Module 13: Quiz

Which of the following helps achieve data privacy in an enterprise network?

Access control schemes

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources. Which of the following should you suggest?

Attribute-based access control

You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't. Which of the following access control schemes should you choose?

Attribute-based access control

Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?

Jurisdictional applicability

Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?

DHCP server logs

Who implements access control based on the security level determined by the data owner?

Data custodian

You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?

Secure the evidence

Which of the following is an example of evidence collected from metadata?

Time stamp

Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?

To prevent malware from tricking users by spoofing what appears on the screen

You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?

Use mirror image backups

Which of the following network-based device logs are the least important when performing an incident investigation?

Routers and Switches

You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?

Rule-based access control

In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?

Runbook

Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a "top secret" label cannot be accessed by any users while "secret" files remain accessible?

You should set the clearance of all users to "secret."

Which of the following log management tools has content filtering?

syslog-ng

Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?

Cyber Kill Chain

Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?

Network segmentation