Untitled Quiz

Questions and Answers

What does 'access-list inbound' indicate in the given access list configuration?

The rule is being applied to an outbound access list

The rule is being applied to a custom access list

The rule is being applied to an inbound access list (correct)

The rule is being applied to a route access list

What is the purpose of the 'deny' keyword in the access list configuration?

To redirect traffic matching the rule

To deny traffic matching the rule (correct)

To permit traffic matching the rule

To log traffic matching the rule

What does the '/32' subnet mask indicate in the source IP address?

A network ID

A single IP address (correct)

A range of IP addresses

A broadcast address

What is the incident response activity that involves understanding the source of an incident?

Analysis

What is the purpose of the analysis phase in incident response?

To formulate an appropriate response strategy

In which order do the incident response activities typically occur?

Detection, Analysis, Containment

What is the purpose of the lessons learned phase in incident response?

To review and improve incident response processes

What does the 'destination 0.0.0.0/0' keyword indicate in the access list configuration?

The rule applies to traffic destined for any IP address

What is the term for the interface or interface group referred to in the access list configuration?

IG

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Automation

What is the goal of automation in security operations?

To improve efficiency, accuracy, and consistency

What is a compliance checklist?

A document that lists security requirements or best practices

What is attestation in the context of security?

A process to verify the validity of a statement

What is a limitation of manual audit?

It is labor-intensive

What can automation be used for in security operations?

To monitor, audit, and enforce security settings

What is a benefit of automation in security operations?

Improved efficiency, accuracy, and consistency

What can automation alert security personnel of?

Any changes or anomalies that may indicate a security breach or compromise

What is a limitation of a compliance checklist?

It does not automatically detect or report any changes or modifications that may occur on a daily basis

What is an essential aspect of a high-availability network?

Vulnerability scanning and penetration testing

What is the primary purpose of a bastion host?

To provide a single point of control and defense

Where is a bastion host typically placed?

On the edge of a network

What can a bastion host be configured to do?

Allow only certain types of traffic

What software can a bastion host run?

Firewalls, intrusion detection systems, and antivirus programs

What is the benefit of using a bastion host for administrative access?

It minimizes the traffic allowed through the security boundary

What is the primary advantage of using a bastion host over other options?

It provides a single point of control and defense

What is not a recommended method for providing administrative access to internal resources?

Installing a WAF

What is the main purpose of logging all activities on a bastion host?

For auditing purposes

What is an important factor to consider when developing a security awareness program for a specific industry?

The threat vectors based on the industry

What is the purpose of a risk register?

To record and track risks associated with a project or organization

Why is it important to consider the cadence and duration of training events in a security awareness program?

To make sure employees remember key concepts and behaviors

What should a security awareness program address?

Specific threats relevant to the organization's industry

What is the benefit of frequent security awareness training events?

Employees will remember key concepts and behaviors

What is an important aspect of a risk register?

Risk description and response strategy

Why is it important to understand the threat vectors specific to an organization's industry?

To focus security efforts on relevant threats

What is the purpose of a security awareness program?

To educate employees on specific security risks and best practices

What is a key factor in determining the effectiveness of a security awareness program?

The frequency and duration of training events

What is a compensating control in the context of security?

A security measure that reduces the likelihood or impact of an attack

What is the purpose of a host-based firewall?

To monitor and filter network traffic on a single host

What is a DRP in the context of security?

A disaster recovery plan that aims to restore normal operations

What is the purpose of a DRP?

To restore normal operations in the event of a system failure

What is most likely occurring if a security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?

A worm is propagating across the network

What is the main difference between a host-based firewall and a network-based firewall?

A host-based firewall monitors and filters network traffic on a single host, while a network-based firewall monitors and filters network traffic on an entire network

What is the purpose of network segmentation?

To limit the exposure of a system to potential threats

What is the primary goal of a DRP?

To restore normal operations in the event of a system failure

What is the main difference between a compensating control and a primary control?

A compensating control is a security measure that reduces the likelihood or impact of an attack, while a primary control is a security measure that eliminates a vulnerability

Study Notes

High-Availability Network Security

• A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Bastion Host

• A bastion host is a special-purpose server designed to withstand attacks and provide secure access to internal resources.
• A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
• A bastion host can be configured to allow only certain types of traffic and block all others.
• A bastion host can run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.

Incident Response Activities

• Analysis is the incident response activity that involves understanding the source of an incident.
• Analysis involves collecting and examining evidence, identifying the root cause, determining the scope and impact, and assessing the threat actor's motives and capabilities.

Automation

• Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified.
• Automation is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort.
• Automation can help to improve the efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs.

Compensating Control

• A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or weakness that cannot be resolved by the primary control.
• A compensating control does not prevent or eliminate the vulnerability or weakness, but it can reduce the likelihood or impact of an attack.

Disaster Recovery Plan

• A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency.

Security Awareness Program

• A training curriculum plan for a security awareness program should address the threat vectors based on the industry in which the organization operates.
• A training curriculum plan for a security awareness program should also address the cadence and duration of training events.

Risk Register

• A risk register is a document that records and tracks the risks associated with a project, system, or organization.
• A risk register typically includes information such as the risk description, the risk owner, the risk probability, the risk impact, the risk level, the risk response strategy, and the risk status.