Security + quiz 1
56 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following vulnerabilities directly affects the hardware of a system?

  • Firmware version (correct)
  • SQL injection
  • Cross-site scripting
  • Buffer overflow

    • A technician is troubleshooting a firewall configuration and decides to add a 'deny any' policy to the bottom of the ACL. This causes several company servers to become unreachable. What should the technician have done to prevent this issue?

  • Tested the policy in a non-production environment before enabling it in the production network. (correct)
  • Documented the new policy in a change request and submitted it to change management.
  • Included an 'allow any' policy above the 'deny any' policy.
  • Disabled any intrusion prevention signatures on the 'deny any' policy prior to enabling the new policy.

    • An organization wants to build a new backup data center with the primary goal of minimizing cost, an RTO of two days, and an RPO of around two days. Which type of backup site is most appropriate for this scenario?

  • Warm (correct)
  • Hot
  • Real-time recovery
  • Cold

    • Which of the following statements is TRUE regarding data sovereignty regulations?

    <p>Data sovereignty regulations dictate where data can be stored and processed, often requiring local storage and processing for certain types of data.</p> Signup and view all the answers

    Which of the following security techniques is most effective in mitigating the risk of a SQL injection attack?

    <p>Using a web application firewall (WAF) to filter malicious input.</p> Signup and view all the answers

    Which threat actor is MOST likely to be employed by a nation-state to target infrastructure in another country?

    <p>Organized crime syndicate</p> Signup and view all the answers

    What is the purpose of adding a unique, random value to a password before hashing?

    <p>Salting</p> Signup and view all the answers

    An employee enters their login information into a fake website after clicking a link in an email. What type of social engineering attack is this?

    <p>Phishing</p> Signup and view all the answers

    If an organization wants only the device with IP $10.50.10.25$ to send DNS requests, which firewall access control list (ACL) is correct?

    <p>Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53</p> Signup and view all the answers

    A company wants to use existing domain credentials for its new SaaS application, what security mechanism would be MOST suitable?

    <p>SSO</p> Signup and view all the answers

    Which scenario BEST exemplifies a Business Email Compromise (BEC) attack?

    <p>An attacker crafts an email that appears to come from the CEO's personal email to request an urgent wire transfer to an external company.</p> Signup and view all the answers

    A company implements a system that requires multiple methods for authentication. Which technology describes the authentication system?

    <p>Multi-factor authentication</p> Signup and view all the answers

    Which of the following describes an attack where a user is redirected to a malicious website by a similar-looking URL?

    <p>Typosquatting</p> Signup and view all the answers

    An employee receives an email seemingly from an executive requesting gift cards. Which social engineering tactic is most directly exemplified by this?

    <p>Impersonation</p> Signup and view all the answers

    A database administrator requires access to database servers on a separate network segment. What is the recommended secure method?

    <p>Jump server</p> Signup and view all the answers

    A company's internet-facing website was compromised though a buffer overflow. Which of the following security measures is best suited to protect against similar attacks in the future?

    <p>Web Application Firewall (WAF)</p> Signup and view all the answers

    Users are logging in from suspicious IP addresses. After user interviews and password resets, what should the administrator implement to prevent this in the future?

    <p>Multi-factor authentication</p> Signup and view all the answers

    A text message requests credential verification from what appears to be the payroll department. What two social engineering techniques are being demonstrated?

    <p>Impersonation and Smishing</p> Signup and view all the answers

    Following a smishing attack where the CEO was impersonated, which two actions should the company take?

    <p>Add a smishing exercise to company training and issue a general email warning</p> Signup and view all the answers

    A company requires certified hardware. How can the risk of counterfeit hardware be best addressed?

    <p>Conduct a thorough supply chain analysis</p> Signup and view all the answers

    What document outlines the parameters and limitations of a third-party penetration test?

    <p>Rules of engagement</p> Signup and view all the answers

    A penetration tester is actively scanning ports and services. Which type of reconnaissance is being used?

    <p>Active</p> Signup and view all the answers

    Which of the following plans is required for an organization to properly manage its restore process after a system failure?

    <p>Disaster Recovery Plan (DRP)</p> Signup and view all the answers

    Installing software outside of a manufacturer's approved repository is associated with which risk?

    <p>Side loading</p> Signup and view all the answers

    Multiple failed login attempts from different source IPs are occurring. What attack type is most likely in progress?

    <p>Password spraying</p> Signup and view all the answers

    In the context of a Zero Trust data plane, what should an analyst prioritize when evaluating security?

    <p>Subject Role</p> Signup and view all the answers

    An engineer needs a security solution to prevent unauthorized access to internal company resources. Which is the best recommendation?

    <p>Jump server</p> Signup and view all the answers

    An attacker compromises an internal system, then pivots to gain access to a critical database server. Which security concept was most directly violated?

    <p>Least Privilege</p> Signup and view all the answers

    A security analyst identifies an attempted connection to a non-encrypted website. Which string would a web filter use to block these connections?

