Network Defense Essentials (NDE)
Which of the following methods keeps track of user actions on the network?
Accounting - User accounting involves tracking the actions performed by a user on a network. It keeps track of who, when, and how the users access the network. This includes verifying the files accessed by the user and functions such as alteration or modification of the files or data.
Which of the following types of proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests?
Anonymous proxy - An anonymous proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests. A user can surf the Internet privately by using an anonymous proxy.
Which of the following components of technical network security controls examines the network devices and identifies weaknesses in the network?
Auditing - Auditing refers to the tracking and examining of the activities of network devices in a network. This mechanism helps in identifying weaknesses in the network.
James, a network specialist joined an organization. He was provided with administrator privileges, through which he can access the files and servers and perform administrative activities. Which of the following information assurance principles authorizes James to access the server or system files?
Authentication - Authentication is a process of authorizing users with the credentials provided, by comparing them to those in a database of authorized users on an authentication server, to grant access to the network. It guarantees that the files or data passing through the network is safe.
Which of the following types of service enables the deployment of containers and container management through orchestrators and using which subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers?
CaaS - This refers to services that enable the deployment of containers and container management through orchestrators. Using CaaS, subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers.
In an organization, CyberSol.org, the administrator implemented an authorization method that contains a single database. Using this method, the administrator can allow or deny access to the applications and resources to their employees based on the policies. Identify the authorization technique implemented by the administrator in the above scenario.
Centralized authorization - The need for centralized authentication came into existence when it became difficult to implement the authorization process individually for each resource. It uses a central authorization database that allows or denies access to the users and the decision on the access depends on the policies created by the centralized units.
Which of the following firewall technologies works at the session layer of the OSI model or the TCP layer of TCP/IP model and filters the traffic based on specified session rules?
Circuit-level gateway - Session Virtual Private Network (VPN) Circuit-Level Gateways
Kristen, a security professional, implements firewall in his organization to trace the incoming and outgoing traffic. He deploys a firewall that works at the session layer of the OSI model and monitors the TCP handshake between hosts to determine whether a requested session is legitimate or not. Identify the firewall technology implemented by Kristen in the above scenario.
Circuit-level gateways - Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor the TCP handshake between packets to determine whether a requested session is legitimate or not. Information passed to a remote computer through a circuit-level gateway appears to have originated from the gateway.
John, a network specialist at an organization, was instructed to monitor unusual behaviors in the network. He implemented an IDS system that first creates models of possible intrusions and then compares these models with incoming events to make a detection decision Identify the type of IDS detection method employed by John in the above scenario.
Misuse detection - Signature recognition, also known as misuse detection, tries to identify events that indicate an abuse of a system or network. This technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision. The signatures for IDS were created under the assumption that the model must detect an attack without disturbing normal system traffic. Only attacks should match the model; otherwise, false alarms could occur.
Which of the following is a benefit of cloud computing?
More IT staff - Cloud computing offers economic, operational, staffing, and security benefits. Economic Less maintenance costs Acquire economies of scale Less capital expenditure Huge storage facilities for organizations Operational Scale as required Less operational problems Deploy applications quickly Backup and disaster recovery Automatic updates Staffing Streamline processes Efficient usage of resources Less personnel training Less IT Staff Security Less investment in security controls Efficient, effective, and swift response to security breaches Standardized open interface for managed security services (MSS) Effective patch management and implementation of security updates
Which of the following acts is a proprietary information security standard for organizations that handles cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards?
PCI-DSS - The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
Which of the following protocols is an application layer protocol that provides cryptographic privacy and authentication for network communication and enhances the security of emails?
PGP - Pretty good privacy (PGP) is an application layer protocol which provides cryptographic privacy and authentication for network communication. Pretty good privacy (PGP) is an encryption and decryption computer program that is used for providing confidentiality and validation during communication. PGP enhances the security of emails.
Which of the following types of HVAC system are used in locations where the space required for fixing all the components of a split system is available?
Packaged heating and air-conditioning system - Most appropriate air conditioning system used mainly in locations where the space required for fixing all the components of a split system is available.
Which of the following authentications uses a combination of a username and a password to authenticate the network users?
Password authentication - Password Authentication uses a combination of a username and a password to authenticate the network users.
