ITM 450 Capstone Textbook Questions

What is a security perimeter?

- The boundary of the physically secure area surrounding your system - The imaginary boundary that separates the TCB from the rest of the system

While evaluating network traffic, you discover several addresses that you are not familiar with. Several of the addresses are in the range of addresses assigned to internal network segments. Which of the following IP addresses are private IPv4 addresses as defined by the RFC 1918?

10.0.018, 172.31.8.204 and 192.168.6.43

The company's server room has been updated with raised floors and MFA door locks. You want to ensure that updated facility is able to maintain optimal operational efficiency. What is the ideal humidity range for a server room?

20-80 percent

Your company is evaluating several cloud providers to determine, which is the best fit to host your custom services as a custom application solution. There are many aspects of security controls you need to evaluate, but the primary issues include being able to process significant amounts of data in short periods of time, controlling which applications can access which assets, and being able to prohibit VM sprawl, or repetition of operations. Which of the following is not relevant to this selection process?

A VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services

Michael is configuring a new web server to offer instruction manuals and specification sheets to customers. The web server has been positioned in the screened subnet and assigned an IP address of 172.31.201.17, and the public side of the company's split-DNS has associated the documents.myexamplecompany.com domain name with the assigned IP. After verifying that the website is accessible from his management station (which accesses the screened subnet via a jumpbox) as well as from several worker desktop systems, he declares the project completed and heads home. A few hours later, Michael thinks of a few additional modifications to perform to improve site navigation. However, when he attempts to connect to the new website using the FQDN, he receives a connection error stating that the site cannot be reached. What is the reason for this issue? A. The jumpbox was not rebooted. B. Split-DNS does not support internet domain name resolution. C. The browser is not compatible with the site's coding. D. A private IP address from RFC 1918 is assigned to the web server.

A private IP address from RFC 1918 is assigned to the web server

As a software designer, you want to limit the actions of the program you are developing. You have considered using bounds and isolation but are not sure they perform the functions you need. Then you realize that the limitation you want can be achieved using confinement. Which best describes a confined or constrained process?

A process that can access only certain memory locations

You have been working on crafting a new expansion service link to the existing computer hardware of a core business function. However, after weeks of research and experimentation, you are unable to get the systems to communicate. The CTO informs you that the computing hardware you are focusing in is a closed system. What is a closed system?

A proprietary system that uses unpublished protocols

A security model provides a way for designers to map abstract statements into a solution that prescribes the algorithms and data structures necessary to build hardware and software. Thus a security model gives software designers something against which to measure their design and implementation. Which of the following is the best definition of a security model?

A security model provides a framework to implement a security policy

Which of the following is a true statement about ARP poisoning or MAC spoofing?

ARP poisoning can use unsolicited or gratuitous replies

What security method, mechanism, or model reveals a capabilities list of a subject across multiple objects?

Access control matrix

While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building's construction. Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified?

Access control vestibule

Security configuration guidelines issued by your CISO require that all HTTP communications be secure when communicating with internal web services. Which of the following is true in regards to using TLS?

Allows for use of TCP port 443, prevents tampering, spoofing and eavesdropping and can be used as a VPN solution

A(n) _______ firewall is able to make access control decisions based on the content of communications as well as the parameters of the associated protocol and software.

Application-level

A company is developing a new product to perform simple, automated task related to indoor gardening. The device will be able to turn lights on and off and control a pump to transfer water. The technology to perform these automated task needs to be small in an expensive. And only need a minimal computational capabilities, does not need networking, and should be able to execute C++ commands natively without the need of an OS. The organization thinks that using an embedded system, or a microcontroller may be able to provide the functionality necessary for the product. Which of the following is the best choice to use for this new product?

Arduino

IPsec is a standard of IP security extensions used as an add-on for IPv4 and integrated into IPv6. What IPsec component provides assurances of message integrity and non repudiation?

Authentication header

You have been tasked with crafting the organization's email retention policy. Which of the following is typically not an element that must be discussed with end users in regard to email retention policies?

Backup method

You are tasked with designing the core security concept for a new government computing system. The details of its use are classified, but it will need to protect confidentiality across multiple classification levels. Which security model addresses data confidentiality in this context?

Bell-LaPadula

The state machine model describes a system that is always secure no matter what state it is in. A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy. Which security models are built on a state machine model?

Bell-LaPadula and Biba

A new startup company needs to optimize delivery of high-definition media content to its customers. They are planning the deployment of resource service hosts in numerous data centers across the world in order to provide low latency, high performance, and high availability of the hosted content. What technology is likely being implemented?

CDN

Which of the following is a true statement in regard to security cameras?

