Security+
512 Questions
7 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What action is permitted for HTTP traffic originating from 10.0.1.1/24 according to the firewall configuration?

  • Redirected
  • Denied (correct)
  • Blocked
  • Allowed
  • In the firewall configuration, which IP range is allowed to establish SSH connections?

  • 192.168.0.1/24 (correct)
  • 10.0.1.1/24
  • 192.168.1.1/24
  • 10.0.0.1/24
  • Which of the following protocols is NOT permitted from ANY IP to 10.0.1.1/24?

  • HTTPS
  • HTTP (correct)
  • DNS
  • SSH
  • What is the common permission for HTTPS traffic in both firewall configurations?

    <p>Permit</p> Signup and view all the answers

    Which IP range is allowed to establish DNS connections according to the firewall configurations?

    <p>192.168.0.1/24</p> Signup and view all the answers

    What is the action taken for HTTP traffic originating from 192.168.0.1/24 in Firewall 3?

    <p>Denied</p> Signup and view all the answers

    What is the purpose of the rule 'ANY - 10.0.0.1/24 - SSH - PERMIT' in Firewall 1?

    <p>To allow inbound SSH traffic from any source to 10.0.0.1/24 subnet</p> Signup and view all the answers

    Why is the rule 'ANY - 10.0.0.1/24 - HTTP - DENY' present in Firewall 1 configuration?

    <p>To deny HTTP traffic from any source to the 10.0.0.1/24 subnet</p> Signup and view all the answers

    In the context of the given Firewall 1 configuration, what is the purpose of the rule '10.0.0.1/24 - ANY - DNS - PERMIT'?

    <p>To allow DNS traffic from any source to the 10.0.0.1/24 subnet</p> Signup and view all the answers

    Considering Firewall 1's configuration, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' signify?

    <p>Allowing inbound HTTPS traffic from any source to the 10.0.0.1/24 subnet</p> Signup and view all the answers

    What is the significance of 'ANY - 10.0.0.1/24 - ANY - HTTPS - PERMIT' in Firewall 1's setup?

    <p>Allowing outbound HTTPS traffic from the 10.0.0.1/24 subnet to any destination</p> Signup and view all the answers

    What is the primary reason for including 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule in Firewall 1 configuration?

    <p>To allow inbound HTTPS traffic from any source to the 10.0.0.1/24 subnet</p> Signup and view all the answers

    What is the purpose of a firewall in a network?

    <p>To filter incoming and outgoing network traffic based on predefined rules</p> Signup and view all the answers

    Which type of firewall inspects data at the application layer?

    <p>Application-level gateway firewall</p> Signup and view all the answers

    What is the primary function of a stateful inspection firewall?

    <p>To track and monitor the state of network connections</p> Signup and view all the answers

    Which firewall configuration is suitable for highly secure environments that require strict control over network traffic?

    <p>Deny by default</p> Signup and view all the answers

    What is the purpose of a demilitarized zone (DMZ) in a firewall configuration?

    <p>To provide a secure area for hosting public-facing servers</p> Signup and view all the answers

    Which firewall technology can inspect and filter traffic based on the application-level content?

    <p>Deep packet inspection firewall</p> Signup and view all the answers

    What is the primary purpose of the 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule in Firewall 1?

    <p>Permitting HTTPS traffic to 10.0.0.1/24</p> Signup and view all the answers

    What is the purpose of the 'ANY - 10.0.0.1/24 - SSH - PERMIT' rule in Firewall 1?

    <p>Permitting SSH traffic to 10.0.0.1/24</p> Signup and view all the answers

    Which action does the 'ANY - 10.0.0.1/24 - HTTP - DENY' rule take in Firewall 1?

    <p>Block HTTP traffic from any source to 10.0.0.1/24</p> Signup and view all the answers

    What is the significance of the 'ANY - 10.0.0.1/24 - DNS - PERMIT' rule in Firewall 1's configuration?

    <p>Allowing DNS traffic from any source to 10.0.0.1/24</p> Signup and view all the answers

    Which traffic does the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1 specifically allow?

    <p>HTTPS traffic to 10.0.0.1/24</p> Signup and view all the answers

    What is the primary responsibility of a data owner?

    <p>Determining how the data may be used</p> Signup and view all the answers

    In the context of firewall configurations, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' signify?

    <p>Allowing any traffic from 10.0.0.1/24 using HTTPS</p> Signup and view all the answers

    Which action is a data custodian responsible for?

    <p>Implementing protection for data</p> Signup and view all the answers

    What does a network engineer need to implement to allow guests at the company's headquarters to access only the Internet via WiFi?

    <p>Agreement to acceptable use policy before granting Internet access</p> Signup and view all the answers

    How does a firewall protect an internal corporate network from unauthorized access?

    <p>Filtering and blocking undesired network traffic</p> Signup and view all the answers

    Based on the firewall configurations provided, which IP range is allowed to establish HTTPS connections to 10.0.0.1/24?

    <p>Any IP address</p> Signup and view all the answers

    Which firewall rule in the provided configurations would prevent unauthorized access to sensitive data stored on a system?

    <p>Air gap</p> Signup and view all the answers

    If a system needs to be protected from Internet-based attacks, which configuration should be implemented according to the information provided?

    <p>Air gap</p> Signup and view all the answers

    According to the firewall configurations, which protocol is explicitly denied for connections originating from any IP address to 10.0.0.1/24?

    <p>HTTP</p> Signup and view all the answers

    Which RAID configuration would ensure no data loss if one hard drive fails, according to the information provided?

    <p>RAID 1</p> Signup and view all the answers

    What is the purpose of the rule 'ANY - 10.0.1.1/24 - SSH - PERMIT' in Firewall 2?

    <p>To allow incoming SSH connections from any IP address to the 10.0.1.1/24 network</p> Signup and view all the answers

    What is the significance of the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' in Firewall 2?

    <p>It denies incoming HTTP connections from any IP address to the 10.0.1.1/24 network</p> Signup and view all the answers

    Based on the firewall configurations, which protocol is permitted for both 10.0.1.1/24 and 192.168.0.1/24 networks?

    <p>HTTPS</p> Signup and view all the answers

    What is the purpose of the rule '192.168.0.1/24 - ANY - DNS - PERMIT' in Firewall 3?

    <p>To allow outgoing DNS requests from the 192.168.0.1/24 network to any IP address</p> Signup and view all the answers

    Which type of firewall technology is likely used in the given configurations, based on the rules that specify protocols like HTTP, HTTPS, and SSH?

    <p>Application-level gateway firewall</p> Signup and view all the answers

    Based on the firewall configurations, which protocol is permitted from any IP address to 10.0.0.1/24?

    <p>HTTPS and SSH</p> Signup and view all the answers

    Which of the following IP ranges is denied access to HTTP services according to the firewall configurations?

    <p>192.168.0.1/24</p> Signup and view all the answers

    What is the purpose of the rule 'ANY - 10.0.0.1/24 - DNS - PERMIT' in the firewall configuration?

    <p>To permit DNS server access from the 10.0.0.1/24 subnet to any IP address</p> Signup and view all the answers

    According to the firewall configurations, which statement is true about SSH connections?

    <p>SSH connections are permitted from any IP address to 10.0.0.1/24</p> Signup and view all the answers

    Based on the firewall configurations, which IP range is permitted to access HTTP services?

    <p>10.0.1.1/24</p> Signup and view all the answers

    Based on the information provided, which of the following is the most likely cause of the security alert?

    <p>A phishing attempt using a malicious link</p> Signup and view all the answers

    What should be the security administrator's next step to mitigate the identified threat?

    <p>Implement a web application firewall (WAF) to inspect HTTP traffic</p> Signup and view all the answers

    Which firewall configuration would be most effective in preventing similar phishing attempts in the future?

    <p>A stateful inspection firewall with application-layer filtering</p> Signup and view all the answers

    Which of the following actions would be the least effective in mitigating the identified threat?

    <p>Disabling JavaScript execution in web browsers on the internal network</p> Signup and view all the answers

    Which of the following firewall configurations would be most suitable for a highly secure environment that requires strict control over network traffic?

    <p>A stateful inspection firewall with application-layer filtering and intrusion prevention capabilities</p> Signup and view all the answers

    What is the MOST effective way to mitigate the reported vulnerability?

    <p>An IP blacklist</p> Signup and view all the answers

    What security concerns are associated with hosting a web application and database in the cloud?

    <p>The cloud vendor is a new attack vector within the supply chain</p> Signup and view all the answers

    What type of attack is MOST likely seen in the provided packet capture at the coffee shop?

    <p>Evil twin</p> Signup and view all the answers

    Which method is NOT effective for mitigating the reported vulnerability?

    <p>Creating an IP whitelist</p> Signup and view all the answers

    What is a potential risk of outsourcing code development in a cloud environment?

    <p>Loss of internal control</p> Signup and view all the answers

    In a coffee shop scenario, what does poor wireless network performance often indicate?

    <p>Interference from neighboring devices</p> Signup and view all the answers

    What is typically a disadvantage of DNS sinkholing as a security measure?

    <p>It blocks legitimate traffic</p> Signup and view all the answers

    What is a potential drawback of implementing application whitelisting?

    <p>Increased false positive alerts</p> Signup and view all the answers

    What is a possible consequence of having an outdated blacklist for IP filtering?

    <p>Vulnerability to new threats</p> Signup and view all the answers

    Why is it important to regularly review and update DLP rules on terminals?

    <p>To ensure protection against evolving data security threats</p> Signup and view all the answers

    What is the BEST network type that the administrator can use to gather information?

    <p>Honeynet</p> Signup and view all the answers

    What best describes the current situation where passwords for one system have been compromised, but unusual login activity has been detected for another system?

    <p>Compromised password file brute-force hacked</p> Signup and view all the answers

    Which security control is NOT being enforced based on the given scenario?

    <p>Single sign-on</p> Signup and view all the answers

    What issue arises when users are detected logging in while on vacation?

    <p>Lack of multi-factor authentication</p> Signup and view all the answers

    Why are some compromised passwords valid on multiple systems according to the incident response team?

    <p>Reused passwords by users</p> Signup and view all the answers

    What is the potential risk of not centralizing storage of passwords as per the organization's policy?

    <p>Higher risk of password database breaches</p> Signup and view all the answers

    What is likely happening when unusual login activity is detected for the separate system?

    <p>'Credential stuffing' attempt</p> Signup and view all the answers

    What action does isolation involve in incident response?

    <p>Removing affected components from the environment</p> Signup and view all the answers

    How does isolation help in incident response?

    <p>It helps contain the incident and prevent its spread</p> Signup and view all the answers

    What is the main concern of the Chief Information Officer (CIO) in the scenario provided?

    <p>Customer privacy and organizational security</p> Signup and view all the answers

    How can the organization address the CIO's concerns about security and customer privacy?

    <p>Enhancing security measures for mobile devices</p> Signup and view all the answers

    What is a critical consideration when newly hired salespersons rely on mobile devices for business operations?

    <p>Data encryption methods</p> Signup and view all the answers

    Why might the CIO contemplate scaling down the organization as quickly as it scaled up?

    <p>To optimize resource allocation</p> Signup and view all the answers

    'Isolation' in incident response involves:

    <p>Protecting affected components from further impact</p> Signup and view all the answers

    What should the network security manager consult FIRST to determine a priority list for forensic review?

    <p>The vulnerability scan output</p> Signup and view all the answers

    How can the financial organization BEST allow sharing of important PII with the secure application?

    <p>Configure the DLP policies to whitelist this application with the specific PII</p> Signup and view all the answers

    What would BEST explain the appliance's vulnerable state during the last two assessments?

    <p>Lack of regular patching</p> Signup and view all the answers

    What is the primary purpose of consulting IDS logs in a cybersecurity scenario?

    <p>Detecting and alerting on suspicious network activity</p> Signup and view all the answers

    In the context of security appliances, why is full packet capture data valuable for forensic investigations?

    <p>To reconstruct network events for analysis</p> Signup and view all the answers

    What action would be MOST effective in preventing sensitive data breaches due to a vulnerable OS?

    <p>Conducting regular security assessments</p> Signup and view all the answers

    Why is it crucial to configure DLP policies to whitelist specific applications for data sharing?

    <p>To prevent sensitive data leakage</p> Signup and view all the answers

    What could be a significant impact of not addressing vulnerabilities identified during a security assessment?

    <p>Data loss or theft</p> Signup and view all the answers

    Which of the following approaches would be most effective in mitigating the CEO's concern about employees accessing the company's network from high-risk countries while on vacation?

    <p>Implement geolocation restrictions to block access from certain high-risk countries</p> Signup and view all the answers

    The document named 'password.txt' is likely placed on the administrator's desktop as:

    <p>A honeyfile intended to lure and detect potential cyber intruders</p> Signup and view all the answers

    To ensure appropriate data protection in the DLP solution, which of the following approaches should the company take?

    <p>Assign different DLP rules based on the data type (PII, financial information, health information)</p> Signup and view all the answers

    In the context of a development team, which process is described as bringing code changes from multiple team members into the same project through automation and utilizing a tool for code validation and version control?

    <p>Continuous integration</p> Signup and view all the answers

    If the company wants to prevent employees from accessing social media sites during work hours, which of the following would be the most effective approach?

    <p>Implement web content filtering to block access to social media sites</p> Signup and view all the answers

    Which RAID level should a cybersecurity administrator select to add disk redundancy and fault tolerance for a critical server, capable of withstanding two simultaneous drive failures?

    <p>RAID 6</p> Signup and view all the answers

    Which of the following is a potential drawback of implementing geolocation restrictions for remote access?

    <p>Employees may be unable to access the network while traveling for business purposes</p> Signup and view all the answers

    In a development team's practice of continuous integration, which of the following tools is typically utilized to validate code and track source code through version control?

    <p>Version control system</p> Signup and view all the answers

    Which of the following techniques would be most effective in preventing data exfiltration by malicious insiders?

    <p>Implement data loss prevention (DLP) solutions to monitor and control data movement</p> Signup and view all the answers

    What is the primary purpose of implementing RAID 6 in a server environment?

    <p>Enhance data redundancy and fault tolerance</p> Signup and view all the answers

    Which of the following approaches would be most effective in ensuring compliance with data privacy regulations when implementing DLP rules?

    <p>Assign different DLP rules based on the data type and applicable regulations</p> Signup and view all the answers

    Which of the following statements best describes the purpose of a honeyfile in cybersecurity?

    <p>It is a decoy file containing sensitive data to lure and detect potential attackers</p> Signup and view all the answers

    Which of the following approaches would be most effective in preventing unauthorized access to sensitive data stored on the file server?

    <p>Use role-based access controls to restrict access based on employee roles and responsibilities</p> Signup and view all the answers

    In the context of software development, what is the primary benefit of implementing continuous integration practices?

    <p>Improved code quality and early detection of issues</p> Signup and view all the answers

    Which of the following scenarios best justifies the use of RAID 6 over other RAID levels?

    <p>A mission-critical server handling sensitive data, requiring maximum fault tolerance</p> Signup and view all the answers

    Which of the following approaches would be most effective in ensuring that employees can access the company's network securely while traveling for business purposes?

    <p>Use virtual private network (VPN) connections to securely access the company's network</p> Signup and view all the answers

    In Firewall 2's configuration, which traffic would be allowed for connections originating from the IP range 10.0.1.1/24?

    <p>HTTPS</p> Signup and view all the answers

    What is the primary function of the 'ANY - 192.168.0.1/24 - HTTP - DENY' rule in Firewall 3's configuration?

    <p>To deny SSH traffic</p> Signup and view all the answers

    Which protocol is explicitly permitted for connections originating from ANY IP address to the IP range 192.168.0.1/24 in Firewall 3's configuration?

    <p>DNS</p> Signup and view all the answers

    What is the significance of the 'ANY - 192.168.0.1/24 - HTTPS - PERMIT' rule in Firewall 3's setup?

    <p>Permits HTTPS traffic</p> Signup and view all the answers

    Based on the provided information, which traffic would be DENIED by both Firewall 2 and Firewall 3 configurations?

    <p><strong>HTTP traffic</strong></p> Signup and view all the answers

    What network security measure physically isolates a secure computer network from unsecured networks, such as the public Internet?

    <p>Air gap</p> Signup and view all the answers

    In a highly secure environment requiring strict control over network traffic, which RAID configuration would be most appropriate?

    <p>RAID 1</p> Signup and view all the answers

    Which firewall technology can inspect and filter network traffic based on application-level content?

    <p>Proxy firewall</p> Signup and view all the answers

    Which rule in a firewall configuration allows connections from any IP to 10.0.0.1/24 using the DNS protocol?

    <p>'10.0.0.1/24 - ANY - DNS - PERMIT'</p> Signup and view all the answers

    To protect a system from Internet-based attacks, what network security measure should be implemented to physically isolate the system from the Internet?

    <p>Air gap</p> Signup and view all the answers

    What is the primary purpose of establishing a transitive trust in a network environment?

    <p>To automatically establish trust between parent and child domains</p> Signup and view all the answers

    In the context of systems administration, what is the main purpose of enforcing key-based authentication over SSH?

    <p>To guide users on creating public/private key pairs for server installation</p> Signup and view all the answers

    What is the BEST use case scenario for implementing a Web Application Firewall (WAF)?

    <p>To protect publicly accessible websites hosted on web servers</p> Signup and view all the answers

    What action should a network security manager take to enhance security after detecting compromised passwords and unusual login activities?

    <p>Disable username/password authentication and enable TOTP for SSH connections</p> Signup and view all the answers

    If a cybersecurity administrator wants to add disk redundancy and fault tolerance to a critical server, which RAID level should be selected?

    <p>RAID 10</p> Signup and view all the answers

    Based on the firewall configurations, what is the purpose of the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1?

    <p>To allow secure HTTPS connections from any IP address to the 10.0.0.1/24 subnet</p> Signup and view all the answers

    According to the firewall configurations, which protocol is permitted from any IP address to 10.0.0.1/24 in Firewall 1?

    <p>HTTPS</p> Signup and view all the answers

    Which of the following rules in Firewall 1 would prevent unauthorized access to sensitive data stored on a system within the 10.0.0.1/24 subnet?

    <p>ANY - 10.0.0.1/24 - HTTP - DENY</p> Signup and view all the answers

    Based on the firewall configurations, which IP range is allowed to establish SSH connections to 10.0.0.1/24 in Firewall 1?

    <p>Any IP address</p> Signup and view all the answers

    Which of the following rules in Firewall 1 would be most effective in preventing unauthorized access to sensitive data stored on a system within the 10.0.0.1/24 subnet?

    <p>ANY - 10.0.0.1/24 - HTTP - DENY</p> Signup and view all the answers

    What does the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' in Firewall 2 signify?

    <p>It blocks HTTP traffic originating from the 10.0.1.1/24 network to any destination</p> Signup and view all the answers

    Which IP range is allowed to establish DNS connections according to the firewall configurations?

    <p>10.0.0.1/24</p> Signup and view all the answers

    What is the action taken for HTTP traffic originating from 192.168.0.1/24 in Firewall 3?

    <p>It permits the traffic</p> Signup and view all the answers

    Which of the following statements is true about SSH connections based on the firewall configurations?

    <p>SSH connections are permitted for both 10.0.1.1/24 and 192.168.0.1/24 networks</p> Signup and view all the answers

    What traffic does the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1 specifically allow?

    <p>HTTPS traffic to any destination from the 10.0.0.1/24 network</p> Signup and view all the answers

    What is the BEST course of action for the security administrator to take based on the provided information?

    <p>Implement a host-based firewall rule to block future events of this type from occurring.</p> Signup and view all the answers

    In Firewall 1's setup, what does 'ANY - 10.0.0.1/24 - SSH - PERMIT' signify?

    <p>Allowing SSH traffic from any source to the 10.0.0.1/24 network.</p> Signup and view all the answers

    What is the significance of 'ANY - 10.0.0.1/24 - ANY - HTTPS - PERMIT' in Firewall 1's setup?

    <p>Allowing HTTPS traffic from any source to the 10.0.0.1/24 network.</p> Signup and view all the answers

    Which firewall configuration would be most suitable for a highly secure environment that requires strict control over network traffic?

    <p>ANY - ANY - ANY - DENY</p> Signup and view all the answers

    Which type of firewall inspects data at the application layer?

    <p>Proxy firewall</p> Signup and view all the answers

    Based on the firewall configurations, which statement is true regarding HTTP traffic originating from the 192.168.0.1/24 network?

    <p>It is implicitly denied due to the lack of an explicit permit rule.</p> Signup and view all the answers

    Which of the following statements correctly describes the handling of SSH traffic according to the firewall configurations?

    <p>SSH traffic is permitted from any IP address to 10.0.0.1/24.</p> Signup and view all the answers

    Which of the following statements best explains the purpose of the 'ANY - 10.0.0.1/24 - HTTP - DENY' rule in Firewall 1?

    <p>To explicitly deny HTTP traffic from any IP address to the 10.0.0.1/24 network.</p> Signup and view all the answers

    Which type of firewall technology is most likely being used, based on the rules specifying protocols like HTTP, HTTPS, and SSH?

    <p>Stateful inspection firewall</p> Signup and view all the answers

    According to the firewall configurations, which statement is true regarding HTTPS traffic?

    <p>HTTPS traffic is permitted from any IP address to 10.0.0.1/24.</p> Signup and view all the answers

    Which of the following firewall configurations would be most suitable for a highly secure environment that requires strict control over network traffic?

    <p>Implicit deny with explicit permit rules for allowed traffic.</p> Signup and view all the answers

    Based on the firewall configurations, which IP range is explicitly denied access to HTTP services?

    <p>There is no explicit deny rule for any IP range.</p> Signup and view all the answers

    Which of the following statements correctly describes the handling of traffic not explicitly permitted or denied by the firewall configurations?