    <p>http://</p> Signup and view all the answers

    A security team needs to block network traffic from a specific IP address (10.1.4.9). Which of the following access list configurations will accomplish this?

    <p>access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0</p> Signup and view all the answers

    Which security measure provides the most secure administrative access with minimal traffic through the security boundary?

    <p>Implementing a bastion host</p> Signup and view all the answers

    To investigate a potential security incident involving an employee's laptop, which log source would provide details of the executable running on the machine?

    <p>Endpoint</p> Signup and view all the answers

    A security team learns of a new attack method, but SIEM alerts are not yet configured. Which action should be taken to identify this new behavior?

    <p>Threat hunting</p> Signup and view all the answers

    Purchasing cyber insurance is a strategy to deal with risks identified in the risk register. Which risk management strategy does this represent?

    <p>Transfer</p> Signup and view all the answers

    Which of the following encryption methods would a security administrator use to encrypt the data stored on employees' laptops?

    <p>Full disk</p> Signup and view all the answers

    What type of security control does an acceptable use policy represent?

    <p>Preventive</p> Signup and view all the answers

    An IT manager limits access to the help desk software's administrative console. What security principle is being applied?

    <p>Least privilege</p> Signup and view all the answers

    Which document is most likely to contain risks, responsible parties, and risk thresholds?

    <p>Risk register</p> Signup and view all the answers

    What procedure should a security administrator follow when setting up new firewall rules?

    <p>Change management procedure</p> Signup and view all the answers

    A company allows external security testing on its application in exchange for compensation. What type of program is being set up?

    <p>Bug bounty</p> Signup and view all the answers

    Which threat actor is the most likely to utilize substantial financial resources when targeting systems in different countries?

    <p>Nation-state</p> Signup and view all the answers

    Which method enables the manipulation of data by running commands through user input fields?

    <p>SQL injection</p> Signup and view all the answers

    What type of data would be considered the primary focus for employees in a research and development unit?

    <p>Intellectual property</p> Signup and view all the answers

    What security benefit is provided by labeling laptops with asset inventory stickers and associating them with employee IDs?

    <p>The device can be tied to the correct employee for incident notifications.</p> Signup and view all the answers

    What is the most effective method to enhance situational awareness among users transitioning back to office work?

    <p>Modifying the content of recurring training.</p> Signup and view all the answers

    Which visualization method is most suitable for presenting quarterly incident reports to the board of directors?

    <p>Creating a dashboard to visualize incidents.</p> Signup and view all the answers

    If a file integrity monitoring tool reports a hash change for cmd.exe but no patches were applied, what most likely occurred?

    <p>A rootkit was deployed on the system.</p> Signup and view all the answers

    In an IaaS cloud model, which party holds the responsibility for securing the company’s database?

    <p>The client who utilizes the service.</p> Signup and view all the answers

    Which document should a security company provide when asked for information on a project’s scope, cost, and time frame?

    <p>Statement of Work (SOW).</p> Signup and view all the answers

    What application security technique is recommended to mitigate cross-site scripting vulnerabilities?

    <p>Use input validation techniques.</p> Signup and view all the answers

    What must be prioritized when designing a high-availability network?

    <p>Ease of recovery from failures.</p> Signup and view all the answers

    What is the first step a technician should take before applying high-priority patches to a system?

    <p>Create a change control request.</p> Signup and view all the answers

    Why is root cause analysis important in the incident response process?

    <p>To prevent similar incidents in the future.</p> Signup and view all the answers

    What is the likely consequence for a large bank that fails an internal PCI DSS compliance assessment?

    <p>Receiving detailed audit findings.</p> Signup and view all the answers

    What is the purpose of capacity planning in business continuity strategies?

    <p>To gauge recovery resources.</p> Signup and view all the answers

    Which method is most effective for a company to restrict access to sensitive documents created in a SaaS application?

    <p>Enforcing a geolocation policy.</p> Signup and view all the answers

    Study Notes

    Threat Actor Analysis

    • Organized crime is the most likely threat actor to be hired by a foreign government to attack critical systems in other countries (83% community vote).

    Data Transformation

    • Salting is used to add complexity before one-way data transformation algorithms (89% community vote).

    Social Engineering Attacks

    • Phishing is the most likely social engineering attack in which an employee clicks a link in an email, enters login information, and receives a "page not found" error (84% community vote).

    Firewall ACLs

    • To allow outbound DNS requests from a specific IP address (10.50.10.25), a firewall rule should permit that IP address and deny all others (93% community vote).

    Single Sign-On (SSO)

    • SSO is the method to reduce employee credentials by using domain credentials to access SaaS applications (100% community vote).

    Business Email Compromise (BEC)

    • A BEC attack occurs when an employee receives an email from the HR director requesting login credentials to a cloud administrator account (61% community vote).

    Jump Server

    • A jump server is used for database administrators to access database servers when direct access is restricted (100% community vote).

    Web Application Firewall (WAF)

    • A WAF is the best solution to protect against buffer overflow attacks on internet-facing websites (74% community vote).

