sec160 ch 10 ALL

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.) 802.1x authentication FTP transfers HTTPS web service local NTP server file and directory access permission

-HTTPS web service -802.1x Authentication

Agent-based

BLANK

provides dynamic IP addresses to authenticated endpoints

BLANK

Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?

Exploitability

Which regulatory compliance regulation specifies security standards for U.S. government systems and contractors to the U.S. government?

Federal Information Security Management Act of 2002 (FISMA)

On a Windows host, which tool can be used to create and maintain blacklists and whitelists? Group Policy Editor Local Users and Groups Computer Management Task Manager

Group Policy Editor

Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Impact metrics Confidentiality Requirement Exploitability Exploit Code Maturity Modified Base

Impact metrics Exploitability

Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known intrusion database. It compares the behavior of a host to an established baseline to identify potential intrusions. It compares the antivirus definition file to a cloud based repository for latest updates.

It compares the behavior of a host to an established baseline to identify potential intrusions.

Which statement describes the term iptables? It is a file used by a DHCP server to store current active IP addresses. It is a rule-based firewall application in Linux. It is a DHCP application in Windows. It is a DNS daemon in Linux.

It is a rule-based firewall application in Linux.

Which statement describes the term attack surface? It is the total number of attacks toward an organization within a day. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the network interface where attacks originate. It is the group of hosts that experiences the same attack.

It is the total sum of vulnerabilities in a system that is accessible to an attacker.

Which statement describes the use of a Network Admission Control (NAC) solution? It provides network access to only authorized and compliant systems. It provides endpoint protection from viruses and malware. A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint. It provides filtering and blacklisting of websites being accessed by end users.

It provides network access to only authorized and compliant systems.

Which HIDS is an open-source based product?

OSSEC

Which protocol should be recommended to the company to monitor and manage network performance? NTP PAT SNMP SSH

SNMP

Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information? Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act of 2002 (FISMA) Sarbanes-Oxley Act of 2002 (SOX)

Sarbanes-Oxley Act of 2002 (SOX)

Place the steps of risk assessment in order.

Step 1: identify threats and vulnerabilities and the matching of threats with vulnerabilities Step 2: establish a baseline to indicate risk before security controls are implemented Step 3: compare to ongoing risk assessment as means of evaluating risk management effectiveness

If the entrepreneur decides to go with Linux server, how are services handled differently from how Windows server services would be handled? The services are managed using configuration files. Services can only be managed from the Administrator account. Services use only TCP port numbers because they are more secure. The PowerShell environment can be used to make configuration changes.

The services are managed using configuration files.

T/F? ISO 27001 is a global industry-wide ISMS specification

True

T/F? Iptables are Linux host-based firewall.

True

provides endpoint protection from viruses and malware

advanced malware protection

behavior-based

analyzing suspicious activities

behavior-based

antimalware approach that analyzes the activities of known malware examples.

heuristics-based

antimalware approach that recognizes general features that are shared by many types of malware.

The entrepreneur is concerned about company employees having uninterrupted access to important resources and data. Which of the CIA triad components would address the concern? authentication availability confidentiality integrity

availability

Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites? HIDS blacklisting baselining whitelisting

blacklisting

Information security Management System (ISMS)

consists of a mgmt framework through which an org identifies, analyzes, and addresses info security risks.

Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?

discover

Sarbanes-Oxley Act (SOX)

ensure the integrity of financial practices and reporting.

endpoint

hosts on the network that can access or be accessed by other hosts.

The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.) iptables SIEM Snort Windows Firewall Wireshark

iptables, Windows Firewall

Which statement describes the threat-vulnerability (T-V) pairing? It is the advisory notice from a vulnerability research center. It is the comparison between known malware and system risks. It is the detection of malware against a central vulnerability research center. It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

it is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

permits only authorized and compliant systems to connect to the network

network admission control

As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?

network attack surface

Network Admission Control (NAC)

permits only authorized and compliant systems to connect to the network.

In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization?

risk analysis

Which function does CVSS provide?

risk assessment

In profiling a server, what defines what an application is allowed to do or run on a server?

service accounts

network profiling

used to provide a baseline of typical network behavior.

penetration testing

uses authorized simulated attacks to test the strength of network security.

