Module 11 - Understanding Defense

Question 1

Which three foundational elements must cybersecurity analysts identify and secure to defend an organization’s network?

Answer 1

Assets, vulnerabilities and threats.

Question 2

Which process groups an organization’s resources based on common characteristics to ensure appropriate protection levels?

Answer 2

Asset classification

Question 2

Which term refers to anything of value to an organization that must be protected, such as servers, infrastructure, end devices, and data?

Answer 2

Assets

Question 3

Which asset classification step involves determining the proper asset classification category such as Information assets, Software assets, Physical assets and Services?

Answer 3

Step 1

Question 3

Which term describes any potential danger to an organizational asset?

Answer 3

A Threat

Question 4

Which cybersecurity concept describes a weakness in a system or design that could be exploited by a threat actor?

Answer 4

A Vulnerability

Question 5

What do assets collectively represent in terms of cybersecurity exposure to threat actors?

Answer 5

The organizations attack surface.

Question 5

Which process involves inventorying all devices and information owned or managed by an organization, and implementing protection policies for them?

Answer 5

Asset management

Question 6

What is the first step in the asset classification process, involving sorting assets into types such as information, software, physical, or services?

Answer 6

Step 1: Determining the proper asset identification category

Question 6

Which type of asset classification step requires identifying owners for each piece of software and every information asset?

Answer 6

Step 2: Establishing asset accountability

Question 7

Which step involves classification criteria might include sensitivity, business value, duration of relevance, and access restrictions?

Answer 7

Step 3: Determining criteria for classification

Question 8

Which classification step involves adopting a consistent labeling system for identifying information and applying uniform protection?

Answer 8

Step 4: Implement a classification schema

Question 8

Which term refers to identifying and enforcing consistency in hardware and software products across an organization to reduce complexity and improve maintenance?

Answer 8

Asset standardization

Question 9

Which stage of the asset lifecycle includes assembling, inspecting for defects, testing, and tagging an asset before moving it to active use?

Answer 9

Deployment

Question 9

Which asset classification step involves determining the criteria for classification based on Confidentiality, Value, Time, Access rights and Destruction?

Answer 9

Step 3

Question 10

Which lifecycle phase involves monitoring performance, applying patches, renewing licenses, and conducting audits over time?

Answer 10

Utilization

Question 10

Which asset lifecycle stage involves gathering justification data and adding the newly acquired item to inventory?

Answer 10

Procurement

Question 10

Which stage aims to extend the productive life of an asset through upgrades or modifications?

Answer 10

Maintenance

Question 11

In which phase of the asset lifecycle is data wiped, hazardous parts handled safely, and the asset dismantled or discarded?

Answer 11

Disposal

Question 12

What type of vulnerability involves a threat actor impersonating a customer using stolen authentication tools like a PIN or smart card?

Answer 12

Phony transactions

Question 12

What kind of vulnerability results from a legitimate user making an incorrect transaction or input?

Answer 12

Data input errors

Question 12

What is the longest phase in an asset’s lifecycle, involving continuous performance checks and compliance-related actions?

Answer 12

Utiliazation

Question 13

Which security approach uses multiple protective layers at the network edge, inside the network, and on endpoints to reduce the impact of a single security failure?

Answer 13

The Defense in depth approach

Question 14

Which rare but devastating threat can result in the loss of all systems at a physical location?

Answer 14

Data center destruction

Question 15

Which network device acts as the first line of defense, applying rules to permit or deny traffic before it reaches the internal network?

Answer 15

The Edge router

Question 16

Which device performs deeper traffic filtering, tracks connection states, and can authenticate remote users to grant access to internal resources?

Answer 16

A firewall

Question 16

Which newer analogy reflects how modern attackers may only need to bypass a few security layers to reach critical data, similar to removing specific leaves?

Answer 16

Security artichoke

Question 17

Which layered defense analogy describes how a threat actor must peel away each security layer to reach protected data, like peeling an onion?

Answer 17

Security onion

Question 18

Which device inside the network applies final filtering rules before traffic reaches its destination?

Answer 18

An internal router

Question 19

In the security artichoke analogy, what does each “leaf” represent in the context of cybersecurity?

Answer 19

A point of access or network component that may expose data

Question 20

Which security strategy ensures data remains protected by placing multiple, distinct layers of defense between cybercriminals and valuable assets?

Answer 20

Defense in depth

Question 21

Which defense strategy involves using several different protective layers, such as a password-protected server, a locked building, and an electric fence?

Answer 21

Layering

Question 21

Which principle ensures that even if one security layer is bypassed, several additional layers remain to stop the attacker?

Answer 21

Layering

Question 22

Which strategy reduces user access to only what is necessary for their specific job function to reduce the risk of data exposure?

Answer 22

Limiting

Question 23

Which defense principle is reflected by using file permissions and procedural safeguards like reviewing sensitive documents only in a monitored room?