    Multi-Factor Authentication (MFA)

    • MFA is used to prevent unauthorized logins from suspicious IP addresses (100% community vote).

    Social Engineering Techniques

    • Impersonation and smishing are common social engineering techniques used to gain credentials, often via text messages (92% community vote).

    Employee Recognition Gift Card Phishing

    • Cancel gift cards, add smishing exercises to security training and issue general email warnings are best responses to gift card phishing attempts (97% community vote).

    Counterfeit Hardware

    • Thorough supply chain analysis is the best approach to mitigate risks associated with procuring counterfeit hardware (78% community vote).

    Rules of Engagement

    • Rules of engagement document the terms of a penetration test with a third-party tester (95% community vote).

    Reconnaissance Types

    • Active reconnaissance involves port and service scans during penetration testing (100% community vote).

    Disaster Recovery Plan (DRP)

    • DRP details procedures for recovering from a system failure (97% community vote).

    Side Loading

    • Side loading is installing software outside a manufacturer's approved software repository (100% community vote).

    Password Spraying Attack

    • A password spraying attack involves attempting to log in to accounts using a limited set of common passwords (100% community vote).

    Zero Trust Principles

    • Subject role is the most relevant factor for evaluating Zero Trust principles in the data plane (41% community vote)

    Jump Server

    • A jump server is the best solution for minimizing traffic allowed through the security boundary for administrative access to internal resources (85% community vote)

    Endpoint Logs

    • Endpoint logs should be used as a data source for investigations into potential malicious network traffic from employee laptops (93% community vote).

    Threat Hunting

    • Conducting threat hunting is the best way to identify new, unknown behaviors in SIEM logs before alerts are configured (100% community vote).

    Risk Transfer

    • Purchasing cyber insurance represents a risk transfer strategy to address items in the risk register (80% community vote).

    Full Disk Encryption

    • Full disk encryption is the optimal technique for securing data on employee laptops (100% community vote).

    Preventive Controls

    • Acceptable use policies are preventive security controls (92% community vote).

    Least Privilege

    • Implementing least privilege means limiting access to only necessary resources for employees (100% community vote).

    Risk Register

    • A risk register documents risks, responsible parties, and thresholds (100% community vote).

    Change Management

    • Adhering to change management procedures is crucial when setting up firewall rules (100% community vote).

    Bug Bounty Programs

    • Bug bounty programs compensate researchers for discovering vulnerabilities in a company’s applications (100% community vote).

    Nation-State Actors

    • Nation-state actors are most likely to use substantial financial resources to attack critical systems in other countries (100% community vote).

    SQL Injection

    • SQL injection attacks use input fields to run commands that view or manipulate data (100% community vote).

    Intellectual Property

    • Intellectual property is the type of company data employees in research and development are most likely to use (100% community vote).

    Asset Inventory

    • Labeling laptops with asset stickers and associating them with employee IDs improves incident response, security awareness, and record keeping (50% community vote)

    Security Training

    • Modifying recurring training to include information about employee transition from remote to in-office work is the best way to improve situational and environmental awareness (100% community vote).

    Dashboard

    • Dashboards are used to present incident data to the board of directors for summary (100% community vote).

    Rootkits

    • A change in a system file's hash, without corresponding OS patch application, likely indicates rootkit deployment (100% community vote).

    Shared Responsibility Model – IaaS

    • The client is responsible for securing resources in an IaaS cloud environment (89% community vote).

    Statement of Work (SOW)

    • A Statement of Work (SOW) details a project, cost, and timeframe for a client (96% community vote).

    Input Validation

    • Implementing input validation is recommended to prevent cross-site scripting vulnerabilities in web applications (100% community vote).

    High Availability

    • Ease of recovery and responsiveness are crucial for designing a high-availability network (76% community vote).

    Change Control

    • Creating a change control request is the first step before applying a high-priority patch to a production system (100% community vote).

    Incident Response – Root Cause Analysis

    • Conducting root cause analysis in incident response aims to prevent future similar incidents (100% community vote).

    PCI DSS Compliance

    • Failing a PCI DSS compliance assessment may result in an audit finding, not just fines or sanctions (67% community vote).

    Capacity Planning

    • Capacity planning determines the staffing required to sustain business operations after a disruption (100% community vote).

    Geolocation Policy

    • Implementing a geolocation policy is the most effective way to control access to sensitive documents in a SaaS application based on country of origin (100% community vote).

    Firmware

    • Firmware version is a hardware-specific vulnerability (100% community vote).

    Firewall Testing

    • Testing firewall policies in a non-production environment before implementation is crucial to avoid disrupting production systems (73% community vote)

    Warm Data Center

    • A warm data center is best for cost-focused backups with an RTO and RPO of around two days (78% community vote)

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on various cybersecurity vulnerabilities, hardware security issues, and mitigation techniques for common attacks like SQL injection. This quiz also covers data sovereignty regulations and backup strategies for data centers. Challenge yourself and see how well you understand the complexities of cybersecurity

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser