Architecture and Design (4) Flashcards

1
Q

Vincent works for a company that manufactures portable medical devices, such as insulin pumps. He is concerned about ensuring these devices are secure. Which of the following is the most important step for him to take?

Ensure all communications with the device are encrypted.

Ensure the devices have FDE.

Ensure the devices have individual antimalware.

A

Ensure all communications with the device are encrypted.

Such systems need to have all communications encrypted. As of the current date, breaches of portable network devices have all involved unencrypted communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

mile is concerned about securing the computer systems in vehicles. Which of the following vehicle types has significant cybersecurity vulnerabilities?

UAV

Automobiles

Airplanes

All of the above

A

All of the above

The more vehicles utilize computers and have network communication capabilities, the more they will be vulnerable to cyberattacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ariel is responsible for software development in her company. She is concerned that the software development team integrate well with the network system. She wants to ensure that software development processes are aligned with the security needs of the entire network. Which of the following would be most important for her to implement?

Integration testing

Secure DevOps

Clear policies

A

Secure DevOps

DevOps is a compound term: software DEVelopment and information technology OPerationS. The term refers to collaboration between software developers and IT professionals to align software development with infrastructure issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Greg is a programmer with a small company. He is responsible for the web application. He has become aware that one of the modules his web application uses may have a security flaw allowing an attacker to circumvent authentication. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat?

Submit an RFC.

Immediately apply the update.

Document the issue.

A

Submit an RFC.

All software changes must go through proper change management. That includes a request for changes (RFC) that will be evaluated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are using a sophisticated system that models various attacks on your networks. You intend for this system to help your team realize weak areas and improve response to incidents. What is the most important step to take before relying on data from this system?

Get approval from a CAB.

Thoroughly review the systems documentation.

Verify the models being used.

A

Verify the models being used.

Model verification must be completed before you can rely on the models used. It is important to verify that all aspects of a simulation model are accurate. If the model has any inaccurate data or settings, then the results will not be accurate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company has an accounting application that was developed in-house. It has been in place for 36 months, and functioning very well, with very few issues. You have just made a minor change to the tax calculation based on a change in tax law. What should be your next step?

Deploy the change.

Perform stress testing.

Perform regression testing.

A

Perform regression testing.

Any change to a system requires regression testing. Regression testing ensures that the change made does not cause any new issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tom works as a software development manager for a large company. He is trying to explain to management the difference between compiled code and runtime code. What is the biggest advantage of compiled code?

Better performance

Platform independence

More secure

A

Better performance

Compiled code runs faster. This is because runtime code, such as Java, is compiled at runtime (thus the name) and thus performance is slower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company is interested in keeping data in the cloud. Management feels that public clouds are not secure but is concerned about the cost of a private cloud. What is the solution you would recommend?

Tell them there are no risks with public clouds.

Suggest that they consider a community cloud.

Recommend against a cloud solution at this time.

A

Suggest that they consider a community cloud.

A community cloud presents a compromise solution. Community clouds are semiprivate. They are not accessible to the general public but only to a small community of specific entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your development team primarily uses Windows, but they need to develop a specific solution that will run on Linux. What is the best solution to getting your programmers access to Linux systems for development and testing?

Set their machines to dual-boot Windows and Linux.

PaaS

IaaS

A

PaaS

Platform as a Service is a good solution to this problem. The programmer can access a virtualized Linux machine with PaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Daniel works for a mid-sized financial institution. The company has recently moved some of its data to a cloud solution. Daniel is concerned that the cloud provider may not support the same security policies as the company’s internal network. What is the best way to mitigate this concern?

Implement a cloud access security broker.

Perform integration testing.

Establish cloud security policies.

A

Implement a cloud access security broker.

