Chapter 5
C. Screen locks provide protection for lost devices by making it more difficult for someone to access the device. Device encryption protects the confidentiality of the data. Global Positioning System (GPS) tagging includes location info on pictures and other files but won't help protect a lost or stolen device. Patch management keeps devices up to date and change management helps prevent outages from unauthorized changes. Infrastructure as a service (IaaS) is a cloud computing option.
A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal? a. screen locks and GPS tagging b. Patch management and change management c. screen locks and device encryption d. full device encryption and IaaS
C. Sandbox provides a simple method of testing patches and would be used with snapshots so that the VM can easily be reverted to the original state. A baseline image is a starting point of a single environment. Bring your own device (BYOD) refers to allowing employee-owned mobile devices in a network, and is not related to this question. Change management practices ensure changes are not applied until they are approved and documented.
A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments? a. baseline image b. BYOD c. sandbox d. change management
D. A network intrusion prevention system NIPS is the most relevant security control of those listed to ensure availability of the supervisory control and data acquisition (SCADA) system. A data loss prevention (DLP) system helps prevent loss of data, but wouldn't protect a SCADA system from potential attacks. A trusted platform module (TPM) is a hardware chip on a computers motherboard that stores cyptographic keys used for encryption. An electromagnetic pulse (EMP) is a short burst of electromagnetic energy and unrelated to a SCADA system.
An organisation has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is important. Which of the following security controls would be MOST relevant to protect this system? a. DLP b. TPM c. EMP d. NIPS
A. Disabling unnecessary services is one of the elements of the principle of least functionality. Other elements include deploying the server with only the applications and protocols they need to meet their purpose. Installing up-to-date antivirus software is a valid preventive control, but it isn't related to least functionality. Identifying the baseline should be done after disabling unnecessary services. A network based intrusion detection system NIDS helps protect the server, but it doesn't implement least functionality.
Attackers recently attacked a web server hosted by your organization. Management has tasked admins with configuring the servers following the principle of least functionality. Which of the following will meet this goal? a. disabling unnecessary services b. installing and updating antivirus software c. identifying the baseline d. installing a NIDS
B. Storage segmentation creates separate storage areas in mobile devices and can be used with a choose you own device (CYOD) mobile devices deployment model. None of the other answers are directly related to mobile devices. A supervisory control and data acquisition (SCADA) system controls an industrial control system (ICS), such as those used in power plants or water treatment facilities, and it should be isolated. Database security includes the use of permissions and encryption to protect data in a database. Some embedded systems use a real-time operating system (RTOS) when the system must react within a specific time.
Bizzfad is planning to implement a CYOD deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy? a. SCADA access b. storage segmentation c. database security d. embedded RTOS
A. The system admin should modify permissions with the chmod (short for change mode) command. Remote wipe sends a remote signal to a mobile device to wipe or erase all the data and is unrelated to this question. Push notification services send messages to users but don't change permissions. The chroot command is used to create a sandbox for testing an application.
Lisa does not have access to the project.doc file, but she needs access to this file for her job. Homer is the system admin and he has identified the following permissions for the file rwx rw- -- What should Homer use to grant Lisa read access to the file? a. the chmod command b. a remote wipe c. push notificaiton d the chroot command
D. Context-aware authentication can authenticate a user and a mobile device using multiple elements, including identity, geolocation, time of day and type of device. None of the other answers meets all the requirements of the question. A geofence creates a virtual fence or geographic boundary and can be used with context-aware authentication. Containerization isolates an application, protecting it and its data. Tethering allows one device to share its internet connection with other devices.
Management within your company wants to implement a method that will authorize employees based on several elements, including the employees identity, location, time of day and type of device used by the employee. Which of the following will meet this need? a. geofence b. containerization c. tethering d. context-aware authentication
A. Geofencing can be used to create a virtual fence or geographic boundary, outlining the company's property. Geofencing will use geolocation to identify the mobile devices location, but geolocation without geofencing won't detect if a user is on the company's property. GPS tagging adds geographic data (such as latitude and longitude data) to files and is unrelated to this question. Containerization runs applications in a container to isolate them.
Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company's property, they should be granted access. If they are answers provides the BEST solution to meet this goal? a. geofencing b. geolocation c. GPS tagging d. containerization
A. Data loss prevention (DLP) solution can prevent users from copying documents to a USB drive. None of the other answers control USB drives. A hardware security module (HSM) is an external security device used to manage, generate, and securely store cryptographic keys. COPE (corporate-owned personally enabled) is a mobile device deployment model. A self-encrypting drive (SED) includes the hardware and software to encrypt all data on the drive and securely store the encryption keys.
Management within your organization wants to prevent users from copying documents to USB flash drives. Which of the following can be used to meet this goal? a. DLP b. HSM c. COPE d. SED
C. A remote attestation process checks a computer during the boot cycle and sends a report to a remote system. The remote system attest or confirms that the computer is secure. None of the other answers sends data to a remote system. A trusted platform module TPM is a hardware chip on a motherboard and provides a local secure boot process. A TPM includes an encryption key burned into the CPU, which provides a hardware root of trust. A trusted operating system meets a set of predetermined requirements typically enforced with the mandatory access control MAC model.
Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computers configuration. Which of the following will meet this goal? a. trusted platform module b. hardware root of trust c. remote attestation d. trusted operating system
D. The master image is the baseline and the admins performed integrity measurements to identify baseline deviations. By comparing the list of applications in the baseline with the applications running on the suspect computer, you can identify unauthorized applications. None of the other answers include the troubleshooting steps necessary to discover the problem. The master image would include only the applications, services, and protocols needed to meet the principle of least functionality. A sandbox is an isolated area of a system typically used to test applications. A blacklist is a list of prohibited applications.
Network admin have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination? a. least functionality b. sandbox c. blacklist d. integrity measurements
B. a change management policy helps reduce risk associated with making any changes to systems, including updating them. Patches should be tested and evaluated before implementing them and implementing them when they are released sometimes causes unintended consequences. The use of a trusted operating system or operating systems with secure configurations doesn't address how they are updated.
Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal? a. implement patches when they are released b. implement a change management policy c. use only trusted operating systems d. implement operating systems with secure configurations
C. Software as a Service (SaaS) model. The software is the online application and the cloud provider (power plant) maintains it. Infrastructure as a service (IaaS) provides customers with the hardware via the cloud. Customers are responsible for installing the OS and any applications. Platform as a service (PasS) is a computing platform. For example a cloud provider can provide a server with a preconfigured operating system. Anyone can access a public cloud. However the question states that only students and teachers can access it.
The Springfield nuclear power plant has created an online application teaching nuclear physics. Only students and teachers in the Springfield elementary school can access this application via the cloud. What type of cloud service model is this? a. IaaS b. PaaS c. SaaS d. Public
C. Database column (or field) encryption is the best choice because it can be used to encrypt the fields holding credit card data, but not fields that don't need to be encrypted. Full database encryption and whole disk encryption aren't appropriate because everything doesn't need to be encrypted to protect the credit card data. File-level encryption isn't appropriate on a database and will often make it inaccessible to the database application.
Your organization hosts a web site with a back-end database. The databases stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data? a. full database encryption b. whole disk encryption c. database column encryption d. file-level encryption
B. Application whitelisting identifies authorized applications and prevents users from installing unauthorized software. Alternately you can use a blacklist to identify specific applications that cannot be installed or run on a system. A master image provides a secure baseline, but it doesn't prevent users from installing additional applications. Anti-malware software and antivirus software can detect and block malware, but they don't prevent users from installing unauthorized software.
Your organization wants to ensure that employees do not install any unauthorized software on their computers. Which of the following is the BEST choices to prevent this? a. master image b. application whitelisting c. anti-malware software d. antivirus software