Cameras should be positioned to watch exit and entry points allowing any change in authorization or access level, cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways, and some cameras systems include a system on a chip or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording

While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?

Capacitance

In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?

Changing default passwords

The Authorizing Official (AO) has the discretion to determine which breaches or security changes result in a loss of authorization to operate (ATO). The AO can also issue four types of authorization decisions, which of the following are examples of these ATOs.

Common control authorization, denial of authorization, and verified authorization

A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished? A. Data sovereignty B. Infrastructure as code C. Containerization D. Serverless architecture

Containerization

You have been tasked with designing and implementing a new security policy to address the new threats introduced by the recently installed embedded systems. What is it a security risk of an embedded system that is not commonly found in a standard PC?

Control of a mechanism in the physical world

The CISO has asked you to propose an update to the company's mobile device security strategy. The main concerns are the intermingling of personal information with business data in complexities of assigning responsibility over device security, Management, updates, and repairs. Which of the following would be the best option to address these issues?

Corporate-owned

What method is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements when evaluating the security of a facility or designing a new facility?

Critical path analysis

When you're designing a security system for Internet-delivered email, which of the following is least important? A. Nonrepudiation B. Data remanent destruction C. Message integrity D. Access restriction

Data remanent destruction

The CISO is concerned that the use of subnets as the only form of network segments is limiting growth and flexibility of the network. They are considering the implementation of switches to support VLANs but aren't sure VLANs are the best option. Which of the following is not a benefit of VLANs.

Data/traffic encryption

When a trusted subject violates the star property of Bell-LaPadula in order to write an object into a lower level, what valid operation could be taking place?

Declassification

An organization stores group project data files on a central SAN. Many projects have numerous files in common but are organized into separate project containers. A member of the IR team is attempting to recover files from the SAN after a malware infection. However, many files are unable to be recovered. What is the most likely cause of this issue?

Dedeplication

Neo is the security manager for the southern division of the company. He thinks that deploying a NAC will assist in improving network security. However, he needs to convince the CISO of this at a presentation next week. Which of the following are goals of NAC that Neo should highlight? (Choose all that apply.) A. Reduce social engineering threats B. Detect rogue devices C. Map internal private addresses to external public addresses D. Distribute IP address configurations E. Reduce zero-day attacks F. Confirm compliance with updates and security settings

Detect rogue devices, reduce zero-day attacks and confirm compliance with updates and security settings

When designing physical security for an environment, it is important to focus on the functional order in which controls should be sue. Which of the following is the correct order of the six common physical security control mechanisms?

Deter, deny, detect, delay, determine, and decide

Which of the following is a means for IPv6 and IPv4 to be able to coexist on the same network?

Dual stack, tunneling and NAT-PT

The CISO wants to improve the organization's ability to manage and prevent malware infections. Some of her goals are to (1) detect, record, evaluate and respond to suspicious activities and events, which may be caused by problematic software or by valid and invalid users, (2) collect event information and report it to a central ML analysis engine and, (3) detect abuses that are potentially more advanced than what can be detected by traditional antivirus or HIDSs. The solution needs to be able to reduce response and remediation time, reduce false positives, and manage multiple threats simultaneously. What solution is the CISO wanting to implement?

EDR

James has been hired to be a traveling repair technician. He will be visiting customers all over the country in order to provide support services. He has been issued a portable workstation with 4G and 5G data service. What are some concerns when using this capability?

Eavesdropping, rogue towers and reliability of establishing a connection

A major online data service wants to provide better response and access times for their users and visitors. They plan on deploying thousands of mini web servers to ISPs across the nation. These many servers will host a few dozen main pages of their website, so that users will be routed to the logically, and geographically closest server for optimal performance and minimal latency. Only if a user requests data not on these mini servers, will they be connecting to the centralize main web cluster hosted at the companies headquarters. What is this type of appointment commonly known as?

Edge computing

Your network supports TCP/IP. TCP/IP is a multi layer protocol. It is primarily based on IPv4, but the organization is planning on deploying IPv6 within the next year. What is both a benefit and a potentially harmful implication of multilayered protocols?

Encapsulation

Multimedia collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration. Often, collaboration allows workers to work simultaneously as well as across different time frames. Which of the following are important security mechanisms to impose on multimedia collaboration tools?

Encryption of communications, MFA and logging of events and activities

You are mapping out the critical paths of network cables throughout the building. Which of the following items do you need to make sure to include and label on your master cabling map as part of the cable plant management policy?