A cloud access security broker (CASB) is a software tool or service that sits between an organization’s on-premises network and a cloud provider’s infrastructure. A CASB acts as a gatekeeper, allowing the organization to extend the reach of their security policies into the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hanz is responsible for the e-commerce servers at his company. He is concerned about how they will respond to a DoS attack. Which software testing methodology would be most helpful in determining this?

Regression testing

Stress testing

Integration testing

A

Stress testing

Stress testing is designed to test an application under workloads that are larger than normal. Although this may not be adequate to test for DoS response, it is the most relevant software test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are the CIO for a small company. The company wants to use cloud storage for some of its data, but cost is a major concern. Which of the following cloud deployment models would be best?

Community cloud

Private cloud

Public cloud

A

Public cloud

The correct answer is a public cloud. Public clouds are usually less expensive. The cloud provider has a number of customers and costs are dispersed. Even individuals can afford to use cloud storage with services like iCloud and Amazon Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Alisha is monitoring security for a mid-sized financial institution. Under her predecessor there were multiple high-profile breaches. Management is very concerned about detecting any security issues or breach of policy as soon as possible. Which of the following would be the best solution for this?

Monthly audits

NIDS

Continuous monitoring

A

Continuous monitoring

The correct answer is continuous monitoring. There are technologies that perform continuous monitoring of a network. These systems can identify any issue as it is occurring, or very soon thereafter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Helga works for a bank and is responsible for secure communications with the online banking application. The application uses TLS to secure all customer communications. She has noticed that since migrating to larger encryption keys, the server’s performance has declined. What would be the best way to address this issue?

Implement a VPN concentrator.

Implement an SSL accelerator.

Return to smaller encryption keys.

A

Implement an SSL accelerator.

The correct answer is to use an SSL accelerator. SSL accelerators are a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to a hardware accelerator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the primary advantage of allowing only signed code to be installed on computers?

It guarantees that malware will not be installed.

It improves patch management.

It verifies who created the software.

A

It verifies who created the software.

Only using code that is digitally signed verifies the creator of the software. For example, if a printer/MFD driver is digitally signed, this gives you confidence that it really is a printer driver from the vendor it purports to be from, and not malware masquerading as a printer driver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is the best description for VM sprawl?

When VMs on your network outnumber physical machines

When there are more VMs than IT can effectively manage

When a VM on a computer begins to consume too many resources

A

When there are more VMs than IT can effectively manage

VM sprawl refers to a situation in which the network has more virtual machines than the IT staff can effectively manage

17
Q

Which of the following is the best description of a stored procedure?

Code that is in a DLL, rather than the executable

Server-side code that is called from a client

SQL statements compiled on the database server as a single procedure that can be called

A

SQL statements compiled on the database server as a single procedure that can be called

Stored procedures are commonly used in many database management systems to contain SQL statements. The database administrator, or someone designated by the DBA, creates the various SQL statements that are needed in that business, and then programmers can simply call the stored procedures

18
Q

Farès is responsible for security at his company. He has had bollards installed around the front of the building. What is Farès trying to accomplish?

Video monitoring around the building

Protecting against EMI

Preventing a vehicle from being driven into the building

A

Preventing a vehicle from being driven into the building

Bollards are large barriers that are often made of strong substances like concrete. They are effective in preventing a vehicle from being driven into a building

19
Q

Jane is concerned about servers in her datacenter. She is particularly worried about EMI. What damage might EMI most likely cause to servers?

Damage to chips (CPU or RAM)

Temperature control issues

Malware infections

A

Damage to chips (CPU or RAM)

Electromagnetic interference could cause damage to circuitry, including the RAM or CPU chips. At a minimum, it could wipe data from memory and drives

20
Q

You are concerned about VM escape attacks. Which of the following would provide the most protection against this?

Completely isolate the VM from the host.

Install a host-based antivirus on both the VM and the host.

Implement FDE on both the VM and the host.

A

Completely isolate the VM from the host.

