Untitled Quiz

Questions and Answers

What does 'access-list inbound' indicate in the given access list configuration?

• The rule is being applied to an outbound access list
• The rule is being applied to a custom access list
• The rule is being applied to an inbound access list (correct)
• The rule is being applied to a route access list

What is the purpose of the 'deny' keyword in the access list configuration?

• To redirect traffic matching the rule
• To deny traffic matching the rule (correct)
• To permit traffic matching the rule
• To log traffic matching the rule

What does the '/32' subnet mask indicate in the source IP address?

• A network ID
• A single IP address (correct)
• A range of IP addresses
• A broadcast address

What is the incident response activity that involves understanding the source of an incident?

Analysis (B)

What is the purpose of the analysis phase in incident response?

To formulate an appropriate response strategy (B)

In which order do the incident response activities typically occur?

Detection, Analysis, Containment (A)

What is the purpose of the lessons learned phase in incident response?

To review and improve incident response processes (A)

What does the 'destination 0.0.0.0/0' keyword indicate in the access list configuration?

The rule applies to traffic destined for any IP address (D)

What is the term for the interface or interface group referred to in the access list configuration?

IG (B)

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Automation (C)

What is the goal of automation in security operations?

To improve efficiency, accuracy, and consistency (C)

What is a compliance checklist?

A document that lists security requirements or best practices (A)

What is attestation in the context of security?

A process to verify the validity of a statement (D)

What is a limitation of manual audit?

It is labor-intensive (B)

What can automation be used for in security operations?

To monitor, audit, and enforce security settings (C)

What is a benefit of automation in security operations?

Improved efficiency, accuracy, and consistency (B)

What can automation alert security personnel of?

Any changes or anomalies that may indicate a security breach or compromise (A)

What is a limitation of a compliance checklist?

It does not automatically detect or report any changes or modifications that may occur on a daily basis (C)

What is an essential aspect of a high-availability network?

Vulnerability scanning and penetration testing (A), Risk assessment and threat intelligence (D)

What is the primary purpose of a bastion host?

To provide a single point of control and defense (B)

Where is a bastion host typically placed?

On the edge of a network (B)

What can a bastion host be configured to do?

Allow only certain types of traffic (A)

What software can a bastion host run?

Firewalls, intrusion detection systems, and antivirus programs (D)

What is the benefit of using a bastion host for administrative access?

It minimizes the traffic allowed through the security boundary (A)

What is the primary advantage of using a bastion host over other options?

It provides a single point of control and defense (C)

What is not a recommended method for providing administrative access to internal resources?

Installing a WAF (D)

What is the main purpose of logging all activities on a bastion host?

For auditing purposes (C)

What is an important factor to consider when developing a security awareness program for a specific industry?

The threat vectors based on the industry (A)

What is the purpose of a risk register?

To record and track risks associated with a project or organization (B)

Why is it important to consider the cadence and duration of training events in a security awareness program?

To make sure employees remember key concepts and behaviors (B)

What should a security awareness program address?

Specific threats relevant to the organization's industry (D)

What is the benefit of frequent security awareness training events?

Employees will remember key concepts and behaviors (D)

What is an important aspect of a risk register?

Risk description and response strategy (B)

Why is it important to understand the threat vectors specific to an organization's industry?

To focus security efforts on relevant threats (A)

What is the purpose of a security awareness program?

To educate employees on specific security risks and best practices (B)

What is a key factor in determining the effectiveness of a security awareness program?

The frequency and duration of training events (D)

What is a compensating control in the context of security?

A security measure that reduces the likelihood or impact of an attack (D)

What is the purpose of a host-based firewall?

To monitor and filter network traffic on a single host (B)

What is a DRP in the context of security?

A disaster recovery plan that aims to restore normal operations (A)

What is the purpose of a DRP?

To restore normal operations in the event of a system failure (C)

What is most likely occurring if a security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?

A worm is propagating across the network (A)

What is the main difference between a host-based firewall and a network-based firewall?

A host-based firewall monitors and filters network traffic on a single host, while a network-based firewall monitors and filters network traffic on an entire network (B)

What is the purpose of network segmentation?

To limit the exposure of a system to potential threats (D)

What is the primary goal of a DRP?

To restore normal operations in the event of a system failure (B)

What is the main difference between a compensating control and a primary control?

A compensating control is a security measure that reduces the likelihood or impact of an attack, while a primary control is a security measure that eliminates a vulnerability (C)

Study Notes

High-Availability Network Security

• A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Bastion Host

• A bastion host is a special-purpose server designed to withstand attacks and provide secure access to internal resources.
• A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
• A bastion host can be configured to allow only certain types of traffic and block all others.
• A bastion host can run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.

Incident Response Activities

• Analysis is the incident response activity that involves understanding the source of an incident.
• Analysis involves collecting and examining evidence, identifying the root cause, determining the scope and impact, and assessing the threat actor's motives and capabilities.

Automation

• Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified.
• Automation is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort.
• Automation can help to improve the efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs.

Compensating Control

• A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or weakness that cannot be resolved by the primary control.
• A compensating control does not prevent or eliminate the vulnerability or weakness, but it can reduce the likelihood or impact of an attack.

Disaster Recovery Plan

• A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency.

Security Awareness Program

• A training curriculum plan for a security awareness program should address the threat vectors based on the industry in which the organization operates.
• A training curriculum plan for a security awareness program should also address the cadence and duration of training events.

Risk Register

• A risk register is a document that records and tracks the risks associated with a project, system, or organization.
• A risk register typically includes information such as the risk description, the risk owner, the risk probability, the risk impact, the risk level, the risk response strategy, and the risk status.