Entrance facility, equipment room, backbone distribution system, telecommunications room and horizontal distribution system

Your organization is planning on building a new primary headquarters in a new town. You have been asked to contribute to the design process, so you have been given copies of the proposes blueprints to review. Which of the following is not a security-focused design element of a facility or site?

Equal access to all locations within a facility

While designing the security for the organization, you realize the importance of not only balancing the objectives of the organization against security goals, but also focusing on the shared responsibility of security. Which of the following is considered an element of shared responsibility?

Everyone in an organization has some level of security responsibility, organizations are responsible to their stakeholders for making good security decisions in order to sustain the organization, when working with third parties, especially with cloud providers, each entity needs to understand their portion of the shared responsibility of performing work operations and maintaining security, and as we become aware of new vulnerabilities and threats, we should consider it our responsibility to responsibility disclose that information to the proper vendor or to an information sharing center

A compromise of a newly installed Wi-Fi connected baby monitor enabled a hacker to virtually invade a home and play scary sounds to a startled toddler. How was the attack able to to gain access to the baby monitor in this situation?

Exploiting default configuration

While working against a deadline, you are frantically trying to finish a report on the current state of security of the organization. You are pulling records and data items from over a dozen sources, including a locally hosted database, several documents, a few spreadsheets, and numerous web pages from an internal server. However, as you start to open another file from your hard drive, the system crashes and displays the Windows Blue Screen of Death. This event is formally known as a stop error and is an example of a(n) ____________ approach to software failure.

Fail-secure

An organizations wants to use a wireless network internally, but they do not want any possibility of external access or detection. What security tool should be used?

Faraday cage

A recent security policy update has restricted the use of portable storage devices when they are brought in from outside. As a compensation, a media storage media management process has been implemented. Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media?

Hashing

A data center has repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue?

Hot aisles and cold aisles

You have been placed on the facility security planning team. You've been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions?

Human safety

Equipment failure is a common cause of a loss of availability. When deciding on strategies to maintain availability, it is often important to understand the criticality of each asset and business process as well as the organization's capacity to weather adverse conditions. Match the term to the definition. I. MTTF II. MTTR III. MTBF IV. SLA

I-3, II-4, III-2, IV-1

A new VoIP system is being deployed at a government contractor organization. They require high availability of five nines of uptime for the voice communication system. They are also concerned about introducing new vulnerabilities into their existing data network structure. The IT infrastructure is based on fiber optics and supports over 1 Gbps to each device; the network often reaches near full saturation on a regular basis. What option will provide the best outcome of performance, availability, and security for the VoIP service? A. Create a new VLAN on the existing IT network for the VoIP service. B. Replace the current switches with routers and increase the interface speed to 1,000 Mbps. C. Implement a new, separate network for the VoIP system. D. Deploy flood guard protections on the IT network.

Implement a new, separate network for the VoIP system

The Clark-Wilson model uses a multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, the Clark-Wilson model defines each item and allowable data transformation. Which of the following is not part of the access control relationship of the Clark-Wilson model?

Input sanitization

Your organization is considering the deployment of a DCE to support a massively multiplayer online role-playing game based on the characters of a popular movie franchise. What is the primary concern of a DCE that could allow for propagation of malware or making adversarial pivoting and lateral movement easy?

Interconnectedness of components

Micro-segmentation is dividing up an internal network in numerous subzones, potentially as small as a single device, such as high-value server or even a client or endpoint device. Which of the following is true in regard to microsegmentation?

It can be implemented using ISFWs, transactions between zones are filtered and it can be implemented with virtual systems and virtual networks

A recent security audit of your organization's facilities has revealed a few items that need to be addressed. A few of them are related to your main data center. But you think at least one of the findings is a false positive. Which of the following does not need to be true in order to maintain the most efficient and secure server room?

It must be optimized for workers

Based on recent articles about the risk of mobile code and web apps, you want to adjust the security configurations of organizational endpoint devices to minimize the exposure. On a modern Windows system with the latest version of Microsoft's browser and all others disabled or blocked, which of the following is of the highest concern? A. Java B. Flash C. JavaScript D. ActiveX

JavaScript

Your boss wants to automate the control of the buildings HVAC system and lighting in order to reduce costs. When you were using IOT equipment in a private environment, what is the best way to reduce risk?

Keep devices current on updates

While designing the security plan for a proposed facility, you are informed that the budget was just reduced by 30 percent. However, they did not adjust or reduce the security requirements. What is the most common and inexpensive form of physical access control device for both interior and exterior use?

Key locks

Extensible Authentication Protocol is one of three authentication options provided by Point-to-Point Protocol (PPP). EAP allows customized authentication security solutions. Which of the following are examples of actual EAP methods?

