Network Security Overview

Questions and Answers

What is the primary purpose of updating firmware on hardware devices?

• To add more hardware components
• To increase the device's power consumption
• To improve device performance and security (correct)
• To enhance physical durability of devices

Which action should be taken to avoid making servers unreachable when updating firewall policies?

• Add an allow policy above the deny policy as a test
• Implement a logging system to track policy changes
• Notify users of potential downtime due to policy changes
• Conduct policy testing in a separate, non-production environment (correct)

What is a significant feature of warm sites compared to hot and cold sites?

• They are fully equipped and operational immediately
• They can become operational within a few days (correct)
• They do not include any backup capabilities
• They require no investment for setup

Which term describes the process of removing sensitive data from a storage device before disposal?

Sanitization (B)

What could happen if firmware is outdated or corrupted?

It may create vulnerabilities for unauthorized access (D)

What is the most cost-effective type of backup site that still provides a reasonable recovery time of around two days?

Warm site (D)

Which of the following is not a characteristic of sanitization?

It preserves the data for future access (C)

What might be a consequence of implementing a 'deny any' policy without proper testing?

Potential loss of access to important resources (C)

What is a primary benefit of using a user provisioning script in account creation?

Ensures consistency and compliance (A)

What is the main function of a guard rail script?

To monitor and enforce security policies (A)

Which option does NOT represent an automation technique for streamlining account creation?

Ticketing workflow (C)

What type of control is established when a company sets up a SIEM system to review logs?

Detective control (A)

What is the primary role of an escalation script?

To trigger alerts based on certain conditions (A)

Which of the following systems helps in responding to security incidents by analyzing logs?

SIEM system (B)

What characteristic defines a detective control?

Alerts when incidents occur (C)

What security technique was adopted by the organization when they made the addition to the policy?

Input validation (D)

Which approach is most effective for reducing the impact of a phishing attack when a user clicks on a link?

Update the EDR policies to block automatic execution of programs (B)

Which of the following best describes the function of a ticketing workflow?

Tracks and manages reported issues (D)

Why is updating EDR policies considered a stronger measure against phishing attacks?

It blocks automatic execution of harmful code. (B)

Which type of security control is placing posters about phishing awareness?

Physical control (C)

What is a key limitation of relying solely on user training to combat phishing?

It does not prevent accidental clicks on malicious links. (C)

In which scenario is implementing email security filters most beneficial?

To prevent known phishing emails from being delivered. (D)

What is the primary purpose of an EDR system?

To monitor and analyze endpoint activities. (B)

What is the least effective response to a rising user click-through rate on phishing emails?

Create additional training for users. (C)

What type of attack is characterized by someone who has legitimate access abusing their privileges?

Insider threat (D)

Which automation use case directly enhances security by revoking access when an employee leaves the company?

Disabling access (D)

What is a primary motivation behind insider threats?

Financial gain (D)

How can automated processes improve the management of user accounts for exiting employees?

By ensuring timely access revocation (C)

Which of the following best describes the action taken when an employee is terminated?

Disabling access (B)

What can help mitigate risks associated with unauthorized access by former employees?

Automated disabling of access (D)

When considering high-availability network design, which aspect is crucial to ensure quick recovery?

Ease of recovery (B)

Out of the following options, which is NOT a motivation for insider threats?

Accidental data loss (C)

What is the primary purpose of using segmentation in a network security context?

To limit an attacker's ability to move through the network (D)

Which technique is employed to conceal information within a graphical image?

Steganography (D)

What is a legal hold intended to prevent?

The loss of relevant evidence (D)

Upon initiating a legal hold, what type of information must the security team retain?

Any communications related to the security breach (D)

What kind of information can steganography conceal?

Messages and various types of data (A)

When a company is under legal scrutiny, what aspect of evidence is crucial?

Relevance of the information (B)

What is a potential consequence of failing to implement a legal hold promptly?

Accidental destruction of important evidence (D)

In the context of network breaches, what does 'pivoting' refer to?

Moving from one compromised system to another (B)

Study Notes

Firmware Vulnerabilities

• Firmware is software embedded in a hardware device, such as a router or printer.
• Firmware controls the basic functions of the device and can be updated by manufacturers or users.
• Outdated, corrupted or tampered with firmware can expose the device to security risks.
• An attacker could exploit firmware vulnerabilities to gain unauthorized access, modify device settings or install malware.

Firewall Configuration

• "Deny any" policies should be added to the bottom of the Access Control List (ACL).
• A "deny any" policy can cause company servers to be unreachable if not implemented correctly.
• It is important to test the "deny any" policy in a non-production environment before enabling it in the production network.

Backup Data Center

• Warm Sites are a good choice for a backup data center when cost-benefit is the primary requirement and the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are around two days.
• Warm Sites are not fully equipped, but have the fundamentals in place.
• Warm Sites can be operational within a few days, making them cheaper than Hot Sites, but with a slight delay.

Secure Hard Drive Wiping

• Organizations should sanitize hard drives before sending decommissioned systems to recycling to securely remove sensitive data.
• Sanitization ensures that data is removed from storage devices before they are repurposed or disposed of.

Input Validation

• Input validation is a security technique where data input is checked according to defined specifications.
• This technique prevents the injection of malicious code into a system or application.

Reducing Phishing Impact

• Update Endpoint Detection and Response (EDR) policies to block automatic program execution after a phishing link is clicked.
• EDR systems monitor and analyze the activity of endpoints, detecting threats and enabling better protection.

Automated Provisioning

• A user provisioning script can help automate the creation of new user accounts.
• This simplifies the account creation process and reduces manual error, ensuring consistency and compliance.

Security Control Types

• A Security Information and Event Management (SIEM) system is a detective security control.
• A SIEM collects, correlates and analyzes logs from various sources, providing a centralized view of security status and incidents.
• A detective control alerts or reports on violations or incidents after they occur.

Application Hosting for Low Cost

• Serverless frameworks are a low-cost, cloud-based solution for hosting applications.
• Serverless frameworks allow developers to focus on code without managing servers.

Data Hiding

• Steganography is a technique where information is hidden within another medium, such as an image.
• This hidden information is not visible to the general observer, and can only be extracted with a specific key.

Legal Holds

• A legal hold is a process where an organization retains potentially relevant information for a legal case.
• When a company is compromised, attorneys may request a legal hold, requiring retention of all communication related to the security breach until further notice.
• This prevents the destruction of evidence and ensures potential evidence is preserved for legal proceedings.

Content Filter Categorization

• Updating the categorization of a website in a content filter can resolve issues with access being blocked unnecessarily.
• Adjust the categorization of a website to reflect its actual function.

Insider Threats

• Insider threats occur when someone with legitimate access to a network or data abuses their privileges to cause harm.
• An insider threat can be motivated by factors such as financial gain, revenge, or espionage.
• Actions taken by a domain user encrypting files on a databse server indicate an insider threat.

Disabling Access After Departure

• Automating the process of disabling access for former employees upon departure is critical for enhancing security posture.
• This ensures that terminated employees no longer have access to company resources.
• Disabling access can be automated through scripts, tools or workflows triggered by defined events like termination or resignation.

High Availability Networking

• Ease of recovery is an essential consideration when designing a high availability network.
• High availability networks aim to minimize downtime and ensure continuous service.
• Ensuring a seamless and rapid recovery process is vital for ensuring network uptime and minimal disruption.

Description

This quiz covers essential topics related to firmware vulnerabilities, firewall configuration, and backup data center strategies. Understanding these concepts is crucial for securing your network and ensuring data integrity. Test your knowledge to enhance your skills in network security management.