Cloud Infrastructure Chp 11

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Due to regulatory compliance, your organization's security policies require firewall rules on all cloud networks. You need to allow inbound Windows and Linux management traffic. Which ports must be opened in the firewall? 389, 636 3389, 25 3389, 22 389, 22

3389, 22

Which of the following describes a brute force attack? Attacking a site with exploit code until the password database is cracked Trying all possible password combinations until the correct one is found Performing a denial of service (DoS) attack on the server authenticator Using rainbow tables and password hashes to crack the password

A brute force attack tries all possible combinations of a password. A brute force attack relies on the ability to try thousands or millions of passwords per second. For example, at the time of this writing, the password cracking system that is used at TCDI for penetration testing can try 17 million passwords per minute in a brute force attack.

Which firewall configuration item controls access to network resources? DMZ Port list Access list Cipher

Access list

Which policy or set of rules temporarily disables an account when a threshold of incorrect passwords is attempted? Account lockout policy Threshold policy Disabling policy Password complexity enforcement rules

Account lockout policy

Which of the following actions violates the principle of least privilege? Unchanged default passwords Unpatched router firmware Granting read and write permissions to a shared network folder Adding a regular Windows user account to the Administrators group

Adding a regular Windows user account to the Administrators group

Which policy or set of rules temporarily disables an account when a threshold of incorrect passwords is attempted? Account lockout policy Threshold policy Disabling policy Password complexity enforcement rules

An account lockout policy temporarily disables an account after a certain number of failed logons. For example, if the policy were set to 3, then a user's account would be temporarily disabled (locked out) after three failed tries until an administrator unlocks it.

Port scanning falls under which vulnerability testing phase? Intelligence gathering Validation Penetration testing Assessment

Assessment

Which type of testing best simulates external malicious users? Black-box Gray-box Blue-box White-box

Black-box

You have been asked to harden a crucial network router. What should you do? (Choose two.) Disable the routing of IPv6 packets. Change the default administrative password. Apply firmware patches. Configure the router for SSO.

Changing the default passwords and applying patches are important steps in hardening a device.

You are responsible for cloud security at your organization. The Chief Compliance Officer has mandated that the organization utilize layered security for all cloud systems. Which of the following would satisfy the requirement? Implementing ACLs and packet filtering on firewalls Configuring a DMZ with unique ACLs between networks and an IDS/IPS Specifying separation of duties for cloud administration and training additional personnel on security processes Defining a privacy policy, placing the privacy policy on the website, and emailing the policy to all current clients

Configuring a DMZ with unique ACLs between networks and an IDS/IPS

One of your cloud servers has been receiving excessive amounts of network traffic from hosts with different IP addresses for the past hour. What type of attack is most likely taking place? SQL injection Distributed denial of service attacks Denial of service attacks Rainbow table

Distributed denial of service attacks

Penetration testers have performed reconnaissance on a target through web scraping, where publicly accessible information has been compiled. What type of testing is this? Black-box Gray-box White-box Blue-box

Gray-box

Which best practice configures host computers so that they are not vulnerable to attack? Vulnerability assessment Penetration test Hardening PKI

Hardening configures systems such that they are protected from compromise.

Which of the following solutions can shut down detected malicious traffic to prevent further damage? IDS DMZ IPS NAT

IPS

Jim is negotiating SLA support details with a public cloud provider. Which type of policy should he consult during negotiations? Audit Acceptable use Backup Incident response

Incident Response

Which three phases constitute the vulnerability scanning process? Intelligence gathering, assessment, validation Assessment, intelligence gathering, validation Validation, assessment, intelligence gathering Assessment, validation, intelligence gathering

Intelligence gathering, assessment, validation

You are responsible for cloud security at your organization. The Chief Compliance Officer has mandated that the organization utilize layered security for all cloud systems. Which of the following would satisfy the requirement? Implementing ACLs and packet filtering on firewalls Configuring a DMZ with unique ACLs between networks and an IDS/IPS Specifying separation of duties for cloud administration and training additional personnel on security processes Defining a privacy policy, placing the privacy policy on the website, and emailing the policy to all current clients

Layered security requires multiple overlapping controls that are used together to protect systems. Configuring a DMZ with ACLs along with an IDS/IPS provides multiple layers because an attacker would have to compromise a machine in the DMZ and then pivot from that machine to another machine in the internal network. However, IDS/IPS systems might detect this activity and notify administrators and block the attacker from making the connection.

Which type of testing identifies weaknesses and actively exploits them? Penetration testing Vulnerability testing Regression testing Load testing

Penetration testing

Which of the following phases are unique to penetration testing? (Choose all that apply.) Intelligence gathering Vulnerability validation Attack planning and simulation Exploitation

Penetration testing includes all the steps from vulnerability scanning. The two steps that are unique to penetration testing here are attack planning and simulation and exploitation.

Which type of test simulates a network attack? Vulnerability assessment Establishing an attack baseline Hardening Penetration test

Penetration tests simulate a network attack.

Laura is a Linux server administrator. Your company runs an HR payroll system on the Linux servers. At a recent IT meeting, Laura suggested being granted permissions to clear Linux server logs as their size reaches a specific size. Which security principle is violated if Laura is given the ability to clear Linux server logs? Principle of least privilege Attack surface reduction Job rotation Separation of duties

Separation of duties

Which policy would be used to specify how all employee owned devices may be used to access organizational resources? Privacy policy Mobile device policy Remote access policy BYOD policy

The BYOD policy is the correct answer here. Bring your own device (BYOD) is a device that is employee owned, not owned by the company; this policy governs how those devices may be used to access organizational resources.

Which of the following describes a brute force attack? Attacking a site with exploit code until the password database is cracked Trying all possible password combinations until the correct one is found Performing a denial of service (DoS) attack on the server authenticator Using rainbow tables and password hashes to crack the password

Trying all possible password combinations until the correct one is found


Set pelajaran terkait

Ch 15.1 Laws Common to All Lines of Insurance

View Set

(-76-) Direct object pronouns (los pronombres-DOS): The correct use of me (me), te (you-object), nos (us) and los-a ustedes (you all)

View Set

Chapter 12 Firms in Perfectly Competitive Market

View Set

Dizziness, Balance and Spatial Orientation.

View Set

Managerial Accounting- Test 1 Ch 2

View Set

E20-007 Data Science Associate Exam

View Set

Ch. 10 - Complications of pregnancy.

View Set

1. Acid-Base Balance: introduction

View Set