Peter, a network administrator, restricts the actions and Internet usage of certain employees based on their job roles and responsibilities. He implements a policy that provides maximum security and logs all activity such as system and network activities and all the nonessential services/procedures that cannot be made safe are not allowed. Which of the following types of Internet access policy was employed by Peter in the above scenario?
Prudent policy - A prudent policy starts with all services blocked. The Network defender enables safe and necessary services individually. This provides maximum security and logs all activity such as system and network activities. According to this policy, nonessential services/procedures that cannot be made safe are not allowed.
Which of the following types of honeypot emulates the real production network of a target organization and causes attackers to devote their time and resources toward attacking the critical production system of the company?
Pure honeypot - Pure honeypots emulate the real production network of a target organization. They cause attackers to devote their time and resources toward attacking the critical production system of the company.
Which of the following protocols provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server?
RADIUS - The Remote Authentication Dial-in User Service protocol provides centralized authentication, authorization, and accounting (AAA) for remote-access servers to communicate with a central server.
Clark, a network security specialist, was assigned to secure an organization's network. Clark implemented a network defense approach that can tackle network attacks such as DoS and DDoS and includes security monitoring methods such as IDS, SIMS, TRS, and IPS. Which of the following network defense approaches did Clark implement in the above scenario?
Reactive approach - This approach addresses attacks and threats that the preventative approach may have failed to avert. DoS and DDoS attacks are examples of the reactive approach. It is necessary to implement both preventive and reactive approaches to ensure the security of the network. Reactive approaches include security monitoring methods such as IDS, SIMS, TRS, and IPS.
Danny, a security professional, wants to safeguard his organization's network from hacking attempts and virus attacks. For this reason, he follows a network defense approach that examines the causes for attacks in the network and includes fault finding, security forensics, and post-mortem analysis techniques. Which of the following network defense approaches was followed by Danny in the above scenario?
Retrospective approach - The retrospective approach examines the causes for attacks in the network. These include: Fault finding mechanisms such as protocol analyzers and traffic monitors. Security forensics techniques such as CSIRT and CERT. Post-mortem analysis mechanism including risk and legal assessments.
Which of the following network defense techniques examines the causes for attacks in networks by using fault-finding mechanisms, security forensics techniques, and post-mortem analysis?
Retrospective approach - The retrospective approach examines the causes for attacks in the network. These include: Fault finding mechanisms such as protocol analyzers and traffic monitors. Security forensics techniques such as CSIRT and CERT. Post-mortem analysis mechanism including risk and legal assessments.
Identify the access control model in which the access permissions are beyond the user control, which implies that users cannot amend the access policies created by the system.
Role-Based access control - In a role-based access control (RBAC), the access permissions are available based on the access policies determined by the system. The access permissions are beyond the user control which implies that users cannot amend the access policies created by the system.
Which of the following protocols is an application layer protocol used for sending digitally signed and encrypted email messages?
S/MIME - Secure/multipurpose internet mail extensions (S/MIME) is used for sending digitally signed and encrypted messages to ensure confidentiality, integrity, and non-repudiation for messages.
Which of the following cloud computing service provides services such as penetration testing, authentication, intrusion detection, and anti-malware?
SECaaS - Provides penetration testing, authentication, intrusion detection, anti-malware, security incident, and event management services.
Which of the following regulatory frameworks applies to the U.S. public company boards, management, and public accounting firms?
SOA - Sarbanes Oxley Act U.S. public company boards, management, and public accounting firms
Identify the type of employee awareness and training that includes training the employees on differentiating between legitimate email and a targeted phishing email, not downloading malicious attachment, and shredding document before putting into the trash.
Social engineering - A simple social engineering awareness training can be const-effective. It is useful in reminding employees about an organization's policies, which can ultimate help employees recognize and prevent social engineering attacks.
Smith, a professional hacker, has decided to perform an attack on the target organization's employees. He tricked the employees to access specific links, which when clicked redirected the victim to a malicious page. The victim is lured to enter their personal information on the malicious page; this information is then retrieved by Smith. Identify the type of attack performed by Smith in the above scenario.
Social engineering - Social engineering is defined as an illegal act of getting personal information from other people. The attacker gains unauthorized physical access by performing social engineering on an organization's employees.
Which of the following tools is an analytics-driven SEIM solution that automates the collection, indexing, and alerting of real-time machine data that are critical to an organization's operations?
