76 Questions
What method did the hackers use to compromise the SolarWinds software supply chain?
Malicious injection into software updates
What is the NPM Node Package Manager primarily used for?
Exchanging software packages
What is the purpose of Scopes in NPM Node Package Manager?
Grouping similar software development packages
How did the attackers achieve unfettered package change under a Scope in NPM?
Using a specially written pull request
What type of vulnerability led to remote code execution in Cloudflare?
Unsafe zip archive extraction
What is the primary goal of security in the pipeline (SIP) according to the text?
Discovering defects and errors in the code
What are some of the important benefits of continuous integration and continuous delivery/deployment (CI/CD)?
Saves time for developers and allows more time for code creation
Why is security often a concern in the CI/CD pipeline?
CI/CD is quick, but security measures are typically slow
How does DevSecOps aim to change the speed and delivery of software security?
By integrating security controls as part of the software being developed
Why is it critical for developers to understand what is happening during software development and deployment in the context of security?
To ensure that security is not compromised in the development and deployment process
What role does DevSecOps play in the development and deployment process?
It aims to integrate security as a design constraint in the software being developed
What does CI/CD save an enormous amount of for developers?
Time
What makes CI/CD pipelines a desirable target for adversaries?
They manage the whole software lifecycle
How can attackers potentially exploit the trust connection between code repositories and servers in CI/CD pipelines?
By exploiting code modifications and commits
Why are containers considered a secure solution for executing programs in CI/CD pipelines?
They are isolated from each other
What is a supply chain assault in the context of CI/CD pipeline security?
An attempt to spoof users through third-party software
What is the significance of the SolarWinds Orion supply chain breach?
It infiltrated networks, systems, and data of thousands of organizations
What made SolarWinds a valuable target for the supply chain assault?
Its privileged access to IT systems and extensive deployment
What is the purpose of a Web Application Firewall (WAF)?
To safeguard web applications by filtering, monitoring, and blocking harmful HTTP/S traffic
Which type of WAF implementation is typically the most expensive and requires physical equipment?
Network-based WAF
What is the main advantage of a cloud-based WAF?
Low upfront cost and continuous updates without additional effort or cost
What does Runtime Application Self-Protection (RASP) technology perform?
A server-based technique that activates when an application is launched to identify and stop real-time attacks
What is the purpose of Continuous esecurity?
To swiftly identify, prioritize, diagnose, and fix performance problems interfering with regular service operation
What does Hypertext Transfer Protocol Secure (HTTPS) refer to?
HTTP over transport layer security (TLS) or HTTP over secure socket layer (SSL)
What is the main purpose of Cloud Security Posture Management (CSPM)?
Automating risk assessment and mitigation across different cloud systems
What is the primary focus of Security Around the Pipeline (SAP)?
Protecting the pipeline from being bypassed
Why is continuous security integration crucial for contemporary systems?
To continually safeguard infrastructure and applications
What is the primary function of Kubernetes in the context of software security?
Simplifying container orchestration technology
Why is it necessary to include continuous security validation into CI/CD pipelines?
To detect holes and misconfigurations in the code
What does Security of the Pipeline (SOP) primarily focus on protecting?
The posture of system processes targeted by malware
What is the primary function of RASP in the context of application security?
To identify and resolve security issues within the application
In which mode does RASP attempt to prevent security issues from occurring?
Protective mode
How do developers implement RASP using function calls found in an app’s source code?
By accessing the RASP technology
What is the ultimate effect of implementing RASP in an application's security?
It combines a firewall with the program’s runtime environment
What is the primary purpose of application security monitoring?
To notify administrators of malicious activity
What capability is unavailable to security solutions that operate 'outside' apps?
Identifying strange activities that contradict business principles
What advantage do application security monitoring solutions have over embedding monitoring code into each application?
They have extensive knowledge and expertise on attacks and abuses
What is the primary function of logging in an application?
To ensure compliance with security laws
What is the primary purpose of Incident Response?
To promptly detect and stop attacks
What is the primary objective when Containment of attackers and incident activity is performed?
To reach this level as soon as possible to limit the amount of damage caused
What is the significance of Incident Response Frameworks?