    <p>It is implicitly denied.</p> Signup and view all the answers

    Which of the following actions would be the most effective in mitigating the risk of unauthorized access to the 10.0.0.1/24 network?

    <p>Adding explicit permit rules for specific IP ranges and protocols to access 10.0.0.1/24.</p> Signup and view all the answers

    What is the MOST likely result of improperly configured user accounts?

    <p>Privilege escalation</p> Signup and view all the answers

    An organization is concerned about video emissions from users' desktops. What is the BEST solution to implement?

    <p>Screen filters</p> Signup and view all the answers

    What should the security administrator do after finding the PCAP associated with the event described in the logs?

    <p>Implement a host-based firewall rule to block future events</p> Signup and view all the answers

    What is a critical action to prevent unauthorized access to sensitive data stored on systems within a subnet?

    <p>Enforcing strict password policies</p> Signup and view all the answers

    Which of the following would typically NOT be a result of improperly configured user accounts?

    <p>Malware infection</p> Signup and view all the answers

    What could be a consequence of ignoring alerts from perimeter UTM devices like in the scenario provided?

    <p>Data breach</p> Signup and view all the answers

    Which security standard must a company comply with when accepting credit cards for payment on its e-commerce platform?

    <p>PCI DSS</p> Signup and view all the answers

    What is a security exploit for which a vendor patch is not readily available?

    <p>Zero-day</p> Signup and view all the answers

    What social engineering technique is being used in the scenario where an attacker impersonates the CEO requesting a fund transfer?

    <p>Pretexting</p> Signup and view all the answers

    What type of attack exploits vulnerabilities that are unknown to the software vendor?

    <p>Zero-day</p> Signup and view all the answers

    Which of the following terms refers to the process of restructuring existing code without changing its external behavior?

    <p>Refactoring</p> Signup and view all the answers

    What technique involves intercepting network communication and converting secure HTTPS connections into insecure HTTP?

    <p>SSL stripping</p> Signup and view all the answers

    What is the likely cause for end users downloading PE32 files after clicking on an infected MHT file link?

    <p>A RAT was installed and is transferring additional exploit tools.</p> Signup and view all the answers

    In an event of complete loss of critical systems and data, which plan is an organization MOST likely developing?

    <p>Disaster recovery plan</p> Signup and view all the answers

    What is the purpose of a risk register?

    <p>To monitor and assess potential risks</p> Signup and view all the answers

    What characterizes the distribution of RATs in a computer network?

    <p>Sending them as email attachments</p> Signup and view all the answers

    Which action is typical after an organization suffers a complete loss of critical systems and data?

    <p>Developing a disaster recovery plan</p> Signup and view all the answers

    What indicates the successful compromise of a host's system by attackers?

    <p>Allowing remote access to unauthorized users</p> Signup and view all the answers

    What is the primary purpose of data masking?

    <p>To protect sensitive data from unauthorized access</p> Signup and view all the answers

    Which of the following is the primary reason for data classification?

    <p>To determine the level of access control required for data</p> Signup and view all the answers

    What is the purpose of classifying data as 'Public' or 'Unclassified'?

    <p>To indicate that there are no restrictions on viewing the data</p> Signup and view all the answers

    What is the purpose of classifying data as 'Critical' or 'Top Secret'?

    <p>To indicate that the data is highly sensitive and restricted</p> Signup and view all the answers

    What is the purpose of assigning an application owner?

    <p>To manage and control access to the application and its data</p> Signup and view all the answers

    What is the purpose of performing a risk analysis on data?

    <p>To identify potential threats and vulnerabilities related to the data</p> Signup and view all the answers

    What is the primary purpose of salting and hashing passwords?

    <p>To protect passwords even if the database is compromised</p> Signup and view all the answers

    What is the purpose of the one-way mathematical function used in hashing?

    <p>To generate a fixed-length output known as a hash value</p> Signup and view all the answers

    What is the role of a red team in organizational security?

    <p>To emulate the techniques of potential attackers</p> Signup and view all the answers

    Which job role would sponsor data quality and data entry initiatives to ensure business and regulatory requirements are met?

    <p>Data owner</p> Signup and view all the answers

    What is the purpose of using a salt in password hashing?

    <p>To make the password more secure by adding random data</p> Signup and view all the answers

    What is the primary advantage of using a stateful inspection firewall?

    <p>It can track the state of network connections and filter traffic based on predefined rules</p> Signup and view all the answers

    What is the GREATEST risk to intellectual property when implementing a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab?

    <p>Data exfiltration over a mobile hotspot</p> Signup and view all the answers

    What is the analyst doing when using a recently released security advisory to review historical logs, looking for specific activity outlined in the advisory?

    <p>Threat hunting</p> Signup and view all the answers

    In which risk management strategy would cybersecurity insurance typically be utilized?

    <p>Transference</p> Signup and view all the answers

    What is the primary purpose of implementing a geofencing policy based on login history?

    <p>Enforcing access control</p> Signup and view all the answers

    Which action would MOST likely support the integrity of a voting machine?

    <p>Using tamper-evident seals</p> Signup and view all the answers

    What is a notable feature of a policy that requires the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab?

    <p>Mitigating physical theft risks</p> Signup and view all the answers

    Which security control would NOT be directly enforced by using encrypted credentials in transit?

    <p>Access control through role-based permissions</p> Signup and view all the answers

    What is a key benefit of implementing a password reuse policy to enhance cybersecurity?

    <p>Mitigating the impact of credential stuffing attacks</p> Signup and view all the answers

    What social-engineering technique involves targeting a specific group or individual via email?

    <p>Spear phishing</p> Signup and view all the answers

    Which RAID configuration should be used for high read speeds and fault tolerance, ensuring that multiple drives are unlikely to fail simultaneously?

    <p>RAID 5</p> Signup and view all the answers

    What type of testing involves providing unexpected or random input to a web application to ensure it does not crash?

    <p>Fuzzing</p> Signup and view all the answers

    When a network switch is experiencing MAC flooding, what is happening to the switch?

    <p>MAC Flooding</p> Signup and view all the answers

    To centralize logs and gain visibility into security events, which technology should a company implement?

    <p>SIEM</p> Signup and view all the answers

    In a RAIS configuration focused on fault tolerance, which RAID configuration is most suitable?

    <p>RAID 10</p> Signup and view all the answers

    What technique involves flooding instant messaging channels with unwanted messages?

    <p>SPIM</p> Signup and view all the answers

    Which testing method is used to evaluate how a web application handles unexpected inputs?

    <p>Fuzzing</p> Signup and view all the answers

    What is a common use case for data masking mentioned in the text?

    <p>Conducting test cycles on corporate data</p> Signup and view all the answers

    Why is it important for data to remain usable while undergoing test cycles?

    <p>To maintain consistency and validity in testing</p> Signup and view all the answers

    In the context of the nuclear plant attack mentioned, what was identified as the source of the issue?

    <p>A malicious USB introduced by an employee</p> Signup and view all the answers

    What entity has the MOST responsibility for protecting privacy and user rights under GDPR?

    <p>Data Controller</p> Signup and view all the answers

    What was requested in the SMS received by a user on their mobile phone?

    <p>Bank delays notification</p> Signup and view all the answers

    Why were all networks air-gapped after the nuclear plant attack?

    <p>To prevent worm propagation</p> Signup and view all the answers

    What type of attack was the nuclear plant victim to based on the investigation findings?

    <p>'Worm' attack</p> Signup and view all the answers

    What is the most secure approach to storing passwords in a database?

    <p><strong>Hash the passwords using a salted hashing algorithm</strong></p> Signup and view all the answers

    What is the primary purpose of incremental backups?

    <p><strong>To back up only the data that has changed since the last full or incremental backup</strong></p> Signup and view all the answers

    Which backup strategy would be most appropriate for an environment with strict recovery point objectives (RPOs) and recovery time objectives (RTOs)?

    <p><strong>Frequent full backups, with incremental or differential backups in between</strong></p> Signup and view all the answers

    What is the primary advantage of using differential backups over incremental backups?

    <p><strong>Differential backups are faster to restore</strong></p> Signup and view all the answers

    Which of the following is a potential drawback of using incremental backups?

    <p><strong>Restoring from incremental backups can be time-consuming if multiple incremental backups need to be restored</strong></p> Signup and view all the answers

    What is the primary purpose of a full backup?

    <p><strong>To create a complete backup of all data on a system</strong></p> Signup and view all the answers

    What is the primary benefit of implementing a data loss prevention (DLP) solution?

    <p><strong>Detecting and preventing the unauthorized transfer of sensitive data</strong></p> Signup and view all the answers

    What is the primary purpose of data masking?

    <p><strong>To obfuscate or replace sensitive data with fictitious data for testing or development purposes</strong></p> Signup and view all the answers

    What is the primary concern that the network security manager should address based on the given information?

    <p>Identifying the vulnerable systems and applying necessary patches or mitigations</p> Signup and view all the answers

    Which of the following would be the most effective approach to determine the systems potentially affected by the reported vulnerability?

    <p>Review the vulnerability scan output to identify systems running the vulnerable software</p> Signup and view all the answers

    In the context of the reported vulnerability, what is the primary purpose of consulting the full packet capture data?

    <p>To gather forensic evidence and reconstruct the attack timeline</p> Signup and view all the answers

    Which of the following actions would be the most effective in preventing sensitive data breaches due to a vulnerable operating system (OS)?

    <p>Keep the OS and applications up-to-date with the latest security patches</p> Signup and view all the answers

    In the context of the reported vulnerability, what is the primary advantage of consulting the SIEM alerts?

    <p>Identifying potential indicators of compromise (IoCs) related to the vulnerability</p> Signup and view all the answers

    Which of the following actions would be most effective in ensuring compliance with data privacy regulations when implementing DLP rules?

    <p>Consulting with legal and compliance teams to understand regulatory requirements</p> Signup and view all the answers

    In the context of the financial organization's secure document-sharing application, what is the primary purpose of configuring the DLP policies to whitelist the application with specific PII?

    <p>To allow the secure sharing of sensitive customer data while preventing unauthorized access</p> Signup and view all the answers

    Which of the following factors would be most relevant in determining the appropriate RAID level for a critical server?

    <p>The desired level of fault tolerance and data redundancy</p> Signup and view all the answers

    What action would be MOST appropriate to improve security if an organization with a Security Operations Center (SOC) is considering implementing a SOAR?

    <p>Automating an existing Incident Response plan</p> Signup and view all the answers

    What is the main function of a Security Operations Center (SOC) within an organization?

    <p>Monitoring and responding to security incidents</p> Signup and view all the answers

    In the scenario provided, what was the final action that resolved the issue of users being unable to access certain websites?

    <p>Changing the DNS server for the impacted machine</p> Signup and view all the answers

    What type of attack is MOST likely to have occurred on the original DNS server based on the scenario provided?

    <p>DNS cache poisoning</p> Signup and view all the answers

    What is the primary focus of a Security Orchestration, Automation, and Response (SOAR) system in the context of incident response?

    <p>Automating security incident response processes</p> Signup and view all the answers

    What is the main purpose of running 'ipconfig /flushdns' command by security analysts in the scenario provided?