Splunk Enterprise - The Splunk Enterprise Security (ES) is an analytics driven SEIM solution that provides you with what you need to detect and respond to internal and external attacks quickly. It automates the collection, indexing, and alerting of real-time machine data that are critical to an organization's operations.
Identify the fire-fighting system that provides a pre-piped water system for organizations and provides water supply to hose lines in certain locations.
Standpipe system - Standpipe systems deal with the connection of hose lines to the water supply. This provides a pre-piped water system for organizations and provides water supply to hose lines in certain locations. Three types of standpipe systems include: Class I - A, Class II - A, Class III - A. These types differ in accordance with the thickness of the hose lines used and the volume of water that is used for fire suppression.
Sam, a system administrator, was assigned to configure the information security policy that focuses on the overall security of a particular system in an organization. Jack selected a security policy that includes DMZ policy, encryption policy, policies for IDS/IPS implementation, and acceptable use policy. Which of the following security policies Jack has implemented in the above scenario?
System-specific security policy (SSSP) - SSSP directs users while configuring or maintaining a system. The implementation of these policies focuses on the overall security of a particular system in an organization. Examples of SSSP include DMZ policy, encryption policy, acceptable use policy, policies for secure cloud computing, policies for intrusion detection and prevention, and access control policy.
Which of the following information allows the firewall to check whether the packet has a SYN, ACK, or other bits set for connecting with the destination host?
TCP code bits - This allows the firewall to check whether the packet has a SYN, ACK, or other bits set for connecting.
Which of the following environmental threats affects electrical and electronic appliances, can lead to issues such as corrosion and short-circuits, and damages magnetic tapes and optical storage media?
Temperature and humidity - Computer systems operate between a range of temperatures, otherwise they will function in an inappropriate manner. Computer systems do not like hot areas. Electrical and electronic appliances in an organization may be affected by the change in the humidity.
Which of the following types of physical threat involves activities such as planting a vehicle bomb, human bomb, or a postal bomb in and around the organization's premises that impacts the physical security of the organization?
Terrorism - Terrorism activities such as planting a vehicle bomb, human bomb, postal bomb in and around the organization's premises, will impact physical security in many ways.
Identify the proxy through which a client system connects to a server without its knowledge and is configured to be entirely invisible to an end user.
Transparent proxy - A transparent proxy is a proxy through which a client system connects to a server without its knowledge. It is configured to be entirely invisible to an end user.
Anti-Trojan software is a tool or program that is designed to identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices.
True - Anti-Trojan software is a tool or program that is designed to identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices. Anti-Trojan tools may employ scanning strategies as well as freeware or licensed tools to detect Trojans, rootkits, backdoors, and other types of potentially damaging software.
Physical security should be implemented at the physical layer of the OSI model.
True - Physical security is the basis of any information security program in an organization. It deals with restricting unauthorized physical access to the infrastructure, office premises, workstations, and employees of the organization. Physical security cannot be ensured in the same manner as network, application, or database security, and separate security measures are required for physical security. Physical security should be implemented at the physical layer of the OSI model.
Designing a physical security policy helps an organization maintain certain norms to be followed by employees to reduce the probability of loss.
True - The physical security policy defines guidelines to ensure that adequate physical security measures are implemented. It is the security provided in terms of physical assets, which can be damaged physically. Designing a physical security policy helps an organization maintain certain norms to be followed by employees to reduce the probability of loss.
Rachel, a security professional plans to implement an added layer of defense to protect critical assets from sophisticated cyberattacks. She implemented an authentication technique that uses a physical entity such as a security token as one of the credentials and the other credential can include security codes. Identify the type of authentication implemented by Rachel in the above scenario.
Two-factor authentication - Two-factor authentication is a process where a system confirms the user identification in two steps. The users could use a physical entity such as a security token as one of the credentials and the other credential can include security codes.
Which of the following security labels requires no access permissions to access the documents, which means that any person at any level can access these documents?
Unclassified - No access permissions are required in order to access unclassified documents. Any person at any level may access these documents.
Which of the following features of a good security policy describes that the policies must be written and designed appropriately, so they can be accessed easily across various sections of an organization?
Usable - Policies must be written and designed, so they may be used easily across various sections of an organization. Well-written policies are easy to manage and implement.
