommended to the company to monitor and manage network performance? NTP PAT SNMP SSH
SNMP
Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information? Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act of 2002 (FISMA) Sarbanes-Oxley Act of 2002 (SOX)
Sarbanes-Oxley Act of 2002 (SOX)
Place the steps of risk assessment in order.
Step 1: identify threats and vulnerabilities and the matching of threats with vulnerabilities Step 2: establish a baseline to indicate risk before security controls are implemented Step 3: compare to ongoing risk assessment as means of evaluating risk management effectiveness
If the entrepreneur decides to go with Linux server, how are services handled differently from how Windows server services would be handled? The services are managed using configuration files. Services can only be managed from the Administrator account. Services use only TCP port numbers because they are more secure. The PowerShell environment can be used to make configuration changes.
The services are managed using configuration files.
T/F? ISO 27001 is a global industry-wide ISMS specification
True
T/F? Iptables are Linux host-based firewall.
True
provides endpoint protection from viruses and malware
advanced malware protection
behavior-based
analyzing suspicious activities
behavior-based
antimalware approach that analyzes the activities of known malware examples.
heuristics-based
antimalware approach that recognizes general features that are shared by many types of malware.
The entrepreneur is concerned about company employees having uninterrupted access to important resources and data. Which of the CIA triad components would address the concern? authentication availability confidentiality integrity
availability
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites? HIDS blacklisting baselining whitelisting
blacklisting
Information security Management System (ISMS)
consists of a mgmt framework through which an org identifies, analyzes, and addresses info security risks.
Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
discover
Sarbanes-Oxley Act (SOX)
ensure the integrity of financial practices and reporting.
endpoint
hosts on the network that can access or be accessed by other hosts.
The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.) iptables SIEM Snort Windows Firewall Wireshark
iptables, Windows Firewall
Which statement describes the threat-vulnerability (T-V) pairing? It is the advisory notice from a vulnerability research center. It is the comparison between known malware and system risks. It is the detection of malware against a central vulnerability research center. It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
it is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
permits only authorized and compliant systems to connect to the network
network admission control
As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?
network attack surface
Network Admission Control (NAC)
permits only authorized and compliant systems to connect to the network.
In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization?
risk analysis
Which function does CVSS provide?
risk assessment
In profiling a server, what defines what an application is allowed to do or run on a server?
service accounts
network profiling
used to provide a baseline of typical network behavior.
penetration testing
uses authorized simulated attacks to test the strength of network security.
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities? penetration testing strength of network security testing vulnerability assessment risk analysis
vulnerability assessment
provides filtering of websites and blacklisting before they reach the endpoint
web security appliance
In Windows Firewall, when is the Domain profile applied?
when the host is connected to a trusted network such as an internal business network
Which three devices are possible examples of network endpoints? (Choose three.)
IoT controller network security camera sensor
human attack surface
attack surface that exploits weaknesses in user behavior.
risk analysis
the evaluation of risks posed by vulnerabilities to a specific organization.
Which statement describes agentless antivirus protection? The antivirus protection is provided by the ISP. Antivirus scans are performed on hosts from a centralized system. Host-based antivirus systems provide agentless antivirus protection. The antivirus protection is provided by the router that is connected to a cloud service.
Antivirus scans are performed on hosts from a centralized system.
What is the first step taken in risk assessment? Perform audits to verify threats are eliminated. Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness. Establish a baseline to indicate risk before security controls are implemented. Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
What is a host-based intrusion detection system (HIDS)? It is an agentless system that scans files on a host for potential malware. It combines the functionalities of antimalware applications with firewall protection. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.
It combines the functionalities of antimalware applications with firewall protection.
Which statement describes the Cisco Threat Grid Glovebox? It is a sandbox product for analyzing malware behaviors. It is a network-based IDS/IPS. It is a firewall appliance. It is a host-based intrusion detection system (HIDS) solution to fight against malware.
It is a sandbox product for analyzing malware behaviors.
T/F? Cisco WSA provides control over how users access the Internet and it also can enforce acceptable use policies.
True.
signature-based
antimalware approach that recognizes known malware files.
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification? assess verify prioritize assets discover
assess
network attack surface
attack surface that exploits weaknesses in the network.
software attack surface
attack surface that exploits weaknesses in the software applications.
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component? user interaction attack complexity attack vector privileges required
attack vector
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities? signature-based packet-based behavior-based heuristics-based
behavior-based
Fill in the blank. An application _______ can specify which user applications are not permitted to run on a host.
blacklist
For network systems, which management system addresses the inventory and control of hardware and software configurations? asset management vulnerability management configuration management risk management
configuration management
network infrastructure
devices that interconnect endpoints and typically include switches and wireless devices
provides filtering of SPAM and potentially malicious emails before they reach the endpoint
email security appliance
heuristics-based
recognizing general features shared by various types of malware
signature-based
recognizing various characteristics of known malware files
In addressing an identified risk, which strategy aims to stop performing the activities that create risk? risk reduction risk avoidance risk sharing risk retention
risk avoidance
In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
risk reduction
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk? risk sharing risk retention risk reduction risk avoidance
risk reduction
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? risk reduction risk sharing risk retention risk avoidance
risk retention
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination? critical asset address space ports used total throughput session duration
session duration
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file? heuristic-based agent-based behavior-based signature-based
signature-based
Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?
signature-based
Payment Card Industry Data Security Standard (PCI-DSS)
standard that specifies requirements for the secure handling of customer credit card data.
Health Insurance Portability and Accountability Act (HIPAA)
stipulates controlled access policies and data encryption of patient info.
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks? workstation server switch firewall
switch
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location? safe browsing intrusion detection and prevention anti-phishing telemetry
telemetry
vulnerability assessment
testing that consists of scanning internal networks and Internet facing servers for various types of vulnerabilities.
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two) scope user interaction attack complexity attack vector privileges required
user interaction attack complexity