Cyberops Chapters 18-20

Uses a created set of attributes that describes the user's access to the network

Authorization

What a user can and cannot do on the network

Authorization

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

Authorization

Which resources the user can access and which operations the user is allowed to perform

Authorization

What are three access control security services? (Choose three.)

Authorization Accounting Authentication

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

Availability

Who protects the rights of workers and the company interests

Company

Which access control model allows users to control access to data as an owner of that data?

Discretionary access control

Which statement describes Trusted Automated Exchange of Indicator Information (TAXII)?

It is the specification for an application layer protocol that allows the communication of CTI over HTTPS.

What is the purpose of Mobile Device Management MDM software

It is used to implement security policies, setting, and software configurations on mobile devices.

What is the biggest issue with local implementation of AAA?

Local implementation does not scale well

Which organization defines unique CVE Identifiers for publicly known information-security vulnerabilities that make it easier to share data?

MITRE

Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?

Mandatory access control (MAC)

Which two options are security practices that help mitigate byod risks (Two options)

Only turn on WIFI when using the wireless network, Keep the device OS and software update

Which is a BYOD security best practice?

Subscribe to a device locator service with remote wipe feature

What is STIX?

This is a set of specifications for exchanging cyberthreat information between organizations.

Which component of the zero trust security model focuses on secure access when an API, a microservice, or a container is accessing a database within an application?

Workload

With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?

artichoke

Which access control model is based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day?

attribute-discretionary access control

Passwords, passphrases, and PINs are examples of which security term?

authentication

what is authorized users must have uninterrupted access to important resources and data

availbility

How does FireEye detect and prevent zero-day attacks?

by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis

How does AIS address a newly discovered threat?

by enabling real-time exchange of cyberthreat indicators with U.S. Federal Government and the private sector

What allows only authorized individuals, entites, or processes can access senitive information

confentiality

Which access control model is based on an individual's roles and responsibilities within the organization?

non-discretionary access control

What are threats

potential dangers to a protected asset

What defines system requirements and objectives, rules, and requirements for users when they attach to or on the network

security

What is the primary purpose of the Malware Information Sharing Platform (MISP) ?

to enable automated sharing of IOCs between people and machines using the STIX and other exports formats

What is the purpose of the network security accounting function?

to keep track of the actions of a user

What is an example of privilege escalation attack?

A threat actor performs an access attack and gains the administrator password

What is the free service that is offered by the U.S. Department of Homeland Security?

AIS

Which service is offered by the U.S. Department of Homeland Security (DHS) that enables real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector?

AIS

An administrator is concerned with restricting which network applications and uses are acceptable to the organization. What security policy component does the administrator use to address these concerns?

Accept Use Policy

What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?

Acceptable Use Policies

A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?

Accounting

Collects and reports usage data so that it can be employed for purposes such as auditing or billing

Accounting

Provides leverage against individuals who perform malicious actions

Accounting

Records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made

Accounting

A way to control who is permitted to access a network

Authentication

Established using username and password combinations, challenge and response questions, token cards, and other methods

Authentication

Users and administrators must prove that they are who they say they are

Authentication

When designing a prototype network for a new server farm, a network designer chooses to use redundant links to connect to the rest of the network. Which business goal will be addressed by this choice?

Availability

What three items are components of the CIA triad? (Choose three.)

Availability, Integrity, Confidentiality

How does BYOD change the way in which businesses implement networks?

BYOD provides flexibility in where and how users can access network resources

What does the MITRE Corporation create and maintain?

CVE

Which service is provided by the Cisco Talos Group?

Collecting information about active, existing, and emerging threats

Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?

Company

Which objective of secure communications is achieved by encrypting data?

Confidentiality

Which threat intelligence sharing open standard specifies, captures, characterizes, and communicates events and properties of network operations?

CybOX

Which device is usually the first line of defense in a layered defense-in-depth approach?

Edge router

Which security operations platform integrates and enhances a range of security tools and threat intelligence??

Fireeye Helix

What device would be used as a second line of defense in a defense-in-depth approach?

Firewall

Which two areas must an IT security person understand in order to identify vulnerabilities on a network? (Choose two.)

Important applications used, hardware used by applications

What device would be used as the third line of defense in a defense-in-depth approach?

Internal Router

What is the principle behind the nondiscretionary access control model?

It allows access decisions to be based on roles and responsibilities of a user within the organization.

What does the incident handling procedures security policy describe

It describes how security incidents are handled

Why is asset management a critical function of a growing organization against security threats?

It identifies the ever increasing attack surface to threats

What is the Common Vulnerabilities and Exposures (CVE) used by the MITRE Corporation?

It is a dictionary of CVE Identifiers for publicly known cybersecurity vulnerabilities

What is cybox

It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.

Which two protocols are used to provide server-based AAA authentication? (Choose two.)

RADIUS, TACACS+

Refer to the exhibit. The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this? Photo of home connecting to Organization

Remote Access

What are three threat intelligence information sharing specifications?

STIX,TAXII,CyberOX

What is a world leading threat intelligence team with a goal to help protect enterprise users, data, and infrastructure from active adversaries?

Talos

What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?

Talos

What is the benefit of a defense-in-depth approach

The effectiveness of other security measures is not impacted when a security mechanism fails

What is a characteristic of a layered defense-in-depth security approach?

The failure of one safeguard does not affect the effectiveness of other safeguards

What is a characteristic of the security artichoke, defense-in-depth approach

Threat actors no longer have to peel each layer before reaching the target data or system

What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)?

To enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reactions strategies

Why do several network organizations, professionals, and intelligence agencies use shared open standards for threat intelligence?

To enable the exchange of CTI in an automated, consistent, and machine readable format

What is the primary function of SANS?

To maintain the Internet Storm Center

What is the primary function of (ISC2)?

To provide vendor neurtal education prodcuts and career services

What is the principle of least privilege access control model?

Users are granted rights on an as-needed approach

What are vulnerabilities?

Weaknesses in a system or design

What do security compliance regulations define?

What organizations are responsible for providing and the liability for failure to comply

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

confidentiality

Who identiffies salary, pay schedule, benefits, work schedule, vactions, etc

employee

What are two characteristics of the RADIUS protocol? (Choose two.)

encryption of the password only the use of UDP ports for authentication and accounting

what are assets

information or equipment valuable enough to an organization to warrant protection

What data is protected from unauthorized alteration

integrity

Which access control model applies the strictest access control and is typically used in military or mission critical applications?

mandatory access control