Which of the following practices helps network administrators overcome the risks associated with network cabling?
Use transparent conduits for cabling in highly sensitive areas - Consideration for secured network cabling: Lay network wiring separate from all other wiring for easy maintenance, monitoring, and to prevent electronic interference. Consider installing armored cable if there is a threat of rodents, termites, etc. Use transparent conduits for cabling in highly sensitive areas which allow easy identification of any damage or interference. All network and communication cables should be hidden and protected appropriately. Undergrounding cables will prevent physical access to the cables. Do not lay cables above false ceiling to avoid fire risks.
Which of the following repositories stores attributes related to the users' identities?
User repository - Identify Management involves storing and managing user attributes in their repositories. The user repository is a database where attributes related to the users' identities are stored.
Which of the following technical controls offers an attractive solution for security professionals to connect their organization's network securely over the Internet and uses a tunneling process to transport encrypted data over the Internet?
VPN - A virtual private network (VPN) offers an attractive solution for security professionals to connect their organization's network securely over the Internet. VPN is used to connect distant offices or individual users to their organization's network over a secure channel. VPN uses a tunneling process to transport encrypted data over the Internet.
Identify the type of man-made threat that includes former employees who try to compromise the system by willingly harming the system components.
Vandalism - Disgruntled employees or former employees may try to compromise the system by willingly breaking or harming the system components. During civil unrest or a disaster, there is a chance of the systems being mishandled.
Bob, a policy management member, has decided to modify and add new designs to protect the original design according to the Vessel Hull Design Protection Act (VHDPA). Bob was provided with the right to design hulls (including the decks) of vessels only up to 200 feet using a duplicate of the original design. Which of the following acts was demonstrated in the above scenario?
DMCA - DMCA defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information. Title V of the DMCA, entitles the Vessel Hull Design Protection Act (VHDPA). This act creates a new system for protecting the original designs of certain useful articles that make the article attractive or distinctive in appearance.
Identify the type of authorization that maintains a separate database for each resource and the database contains the details of all users who are permitted to access a particular resource.
Decentralized authorization - A decentralized authorization maintains a separate database for each resource. The database contains the details of all users who are permitted to access a particular resource.
Stella, a security team member, was instructed to train new employees on securing the organization from unwanted issues. As a primary part of training, she instructed employees not to throw sensitive documents in the trash, and also trained them on how to shred documents and erase magnetic data before putting them into the trash. Which of the following attacks were mitigated by grooming employees on the above techniques?
Dumpster diving - Dumpsters Dumpster Diving Not throwing sensitive documents in the trash Shredding document before putting into the trash Erasing magnetic data before putting into the trash
Which of the following practices should be followed by a cloud administrator to secure the docker environment?
Enable read-only mode on file systems and volumes by setting --read-only flag - Best practices for securing Docker environment. Avoid exposing the Docker daemon socket because it is the basic entry point for the Docker API. Only use trusted Docker images because Docker images created by malicious users may be injected with backdoors. Regularly patch host OS and Docker with the latest security updates. Limit capabilities by allowing access only to the features required by the container. Use Linux security modules, such as seccomp, AppArmor, and SELinux, to gain fine-grained control over the processes. Limit resources such as memory, CPU, the maximum number of file descriptors, the maximum number of processes, and restarts to prevent DoS attacks. Enable read-only mode on filesystems and volumes by setting the --read-only flag. Set the Docker daemon log level to 'info' and avoid running Docker daemon using the 'debug' log level. The default user setting for the Docker image is root; configure the container application to run as unprivileged user to prevent privilege escalation attacks. Install only necessary packages to reduce the attack surface.
Identify the VPN core functionality in which packets over a VPN are enclosed within another packet that has a different IP source and destination because concealing the source and destination of the packets can protect the integrity of the data sent.
Encapsulation - Packets over a VPN are enclosed within another packet (encapsulation) which has a different IP source and destination. Concealing the source and destination of the packets protects the integrity of the data sent.
Which of the following components of technical security controls protects the information passing through the network and preserves the privacy and reliability of the data?
Encryption and protocols - Encryption and protocols protect the information passing through the network and preserve the privacy and reliability of the data.
Which of the following practices should be followed by a cloud administrator to secure the container environment?