LEAP, PEAP, EAP-SIM, EAP-FAST, EAP-MD5, EAP-POTP, EAP-TLS, EAP-TTLS

A new operating system update has made significant changes to the prior system. While testing, you discover that the system is highly unstable, allows for integrity, violations between applications, can be affected easily by local denial of service attacks, and allows for information disclosure between processes, you suspect that a key Security mechanism has been disabled or broken by the update. What is a likely cause of these problems?

Lack of memory protections

Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization's physical security stance. What is the most common form of perimeter security devices or mechanisms? A. Security guards B. Fences C. CCTV D. Lighting

Lightning

Your organization is considering the point a publicly available screensaver to you spare system resources to process sensitive company data. What is a common security risk when using grid computing solutions to consume available resources from computers over the Internet?

Loss of data privacy

Service oriented architecture, constructs, new applications, or functions out of existing but separate and distinct software services. The resulting application is often new; does insecurity issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA decorate single use functions that can be employed via an API by other software?

Micro services

You are working on improving your organizations policy on mobile equipment. Because of several recent, embarrassing breaches, the company wants to increase security through technology as well as user behavior and activities. What is the most effective means of reducing the risk of losing the data on a mobile device, such as a laptop computer?

Minimizing sensitive data stored on the mobile device

Many PC OSs provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability? A. Multistate B. Multithreading C. Multitasking D. Multiprocessing

Multitasking

The CISO has tasked you to design and implement an IT port security strategy. While researching the options, you realize there are several potential concepts that are labeled as port security. You prepare a report to present options to the CISO. Which of the following are port security concepts you should include on this report?

NAC, transport layer, RJ-45 jacks

Your organization is planning on building a new facility to house a majority of on-site workers. The current facility has had numerous security issues, such as loitering, theft, graffiti, and even a few physical altercations between employees and non employees. The CEO has asked you to assist in developing the facility plan to reduce these security concerns. While researching options you discover the concepts of CPTED. Which of the following is not one of its core strategies?

Natural training and enrichment

The Bell-LaPadula multilevel security model was derived from the DOD's multilevel security policies. The multilevel security policy states that a subject with any level of clearance can access resources at or below its clearance level. Which Bell-LaPadula property keeps lower level subject from accessing objects with a higher security level?

No read-up property

A new local VDI has been deployed in the organization. There have been numerous breaches of security due to issues on typical desktops, workstations and laptop computers used as endpoints. Many of these issues stemmed from users, installing unapproved software, or altering the configuration of essential security tools. In an effort to avoid security compromises originating from endpoints in the future, all endpoint devices are now used exclusively as dumb terminals. Thus, no local data storage or application execution is performed on endpoints. Within the video, each worker has been assigned a VM, containing all of their business necessary, software, and data sets. These VMs are configured to block the installation and execution of new software code, datafiles cannot be exported to the actual endpoints, and each time a worker logs out, they used VM is discarded and a clean version copied from a static snapshot, replaces it. What type of system has now been deployed for the workers to use?

Non-persistent

Mark is configuring the remote access server to receive inbound connections from remote workers. He is following a configuration checklist to ensure that the telecommuting links are compliant with company security policy. What authentication protocol offers no encryption or protection for logon credentials? A. PAP B. CHAP C. EAP D. RADIUS

PAP

A phreaker has been apprehended who has been exploiting the technology deployed in your office building. Several handcrafted tools and electronics were taken in as evidence that the phreaker had in their possession when they were arrested. What was this adversary likely focusing on with their attempts to compromise the organization?

PBX

Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data?

PVC

Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask you, "what is the most common cause of false positive for a water-based fire suppression system?" So, what do you answer?

People

What is the best type of water-based fire suppression system for a computer facility?

Preaction system

________________ is the oversight and management of the efficiency and performance of network communications. Items to measure include throughput rate, bit rate, packet loss, latency, jitter, transmission delay, and availability.

QoS

You were developing a new product that is intended to process data in order to trigger real world adjustment with minimal latency or delay. The current plan is to embed code into a ROM chip in order to optimize for mission critical operations. What type of solution is most appropriate for this scenario?

RTOS

The Biba model was designed after the Bell-LaPadula model. Whereas the Bell-LaPadula model address is confidentiality, the Biba model address is integrity. The Biba model is also built on a state machine concept, is based on information flow, and is a multilevel model. What is the implied meaning of the simple property of Biba?

Read-up

The trusted computing base (TCB) is a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy. What part of the TCB concept validates access to every resource prior to granting the requested access?

