Network Defense Exam Chapter 18-20
Which two options are security best practices that help mitigate BYOD risks? (Choose two.) a. use wireless MAC address filtering b. decrease the wireless antenna gain level c. keep the device OS and software updated d. only turn on Wi-Fi when using the wireless network e. only allow devices that have been approved by the corporate IT team f. use paint that reflects wireless signals and glass that prevents the signals from going outside the building
c, d
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration? a. integrity b. scalability c. availability d. confidentiality
d
How does FireEye detect and prevent zero-day attacks? a. by keeping a detailed analysis of all viruses and malware b. by establishing an authentication parameter prior to any data exchange c. by only accepting encrypted data packets that validate against their configured hash values d. by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis
d
What is a characteristic of a layered defense-in-depth security approach? a. three of more devices are used b. routers are replaced with firewalls c. when one device fails, another one takes over d. one safeguard failure does not affect the effectiveness of other safeguards
d
What is the primary function of the Center for Internet Security (CIS)? a. to provide vendor-neutral education products and career services to industry professionals worldwide b. to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities c. to maintain a list of common vulnerabilities and exposures (CVE) used by security organizations d. to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses
d
What is the purpose of mobile device management (MDM) software? a. it is used to create a security policy b. it is used by threat actors to penetrate the system c. it is used to identify potential mobile device vulnerabilities d. it is used to implement security policies, setting, and software configurations on mobile devices
d
Which AAA component can be established using token cards? a. accounting b. authorization c. auditing d. authentication
d
Which statement describes Trusted Automated Exchange of Indicator Information (TAXII)? a. it is a dynamic database of real-time vulnerabilities b. it is a set of specification for exchanging cyber threat information between organizations c. it is a signature-less engine utilizing stateful attack analysis to detect zero-day threats d. it is the specification for an application layer protocol that allows the communication of CTI over HTTPS
d
How does AIS address a newly discovered threat? a. by enabling real-time exchange of cyberthreat indicators with U.S. Federal Government and the private sector b. by creating response strategies against the new threat c. by advising the U.S. Federal Government to publish internal response strategies d. by mitigating the attack with active response defense mechanisms
a
What is the benefit of a defense-in-depth approach? a. the effectiveness of other security measures is not impacted when a security mechanism fails b. the need for firewalls is eliminated c. all network vulnerabilities are mitigated d. only a single layer of security at the network core is required
a
What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)? a. to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies b. to provide vendor neutral education products and career services to industry professionals worldwide c. to offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response d. to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
a
What threat intelligence sharing standard is TAXII? a. this is the specification for an application layer protocol that allows the communication of CTI over HTTPS b. this is a set of specifications for exchanging cyberthreat information between organizations c. this is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations
a
Which information security component description is authorized users must have uninterrupted access to important resources and data? a. availability b. confidentiality c. integrity
a
Which term is information or equipment valuable enough to an organization to warrant protection? a. assets b. threats c. vulnerabilities
a
Which type of business policy protects the rights of workers and the company interests? a. company b. employee c. security
a
What three goals does a BYOD security policy accomplish? (Choose three.) a. identify safeguards to put in place if a device is compromised b. describe the rights to access and activities permitted to security personnel on the device c. identify a list of websites that users are not permitted to access d. identify and prevent all heuristic virus signatures e. identify which employees can bring their own devices f. identify all malware signatures and synchronize them across corporate databases
a, b, e
In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.) a. assets that need protection b. location of attacker or attackers c. threats to assets d. total number of devices that attach to the wired and wireless network e. vulnerabilities in the system f. past security breaches
a, c, e
What is CybOX? a. it is a specification for an application layer protocol that allows the communication of CTI over HTTPS b. it is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations c. it is a catalog of known security threats called Common Vulnerabilities and Exposures (CVE) for publicly known cybersecurity vulnerabilities d. it enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector
b