Ensure the authenticated access to registries - Best Practices for Container Security Configure the host's root file system in read-only mode to restrict the write access and prevent malware injection attacks. Avoid using third-party software and employ application security scanning tools to protect containers from malicious software. Perform regular scanning of the images in the repository to identify vulnerabilities or misconfigurations. Deploy application firewalls for enhancing container security and prevent threats entering the environment. Ensure the authenticated access to registries including sensitive images and data. Use a separate database for each application for greater visibility of individual applications and enhanced data management.
Which of the following components in a Kubernetes cluster architecture is a backing store for the data in the Kubernetes cluster?
Etcd - This is a backing store for the data in the Kubernetes cluster. For example, if the user specifies that three instances of a specific pod should be executed, this information is stored in etcd. The data stored in etcd is used to determine the number of instances that are running. If an instance is not working, Kubernetes creates an additional instance of the same pod.
Identify the component of access management that involves tracking the actions performed by a user on a network and keeps track of who, when, and how the users access the network.
Accounting - User accounting involves tracking the actions performed by a user on a network. It keeps track of who, when, and how the users access the network. This includes verifying the files accessed by the user and functions such as alteration or modification of the files or data.
Which of the following is NOT a challenge of network defense?
Abundance of network security skills - Organizations are failing to defend themselves against rapidly increasing network attacks owing to the lack of network security skills.
Which of the following areas is NOT a part of the identity and access management (IAM) framework?
Access controls - An IAM framework can be divided into four areas, namely, authentication, authorization, user management, and central user repository/identity repository. All the IAM components are grouped under these four areas.
Which of the following practices helps security professionals strengthen the physical security of an organization?
Always advise employees to swipe the card at the entrance - The following checklist will help an organization ensure they are implementing proper security controls and measures: Store all removable and important items in the locker when not in use Always advise employees to swipe the card at the entrance Evaluate the physical security of the location Ensure an appropriate door lock system is implemented and is working properly Do not keep any combustible material in the workplace area Do not disconnect consoles from ports
James, a network defender, was appointed to secure the organization's private network from unauthorized entries. To achieve this, James configured an intermediary computer system that receives requests on public interface from external network and provides controlled access to resources in the private network. This mediatory system serves as scapegoat when attacks are initiated on the intranet. Which of the following security controls James has configured to secure the internal network?
Bastion host - A bastion host is designed for defending a network against attacks. It acts as a mediator between inside and outside networks. A bastion host is a computer system designed and configured to protect network resources from attacks. It provides a limited range of services such as website hosting, and mail to ensure security.
Jack, a security specialist was appointed by an organization to implement a highly secured authentication method at the entrance of their science and research center. To accomplish the responsibility, Jack created an authentication method that identifies a person based on the facial features from an image or a video source. Which of the following authentication methods Jack has implemented in the above scenario?
Biometric authentication - Biometrics is a technology which identifies human characteristics for authenticating people. The most commonly used biometrics are fingerprint scanner, retina scanner, facial recognition, DNA, and voice recognition.
Ronnie, a security professional got many tickets stating that certain miscreants have been accessing the files with the credentials of the employees and they are creating havoc in the organization. To prevent such incidents, Ronnie implemented an authentication mechanism that identifies human characteristics for authenticating people. Which of the following types of authentication did Ronnie implement in the above scenario?
Biometric authentication - Biometrics is a technology which identifies human characteristics for authenticating people. The most commonly used biometrics are fingerprint scanner, retina scanner, facial recognition, DNA, and voice recognition.
Identify the physical barrier that may be defined as a short vertical post which controls and restricts motor vehicles to the parking areas, offices etc. and are mainly used in building entrances, pedestrian areas and areas that require safety and security.
Bollards - A bollard may be defined as a short vertical post which controls and restricts motor vehicles to the parking areas, offices etc. This facilitates the easy movement of people. Bollards are mainly used in building entrances, pedestrian areas and areas that require safety and security.
Identify the actor in NIST cloud computing architecture who performs an independent examination of cloud service controls to express an opinion thereon and evaluates the services provided by a CSP based on security controls, privacy impact, and performance.
Cloud auditor - A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon. Audits verify adherence to standards through a review of the objective evidence. A cloud auditor can evaluate the services provided by a CSP regarding security controls privacy impact, performance, etc.