    <p>Clearing DNS resolver cache</p> Signup and view all the answers

    What is a typical role of a Security Analyst in a Security Operations Center (SOC)?

    <p>Monitoring network traffic for anomalies</p> Signup and view all the answers

    Why is it important for organizations considering a SOAR implementation to already have a Security Operations Center (SOC)?

    <p>To ensure effective incident response capabilities</p> Signup and view all the answers

    What is the primary focus of the security engineer in the incident response phase described in the text?

    <p>Restricting the spread of the incident</p> Signup and view all the answers

    What is the key consideration for isolating affected components during an incident response?

    <p>Removing affected components from the network</p> Signup and view all the answers

    How does isolation help in incident response?

    <p>It prevents unauthorized access to affected components</p> Signup and view all the answers

    In the context of a growing sales workforce using mobile devices, what is a primary security concern for the Chief Information Officer (CIO)?

    <p>Protecting customer privacy and data security</p> Signup and view all the answers

    What would be the BEST measure to address the CIO's concerns regarding security and privacy in a sales-driven organization with mobile-dependent employees?

    <p>Enforcing strict device encryption policies</p> Signup and view all the answers

    Why is it important for organizations to scale down quickly after rapid growth in their workforce?

    <p>To maintain a lean and efficient workforce structure</p> Signup and view all the answers

    What is the significance of placing applications in a VM sandbox outside the usual environment during isolation?

    <p>To protect unaffected components from potential threats</p> Signup and view all the answers

    Why might a development team bring all code changes into the same project through automation?

    <p>To streamline collaboration and catch integration bugs early</p> Signup and view all the answers

    What is the purpose of utilizing a tool for code validation and version control in the development process?

    <p>To track changes and ensure code quality</p> Signup and view all the answers

    Why would a cybersecurity administrator aim to have disk redundancy with a two-drive failure tolerance for a critical server?

    <p>To improve fault tolerance and prevent data loss</p> Signup and view all the answers

    What is the main reason a server administrator might place a document named password.txt on a server's desktop?

    <p>To attract cyberintruders' attention with sensitive data</p> Signup and view all the answers

    In the context of ensuring system reliability, what could be a potential drawback of using RAID 0 instead of RAID 6 for disk redundancy?

    <p>Decreased fault tolerance</p> Signup and view all the answers

    How does continuous integration contribute to software development processes?

    <p>By automating code integration and testing frequently</p> Signup and view all the answers

    What could be a significant risk of storing sensitive data on a server's desktop?

    <p>Attracting cyberintruders' attention</p> Signup and view all the answers

    Why is it crucial for a cybersecurity administrator to select an appropriate RAID level for disk redundancy in critical servers?

    <p>To ensure system availability and data integrity</p> Signup and view all the answers

    What type of attack is indicated by the SIEM receiving alerts about SSL inspection proxy feeding events to a compromised system?

    <p>Spraying</p> Signup and view all the answers

    In the context provided, what type of attack involves an adversary brute-forcing logins based on a list of usernames with default passwords on an application?

    <p>Brute-force</p> Signup and view all the answers

    What cloud model provides clients with servers, storage, and networks only, without additional services?

    <p>IaaS</p> Signup and view all the answers

    Which cloud model would offer clients access to applications and services over the internet?

    <p>SaaS</p> Signup and view all the answers

    What would be the most suitable approach to meet network resiliency and uptime objectives when setting up a new datacenter?

    <p>Utilizing redundant hardware and network connections</p> Signup and view all the answers

    If focusing on server redundancy and fault tolerance, which RAID level would be most appropriate for critical systems?

    <p>RAID 6</p> Signup and view all the answers

    What type of attack involves an attacker trying to guess passwords based on a common list of known credentials?

    <p>'Man-in-the-Middle'</p> Signup and view all the answers

    What is the primary purpose of obfuscation in software development?

    <p>To create code that is difficult for humans or computers to understand</p> Signup and view all the answers

    In the context of incident response, what is the significance of maintaining the chain of custody?

    <p>To ensure the integrity of the evidence and its admissibility in legal proceedings</p> Signup and view all the answers

    What is the primary purpose of a Faraday cage in the context of digital forensics?

    <p>To prevent external electromagnetic signals from interfering with the evidence</p> Signup and view all the answers

    What is the significance of the Recovery Point Objective (RPO) mentioned in the text?

    <p>It represents the maximum tolerable period of data loss in the event of a system failure</p> Signup and view all the answers

    Which of the following is a common technique used in password hashing to enhance security?

    <p>Adding a random string, known as a salt, to the password before hashing</p> Signup and view all the answers

    What is the primary purpose of incremental backups in a backup strategy?

    <p>To capture only the changes made since the last full backup</p> Signup and view all the answers

    What is the MOST likely type of firewall technology used in the provided configurations, based on the rules specifying protocols like HTTP, HTTPS, and SSH?

    <p>Application-level gateway (proxy firewall)</p> Signup and view all the answers

    In the context of software development, what is the primary benefit of implementing continuous integration practices?

    <p>To ensure code changes from multiple team members are integrated frequently</p> Signup and view all the answers

    To prevent other devices from directly accessing a laptop, which two technologies would be MOST effective?

    <p>Trusted Platform Module and full disk encryption</p> Signup and view all the answers

    When implementing MFA for applications storing sensitive data, which technology should be used to ensure non-disruptive and user-friendly access?

    <p>Hardware authentication</p> Signup and view all the answers

    After a worm incident, what is the BEST recommendation to mitigate similar incidents in the future?

    <p>Segment the network with firewalls</p> Signup and view all the answers

    For a BYOD policy, what comprehensive solution would BEST protect company information on user devices?

    <p>Mobile device management</p> Signup and view all the answers

    Which combination of technologies would be LEAST effective in preventing direct access to a laptop from other devices on the network?

    <p>DLP solution and VPN</p> Signup and view all the answers

    What would be the preferred technology for MFA implementation with minimal user disruption and maximum usability?

    <p>Push notifications</p> Signup and view all the answers

    In a BYOD environment, which solution would provide the MOST comprehensive protection for company data on user devices?

    <p>Mobile device management</p> Signup and view all the answers

    For preventing large-scale network infections like the worm incident, what strategy would be the MOST effective to limit proliferation?

    <p>Segmenting the network with firewalls</p> Signup and view all the answers

    Based on the provided text, what type of attack involves an attacker brute forcing logins based on a list of usernames with default passwords?

    <p>Spraying</p> Signup and view all the answers

    In the context of the domain controller events described in the text, what attack type involves capturing user credentials by deceptive methods?

    <p>Credential harvesting</p> Signup and view all the answers

    What cloud model provides clients with servers, storage, and networks but does not include application software or databases?

    <p>IaaS</p> Signup and view all the answers

    In the scenario provided, what is the best way to achieve resiliency and uptime in a new datacenter?

    <p>Employing redundant power supplies and cooling systems</p> Signup and view all the answers

    Which attack type aims to gain unauthorized access by trying multiple username and password combinations?

    <p>Brute-force</p> Signup and view all the answers

    What security concern is associated with insecure credit card processing by payment providers?

    <p>Man-in-the-middle attacks</p> Signup and view all the answers

    If an adversary establishes a presence on the guest WiFi network, what type of attack could they potentially execute?

    <p>Man-in-the-middle (MitM)</p> Signup and view all the answers

    What type of attack involves capturing keystrokes on an infected system?

    <p>Keylogger</p> Signup and view all the answers

    What is the BEST way for the analyst to meet the business requirements regarding backups?

    <p>Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly</p> Signup and view all the answers

    Which technique is used to protect the security of passwords stored in a database?

    <p>Implement salting and hashing</p> Signup and view all the answers

    What is the purpose of adding random data, known as a 'salt,' to each password before it is hashed?

    <p>To enhance the security of hashed passwords</p> Signup and view all the answers

    In the event of another data exfiltration, which action would help mitigate the damage done?

    <p>Encrypting sensitive data at rest</p> Signup and view all the answers

    What would be a measure to enhance security after a username and password database leak?

    <p>Implementing multi-factor authentication for all users</p> Signup and view all the answers

    Which action can help prevent unauthorized access to leaked username and password databases?

    <p>Integrating CAPTCHA challenges into login screens</p> Signup and view all the answers

    What measure could be taken at the application level to mitigate data exfiltration risks?

    <p>Implementing secure coding practices during application development</p> Signup and view all the answers

    'Salting' passwords before hashing adds what type of element to enhance security?

    <p>'Salted' passwords are resistant to rainbow table attacks</p> Signup and view all the answers

    What is the primary focus of preventative controls like encryption and firewalls?

    <p>Thwarting unauthorized access</p> Signup and view all the answers

    In the context of security vulnerabilities, what is a likely outcome of exploiting a buffer-overrun vulnerability in an application?

    <p>Arbitrary code execution</p> Signup and view all the answers

    Which security threat involves the manipulation of individuals to obtain confidential information, as seen in the scenario involving the company president and a reporter?

    <p>Social engineering</p> Signup and view all the answers

    What does federated access management involve, as exemplified by using a popular website login to access another website?

    <p>Using website login for access delegation</p> Signup and view all the answers

    In a situation where a network is under attack and more information is needed, what would be the most appropriate course of action for the security administrator?

    <p>Gather more data on the attacks being used</p> Signup and view all the answers

    What is the main aim of policies and standards within an organization's security framework?

    <p>Ensuring procedural compliance</p> Signup and view all the answers

    When considering access control mechanisms, what is a primary role of encryption in securing data?

    <p>Preventing unauthorized access to sensitive information</p> Signup and view all the answers

    How does passive reconnaissance differ from phishing in terms of security threats?

    <p>Passive reconnaissance targets personal history</p> Signup and view all the answers

    What is the primary purpose of a smart switch's ability to monitor electrical levels and shut off power in the event of a power surge or fault situation?

    <p>To prevent damage to sensitive equipment and potential data loss</p> Signup and view all the answers

    Why was the smart switch isolated on a separate VLAN by the security administrator?

    <p>To prevent unauthorized access and potential attacks on the switch</p> Signup and view all the answers

    What is the purpose of setting up a patch routine for the smart switch?

    <p>To regularly update the switch firmware and address security vulnerabilities</p> Signup and view all the answers

    Which additional step should be taken to harden the security of the smart switch?

    <p>Change the default password for the switch to a strong, unique password</p> Signup and view all the answers

    In the context of deploying application patches, what is the best approach to ensure minimal disruption and risk?

    <p>Apply patches to a testing environment, then a staging environment, and finally to production systems</p> Signup and view all the answers

    What is the primary purpose of enhancing multi-factor authentication (MFA) access to sensitive areas in a building?

    <p>To improve physical security by requiring multiple forms of authentication</p> Signup and view all the answers

    Why is it important for an organization considering a Security Orchestration, Automation, and Response (SOAR) implementation to already have a Security Operations Center (SOC)?

    <p>A SOC is a prerequisite for effectively utilizing a SOAR system's capabilities</p> Signup and view all the answers

    What is the primary function of a stateful inspection firewall?

    <p>To monitor and control the state of network connections and associated data flows</p> Signup and view all the answers

    What security principle focuses on providing users with only the permissions they need to perform their job tasks?

    <p>Least privilege</p> Signup and view all the answers

    Which of the following is NOT a common method for enhancing cybersecurity within an organization?

    <p>Pivoting</p> Signup and view all the answers

    In the context of network security, what role involves dividing tasks among multiple individuals to prevent any single person from having too much control?

    <p>Mandatory vacation</p> Signup and view all the answers

    What technique involves testing internal structures, code, and protocols to identify vulnerabilities within a system?

    <p>Footprinting</p> Signup and view all the answers

    Which security measure is implemented to ensure that only authorized traffic is allowed to pass through a network device based on specific rules?

    <p>Least privilege</p> Signup and view all the answers

    What does a network scan revealing open ports, protocols, and services exposed on the target host indicate?

    <p>Valid credentials used</p> Signup and view all the answers

    What is the primary responsibility of a data custodian in an organization?

    <p>Maintaining the chain of custody</p> Signup and view all the answers

    For a solution to restrict guest access to the Internet but not the internal network, which security measure should be implemented?

    <p>Stateful firewall</p> Signup and view all the answers

    What is the main focus of least privilege principle in cybersecurity?

    <p>Minimizing user privileges</p> Signup and view all the answers

    In the context of cybersecurity, what is the primary purpose of white-box testing?

    <p>Identifying system vulnerabilities</p> Signup and view all the answers

    According to the firewall configurations, which principle is being followed for HTTP and HTTPS traffic to 10.0.1.1/24 and 192.168.0.1/24?

    <p>Least privilege</p> Signup and view all the answers

    Which type of testing would be most effective in identifying vulnerabilities within the firewall configurations?

    <p>White-box testing</p> Signup and view all the answers

    What would be the most effective way to ensure that employees understand the importance of the firewall configurations?

    <p>Conducting awareness training</p> Signup and view all the answers

    Based on the firewall configurations, which principle is being followed for SSH access to 10.0.1.1/24 and 192.168.0.1/24?

    <p>Least privilege</p> Signup and view all the answers

    Which type of testing would be most effective in identifying vulnerabilities within the firewall configurations' implementation?

    <p>System testing</p> Signup and view all the answers

    Which principle ensures that users are granted only the minimum access rights necessary to perform their job functions?

    <p>Least privilege</p> Signup and view all the answers

    What type of testing involves analyzing the internal structure and workings of an application?

    <p>White-box testing</p> Signup and view all the answers

    Which of the following firewall rules would allow HTTP traffic from any source IP to the 10.0.1.1/24 subnet?

    <p>'ANY - 10.0.1.1/24 - HTTP - PERMIT'</p> Signup and view all the answers

    What type of security training aims to increase awareness about potential threats and best practices among employees?

    <p>Awareness training</p> Signup and view all the answers

    Which principle involves dividing critical tasks and responsibilities among multiple individuals to prevent fraud or errors?

    <p>Separation of duties</p> Signup and view all the answers

    Which of the following firewall rules would allow only SSH connections from any IP address to the 10.0.0.1/24 network?

    <p>ANY - 10.0.0.1/24 - SSH - PERMIT</p> Signup and view all the answers

    Which of the following actions is an example of separation of duties in the context of firewall configuration?

    <p>Assigning different teams to configure rules for different networks</p> Signup and view all the answers

    Which of the following is the BEST approach to raise awareness about potential social engineering attacks, such as impersonation attempts?

    <p>Conducting regular awareness training sessions for employees</p> Signup and view all the answers

    In the context of software development, what is the primary purpose of white-box testing?

    <p>To analyze and test the internal structure and code of the software</p> Signup and view all the answers

    Which of the following firewall rules would DENY HTTP connections from any IP address to the 10.0.0.1/24 network?

    <p>ANY - 10.0.0.1/24 - HTTP - DENY</p> Signup and view all the answers

    Which principle promotes assigning the minimum required permissions to perform a task?

    <p>Least privilege</p> Signup and view all the answers

    What type of security training aims to educate employees about potential threats and best practices?

    <p>Awareness training</p> Signup and view all the answers

    Which testing approach involves analyzing the internal structure and code of an application?

    <p>White-box testing</p> Signup and view all the answers

    According to the firewall configurations, which IP range is allowed to establish SSH connections?

    <p>10.0.1.1/24</p> Signup and view all the answers

    Which principle aims to distribute critical tasks and responsibilities among multiple individuals or roles?

    <p>Separation of duties</p> Signup and view all the answers

    What is the MOST effective method to further mitigate the reported vulnerability?

    <p>Enforcing an IP whitelist</p> Signup and view all the answers

    What is the main security concern when an organization hosts its web application and database in the cloud?

    <p>The cloud vendor becomes a new attack vector within the supply chain</p> Signup and view all the answers

    What attack is MOST likely happening based on the Wireshark output provided?

    <p>Evil twin attack</p> Signup and view all the answers

    Which action best aligns with the principle of Least Privilege in security?

    <p>Implementing strict role-based access control</p> Signup and view all the answers

    How does Separation of Duties enhance security?

    <p>By dividing tasks among multiple individuals to prevent abuse of power</p> Signup and view all the answers

    What is a key benefit of Employee Awareness Training for cybersecurity?

    <p>Enhancing employees' ability to detect and report security incidents</p> Signup and view all the answers

    How does White-box Testing contribute to software security?

    <p>By comprehensively assessing internal code structures and logic</p> Signup and view all the answers

    In firewall configurations, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule signify?

    <p>'ANY' traffic from 10.0.0.1/24 subnet over HTTPS is permitted</p> Signup and view all the answers

    Which architecture configuration is NOT recommended for the organization?

    <p>Host the web server and the file servers in a DMZ</p> Signup and view all the answers

    What does the ability of code to target a hypervisor from inside a guest OS describe?

    <p>VM escape</p> Signup and view all the answers

    Which control type is represented when a company posts a sign indicating video surveillance in its server room?

    <p>Deterrent</p> Signup and view all the answers

    In the scenario described, which type of attack does the situation BEST correspond to?

    <p>Denial of Service (DoS)</p> Signup and view all the answers

    What is the primary purpose of using steganography?

    <p>To obfuscate or conceal information</p> Signup and view all the answers

    Which option would most effectively protect against data exfiltration via removable media?

    <p>Blocking removable media devices and write capabilities using host-based security tools</p> Signup and view all the answers

    After resetting all user credentials due to a data breach, what is the BEST approach for an e-commerce site to ensure users are not compromised again?

    <p>Implement strong password policies and multi-factor authentication</p> Signup and view all the answers

    Which of the following is a potential drawback of using incremental backups?

    <p>Inability to restore data to a specific point in time</p> Signup and view all the answers

    What is the primary responsibility of a data owner?

    <p>Defining and enforcing data access policies</p> Signup and view all the answers

    Which principle aims to distribute critical tasks and responsibilities among multiple individuals or roles?

    <p>Separation of duties</p> Signup and view all the answers

    In the context of cybersecurity, what is the primary purpose of white-box testing?

    <p>To analyze the internal structure and code of an application for vulnerabilities</p> Signup and view all the answers

    What type of security training aims to increase awareness about potential threats and best practices among employees?

    <p>Security awareness training</p> Signup and view all the answers

    What is the primary purpose of implementing a Security Information and Event Management (SIEM) solution?

    <p>To detect and respond to security incidents in real-time</p> Signup and view all the answers

    Which technology is designed to inspect traffic and block malicious payloads before they reach web applications?

    <p>Web application firewall</p> Signup and view all the answers

    In the context of incident response, what is the purpose of having well-defined playbooks?

    <p>To provide step-by-step guidance for responding to various types of security incidents</p> Signup and view all the answers

    Which combination of technologies would be most effective in ensuring high availability and fault tolerance for an organization's point-of-sale systems?

    <p>Load balancing and NIC teaming</p> Signup and view all the answers

    During a cybersecurity incident, what is the primary objective of removing infected devices from the network and locking down compromised accounts?

    <p>To prevent further spread of the malware</p> Signup and view all the answers

    What is the purpose of implementing network segmentation and dividing the network into trusted and untrusted zones?

    <p>To limit the potential impact of a security breach</p> Signup and view all the answers

    Which technology is designed to scan systems and applications for known vulnerabilities?

    <p>Vulnerability scanner</p> Signup and view all the answers

    What is the primary purpose of implementing a next-generation firewall (NGFW)?

    <p>To provide advanced threat detection and prevention capabilities</p> Signup and view all the answers

    What is the most likely explanation for the end users downloading suspicious .tar.gz files containing PE32 executables, after clicking on an infected email attachment?

    <p>A remote access trojan (RAT) was installed for further exploitation.</p> Signup and view all the answers

    An organization is developing a comprehensive plan to recover from a catastrophic event resulting in complete data loss. Which plan is being developed?

    <p>Disaster recovery plan</p> Signup and view all the answers

    What is the primary purpose of maintaining a risk register?

    <p>To track and prioritize identified risks for mitigation.</p> Signup and view all the answers

    Which security principle aims to prevent any single individual from having excessive system privileges or control?

    <p>Separation of duties</p> Signup and view all the answers

    What is the primary benefit of providing cybersecurity awareness training to employees?

    <p>Educating users on potential threats and best practices.</p> Signup and view all the answers

    In a scenario where a network is under active attack, what would be the most appropriate initial action for the security administrator?

    <p>Initiate incident response procedures and gather forensic data.</p> Signup and view all the answers

    What is a primary security concern for a CIO when employees use mobile devices to access corporate data while traveling?

    <p>Potential loss or theft of the mobile devices.</p> Signup and view all the answers

    Which RAID configuration provides fault tolerance by allowing multiple disk failures without data loss?

    <p>RAID 6</p> Signup and view all the answers

    What is the purpose of the EAP protocol in wireless networks?

    <p>To authenticate wireless clients and enforce access control</p> Signup and view all the answers

    Which of the following EAP types is supported by the Wi-Fi Alliance for WPA/WPA2/WPA3?

    <p>EAP-PEAP</p> Signup and view all the answers

    What is the purpose of an NDA (Non-Disclosure Agreement)?

    <p>To protect confidential information from being disclosed</p> Signup and view all the answers

    Which of the following would be the BEST choice for establishing responsibilities between cooperating organizations without a binding contract?

    <p>A Memorandum of Understanding (MOU)</p> Signup and view all the answers

    Which of the following is a potential source for checking if stolen personal information is being sold?

    <p>Dark web marketplaces</p> Signup and view all the answers

    What is the purpose of the EAP-FAST protocol in wireless networks?

    <p>To establish a secure tunnel for authentication credentials</p> Signup and view all the answers

    Which type of firewall technology is typically used to enforce rules based on protocols like HTTP, HTTPS, and SSH?

    <p>Application-level gateway firewall</p> Signup and view all the answers

    What is the purpose of implementing RAID 6 in a server environment?

    <p>To provide fault tolerance against two simultaneous disk failures</p> Signup and view all the answers

    What is the primary purpose of a symmetric encryption algorithm?

    <p>Protecting large amounts of data</p> Signup and view all the answers

    In a scenario where a company has limited storage space and needs a fast database restore time, what backup methodology should be implemented?

    <p>Full backups on Sundays and nightly differential backups</p> Signup and view all the answers

    Which authentication method would add an additional factor to the existing key card and fingerprint scan?

    <p>Keypad PIN</p> Signup and view all the answers

    What would be the ideal use case for a symmetric encryption algorithm?

    <p>Protecting large amounts of data</p> Signup and view all the answers

    Which backup strategy would allow for the fastest database restore time in case of a failure while considering limited storage space?

    <p>Full backups on Sundays with nightly differentials</p> Signup and view all the answers

    What is the main reason for keeping a close eye on domains and services in relation to the DNS?

    <p>To detect and respond to malicious attacks targeting the DNS</p> Signup and view all the answers

    Which of the following best describes the zero-day exploit mentioned in the text?

    <p>It utilizes an unknown vulnerability in the SMB protocol</p> Signup and view all the answers

    Which action would be most effective in preventing the SMB-based attack from reoccurring?

    <p>Configuring the firewall to deny inbound SMB connections</p> Signup and view all the answers

    What type of attack is described in the email Joe received?

    <p>Phishing</p> Signup and view all the answers

    Which of the following is a common technique used by phishing emails?

    <p>Impersonating legitimate organizations</p> Signup and view all the answers

    What is a potential consequence of falling victim to the phishing email Joe received?

    <p>Identity theft</p> Signup and view all the answers

    Which of the following is an effective countermeasure against phishing attacks?

    <p>Conducting regular security awareness training</p> Signup and view all the answers

    What is a common goal of phishing attacks like the one targeting Joe?

    <p>Obtaining sensitive information or credentials</p> Signup and view all the answers

    What does the acronym ONER stand for in the context of the text?

    <p>Obfuscation Normalization Execution Reuse</p> Signup and view all the answers

    What is the primary purpose of obfuscation in software development?

    <p>To make the code difficult for humans or computers to understand</p> Signup and view all the answers

    When collecting a mobile device during an investigation, which action should be taken to maintain the chain of custody?

    <p>Document the collection and require a sign-off when possession changes</p> Signup and view all the answers

    What is the Recovery Point Objective (RPO) for the critical system mentioned in the text?

    <p>2 hours</p> Signup and view all the answers

    What is the purpose of a Faraday cage in digital forensics?

    <p>To prevent data corruption by blocking electromagnetic interference</p> Signup and view all the answers

    Which of the following is NOT a common technique for obfuscating code?

    <p>Optimizing the code for better performance</p> Signup and view all the answers

    What is the primary purpose of a risk register?

    <p>To document and track identified risks in an organization</p> Signup and view all the answers

    What is the purpose of using a salt in password hashing?

    <p>To increase the complexity of the password hash</p> Signup and view all the answers

    Which of the following options would be most effective in addressing the CEO's concern about staff members potentially working from high-risk countries while on holidays?

    <p>Implement geolocation restrictions</p> Signup and view all the answers

    What is the primary purpose of implementing time-of-day restrictions in this scenario?

    <p>To prevent staff from working in different time zones</p> Signup and view all the answers

    Which of the following options would be least effective in addressing the CEO's concern?

    <p>Implementing role-based access controls</p> Signup and view all the answers

    Which of the following is a potential advantage of using geolocation restrictions?

    <p>Increased security by preventing access from high-risk locations</p> Signup and view all the answers

    In the context of the DLP solution implementation, what is the purpose of assigning different DLP rules based on the type of data hosted on the file server?

    <p>To prioritize the protection of certain data types over others</p> Signup and view all the answers

    Which of the following data types would likely require the strictest DLP rules in this scenario?

    <p>Health information</p> Signup and view all the answers

    What is a potential benefit of implementing a DLP solution on the file server?

    <p>Enhanced data security and compliance</p> Signup and view all the answers

    Which of the following is a potential challenge in implementing a DLP solution?

    <p>Difficulty in identifying and classifying sensitive data</p> Signup and view all the answers

    What is the primary purpose of salting passwords before hashing them?

    <p>To add randomness and uniqueness to each password hash</p> Signup and view all the answers

    Which backup strategy would be the best choice to meet the business requirements of performing full backups weekly and minimizing downtime?

    <p>Incremental backups Monday through Friday at 6:00 PM and differential backups hourly</p> Signup and view all the answers

    What is the primary advantage of using a stateful inspection firewall over a traditional packet-filtering firewall?

    <p>It can track and maintain the state of network connections</p> Signup and view all the answers

    In the context of firewall configurations, what does the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' signify?

    <p>It denies HTTP traffic from any IP address to the 10.0.1.1/24 network</p> Signup and view all the answers

    What is the primary responsibility of a data custodian in an organization?

    <p>Managing and maintaining the organization's data assets</p> Signup and view all the answers

    Which of the following actions is an example of separation of duties in the context of firewall configuration?

    <p>Dividing the tasks of creating, modifying, and reviewing firewall rules among different individuals</p> Signup and view all the answers

    What is the primary purpose of white-box testing in the context of cybersecurity?

    <p>To analyze the internal structure and code of an application to identify vulnerabilities</p> Signup and view all the answers

    What type of attack is indicated by the SIEM receiving alerts about SSL inspection proxy feeding events to a compromised system?

    <p>Man-in-the-Middle (MitM) attack</p> Signup and view all the answers

    What is the analyst testing by sending a link with a different sessionID in the URL to an internal user?

    <p>Session fixation attack</p> Signup and view all the answers

    What security measure would be achieved by segmenting the network into trusted and untrusted zones?

    <p>Preventing lateral movement of threats</p> Signup and view all the answers

    What should an organization focus on when enforcing application whitelisting?

    <p>Restricting execution to a predefined set of approved applications</p> Signup and view all the answers

    What is a critical step in developing an incident response plan?

    <p>Identifying potential risks and vulnerabilities</p> Signup and view all the answers

    Which type of security training is most likely to educate employees about phishing attempts and social engineering tactics?

    <p>Awareness training</p> Signup and view all the answers

    Why would implementing Data Loss Prevention (DLP) at the network boundary be beneficial?

    <p>To monitor and prevent data leakage</p> Signup and view all the answers

    In the context of cybersecurity, what does 'running a simulation exercise' typically involve?

    <p>Testing incident response procedures in a controlled environment</p> Signup and view all the answers

    What would be a primary goal in creating a new acceptable use policy after a security breach involving banking credentials?

    <p>Defining clear guidelines for acceptable technology usage</p> Signup and view all the answers

    What is the likely reason why end users are suddenly downloading files with the.tar.gz extension?

    <p>A Remote Access Trojan (RAT) was installed and is transferring exploit tools.</p> Signup and view all the answers

    In the event of a complete loss of critical systems and data, what type of plan would an organization most likely be developing?

    <p>Disaster recovery plan</p> Signup and view all the answers

    What is the primary purpose of a risk register?

    <p>To document identified risks and proposed responses</p> Signup and view all the answers

    Why did the end users' workstations start beaconing to a command-and-control server?

    <p>Following the installation of a Remote Access Trojan (RAT)</p> Signup and view all the answers

    What could the organization be developing if they are planning for data retention?

    <p>Data backup procedures</p> Signup and view all the answers

    If an organization is prioritizing communications planning, what are they likely preparing for?

    <p>Handling incidents as they occur</p> Signup and view all the answers

    What should be the primary focus of an organization's incident response plan?

    <p>Restoring service after a disruptive event</p> Signup and view all the answers

    If an organization is regularly updating their disaster recovery plan, what is their main goal?

    <p>Ensuring quick resumption of critical operations</p> Signup and view all the answers

    What is the BEST way to protect a cellular phone that is needed for an investigation to ensure data will not be removed remotely?

    <p>Faraday cage</p> Signup and view all the answers

    What is the BEST way to prevent the zero-day exploit utilizing the SMB network protocol described in the text?

    <p>Configuring computers to install monthly operating system updates automatically</p> Signup and view all the answers

    Which of the following is the PRIMARY motivation for a script kiddie threat actor?

    <p>Notoriety</p> Signup and view all the answers

    Which term refers to the type of email scam described where personal information is requested under false pretenses?

    <p>Phishing</p> Signup and view all the answers

    What is the type of threat the organization faces when cracks in the walls of the server room have caused extreme humidification and equipment failure?

    <p>Foundational</p> Signup and view all the answers

    How can an organization prevent ransomware attacks like the one described in the text?

    <p>Implementing regular backups of critical data</p> Signup and view all the answers

    Which of the following describes the process of moving laterally within a network after gaining initial access for establishing further control?

    <p>Pivoting</p> Signup and view all the answers

    What action would be MOST effective in mitigating the risk posed by emails similar to the one received by Joe in the text?

    <p>Implementing email filtering to block suspicious messages</p> Signup and view all the answers

    What should a company use to modify an XSS vulnerability signature to TCP reset on future attempts?

    <p>3DES</p> Signup and view all the answers

    What security measure is crucial in preventing unauthorized access to shared network folders?

    <p>Implementing strong password policies</p> Signup and view all the answers

    Which encryption algorithms require only one encryption key?

    <p>3DES and DSA</p> Signup and view all the answers

    What should an organization focus on to improve its endpoint security against evolving threats?

    <p>Regularly updating antivirus definitions</p> Signup and view all the answers

    What is the MOST effective solution to implement for protecting against video emissions from users' desktops?

    <p>Radio frequency shielding</p> Signup and view all the answers

    Which practice would NOT enhance network security according to the text?

    <p>Leaving default passwords unchanged on all devices</p> Signup and view all the answers

    How can organizations protect themselves from lottery-themed phishing emails similar to the one received by Joe?

    <p>Providing regular security awareness training for employees</p> Signup and view all the answers

    What is the primary purpose of encrypting data using asymmetric encryption?

    <p>To allow secure communication between multiple parties without sharing a secret key</p> Signup and view all the answers

    Which of the following standards or frameworks is specifically focused on personal data protection and privacy?

    <p>GDPR (General Data Protection Regulation)</p> Signup and view all the answers

    What is the primary security concern associated with 'Shadow IT'?

    <p>The deployment of unauthorized systems or devices on the network</p> Signup and view all the answers

    What is the primary obligation of a cyber-threat intelligence organization before releasing threat intelligence to subscribers?

    <p>Anonymize any personally identifiable information (PII) observed in the threat data</p> Signup and view all the answers

    Which cryptographic technique is used to protect passwords against unauthorized access?

    <p>Salting and hashing</p> Signup and view all the answers

    What is the primary purpose of setting up a patch routine for a smart switch?

    <p>To address vulnerabilities and security flaws by applying software updates from the vendor</p> Signup and view all the answers

    What is the primary responsibility of a data owner in an organization?

    <p>Classifying data based on sensitivity and risk</p> Signup and view all the answers

    What is the primary purpose of separating duties in the context of firewall configuration?

    <p>To ensure that no single individual has complete control over the firewall configuration</p> Signup and view all the answers

    What type of attack is characterized by an email urging the CEO to update account credentials by clicking on a link?

    <p>Whaling</p> Signup and view all the answers

    What type of malware typically encrypts files and demands payment in exchange for decryption?

    <p>Ransomware</p> Signup and view all the answers

    Which protocol is best suited for authenticating clients securely with mutual authentication, SSO, and smart card logons?

    <p>Implement Kerberos</p> Signup and view all the answers

    What method do internal security teams commonly use to evaluate the security of internally developed applications?

    <p>Penetration testing</p> Signup and view all the answers

    In the context of cybersecurity, what is the role of a Chief Executive Officer (CEO) in an organization?

    <p>Ensure compliance with security policies</p> Signup and view all the answers

    What is a common feature of adware that distinguishes it from other types of malware?

    <p>Generates unwanted advertisements</p> Signup and view all the answers

    What distinguishes a botnet attack from other types of cyber threats?

    <p>Compromises multiple devices for coordinated attacks</p> Signup and view all the answers

    Which security measure can help prevent unauthorized access to shared network folders?

    <p>Employing role-based access control (RBAC)</p> Signup and view all the answers

    What should be the immediate NEXT step the technician takes upon discovering a crypto-virus infection on the workstation?

    <p>Determine the source of the virus that has infected the workstation</p> Signup and view all the answers

    Which method would BEST reduce the restoration time of physical servers according to Joe, the backup administrator?

    <p>Differential</p> Signup and view all the answers

    To comply with new requirements mandating AES encryption, which setting would BEST meet the company’s wireless configuration needs?

    <p>Configure CCMP</p> Signup and view all the answers

    What sets ARP poisoning apart from a MAC spoofing attack?

    <p>ARP poisoning uses unsolicited ARP replies</p> Signup and view all the answers

    What does the download page allow users to view for the available files when a network administrator is downloading software for the organization’s core switch?

    <p>Checksum values</p> Signup and view all the answers

    During restoration of physical servers, which backup method stores only changes made since the last full backup?

    <p>Incremental</p> Signup and view all the answers

    What is the main aim of Joe, the backup administrator, implementing a solution to reduce restoration time for physical servers?

    <p>Minimize data loss in case of server failures</p> Signup and view all the answers

    What distinguishes ARP poisoning from MAC spoofing attacks in terms of their impact on network devices?

    <p>ARP poisoning disrupts network communication by associating incorrect IP-MAC mappings.</p> Signup and view all the answers

    Why might an application team take a VM snapshot before applying patches in the production environment?

    <p>To quickly restore the application to a previous working condition if the patch fails</p> Signup and view all the answers

    What is the most likely outcome when a penetration tester obtains valid basic user credentials from a compromised computer?

    <p>Lateral movement</p> Signup and view all the answers

    In a cloud deployment model where a company maintains full control over deployment and access, what type of model is being followed?

    <p>Private cloud</p> Signup and view all the answers

    What is the primary purpose of implementing an active/passive high availability solution?

    <p>To quickly switch to a backup server if the primary server fails</p> Signup and view all the answers

    If an organization wants to move all services and applications to a cloud provider while maintaining full control, what type of deployment model should they opt for?

    <p>Private cloud</p> Signup and view all the answers

    What is the MAIN reason behind deploying multiple web servers and implementing a load balancer?

    <p>To distribute traffic evenly and enhance reliability</p> Signup and view all the answers

    Why is it essential for an application team to increase the capacity of the perimeter router?

    <p>To improve network performance and handle increased traffic loads</p> Signup and view all the answers

    What is the primary role of implementing a forwarding proxy along with URL filtering for an organization's applications?

    <p>To provide an additional layer of security and control over web traffic</p> Signup and view all the answers

    What is the most likely method used to gain access to the other host?

    <p>Pivoting</p> Signup and view all the answers

    Which method should the technician use to ensure confidential data from storage media is sanitized?

    <p>Wiping</p> Signup and view all the answers

    Which type of malware is most likely present in the environment, given that each malware binary has a different hash?

    <p>Polymorphic worm</p> Signup and view all the answers

    Which compensating control will best reduce the risk of weak passwords?

    <p>Requiring the use of one-time tokens</p> Signup and view all the answers

    Which of the following best represents what compromised the machine?

    <p>Ransomware</p> Signup and view all the answers

    Which of the following methods should be used to securely wipe a storage device before reusing it?

    <p>Overwriting the data with random patterns</p> Signup and view all the answers

    What is the most likely type of malware present in the environment, given that each sample has a different hash?

    <p>Polymorphic virus</p> Signup and view all the answers

    Which compensating control would be most effective in reducing the risk of weak passwords?

    <p>Requiring the use of one-time tokens</p> Signup and view all the answers

    Based on the information provided, what type of service is being requested?

    <p>LDAPS (Lightweight Directory Access Protocol over SSL)</p> Signup and view all the answers

    What metric is the security consultant gathering information about?

    <p>Annualized Loss Expectancy (ALE)</p> Signup and view all the answers

    What is the most likely cause of the user's inability to connect to the corporate resources using the web-based VPN?

    <p>The certificate used for the VPN connection has expired</p> Signup and view all the answers

    Which cloud computing model is the organization considering based on the information provided?

    <p>Infrastructure as a Service (IaaS)</p> Signup and view all the answers

    Which authentication factor would satisfy the request for three-factor authentication in addition to fingerprints and passwords?

    <p>Security token</p> Signup and view all the answers

    What is the purpose of salting a password before hashing it?

    <p>To ensure that each user's password hash is unique</p> Signup and view all the answers

    What is the primary responsibility of a data owner in an organization?

    <p>Ensuring the confidentiality, integrity, and availability of data</p> Signup and view all the answers

    Which type of firewall technology is most likely being used based on the rules specifying protocols like HTTP, HTTPS, and SSH?

    <p>Stateful inspection firewall</p> Signup and view all the answers

    What is a key difference between ARP poisoning and IP spoofing attacks?

    <p>ARP poisoning allows attackers to intercept traffic by associating a different MAC address with an IP address, while IP spoofing involves forging the source IP address of packets.</p> Signup and view all the answers

    How does IGMP snooping enhance network security in the context of broadcast traffic?

    <p>It limits the forwarding of multicast traffic to only the intended recipients, preventing unnecessary network congestion.</p> Signup and view all the answers

    Which technique is commonly used to protect networks from SYN flooding attacks?

    <p>Employing Rate Limiting mechanisms to control the rate of incoming connection requests</p> Signup and view all the answers

    In the context of network security, what distinguishes IP spoofing from ARP poisoning?

    <p>IP spoofing forges legitimate IP addresses, while ARP poisoning associates incorrect MAC addresses with IP addresses.</p> Signup and view all the answers

    What is a distinguishing characteristic of ARP poisoning in comparison to MAC spoofing?

    <p>ARP poisoning involves sending unsolicited ARP replies to introduce incorrect MAC-IP associations.</p> Signup and view all the answers

    Which attack involves sending large volumes of packets with spoofed source IP addresses to overwhelm the target's resources?

    <p>SYN flooding</p> Signup and view all the answers

    What type of attack deceives network devices by sending falsified ARP messages?

    <p>ARP poisoning</p> Signup and view all the answers

    Which attack technique allows an attacker to capture or modify data packets in a switched network?

    <p>IGMP snooping</p> Signup and view all the answers

    What type of attack involves sending IP packets with a forged source address to conceal the sender's identity?

    <p>IP spoofing</p> Signup and view all the answers

    In a switched network, which attack technique involves flooding the switch's MAC address table to redirect traffic to the attacker?

    <p>IGMP snooping</p> Signup and view all the answers

    What type of attack is indicated by the network administrator seeing checksum values for the YB_16.swi file?

    <p>IP spoofing</p> Signup and view all the answers

    Which action should the network administrator take if the downloaded file has a different hash from AA_15.swi?

    <p>Re-download the file and verify its integrity</p> Signup and view all the answers

    What can be inferred if the network administrator concludes that the downloaded file was only hashed with MD5?

    <p>The file has been corrupted or tampered with</p> Signup and view all the answers

    How can SYN flooding be mitigated to prevent network disruptions?

    <p>Set up SYN cookies to handle excessive connection requests</p> Signup and view all the answers

    What is the primary purpose of IP spoofing in a cyber attack scenario?

    <p>To impersonate a trusted IP address for malicious purposes</p> Signup and view all the answers

    In the context of the successful ARP cache poisoning attack mentioned, what type of attack was likely employed?

    <p>Man-in-the-middle</p> Signup and view all the answers

    Which technique could be used to mitigate ARP cache poisoning attacks on a switched network?

    <p>Implementing IGMP snooping</p> Signup and view all the answers

    What is the primary purpose of a SYN flooding attack?

    <p>Exhausting system resources</p> Signup and view all the answers

    Which technique can be used to prevent IP spoofing attacks?

    <p>Implementing egress filtering</p> Signup and view all the answers

    What is the primary goal of an IP spoofing attack?

    <p>Bypassing access controls</p> Signup and view all the answers

    Which technique is being used when an attacker sends spoofed ARP replies to trick hosts into associating the attacker's MAC address with the IP address of a legitimate host?

    <p>ARP spoofing</p> Signup and view all the answers

    Which attack vector involves an attacker sending a large number of IGMP join requests to overwhelm network switches, leading to a denial of service?

    <p>IGMP snooping attack</p> Signup and view all the answers

    What type of attack involves an attacker sending a large number of TCP SYN packets with spoofed IP addresses, overwhelming the target system with partially open connections?

    <p>SYN flooding</p> Signup and view all the answers

    Which technique involves an attacker sending IP packets with a forged source IP address to masquerade as a trusted host or to conceal the true source of the packets?

    <p>IP spoofing</p> Signup and view all the answers

    In the context of network security, what is the primary purpose of implementing IGMP snooping on network switches?

    <p>To optimize multicast traffic forwarding</p> Signup and view all the answers

    Which of the following techniques is used to redirect network traffic by falsely advertising itself as a legitimate gateway?

    <p>ARP poisoning</p> Signup and view all the answers

    What is the primary purpose of IGMP snooping in a network switch?

    <p>To optimize multicast traffic delivery</p> Signup and view all the answers

    In a SYN flooding attack, what is the primary goal of the attacker?

    <p>To exhaust the target's resources by sending numerous TCP connection requests</p> Signup and view all the answers

    Which of the following techniques involves masquerading as a trusted entity by using a falsified source IP address?

    <p>IP spoofing</p> Signup and view all the answers

    Which of the following countermeasures is effective against both ARP poisoning and IP spoofing attacks?

    <p>Implementing egress filtering on network routers</p> Signup and view all the answers

    Which technique involves an attacker sending spoofed ARP reply messages to redirect traffic through a malicious system?

    <p>ARP poisoning</p> Signup and view all the answers

    Which technique is used by network switches to prevent unauthorized systems from becoming members of a multicast group?

