40 Questions
What is a key component of a high-availability network?
Vulnerability scanning
Why is a bastion host the most secure method for providing administrative access to internal resources?
It minimizes the traffic allowed through the security boundary
What is the primary purpose of a bastion host?
To provide a single point of control and defense
What type of server is a bastion host?
Special-purpose server
Where is a bastion host typically placed?
On the edge of the network
What type of traffic can a bastion host be configured to allow?
Only certain types of traffic, such as SSH or HTTP
What type of security software can a bastion host run?
Firewalls and intrusion detection systems
What is the purpose of logging all activities on a bastion host?
For auditing purposes
What type of data can endpoint logs provide for security analysts?
Processes running on the device, network connections, and files accessed
What is the primary function of a content filter?
To block or allow access to web content based on predefined rules or categories
What would be the solution to users being unable to access a website due to a content filter?
Updating the categorization in the content filter
What type of information can endpoint logs record about executable files?
Name, path, size, hash, signature, and permissions
What is the purpose of a web filter?
To block or allow access to web content based on predefined rules or categories
Why would a content filter block a website?
If it is categorized incorrectly
What would a web filter scan a URL for?
Strings and keywords
What can endpoint logs provide information about?
Processes running on the device, network connections, and files accessed
What is a compensating control in security?
A security measure that reduces the likelihood or impact of an attack
What is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system?
Bug bounty
What is the purpose of a host-based firewall?
To monitor and filter incoming and outgoing network traffic on a single host
What is required for an organization to properly manage its restore process in the event of system failure?
Disaster Recovery Plan (DRP)
What type of attack involves using text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information?
Smishing
What is the term used to describe the use of unauthorized or unapproved IT resources within an organization?
Shadow IT
What is a disaster recovery plan (DRP)?
A set of policies and procedures to restore normal operations in the event of system failure
What is the main goal of a bug bounty program?
All of the above
What is likely occurring if an internal system is sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?
A worm is propagating across the network
What is the purpose of a compensating control in a legacy Linux system?
To reduce the likelihood or impact of an attack
What is the term used to describe a type of phishing attack that uses voice calls?
Vishing
What is the risk of using unauthorized or unapproved IT resources within an organization?
Risk to security posture, data integrity, and regulatory compliance
What is a characteristic of a legacy Linux system?
It may not be compatible with the latest security updates or patches
What is the primary goal of a disaster recovery plan (DRP)?
To restore normal operations in the event of system failure
What is the term used to describe a type of attack that involves tricking victims into clicking on malicious links or providing personal information?
Phishing
What is the benefit of using a bug bounty program?
All of the above
What is the primary purpose of the chain of custody process?
To document and preserve the integrity of evidence
What type of security controls are designed to protect human life and physical assets from harm or damage?
Safety controls
What should safety controls be set up to do in case of a failure?
Fail open
What is the severity of the vulnerability reported in the vulnerability scanning report?
High
What is the result of the test performed by the security analyst using the nmap command?
The Telnet server supports encryption
What can be concluded about the reported vulnerability based on the test result?
Compensating controls exist
What is the primary purpose of vulnerability scanning?
To identify vulnerabilities in a system
What type of security control should be set up to fail closed in case of a failure?
Logical security controls
Study Notes
High-Availability Network
- A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.
Secure Access to Internal Resources
- A bastion host is a special-purpose server that provides secure access to internal resources while minimizing traffic allowed through the security boundary.
- A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
- It can be configured to allow only certain types of traffic and block all other traffic.
- It can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.
Compensating Control
- A compensating control is a security measure that mitigates the risk of a vulnerability or weakness that cannot be resolved by the primary control.
- It does not prevent or eliminate the vulnerability or weakness, but reduces the likelihood or impact of an attack.
- Example: A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is a compensating control.
Disaster Recovery Plan
- A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore normal operations of an organization in the event of a system failure, natural disaster, or other emergency.
Bug Bounty Program
- A bug bounty program is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system.
- It is used by companies to improve their security posture and incentivize ethical hacking.
Smishing Attack
- Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.
Shadow IT
- Shadow IT refers to the use of unauthorized or unapproved IT resources within an organization.
- Example: A marketing department setting up its own project management software without telling the appropriate departments.
Endpoint Log
- An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone.
- It can provide valuable data for security analysts, such as the processes running on the device, the network connections established, the files accessed or modified, and the user actions performed.
Content Filter
- A content filter is a device or software that blocks or allows access to web content based on predefined rules or categories.
- Example: A content filter blocking a new retail website because it is mistakenly categorized as gambling.
Chain of Custody
- Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response.
- It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored.
Safety Controls
- Safety controls are security controls that are designed to protect human life and physical assets from harm or damage.
- Example: Safety controls should be designed to fail open in case of an emergency.
Vulnerability Scanning Report
- A vulnerability scanning report provides information about potential vulnerabilities in a system or network.
- Example: A report showing an open Telnet port with a high severity vulnerability, but further testing reveals that the Telnet server supports encryption, making it a false positive.
Learn about the importance of risk assessment, threat intelligence, and penetration testing in ensuring a high-availability network. This chapter covers the key concepts of network security architecture and design.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free