Which of the following types of cable is made up of a single copper conductor at its center, a plastic layer providing an insulated center conductor, and a braided metal shield?
Coaxial cable - Coaxial cable is made up of a single copper conductor at its center. A plastic layer provides an insulated center conductor and a braided metal shield.
Identify the type of physical security control that includes hot site and backup power system and is used as an alternative control when the intended controls fail or cannot be used.
Compensating controls - These controls are used as an alternative control when the intended controls fail or cannot be used. They do not prevent any attack attempt but try to restore using other means like restoring from backup.
Harvey, a system administrator, is assigned a task to create access permissions for users as well as verify the access permissions created for each employee in his organization. For this purpose, he used a type of authorization that maintains a separate database for each resource. Further, for better flexibility, it also enables the employees to provide access to other employees. Which of the following types of authorization was employed by Harvey in the above scenario?
Decentralized authorization - A decentralized authorization maintains a separate database for each resource. The database contains the details of all users who are permitted to access a particular resource. The decentralized authorization process enables users to provide access to other users as well. This increases the level of flexibility of the users in using the decentralized method. However, certain issues related to the decentralized authorization include cascading and cyclic authorizations.
Which of the following types of physical security controls is used to discourage attackers and send warning messages to them to discourage against intrusion attempts?
Deterrent controls - These controls may not prevent access directly. They are used to discourage attackers and send warning messages to the attackers to discourage an intrusion attempt. Examples include various types of warning signs.
Which of the following access control models can be termed as need-to-know access model where the decision can be taken by an owner to provide or deny access to specific user or a group of users?
Discretionary access control - Discretionary access control (DAC) determines the access control taken by any possessor of an object in order to decide the access control of a subject on that object.
Which of the following sections of typical policy document content ensures that policies are conveyed correctly throughout?
Distribution - It ensures that policies are conveyed correctly throughout.
Only wired networks perform authentication of users before allowing them to access the resources in the network.
False - Authentication involves verifying the credentials provided by a user while attempting to connect to a network. Both wired and wireless networks perform authentication of users before allowing them to access the resources in the network.
Which of the following types of cable is made of glass or plastic and is least susceptible to wiretapping threats?
Fiber optic - It is made up of made of glass or plastic. Fiber optic cabling is least susceptible to wiretapping threats.
Identify the virtualization approach in which the guest OS is not aware that it is running in a virtualized environment and sends commands to the virtual machine manager (VMM) to interact with the computer hardware.
Full virtualization - In this type of virtualization, the guest OS is not aware that it is running in a virtualized environment. It sends commands to the virtual machine manager (VMM) to interact with the computer hardware. The VMM then translates the commands to binary instructions and forwards them to the host OS. The resources are allocated to the guest OS through the VMM.
Which of the following regulatory frameworks applies to the companies that offer financial products or services to individuals such as loans, financial or investment advice, or insurance?
GLBA - Gramm Leach Bliley Act (GLBA) Companies that offer financial products or services to individuals such as loans, financial or investment advice, or insurance
Which of the following acts contains the simplification standard known as National Provider Identifier (NPI), which is a unique identification number assigned to each beneficiary?
HIPAA - The National Provider Identifier (NPI) is a HIPAA Administrative Simplification Standard. The NPI is a unique identification number assigned to covered health care providers. Covered health care providers and all health plans and health care clearinghouses must use the NPIs in the administrative and financial transactions adopted under HIPAA.
In which of the following types of virtualization approach, the guest OS adopts the functionality of para virtualization and uses the VMM for binary translation to different types of hardware resources?
Hybrid virtualization - In this type of virtualization, the guest OS adopts the functionality of para virtualization and uses the VMM for binary translation to different types of hardware resources.
Identify the type of cloud computing service that offers authentication services to the subscribed enterprises and is managed by a third-party vendor to provide identity and access management services.
IDaaS - This cloud computing service offers authentication services to the subscribed enterprises and is managed by a third-party vendor to provide identity and access management services.
Which of the following is NOT a design consideration for physical security?
Installing anti-virus software in all the systems - Physical security design considerations: Is the building protection deficiency reviewed regularly? Is there a process to identify outsiders such as visitors, contractors, and vendors before granting them access to the premises? Are adequate lighting systems installed? Are each of the entry points properly blocked? Are badges, locks, keys, and authentication controls audited regularly? Is video surveillance footage monitored regularly? Is the inventory of the organization's assets maintained regularly?
Which of the following information assurance principles ensures that the information is not modified or tampered by any unauthorized parties?
Integrity - Integrity protects data and does not allow modification, deletion, or corruption of data without proper authorization.
Identify the type of security policy that directs the audience on the usage of technology-based systems with the help of guidelines and also defines remote access and wireless policies, incident response plan, password policies, and policies for personal devices.
Issue-specific security policy (ISSP) - ISSP directs the audience on the usage of technology-based systems with the help of guidelines. These policies address specific security issues in an organization. Examples of ISSP include remote access and wireless policies, incident response plan, password policies, policies for personal devices, user account policies, and internet and web usage policies.
Which of the following anti-malware tools helps network defenders identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices?
McAfee LiveSafe - Anti-Trojan software is a tool or program that is designed to identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices.
Sally, a security professional, implemented a protocol for authenticating requests in computer networks. The protocol implemented by Sally is based on the client-server model, and uses encryption technology and a "ticket" mechanism to prove the identity of a user on a non-secure network. Identify the protocol implemented by Sally in the above scenario.
Kerberos - Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks. It is based on the client-server model, which uses an encryption technology and a "ticket" mechanism to prove the identity of a user on a non-secure network.
Which of the following is NOT a benefit of network defense?
Lack of compliance - Network security helps organizations avoid penalties for lack of compliance. The real-time monitoring of data flows helps organizations enhance their compliance posture.
Which of the following is NOT a benefit of cloud computing?
Less storage facilities for organizations - Cloud computing offers economic, operational, staffing, and security benefits. Economic Less maintenance costs Acquire economies of scale Less capital expenditure Huge storage facilities for organizations Operational Scale as required Less operational problems Deploy applications quickly Backup and disaster recovery Automatic updates Staffing Streamline processes Efficient usage of resources Less personnel training Less IT Staff Security Less investment in security controls Efficient, effective, and swift response to security breaches Standardized open interface for managed security services (MSS) Effective patch management and implementation of security updates
Identify the SIEM function that stores logged data in a central repository for long periods to meet compliance and regulatory requirements and for conducting forensic analysis, investigation, and internal audits.
Log retention - SIEM stores logged data in a central repository for long periods to meet compliance and regulatory requirements and for conducting forensic analysis, investigation, and internal audits.
Which of the following types of honeypot simulates only a limited number of services and applications of a target system or network and if the attacker does something that the emulation does not expect, the honeypot will simply generate an error?
Low-interaction honeypot - Low-interaction honeypots emulate only a limited number of services and applications of a target system or network. If the attacker does something that the emulation does not expect, the honeypot will simply generate an error.
Which of the following network security elements restricts the access to organization's resources based on identity management?
Network Security Controls - Network security controls are the security features that should be appropriately configured and implemented to ensure network security. These security controls work together to allow or restrict the access to organization's resources based on identity management.
Which of the following network security elements ensures the security and integrity of data in transit?
Network Security Protocols - Network security protocols implement security related operations to ensure the security and integrity of data in transit. The network security protocols ensure the security of the data passing through the network.
Which of the following components of VPN is also called as media gateway and is responsible for setting up and maintaining each tunnel in a remote access VPN?
Network access server - It is also called a media gateway or a remote-access server (RAS). It is responsible for setting up and maintaining each tunnel in a remote-access VPN. Users need to connect to the NAS to use a VPN.
James, a security team member, was assessing the security across organizational assets. He identified sudden fluctuations in the bandwidth consumption and repeated login attempts being made from remote hosts. Which of the following types of intrusion attempt James has identified in the above scenario?
Network intrusions - General indications of network intrusions include a sudden increase in bandwidth consumption and repeated login attempts from remote hosts.
James, a certified hacker, was appointed by an agency to perform a cyberattack against the rival company's servers with the intention of making the services unavailable to their customers. James performed a DoS attack on the servers but he could not make the services unavailable. Which of the following components of technical security controls protected the servers from the DoS attack?
Network security devices - Network security devices such as firewall and IDS are used to filter and detect malicious traffic, thus protecting the organization from threats.
Which of the following types of bastion host operates with multiple network connections but the network connections do not interact with each other?