Reference monitor

A large cities, central utility company has seen a dramatic increase in the number of distribution notes, failing or going off-line. An APT group was attempting to take over control of the utility company and was responsible for the system failures. Which of the following systems has the attacker compromised?

SCADA

Dorothy is using a network sniffer to evaluate network connections. She focuses on the initialization of a TCP session. What is the first phase of the TCP three-way handshake sequence? A. SYN flagged packet B. ACK flagged packet C. FIN flagged packet D. SYN/ACK flagged packet

SYN flagged packet

Some standalone automated data-gathering tools use search engines in their operation. They are able to accomplish this by automatically interacting with the human-interface web portal interface. What enables this capability? A. Remote control B. Virtual desktops C. Remote node operation D. Screen scraping

Screen scraping

What type of security zone can be positioned so that it operates as buffer between the secured private network and the internet and can host publicly accessible services?

Screened subnet

Your organization is concerned about information leaks due to the workers taking home retired equipment. Which one of the following types of memory might retain information after being removed from a computer, and therefore represents a security risk?

Secondary memory

Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards?

Security guards are usually unaware of the scope of the operations within a facility

The common criteria defines various levels of testing and confirmation of system, security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. What part of the common criteria specifies the claims of security from the vendor that are built into a target of evaluation?

Security target

_______ is a cloud computing concept where code is managed by the customer, and the platform or server is managed by the cloud service provider. There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code, and not have to be concerned about the parameters are limitations of a specific server.

Server-less architecture

UDP is a connection less protocol that operates at the Transport layer of the OSI model and uses ports to manage simultaneous connections. Which of the following terms is also related to UDP?

Simplex

Modern networks are built on multilayer protocols, such as TCP/IP. This provides for flexibility and resiliency in complex network structures. All of the following are implications of multilayer protocols except which one?

Static IP addressing

A ________ is an intelligent hub because it knows the hardware addresses of the systems connected on each outbound port. Instead of repeating traffic on every outbound port, it repeats traffic only out of the port on which the destination is known to exist.

Switch

What networking device can be used to create digital virtual network segments that can be altered as needed by adjusting the settings internal to the device?

Switch

While researching security models to base your new computer design around, you discover the concept of the TCB. What is trusted computing base (TCB)?

The combination of hardware, software, and controls that work

Which of the following is true regarding appliance firewalls?

They are able to log traffic information, they are able to issue alarms based on suspected attacks and they are unable to prevent internal attacks

As an application designer, you need to implement various security mechanisms to protect the data that will be accessed and processed by your software. What would be the purpose of implementing a constrained or restricted interface?

To limit the actions of authorized and unauthorized users

Among the many aspects of a security solution, the most important is whether it addresses a specific need (i.e., a threat) for your assets. But there are many other aspects of security you should consider as well. A significant benefit of a security control is when it goes unnoticed by users. What is this called? A. Invisibility B. Transparency C. Diversion D. Hiding in plain sight

Transparency

What security model has a feature that in theory has one name or label but, when implemented into a solution, takes on the name or label of the security kernel?

Trusted computing base

You are configuring a VPN to provide secure communications between systems. You want to minimize the information left in plaintext by the encryption mechanism to the chosen solution. Which IPsec mode provides for encryption of complete packets, including header information?

Tunnel

The CISO has requested a report on the potential communication partners throughout the company. There is a plan to implement VPNs between all network segments in order to improve security against eavesdropping and data manipulation. Which of the following cannot be linked over a VPN?

Two systems without an intermediary network connection

A review of your companies virtualization of operations determines that the hardware resources supporting the VMs are nearly fully consumed. The auditor asks for the plan and layout of the VM systems but was told that no such plan exists. This reviews of the company is suffering from what issue?

VM sprawl

Jim was tricked into clicking on a malicious link contained in a spam email message. This caused malware to be installed on his system. The malware initiated a MAC flooding attack. Soon, Jim's system and everyone else's in the same local network began to receive all transmissions from all other members of the network as well as communications from other parts of the next-to-local members. The malware took advantage of what condition in the network? A. Social engineering B. Network segmentation C. ARP queries D. Weak switch configuration

Weak switch configuration

Which of the following benefits of a gas-based fire suppression system?

Will cause the least damage to computer systems, extinguishes the fire by removing oxygen and may be able to extinguish the fire faster than a water discharge system

A new startup company is designing a sensor that needs to connect wireless to a PC or IoT hub in order to transmit its gathered data to a local application or cloud service for data analysis. The company wants to ensure that all transferred data from the device cannot be disclosed to unauthorized entities. The device is also intended to located within 1 meter of the PC or IoT hub it communicates with. Which of the following concepts is the best choice for this device?

Zigbee