    <p>IGMP snooping</p> Signup and view all the answers

    Which type of attack involves an attacker sending a large number of TCP SYN requests to a target system, overwhelming its ability to handle legitimate connections?

    <p>SYN flooding</p> Signup and view all the answers

    Which technique involves an attacker modifying the source IP address of packets to make them appear as if they originated from a different system?

    <p>IP spoofing</p> Signup and view all the answers

    Which protocol is used by network switches to learn which ports are connected to which devices, and to forward traffic accordingly?

    <p>ARP</p> Signup and view all the answers

    Which type of attack involves an attacker sending a large number of IGMP join messages to overwhelm a network switch and force it to forward multicast traffic to all ports?

    <p>IGMP snooping</p> Signup and view all the answers

    Which layer of the OSI model does ARP operate at?

    <p>Data link layer</p> Signup and view all the answers

    Which protocol is used by hosts to join and leave multicast groups on a network?

    <p>IGMP</p> Signup and view all the answers

    Which technique can be used to mitigate SYN flooding attacks by enforcing a limit on the number of outstanding TCP connection requests?

    <p>SYN cookies</p> Signup and view all the answers

    Which type of attack can be mitigated by implementing ingress filtering at the network perimeter?

    <p>IP spoofing</p> Signup and view all the answers

    Study Notes

    Vulnerability Scanning

    • A network administrator was provided with a vulnerability scan output and needs to prioritize remediation efforts based on overall risk to the enterprise.
    • Plugin IDs 10, 11, 12, 13, and 14 were identified, but the administrator needs to prioritize remediation based on risk.

    RAID Configuration

    • A junior systems administrator removed a hard drive with a red error notification from a server room, unaware that the server was configured in an array.
    • To ensure no data is lost, the administrator should configure the server in RAID 1.

    Air Gap Security

    • An air gap is a network security measure that physically isolates a secure computer network from unsecured networks, such as the public Internet or an unsecured local area network.
    • This can be achieved by implementing a VLAN, NAT, or a firewall to isolate the network.

    Passwordless Authentication

    • A security engineer needs to set up passwordless authentication for the first time.
    • The engineer should use the minimum set of commands to set up passwordless authentication: ssh-keygen -t rsa, ssh-copy-id -i ~/.ssh/id_rsa.pub user@server, and ssh -i ~/.ssh/id_rsa user@server.

    Web Application Security

    • A WAF (Web Application Firewall) is used to protect sites on web servers that are publicly accessible.
    • It can be used to block traffic from unauthorized sources or to detect and prevent common web attacks.

    Network Architecture

    • A transitive trust is automatically established between a parent and a child domain.
    • It can be used to update DNS records and allow access to untrusted domains.

    SSH Authentication

    • A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication.
    • The administrator should change the default SSH port, enable TCP tunneling, and provide a pre-configured SSH client.

    Privilege Escalation

    • Improperly configured user accounts can lead to privilege escalation.
    • This can be prevented by configuring user accounts correctly and limiting access to sensitive areas of the system.

    Network Analysis

    • A security administrator receives alerts from the perimeter UTM and finds that an attacker is using a phishing attack to compromise user accounts.
    • The administrator should implement a host-based firewall rule to block future events of this type from occurring.

    Cloud Security

    • An organization has decided to host its web application and database in the cloud.
    • This decision raises security concerns, including access to the organization's servers being exposed to other cloud-provider clients and the cloud vendor being a new attack vector within the supply chain.

    Wireless Network Security

    • A user reports constant lag and performance issues with the wireless network when working at a local coffee shop.
    • The user's wireless network is likely being attacked using an Evil Twin attack, which can be mitigated by using Wireshark to analyze the network traffic and identifying the attacking device.

    Password Complexity

    • An organization requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol.
    • The organization's policy also prevents users from reusing passwords and enforces password complexity requirements.

    Incident Response

    • An organization's incident response team discovers that passwords for one system were compromised, and unusual login activity was detected for a separate system.
    • The incident response team should identify the source of the compromise and contain the incident to prevent further damage.

    Security Information and Event Management (SIEM)

    • A SIEM system is used to monitor and analyze security-related data from various sources.
    • It can be used to detect and respond to security incidents in real-time.### Security Measures
    • A CEO wants to implement flexible work-from-home arrangements during a pandemic or crisis, but is concerned about staff working from high-risk countries while on holidays.
    • The best ways to mitigate this risk are through geolocation and time-of-day restrictions.

    Data Loss Prevention (DLP)

    • A DLP solution is being implemented on a file server with PII, financial, and health information.
    • Different DLP rules will be assigned to different types of data based on its type and sensitivity.

    Continuous Integration

    • A development team uses continuous integration to bring all code changes into the same project through automation.
    • A tool is used to validate the code and track source code through version control.

    Disk Redundancy

    • A cybersecurity administrator needs to add disk redundancy to a critical server for better fault tolerance.
    • RAID 6 is the best option, as it can withstand two disk failures simultaneously.

    Deception Techniques

    • A server administrator places a "password.txt" file on a server to attract the attention of a cyberintruder.
    • This is a honeyfile or deception technique.

    Firewalls

    • A firewall is used to control incoming and outgoing network traffic based on predetermined security rules.
    • A WAF (Web Application Firewall) is the best option to protect publicly accessible websites.

    Authentication

    • A systems administrator wants to disable username and password authentication for SSH and enforce key-based authentication instead.
    • To do this, they should disable username and password authentication and enable key-based authentication in the sshd.conf file.

    Network Mapping

    • Footprinting is the best method for creating a detailed diagram of wireless access points and hotspots.

    Wireless Networking

    • A company needs to allow guests to access the Internet via WiFi without allowing access to the internal corporate network.
    • A captive portal should be employed to require guests to sign off on the acceptable use policy before accessing the Internet.

    Privilege Escalation

    • Improperly configured user accounts can lead to privilege escalation.
    • This is a common security threat that can be mitigated through proper user account configuration.

    Video Emissions

    • Screen filters are the best solution to implement to reduce video emissions from users' desktops.

    Phishing

    • A security administrator receives an alert from a UTM (Unified Threat Management) system and finds a phishing email attempting to trick users into clicking on a malicious link.

    Cloud Security

    • Hosting a web application and database in the cloud introduces new security concerns, such as exposure to other cloud-provider clients.
    • The cloud vendor is a new attack vector within the supply chain.

    Wireless Attacks

    • An evil twin attack is a type of wireless attack where an attacker sets up a rogue access point to intercept user data.
    • This can be detected through Wireshark packet analysis.

    Data Classification

    • Data classification is a crucial aspect of data security, as it helps to determine the level of protection required for each data asset.
    • A data classification schema is used to tag data assets based on their level of confidentiality.

    Masking

    • Data masking is a technique used to protect sensitive data by hiding it from unauthorized users.
    • It is commonly used to protect personally identifiable information (PII) and sensitive personal data.

    User Accounts

    • Improperly configured user accounts can lead to privilege escalation and other security threats.
    • Proper user account configuration is essential to preventing these types of threats.

    Social Engineering

    • Spear phishing is a type of social engineering attack where an attacker targets a specific group or individual via email.
    • This type of attack is often used to trick users into revealing sensitive information.

    RAID Configurations

    • RAID 5 is a good option for a RAIS configuration that focuses on high read speeds and fault tolerance.
    • It is suitable for situations where multiple drives are unlikely to fail simultaneously.

    Fuzzing

    • Fuzzing is a type of testing that involves providing unexpected or random input to a web application to test its robustness.
    • It is used to identify vulnerabilities in a web application.

    MAC Flooding

    • MAC flooding is a type of attack where an attacker sends a large number of MAC addresses to a network switch to exhaust its memory.
    • This can be detected by checking the switch's table.

    Log Centralization

    • Log centralization is a crucial aspect of security monitoring and incident response.
    • It involves collecting logs from various sources and storing them in a central location for analysis and visibility.

    Compliance

    • PCI DSS is a security standard that organizations must comply with when handling credit card information.
    • It includes six control objectives and 12 specific requirements to help prevent fraud.

    Zero-Day Exploits

    • A zero-day exploit is a type of security vulnerability that is unknown to the vendor and does not have a patch available.
    • It is a critical security threat that can be exploited by attackers.

    Social Engineering

    • Whaling is a type of social engineering attack where an attacker targets a CEO or other high-level executive.
    • This type of attack is often used to trick the executive into revealing sensitive information or performing a certain action.### Security Threats and Mitigation
    • A security engineer notices multiple users downloading files with a .tar.gz extension, which reveals a RAT (Remote Access Trojan) that was installed through an infected email attachment.
    • A RAT allows an attacker to distribute RATs to additional vulnerable computers, establishing a botnet.

    Risk Management and Compliance

    • An organization develops a Disaster Recovery plan in case of a complete loss of critical systems and data.
    • A risk register is used to identify, assess, and prioritize risks.
    • Cybersecurity insurance is used in risk transference strategies.

    Cryptography and Access Control

    • Salting and hashing are techniques used to protect passwords stored in a database, making it impossible to determine the original password from the hash value.
    • Implementing salting and hashing ensures that passwords are protected even if the database is compromised.

    Incident Response and Digital Forensics

    • A security analyst reviews historical logs to identify specific activity outlined in a security advisory, which is an example of threat hunting.
    • The analyst uses vulnerability scan output to determine a priority list for forensic review.
    • In incident response, the containment phase involves removing affected components from the network to prevent further damage.

    Network Security

    • A DNS cache poisoning attack is likely to occur when a security team escalates an issue where users can no longer access certain websites.
    • A security engineer uses ipconfig /flushdns to resolve the issue.

    Cloud Computing and Virtualization

    • Continuous Integration (CI) involves automating the code validation and tracking source code through version control.
    • RAID 6 provides disk redundancy and allows two-drive failure for better fault tolerance.

    Security Operations and Architecture

    • Credential harvesting is a type of attack where an attacker uses a list of usernames with default passwords on an application.
    • A security analyst implements a host-based firewall and a Trusted Platform Module to prevent other devices on the network from directly accessing a laptop.
    • A company implements MFA (Multi-Factor Authentication) for all applications that store sensitive data, using push notifications to make it user-friendly and non-disruptive.

    Data Protection and Privacy

    • Data masking is used to protect sensitive information, such as financial data, by replacing it with fictional data that looks real.
    • GDPR (General Data Protection Regulation) holds the data controller responsible for protecting the privacy and rights of data subjects.

    Network and Compliance

    • A security team implements a SOAR (Security Orchestration, Automation, and Response) to improve security and automate an existing Incident Response plan.
    • DLP (Data Loss Prevention) policies are configured to allow specific PII (Personally Identifiable Information) to be shared with a secure application.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of firewall configurations with this drag and drop quiz. Determine the correct rules for permitting and denying different types of traffic based on IP addresses and protocols.

    More Like This

    Network Security Best Practices Quiz
    12 questions
    Computer Network Security
    17 questions

    Computer Network Security

    RazorSharpDenouement avatar
    RazorSharpDenouement
    Firewall Configuration Basics
    8 questions
    Use Quizgecko on...
    Browser
    Browser