Chapter 4: System and Network Architecture
A systems administrator installs a syslog server to capture and report events for wireless infrastructure. Following a requirement from the Chief Information Officer (CIO), recorded logging levels should include a status if an access point is unusable and if any immediate action is required. Which logging levels does the administrator evaluate and configure? (Select two.)
- 0-Emergency - 1-Alert
What do each of the letters represent in the CIA triad? (Select three.)
- Confidentiality - Integrity - Availability
An engineer is studying the hardware architecture of a company's various systems. In which of the following items can the engineer can find the x86 architecture? (Select three.)
- Desktops - Laptops - Servers
Which of the following are advantages of implementing single sign-on (SSO) technology for an organization's authentication process? (Select two.)
- Enabling passwordless authentication through the use of smart cards or mobile devices - Improving user experience by reducing the need for multiple logins and passwords
A security analyst needs a data loss prevention (DLP) solution to prevent users from transferring data without authorization. What components typically makeup DLP solutions? (Select three.)
- Endpoint Agents - Network Agents - Policy Server
Attackers often target data and intangible assets. What might hackers do with the information they collect. (Select two.)
- Harm a company's reputation - Sell the data to the competition
A U.S.-based financial company collects sensitive PII data from its customers, including U.S. social security numbers, biometric information, and financial records. What measures can the company take to protect the data from breaches or unauthorized access? (Select two.)
- Implement multi-factor authentication - Introduce access controls
A company tasks a security analyst with mitigating the risk of a brute force attack that exploits weak passwords on systems. Which concepts would be most effective in defending against this attack methodology? (Select two.)
- Multi-factor authentication - System hardening
A support technician conducts system hardening after provisioning a server. Why is system hardening such a vital practice? (Select three.)
- System hardening reduces the attack surface of a system. - System hardening includes disabling unnecessary services. - System hardening involves patching the operating system.
A company's security operations center has implemented a data loss prevention (DLP) solution to monitor and prevent sensitive data from being transmitted outside the organization. The security team also maintains strict controls over cardholder data (CHD) and personally identifiable information (PII) to comply with industry regulations and protect customer privacy. Which of the following is a potential benefit of implementing a DLP solution in a security operations environment?
A DLP solution can help prevent sensitive data from being transmitted outside the organization, reducing the risk of data breaches and compliance violations.
Which of the following BEST describes Central Policy?
A program that checks for the correct attributes in an attribute-based system.
At which layer is a web application firewall log used to record HTTP traffic?
Application
A security analyst analyzes application logs to identify any suspicious activities and notices that one of the company's recently resigned employees had downloaded a large amount of data just before leaving. What is the analyst's most appropriate next step based on the scenario?
Check the company's firewall logs to identify any external connections made by the former employee
A security analyst is trying to explain attack methodology frameworks in the context of protecting cloud-based applications and data. Which of the following solutions can help the analyst in achieving this objective?
Cloud access security broker (CASB)
On most operating systems, you can track and log a wide range of event types. Which type of data would you expect to find for a user-level event?
Commands used and unsuccessful attempts to access resources.
Which cloud deployment model would MOST likely be used by several organizations that share the same regulatory requirements?
Community cloud
Which of the following technologies is a hypervisor substitute that separates resources at the operating system level?
Containerization
You have observed that an employee at your company has been coming in at odd hours, requesting sensitive data that is unrelated to their position, and bringing in their own flash drive. The employee's actions are common indicators of which of the following threats?
Data loss
A system engineer wants to harden a system as a precaution against malicious port scans and probes. Which type of malicious activity is the engineer likely concerned about?
External
An organization is reviewing its incident response plan and wants to improve its overall security posture by streamlining the authentication process for its employees during a security incident. Which of the following approaches can help achieve this goal without compromising security?
Federation
Which data monitoring method do the steps below BEST describe? - Keep a user log to document everyone that handles each piece of sensitive data. - Monitor the system in real time.
File monitoring
Which of the following is true about log review?
For logs to be beneficial, they must be analyzed.
What is the name of a computer on which a hypervisor runs to provide one or more virtual machines?