They assist companies in the creation of standardized response strategies
Why is a risk assessment conducted during the Preparation of processes and systems phase of Incident Response?
To prioritize the protection of high-priority assets
What is the main focus during the Identification of occurrences phase of Incident Response?
To detect and identify any unusual behavior using tools and processes specified during the planning phase
What is typically performed during Short-term containment as part of Incident Response?
Imminent threats are contained in situ
What is the primary function of the National Institute of Standards and Technology (NIST) incident response methodology?
To develop an IR plan and an IR team
1
It provides instructions on how to develop a communication plan and training scenarios.
What is typically performed during Short-term containment as part of Incident Response?
Imminent threats are contained in situ.
What is the primary responsibility of a cloud computing provider according to the shared responsibility model?
Providing services and storage such as the virtualization layer, disks, and networks
What is the primary role of bug bounty programs in proactive security management?
Crowdsourcing security knowledge via a formal program and paying rewards for defects discovered
What is the responsibility of users in the software as a service (SaaS) model of cloud computing?
Protecting the security of the subscriptions and login credentials of their users
What is the primary function of Red teaming exercises in cybersecurity?
Simulating cyberattacks to identify vulnerabilities
Which type of cloud service model places more security responsibilities on the users as they go from SaaS to PaaS and to IaaS?
Infrastructure as a service (IaaS)
What is the purpose of hiring white-hat hackers in bug bounty programs?
Uncovering previously undisclosed vulnerabilities
What is the main responsibility of a company's IT staff and employees in a shared responsibility model for cloud security?
Accountable for the security of that infrastructure, as well as the applications and data that run on it
What is the primary focus of Red Hat’s Ansible Playbook in the context of patching process automation?
Ensuring correct and consistent application of fixes by automating patching process
"Traditional information security checked for security at the conclusion of an application, whereas continuous security tests for security in parallel from start to finish" – Which concept does this statement refer to?
Continuous security
What are the four stages of the incident response framework according to Cichonsk et al. (2012)?
Preparation, Detection and analysis, Containment, Post-incident activity
What is a key contribution to cybersecurity by SANS?
Incident Response Framework
What is the process of revealing security vulnerabilities in computer software or hardware known as?
Vulnerability Disclosures
What do patches modify in an operating system, platform, or application?
Existing software
What is the primary purpose of patch management in systems administration?
To protect against malware and cyberattacks
Which entity implemented the coordinated vulnerability disclosure (CVD) concept?
Microsoft
What does automating patch management help to reduce?
Human errors
What is the primary advantage of combining patch management with automation technologies?
Limited human errors
What type of vulnerabilities do bug bounties and vulnerability rewards programs aim to address?
Software vulnerabilities
Which organization collaborated on security-related research and public education to present the SANS incident response framework?
SANS
What is the main benefit of using logs to test apps prior to deploying them into production?
Identifying security flaws before they become exploitable vulnerabilities
What is the direct impact of the length of time a vulnerability remains exploitable?
Financial, brand, and consumer trust costs
How does logging and effective log management contribute to improving collaboration between teams?
By enabling real-time monitoring and coordination of modifications
What is the primary role of logs in the context of application security?
Identifying security flaws before deployment
Why is the use of logs important in the context of software development and deployment?
To prevent vulnerabilities from entering production environments
What aspect does effective log management aim to enhance in the context of application development?
Coordination between development and IT operations teams
What impact does the presence of vulnerabilities in deployed applications have on other team members?
It saves time that would have been spent detecting them
Why might vulnerabilities delivered into production remain exploitable for several hours or even days?
Owing to the absence of effective log management
What is the primary purpose of a top-tier log management application in the context of application security?
To identify security flaws before deploying apps into production
How does log management contribute to reducing costs related to security flaws?
By minimizing financial costs through efficient log analysis
Test your understanding of the National Institute of Standards and Technology's (NIST) Information Security Incident Response (IR) phases, which are consolidated into four stages: Preparation, Detection and analysis, Containment, eradication, and recovery, and Post-incident activity. Explore how NIST believes that containment, eradication, and recovery overlap in the incident response process.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