What is a characteristic of security artichoke, defense-in-depth approach? a. each layer has to be penetrated before the threat actor can reach the target data or system b. threat actors no longer have to peel away each layer before reaching the target data or system c. threat actors can no longer penetrate any layers safeguarding the data or system d. threat actors can easily compromise all layers safeguarding the data or systems
b
What is the first line of defense when an organization is using a defense-in-depth approach to network security? a. IPS b. edge router c. firewall d. proxy server
b
What is the principle behind the nondiscretionary access control model? a. it applies the strictest access control possible b. it allows access decisions to be based on roles and responsibilities of a user within the organization c. it allows users to control access to their data as owners of that data d. it allows access based on attributes of the object to be accessed
b
What threat intelligence sharing standard is STIX? a. this is the specification for an application layer protocol that allows the communication of CTI over HTTPS b. this is a set of specifications for exchanging cyberthreat information between organizations c. this is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations
b
When a security audit is performed at a company, the auditor reports that new users have access to network resources beyond their normal job roles. Additionally, users who move to different positions retain their prior permissions. What kind of violation is occurring? a. network policy b. least privilege c. audit d. password
b
Which information security component description is only authorized individuals, entities, or processes can access sensitive information? a. availability b. confidentiality c. integrity
b
Which organization defined unique CVE identifiers for p. ublicly known information-security vulnerabilities that make it easier to share data? a. Cisco Talos b. MITRE c. FireEye d. DHS
b
Which term is a potential danger to a protected asset? a. assets b. threats c. vulnerabilities
b
Which type of business policy identifies salary, pay schedule, benefits, work schedule, vacations, etc.? a. company b. employee c. security
b
Why is asset management a critical function of a growing organization against security threats? a. it serves to preserve an audit trail of all new purchases b. it identifies the ever increasing attack surface to threats c. it prevents theft of older assets that are decommissioned d. it allows for a build of a comprehensive AUP
b
Passwords, passphrases, and PINs are examples of which security term? a. identification b. authorization c. authentication d. access
c
What does the incident handling procedures security policy describe? a. it describes the procedure for auditing the network after a cyberattack b. it describes the procedure for mitigating cyberattacks c. it describes how security incidents are handled d. it describes how to prevent various cyberattacks
c
What is the primary purpose of the Malware Information Sharing Platform (MISP)? a. to exchange all the response mechanisms to known threats b. to publish all informational materials on known and newly discovered cyberthreats c. to enable automated sharing of IOCs between people and machines using the STIX and other exports formats d. to provide a set of standardized schemata for specifying and capturing events and properties of network operations
c
What is the purpose of the network security accounting function? a. to require users to prove who they are b. to determine which resources a user can access c. to keep track of the actions of a user d. to provide challenge and response questions
c
What threat intelligence sharing standard is CybOX? a. this is the specification for an application layer protocol that allows the communication of CTI over HTTPS b. this is a set of specifications for exchanging cyberthreat information between organizations c. this is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations
c
When designing a prototype network for a new server farm, a network designer chooses to use redundant links to connect to the rest of the network. Which business goal will be addressed by this choice? a. security b. scalability c. availability d. manageability
c
Which component of the zero trust security model focuses on secure access when an API, a microservice, or a container is accessing a database within an application? a. workforce b. workflow c. workload d. workplace
c
Which information security component description is data is protected from unauthorized alteration? a. availability b. confidentiality c. integrity
c
Which term describes the ability of the web server to keep a log of the users who access the server, as well as the length of time they use it? a. authentication b. authorization c. accounting d. assigning permissions
c
Which term is a weaknesses in a system or design? a. assets b. threats c. vulnerabilities
c
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications? a. attribute-based access control (ABAC) b. discretionary access control (DAC) c. mandatory access control (MAC) d. non-discretionary access control
c
Which type of business policy defines system requirements and objectives, rules, and requirements for users when they attach to or on the network? a. company b. employee c. security
c
What are two characteristics of the RADIUS protocol? (Choose two). a. encryption of the entire bode of the packet b. the use of TCP port 49 c. the use of UDP ports for authentication and accounting d. encryption of the password only e. the separation of the authentication and authorization processes
c, d