Host
A security analyst is evaluating the company's vulnerability management program in a mixed infrastructure environment. Which of the following infrastructure models requires the analyst to consider multiple environments when understanding vulnerability scoring concepts?
Hybrid cloud
Which of the following statements is true regarding IDS and IPS?
IDS is a passive system; IPS is an active system.
You are employed by a small startup company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should you use?
IaaS
Each user on a network must have a unique digital identity. Which of the following is this known as?
Identity and access management (IAM)
A company implements a new security protocol that requires employees to use a two-factor authentication process to log in to the system. However, one employee frequently forgets their password and shares it with colleagues. Which type of threat does this employee pose to the company's cybersecurity?
Insider pawn
A cybersecurity organization recently created a centralized repository for storing log data. This action is likely designed to improve analysis of what kind of information?
Internal sources
Which of the following is an advantage to having self-contained components in SOA?
It is easier to maintain than interdependent services.
Which of the following statements BEST describes VDI?
It starts a minimal operating system for a remote user to access.
A network administrator at a large organization is working on enhancing the company's network infrastructure's monitoring and alerting capabilities. The administrator wants to optimize the system logs to detect and respond to potential security threats efficiently. What action should the network administrator prioritize to achieve this goal?
Logging levels
A cloud operations engineer monitors and maintains visibility into the organization's serverless architecture. The engineer needs to ensure that the system is functioning optimally and efficiently. Which of the following actions would be MOST helpful for the engineer to achieve this goal?
Monitoring system processes
Why is security for VMs more important than security for physical machines?
One bad configuration could be replicated across your network.
Which cloud service model would MOST likely be used by a software developer?
PaaS
A cybersecurity team is investigating a security incident and needs to efficiently manage access to sensitive resources during the response process. Which solutions can BEST help the team protect against the issues related to credential theft and misuse?
Privileged access management (PAM)
A support technician examines the Windows Registry for a host on a local area network (LAN). Which subkey should the technician use to find username information for accounts on the computer?
SAM
Which of the following software design styles is XML-based and is used by identity providers to pass authorization credentials to service providers?
SAML
A security analyst is investigating an incident and needs to identify possible malicious activity within the network. Which technology should the analyst focus on to better manage network traffic and dynamically configure security policies?
SDN
Which of the following security procedures often uses digital certificates on end devices, allowing encrypted traffic to be intercepted, decrypted, and inspected by security tools or software before being re-encrypted and forwarded to the intended destination?
SSL inspection
Which of the following BEST describes a federation?
Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
Which of the following is a standard for sending log messages to a central logging server?
Syslog
A company plans to upgrade its network infrastructure to enhance security and reduce the attack surface. The company has tasked the security analyst with identifying key areas to focus on while planning the upgrade. Which of the following areas should the security analyst prioritize to directly enhance security and minimize vulnerabilities?
System hardening
Which of the following is an essential network architecture security concept for the Windows Registry?
System hardening
You are the security analyst for a corporate network that uses Cisco routers. You are preparing to submit a proposal to set up a centralized syslog server where logs from all of the 35 routing devices will send their logs to be stored. Which of the following is the MOST important justification for the expense of a syslog server?
The log data is centralized and monitored in one place.
As a system administrator for a financial institution, you add a new desktop to the network, power on the desktop, and then create a new user and disable the local administrator and guest accounts. What vulnerability did you introduce when you powered on the desktop?
The system was not updated or patched.
What is the benefit of hardening the operating system in the context of system and network architecture?
To decrease the risk of unauthorized access to sensitive data
Which of the following is the most important reason to implement system hardening measures in a networked environment?
To reduce the risk of data breaches
A company is implementing PKI to enhance the security of its network after a recent series of intercepted emails. What is the purpose of PKI in this context?
To verify the authenticity of digital documents and the identity of users or devices
A security analyst is reviewing the company's current network security posture and needs to take into account the context of each vulnerability, including factors such as the environment, asset criticality, and potential business impact. Which of the following security approaches should the analyst consider implementing to address these special considerations more effectively?
Zero Trust