Non-routing dual-homed host - A non-routing bastion host has a dual-homed host with multiple network connections that do not interact with each other. This type of the host is completely a firewall, or it might be a component of a multi-faceted firewall. If the host is a firewall, one must be careful that the configuration and the bastion host's instructions must be followed with concern.
Which of the following information assurance principles ensures that a party in a communication cannot deny sending the message?
Nonrepudiation - Non-repudiation ensures that a party in a communication cannot deny sending the message.
Identify the access control terminology that is referred to as an explicit resource on which an access restriction is imposed.
Object - An object is an explicit resource on which an access restriction is imposed. The access controls implemented on the objects further control the actions performed by the user.
Which of the following layers in the OSI model includes all cabling and network systems, power support for cables and systems, and environment supporting the systems?
Physical layer - Physical security cannot be dealt with in the same way as network, application, or database security. Separate security measures are required to ensure physical security. Physical security should be dealt with at the physical layer of the OSI model.
Which of the following goals provided by security policies forms the foundation of a security infrastructure?
Protect confidential and proprietary information from theft or modification - Security policies form the foundation of a security infrastructure. Such policies accomplish three goals: Reduce or eliminate the legal liability to employees and third parties Protect confidential and proprietary information from theft, misuse, unauthorized disclosure, or modification Prevent computing resource waste.
Which of the following network security controls is an application that can serve as an intermediary when connecting with other computers and is used to intercept malicious and offensive web content hidden in the client requests?
Proxy server - A proxy server is an application that can serve as an intermediary when connecting with other computers. Security professionals should deploy a proxy server to intercept malicious, offensive web content, computer viruses, etc., hidden in the client requests.
Which of the following Internet access policy starts with all services blocked and enables safe and necessary services individually?
Prudent policy - A prudent policy starts with all services blocked. The Network defender enables safe and necessary services individually. This provides maximum security and logs all activity such as system and network activities.
James, a security professional, was instructed to protect the organization network from evolving cyber threats. He implemented high-level security requirements for the organization that included protective measures for access control, malware protection, audit, availability, confidentiality, integrity, cryptography, identification, and authentication. Identify the security policy requirement implemented by James in the above scenario.
Safeguard security requirements - Protective measures required such as protective measures for access control, malware protection, audit, availability, confidentiality, integrity, cryptography, identification, and authentication.
Thomas, a security professional, implements security policies to thwart cyberattacks and keep malicious users at bay from the organization. As part of this, he implements an aspect of security policy that focuses on mission, communications, encryption, user and maintenance rules, idle time management, privately owned versus public domain, shareware software rules, and virus protection policy. Which of the following aspect of security policy was implemented by Thomas in the above scenario?
Security concept of operation - This concept defines the roles, responsibilities, and functions of a security policy. It focuses on the mission, communications, encryption, user and maintenance rules, idle time management, privately owned versus public domain, shareware software rules, and virus protection policy.
Which of the following types of IDS detection method involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision?
Signature recognition - Signature recognition, also known as misuse detection, tries to identify events that indicate an abuse of a system or network. This technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision.
Which of the following types of bastion host is a firewall device with only one network interface and all the traffic is routed through the bastion host?
Single-homed bastion host - A single-homed bastion host is a firewall device with only one network interface. All the traffic, both incoming and outgoing, is routed through the bastion host. It tests data against security guidelines and acts accordingly.
In an organization, employees' incoming and outgoing status is being tracked and monitored via a small computer chip implanted on their ID card, which stores their personal information for identification. Which of the following authentication methods the organization has implemented in the above scenario?
Smart card authentication - Organizations use the smart card technology to ensure strong authentication. Smart cards can store password files, authentication tokens, one-time password files, biometric templates, etc.
Benila, a security professional, implemented cryptography-based authentication to ensure strong authentication in her organization. She employed an authentication mechanism that needs a device embedded with a small computer chip that stores personal information of the employee for identification. Identify the type of authentication employed by Benila in the above scenario.
Smart card authentication - Organizations use the smart card technology to ensure strong authentication. Smart cards can store password files, authentication tokens, one-time password files, biometric templates, etc. A smart card consists of a small computer chip that stores personal information of the user for identification. These cards are inserted into a machine for authentication and a personal identification number (PIN) is inputted for processing the authentication information on the card.