Network Security Quiz 2
Phases of software development life cycle
The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance .
Kevin would like to utilize a security control that can implement access restrictions across all of the SaaS solutions used by the organization. What control would best meet Kevin's needs?
CASB
Lilo is concerned about vehicles approaching the entrance to a building. What physical security control should Lilo implement.
Bollard
Lilo is conducting a penetration test for a client. The client provided Lilo with limited but important information on the configuration of the systems under test. What type of pentest is Lilo performing?
Gray-box test
Logging into an AWS environment to perform maintenance work is most commonly done through which tool?
SSH
Lyndsey wants to implement a striped drive solution. What RAID level does this describe?
RAID 0
Substitution Cipher
a type of coding or ciphering system that changes one character or symbol into another
Steganography
Art of using cryptographic techniques to embed secret messages within another file
Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal?
Elasticity
Integrity
Data is not altered
Confidentiality
data remains private
Which of the CVSS metrics would contain information about the difficulty of exploiting the vulnerability?
AC
Taylor performs a backup that captures the changes since the last backup. What type of backup has Taylor performed?
an incremental backup
Which of the following techniques is considered passive reconnaissance?
WHOIS Lookups
Dr. Hwang is the CIS department chair and wishes to send a message to CIS students that does not need to be kept secret but students need to be assured that the message actually came from Dr. Hwang. What key should Dr. Hwang use to sign the message?
Dr Hwang's private key
Kelly installs a backdoor in a database server that was exploited as part of a penetration test which will provide ongoing access to the server in the future. Which term describes this action?
Persistence
Taylor is reviewing authentication frameworks for wireless networks. Which framework is Taylor likely to find most useful for wireless environments?
EAP
Miguel sends backups to a company that keeps them in a secure vault. What type of backup solution has Miguel implemented?
offline
Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Buffer Overflow
The SWIFT club has 80 members and they all need the ability to communicate with one another securely using an asymmetric encryption system. The system allows any two members to communicate without other members eavesdropping. If an 81st member is added to the club, how many new keys must be added to the system?
2
In what cloud security model does the cloud service provider bear the least responsibility for implementing security controls?
IaaS
Sam wants to set an account policy that raises an alert if a user logs in from two different locations in a timeframe that is too short for reasonable travel. What type of account policy should Sam set?
Impossible travel time
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Parametized Queries
Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting?
fuzzing
Nonrepudiation
proving sender is original sender
Michael is wanting to implement numerous smaller servers for the data center and then deploy a load balancer to gain scalability. What type of scalability is Michael trying to implement?
Horizontal scalability
The Student Data Center (SDC) on campus ties together local computing capabilities within the SDC with capabilities from multiple public-cloud providers. Which deployment model best describes this environment?
Hybrid Cloud
Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use?
Man-in-the-middle
Terry identified a new security vulnerability and computed its CVSS base score as 3.5. Which risk category would this vulnerability fall into?
Low
What type of recovery site has all the infrastructure and data needed to operate the organization?
a hot site
Cipher
a method used to scramble or obfuscate characters to hide their value
Calculate the impact sub-score (ISS) given the following CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.56
Aubrey needs to implement LDAP service. What type of service is Aubrey attempting to enable?
a directory service
Which of the following measures would database administrators consider to be the best defense against data exposure?
data minimization
When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment.
production
Sana is deploying the organization's websites in the local AWS availability zone as well as an availability zone across the country. This plan will provide enhanced uptime and scalability, but why did Sana choose an availability zone on the far side of the country?
Geographic dispersal
Mackenzie was offered an on-the-job training opportunity that includes defending the organization's systems from attack as part of a security training exercise. What role is Mackenzie playing in this exercise?
Blue Team
Lilo is configuring a web server to use digital certificates and wishes to allow clients to quickly verify the status of the certificate without contacting a remote server. What technology can Lilo use to accomplish this outcome?
Certificate stapling
What type of cipher operates on one character at a time?
Stream cipher
An individual's name, location, and role in the organization are all examples of what?
attributes
Sam is using full disk encryption technology to protect the contents of laptops against theft. What goal of cybersecurity is Sam attempting to achieve?
confidentiality
Mac needs to utilize application-level virtualization in which multiple servers operate independently while sharing an operating system. What type of resource does Mac need to use?
containers
Which of the following controls will NOT affect scan results?
Audit requirements
What type of attack does an account lockout policy help to prevent?
Brute force
Taylor is seeking the Cloud Reference Architecture which offers a high-level taxonomy for cloud services. What document should Taylor access?
NIST SP thing
Benny needs to create an account for an application (e.g. a VM instance) to access other resources. What type of account should Benny use?
Service account
Sam has detected lateral network traffic that is not compliant with the organization's security policy creating a belief that a cybersecurity compromise has already occurred. Sam decides to search for evidence of the compromise, which type of security assessment technique should Sam utilize?
Threat Hunting
Taylor is conducting a penetration test and deploys a toolkit on a compromised system which is then used to gain access to other systems. What term best describes Taylor's activity?
Lateral movement
Maria wants to use an individuals job requirements as the basis for an access control scheme. Which scheme is best suited to this implementation?
RBAC
Sam wants to implement a RAID array upon which data is striped across drives, with drives used for parity (checksum) of the data. Sam also wants to ensure that the system can handle more than one drive failing at a time. What RAID type should Sam use?
Raid 6
Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful.
Session Cookie
What is an HSM used for?
To generate, manage, and securely store cryptographic keys
Jen is configuring a cloud environment and needs to define network traffic that is allowed into the organization's cloud environment while blocking other network traffic. What resource would a cloud provider typically offer to meet this need?
security groups
Lilo needs to provide access control in enterprise-systems applications such as database, microservice, and API access which requires considerable flexibility. Which access control scheme is Lilo likely to use?
ABAC
Mindy works for an automobile parts manufacturer and has access to a cloud environment that is exclusive to organizations that provide services or parts to a major automobile manufacturer. What model of of cloud computing does this environment represent?
Community Cloud
When CIS students receive an email from Dr. Hwang that has been digitally signed, what key should the students use to verify the digital signature?
Dr Hwang's public key
Kara discovered the web server was being overwhelmed by traffic causing a CPU bottleneck. Using an interface from the cloud provider, Kara added a second web server and a load balancer to balance the load between the two servers. What term best describes Kara's action?
Horizontal scaling
Taylor is saving hash values of data archives so that these same archives in the future can be tested to ensure that the archive has not been changed or modified. What goal of cybersecurity is Taylor attempting to achieve?
Integrity
Authentication
Verifying the claimed identity of system users
Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance?
Code signing
Sam is responsible for the deployment of IoT gateway devices located in close proximity to sensors that are collecting data. The gateway performs preprocessing of the data before sending results to the cloud. What term best describes this approach?
fog computing
During a periodic review of security controls, Maria discovered that individuals who breach the network security perimeter would be able to then attack IoT systems that operate manufacturing. Manufacturing is a closed system and does not require internet connectivity. What type of solution is best suited for this?
Air gap
Bob would like to send Alice a secure message using an asymmetric encryption algorithm. What key should Bob use to encrypt the message?
Alice's public key