The correct answer is VM escape attacks are attacks that find some method for moving from the VM to the hypervisor and then the host. The most effective way to prevent this is to completely isolate the VM

21
Q

Teresa is the network administrator for a small company. The company is interested in a robust and modern network defense strategy but lacks the staff to support it. What would be the best solution for Teresa to use?

Implement SDN.

Use automated security.

Use Security as a Service.

A

Use Security as a Service.

Security as a Service uses an outside company to handle security tasks. Some or even all security tasks can be outsourced, including IDS/IPS management, SIEM integration, and other security controls

22
Q

Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?

Implement NIPS.

Use cryptographic hashes.

Sandbox the applications in question.

A

Use cryptographic hashes.

Cryptographic hashes are used for integrity checking of files, network packets, and a variety of other applications. Storing a cryptographic hash of the application and comparing the application on the network to that hash will confirm (or refute) whether the application has been altered in any way

23
Q

George is a network administrator at a power plant. He notices that several turbines had unusual ramp-ups in cycles last week. After investigating, he finds that an executable was uploaded to the system control console and caused this. Which of the following would be most effective in preventing this from affecting the SCADA system in the future?

Implement SDN.

Improve patch management.

Place the SCADA system on a separate VLAN.

A

Place the SCADA system on a separate VLAN.

Separating the SCADA system from the main network makes it less likely that the SCADA system can be affected from the main network. This includes malware as well human action

24
Q

Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?

Encrypt the entire packet.

Authenticate the entire packet.

Authenticate just the header.

A

Authenticate the entire packet.

Authentication headers provide complete packet integrity, authenticating the packet and the header

25
Q

Mia is a network administrator for a bank. She is responsible for secure communications with her company’s customer website. Which of the following would be the best for her to implement?

SSL

PPTP

TLS

A

TLS

Transport Layer Security provides a reliable method of encrypting web traffic. It supports mutual authentication and is considered secure

26
Q

Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one particular network segment. She is looking for a passive method to get a copy of all traffic to the NIPS network segment so that it can analyze the traffic. Which of the following would be her best choice?

Using a network tap

Using port mirroring

Setting the NIPS on a VLAN that is connected to all other segments

A

Using a network tap

Network taps are analogous to phone taps. They are completely passive methods of getting network traffic to a central location

27
Q

Janice is explaining how IPSec works to a new network administrator. She is trying to explain the role of IKE. Which of the following most closely matches the role of IKE in IPSec?

It encrypts the packet.

It establishes the SAs.

It establishes the tunnel.

A

It establishes the SAs.

Internet key exchange is used to set up security associations on each end of the tunnel. The security associations have all the settings (i.e., cryptographic algorithms, hashes, etc.) for the tunnel

28
Q

Jeff is the security administrator for an e-commerce site. He is concerned about DoS attacks. Which of the following would be the most effective in addressing this?

DDoS mitigator

WAF with SPI

NIPS

A

DDoS mitigator

A DDoS mitigator is a tool or service designed specifically to respond to distributed denial-of-service attacks. Such tools can both inhibit the attacking traffic and temporarily increase bandwidth to prevent legitimate users from being adversely affected by the attack

29
Q

Doug is a network administrator for a small company. The company has recently implemented an e-commerce server. This has placed a strain on network bandwidth. What would be the most cost-effective means for him to address this issue?

Upgrade the network to CAT 7.

Move to fiber optic.

Implement aggregation switches.

A

Implement aggregation switches.

Link aggregation switches allow you to combine the bandwidth of multiple links into one connection. This would allow Doug to improve bandwidth to the e-commerce server

30
Q

Liam is responsible for monitoring security events in his company. He wants to see how diverse events may connect. He is interested in identifying different indicators of compromise that may point to the same breach. Which of the following would be most helpful for him to implement?

NIDS

Correlation engine

Aggregation switch

A

Correlation engine

A correlation engine is software that is used to aggregate events and to seek out correlations. In some cases, this is done with advanced analytic algorithms, including fuzzy logic