Cloud Infrastructure Chp 11
Due to regulatory compliance, your organization's security policies require firewall rules on all cloud networks. You need to allow inbound Windows and Linux management traffic. Which ports must be opened in the firewall? 389, 636 3389, 25 3389, 22 389, 22
3389, 22
Which of the following describes a brute force attack? Attacking a site with exploit code until the password database is cracked Trying all possible password combinations until the correct one is found Performing a denial of service (DoS) attack on the server authenticator Using rainbow tables and password hashes to crack the password
A brute force attack tries all possible combinations of a password. A brute force attack relies on the ability to try thousands or millions of passwords per second. For example, at the time of this writing, the password cracking system that is used at TCDI for penetration testing can try 17 million passwords per minute in a brute force attack.
Which firewall configuration item controls access to network resources? DMZ Port list Access list Cipher
Access list
Which policy or set of rules temporarily disables an account when a threshold of incorrect passwords is attempted? Account lockout policy Threshold policy Disabling policy Password complexity enforcement rules
Account lockout policy
Which of the following actions violates the principle of least privilege? Unchanged default passwords Unpatched router firmware Granting read and write permissions to a shared network folder Adding a regular Windows user account to the Administrators group
Adding a regular Windows user account to the Administrators group
Which policy or set of rules temporarily disables an account when a threshold of incorrect passwords is attempted? Account lockout policy Threshold policy Disabling policy Password complexity enforcement rules
An account lockout policy temporarily disables an account after a certain number of failed logons. For example, if the policy were set to 3, then a user's account would be temporarily disabled (locked out) after three failed tries until an administrator unlocks it.
Port scanning falls under which vulnerability testing phase? Intelligence gathering Validation Penetration testing Assessment
Assessment
Which type of testing best simulates external malicious users? Black-box Gray-box Blue-box White-box
Black-box
You have been asked to harden a crucial network router. What should you do? (Choose two.) Disable the routing of IPv6 packets. Change the default administrative password. Apply firmware patches. Configure the router for SSO.
Changing the default passwords and applying patches are important steps in hardening a device.
You are responsible for cloud security at your organization. The Chief Compliance Officer has mandated that the organization utilize layered security for all cloud systems. Which of the following would satisfy the requirement? Implementing ACLs and packet filtering on firewalls Configuring a DMZ with unique ACLs between networks and an IDS/IPS Specifying separation of duties for cloud administration and training additional personnel on security processes Defining a privacy policy, placing the privacy policy on the website, and emailing the policy to all current clients
Configuring a DMZ with unique ACLs between networks and an IDS/IPS
One of your cloud servers has been receiving excessive amounts of network traffic from hosts with different IP addresses for the past hour. What type of attack is most likely taking place? SQL injection Distributed denial of service attacks Denial of service attacks Rainbow table
Distributed denial of service attacks
Penetration testers have performed reconnaissance on a target through web scraping, where publicly accessible information has been compiled. What type of testing is this? Black-box Gray-box White-box Blue-box
Gray-box
Which best practice configures host computers so that they are not vulnerable to attack? Vulnerability assessment Penetration test Hardening PKI
Hardening configures systems such that they are protected from compromise.
Which of the following solutions can shut down detected malicious traffic to prevent further damage? IDS DMZ IPS NAT
IPS
Jim is negotiating SLA support details with a public cloud provider. Which type of policy should he consult during negotiations? Audit Acceptable use Backup Incident response
Incident Response
Which three phases constitute the vulnerability scanning process? Intelligence gathering, assessment, validation Assessment, intelligence gathering, validation Validation, assessment, intelligence gathering Assessment, validation, intelligence gathering
Intelligence gathering, assessment, validation
You are responsible for cloud security at your organization. The Chief Compliance Officer has mandated that the organization utilize layered security for all cloud systems. Which of the following would satisfy the requirement? Implementing ACLs and packet filtering on firewalls Configuring a DMZ with unique ACLs between networks and an IDS/IPS Specifying separation of duties for cloud administration and training additional personnel on security processes Defining a privacy policy, placing the privacy policy on the website, and emailing the policy to all current clients
Layered security requires multiple overlapping controls that are used together to protect systems. Configuring a DMZ with ACLs along with an IDS/IPS provides multiple layers because an attacker would have to compromise a machine in the DMZ and then pivot from that machine to another machine in the internal network. However, IDS/IPS systems might detect this activity and notify administrators and block the attacker from making the connection.
Which type of testing identifies weaknesses and actively exploits them? Penetration testing Vulnerability testing Regression testing Load testing
Penetration testing
Which of the following phases are unique to penetration testing? (Choose all that apply.) Intelligence gathering Vulnerability validation Attack planning and simulation Exploitation
Penetration testing includes all the steps from vulnerability scanning. The two steps that are unique to penetration testing here are attack planning and simulation and exploitation.
Which type of test simulates a network attack? Vulnerability assessment Establishing an attack baseline Hardening Penetration test
Penetration tests simulate a network attack.
Laura is a Linux server administrator. Your company runs an HR payroll system on the Linux servers. At a recent IT meeting, Laura suggested being granted permissions to clear Linux server logs as their size reaches a specific size. Which security principle is violated if Laura is given the ability to clear Linux server logs? Principle of least privilege Attack surface reduction Job rotation Separation of duties
Separation of duties
Which policy would be used to specify how all employee owned devices may be used to access organizational resources? Privacy policy Mobile device policy Remote access policy BYOD policy
The BYOD policy is the correct answer here. Bring your own device (BYOD) is a device that is employee owned, not owned by the company; this policy governs how those devices may be used to access organizational resources.
Which of the following describes a brute force attack? Attacking a site with exploit code until the password database is cracked Trying all possible password combinations until the correct one is found Performing a denial of service (DoS) attack on the server authenticator Using rainbow tables and password hashes to crack the password
Trying all possible password combinations until the correct one is found