Cyber Security Chapter 11 Reading Quiz
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? a) 21, 22, and 80 b) 21 and 80 c) 21, 23, and 80 d) 22 and 443
21, 23, and 80 (c)
Michelle wants to prevent unauthorized applications from being installed on a Windows system. What type of tool can she use to stop applications from being installed. a) Antivirus b) A GPO c) An EDR d) A HIPS
A GPO (b)
Oliver wants to store and manage secrets in his cloud service provider's environment. What type of solution should he look for as part of their offerings? a) A TPM b) A secure enclave c) A KMS d) A Titan M
A KMS (c)
Charlene wants to prevent attacks against her system that leverage flaws in the services that it provides while still keeping the services accessible. What hardening technique should she use? a) A host-based firewall b) A host-based IPS c) Encryption d) An EDR
A host-based IPS (b)
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement? a) A host firewall b) A host-based intrusion detection ssytem c) A host-based intrusion prevention system d) A data loss prevention tool
A host-based intrusion detection system (b)
The origination that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy? a) An MFP b) A HIPS c) An SoC d) An RTOS
An RTOS (d)
Fred has recently purchased a network router and is preparing to deploy it. Which of the following is a common step in deploying new routers? a) Disabling unwanted services b) Removing unnecessary software c) Installing antivirus d) Changing default passwords
Changing default passwords (d)
Which of the following is not a common constraint of an embedded system? a) Compute b) Cost c) Network d) Authentication
Cost (b)
Helen's organization is planning to deploy IoT devices across their buildings as part of an HVAC system. Helen knows that the vendor for the IoT devices does not provide regular security upgrades to the device's web interfaces that are used to manage the devices. What security control should she recommend to help protect the devices on the network? a) Install host-based firewalls b) Deploy the IoT devices to a protected VLAN c) Install Host-based IPS d) Disable the web interfaces for the IoT devices
Deploy the IoT devices to a protected VLAN (b)
What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices? a) EDR b) IAM c) FDE d) ESC
EDR (a)
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations? a) UEFI/Trusted Boot b) BIOS/Trusted Boot c) EUFI/Measured Boot d) BIOS/Measured Boot
EUFI/Measured Boot (c)
Anita wants to enforce security settings across her organization's Windows Active Directory domain. What tool can she use to do this? a) EDR b) Group Policy c) XDR d) SELinux
Group Policy (b)
Frank's organization is preparing to deploy a data loss prevention system. What key process should they undertake before they deploy it a) Define data life cycles for all non-sensitive data b) Encrypt all sensitive data c) Implement and use a data classification scheme d) Tag all data by creator or owner
Implement and use a data classification scheme (c)
Lin's hardware manufacturer has stopped selling the model of device that Lin's organization uses and has also stopped providing security or other updates. What phase of the hardware life cycle is the device in? a) End-of-life b) Legacy c) End-of-sales d) Senescence
Legacy (b)
Allan is preparing to harden his organization's network switches. Which of the following is not a common hardening technique for network devices? a) Removing unnecessary software b) installing patches c) Administrative VLANs d) Changing default passwords
Removing unnecessary software (a)
Brian has deployed a system that monitors sensors and sues that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution? a) SCADA b) SIM c) HVAC d) AVAD
SCADA (a)
What is the key difference between EDR and XDR solutions? a) The variety of malware it can detect b) The number of threat feeds that are used c) The breadth of the technology stack that is covered d) The volume of logs that can be processed
The breadth of the technology stack that is covered (c)
What is the primary reason to remove unnecessary software during hardening efforts? a) To reduce the attack footprint of the device b) To reduce the number of patches that are installed c) To reduce the number of firewall rules required for the device d) To support Incident Response (IR) activities
To reduce the attack footprint of the device (a)
Elaine wants to securely erase the contents of a backup tape in her organization's tape library. What is the fastest secure eras method available to her that will allow the tape to be reused? a) Using a degausser b) Wiping the tape by writing a random pattern of 1s and 0s onto it c) Incinerating the tape d) Wiping the tape by writing all 1s or all 0s to it
Using a degausser (a)
Jim configures a Windows machine with the built-in BitLocker full-disk encryption tool that uses a TPM chip. When is the machine least vulnerable to having data stolen from it? a) When the machine is off b) When the machine is booted and logged in but is locked c) When the machine is booted and logged in but is unlocked d) When the machine is booted and logged in but it's asleep
When the machine is off (a)