In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities? penetration testing strength of network security testing vulnerability assessment risk analysis

vulnerability assessment

provides filtering of websites and blacklisting before they reach the endpoint

web security appliance

In Windows Firewall, when is the Domain profile applied?

when the host is connected to a trusted network such as an internal business network

Which three devices are possible examples of network endpoints? (Choose three.)

IoT controller network security camera sensor

human attack surface

attack surface that exploits weaknesses in user behavior.

risk analysis

the evaluation of risks posed by vulnerabilities to a specific organization.

Which statement describes agentless antivirus protection? The antivirus protection is provided by the ISP. Antivirus scans are performed on hosts from a centralized system. Host-based antivirus systems provide agentless antivirus protection. The antivirus protection is provided by the router that is connected to a cloud service.

Antivirus scans are performed on hosts from a centralized system.

What is the first step taken in risk assessment? Perform audits to verify threats are eliminated. Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness. Establish a baseline to indicate risk before security controls are implemented. Identify threats and vulnerabilities and the matching of threats with vulnerabilities.

Identify threats and vulnerabilities and the matching of threats with vulnerabilities.

What is a host-based intrusion detection system (HIDS)? It is an agentless system that scans files on a host for potential malware. It combines the functionalities of antimalware applications with firewall protection. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.

It combines the functionalities of antimalware applications with firewall protection.

Which statement describes the Cisco Threat Grid Glovebox? It is a sandbox product for analyzing malware behaviors. It is a network-based IDS/IPS. It is a firewall appliance. It is a host-based intrusion detection system (HIDS) solution to fight against malware.

It is a sandbox product for analyzing malware behaviors.

T/F? Cisco WSA provides control over how users access the Internet and it also can enforce acceptable use policies.

True.

signature-based

antimalware approach that recognizes known malware files.

Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification? assess verify prioritize assets discover

assess

network attack surface

attack surface that exploits weaknesses in the network.

software attack surface

attack surface that exploits weaknesses in the software applications.

Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component? user interaction attack complexity attack vector privileges required

attack vector

Which type of antimalware software detects and mitigates malware by analyzing suspicious activities? signature-based packet-based behavior-based heuristics-based

behavior-based

Fill in the blank. An application _______ can specify which user applications are not permitted to run on a host.

blacklist

For network systems, which management system addresses the inventory and control of hardware and software configurations? asset management vulnerability management configuration management risk management

configuration management

network infrastructure

devices that interconnect endpoints and typically include switches and wireless devices

provides filtering of SPAM and potentially malicious emails before they reach the endpoint

email security appliance

heuristics-based

recognizing general features shared by various types of malware

signature-based

recognizing various characteristics of known malware files

In addressing an identified risk, which strategy aims to stop performing the activities that create risk? risk reduction risk avoidance risk sharing risk retention

risk avoidance

In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?

risk reduction

The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk? risk sharing risk retention risk reduction risk avoidance

risk reduction

In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? risk reduction risk sharing risk retention risk avoidance

risk retention

When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination? critical asset address space ports used total throughput session duration

session duration

What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file? heuristic-based agent-based behavior-based signature-based

signature-based

Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?

signature-based

Payment Card Industry Data Security Standard (PCI-DSS)

standard that specifies requirements for the secure handling of customer credit card data.

Health Insurance Portability and Accountability Act (HIPAA)

stipulates controlled access policies and data encryption of patient info.

Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks? workstation server switch firewall

switch

In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location? safe browsing intrusion detection and prevention anti-phishing telemetry

telemetry

vulnerability assessment

testing that consists of scanning internal networks and Internet facing servers for various types of vulnerabilities.

Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two) scope user interaction attack complexity attack vector privileges required

user interaction attack complexity


Ensembles d'études connexes

Adjustable rate mortgages (ARMS)

View Set

Chapter 1 Reading Guides and Test candidate questions

View Set

Ch 12: 3-D Physiology: Membrane Potentials: Graded and Action Potentials

View Set

The Declaration of Independence - The American Revolution

View Set