Answer 23

Limiting

Question 23

Which approach enhances security by using a variety of different authentication methods, products, or procedures so one attack method can't compromise every layer?

Answer 23

Diversity

Question 24

Which principle protects a system by hiding sensitive details like operating system type or error messages from users and attackers?

Answer 24

Obscurity

Question 24

What defense principle is applied when an organization uses a swipe card from one vendor and a fingerprint reader from another to control access?

Answer 24

Diversity

Question 25

What security measure reduces the chances of exploitation by preventing cybercriminals from learning technical details such as software versions or hardware makes?

Answer 25

Obscuring

Question 26

What final step in log management ensures that old log data is securely removed when no longer needed?

Answer 26

Disposing of log data

Question 26

Which set of predefined settings acts as a template for configuring similar systems across an organization?

Answer 26

Baseline configuration

Question 27

Which principle ensures internal security systems remain easy to configure and manage while appearing complex to external attackers?

Answer 27

Simplicity

Question 28

Which process involves identifying, controlling, and auditing changes made to a system’s established baseline configuration?

Answer 28

Configuration management

Question 29

Which part of configuration management ensures that operating systems are deployed with secure settings such as access control and logging?

Answer 29

Operating System hardening

Question 29

What is the term for the standard configuration used when deploying systems like Windows workstations to ensure consistency across an organization?

Answer 29

Baseline configuration

Question 30

Which type of logs record system-level events such as client requests, server responses, and successful user authentications?

Answer 30

Operating system logs

Question 30

Which security feature records events as they happen and provides a chronological view of system activity?

Answer 30

Log files

Question 31

Which type of log records details about file access, such as requests for specific system files?

Answer 31

Access log

Question 31

Which type of log tracks user authentication attempts, helping to identify unauthorized login attempts?

Answer 31

Audit log

Question 31

What process should organizations establish to handle increasing volumes of log data used for security monitoring?

Answer 31

Log management

Question 32

Which documentation component tracks and organizes the assignment of IP addresses across systems?

Answer 32

IP schema

Question 33

Which documented resources help maintain a consistent configuration across systems and include items like network maps and IP address schemas?

Answer 33

Configuration documentation

Question 34

What type of diagrams are part of configuration documentation and show the physical layout of network infrastructure?

Answer 34

Cabling and wiring diagram

Question 35

Which kind of operating system log data provides details like the number and size of transactions within a specific timeframe?

Answer 35

Usage information

Question 36

Which type of logs are created by security software to detect malicious activity and support auditing and compliance?

Answer 36

Application security logs

Question 37

Which type of log is useful for identifying long-term trends, spotting recurring problems, and proving regulatory compliance?

Answer 37

Security logs

Question 38

Which tool intercepts and logs packets on a network to analyze traffic content and detect security issues?

Answer 38

protocol analyzer (packet sniffer)

Question 39

Which tool examines each packet's field values and content to assess the nature of network traffic?

Answer 39

A packet analyzer

Question 40

Which type of policies establish rules of conduct and responsibilities for both employees and employers, protecting rights and business interests?

Answer 40

Company policies

Question 41

Which policies set rules regarding employee conduct, attendance, dress code, privacy, and other employment terms?

Answer 41

Employee policies

Question 42

Which department typically creates and maintains policies related to employee salary, benefits, work schedules, and vacations?

Answer 42

HR (Human Resources) department

Question 43

Which policies define security objectives, user behavior rules, and system requirements to protect an organization’s network and systems?

Answer 43

Security policies

Question 44

Which security policy specifies who is authorized to access network resources and how identities are verified?

Answer 44

Identification and authentication policy

Question 44

Which type of policy serves as a baseline for acceptable network use and helps detect possible security breaches when violated?

Answer 44

Security policies

Question 45

Which policy document is continuously updated to reflect changes in threats, vulnerabilities, and business or employee needs?

Answer 45

Security policies

Question 46

Which type of policies define the standards of correct behavior for the business and its employees overall?

Answer 46

Business or company policies

Question 47

Which document demonstrates an organization’s commitment to security and sets rules for expected behavior?

Answer 47

A security policy

Question 48

Which policy sets minimum requirements for passwords and mandates regular password changes?

Answer 48

Password policy

Question 49

Which policy identifies acceptable network applications and uses, and may specify consequences for violations?

Answer 49

AUP (Acceptable Use Policy)

Question 50

Which policy defines how remote users can access the network and what resources they can use remotely?

Answer 50

Remote access policy

Question 51

Which policy specifies update procedures for network device operating systems and end-user applications?

Answer 51

Network maintenance policy

Question 52

Which procedures describe how security incidents are handled within an organization?

Answer 52

Incident handling procedures

Question 53

Which policy supports employees using their own mobile devices to access company systems and networks?

Answer 53

BYOD (Bring Your Own Device) policy

Question 54

Which policy identifies which types of personal devices will be supported within an organization’s BYOD program, specify the goals of a BYOD program and outline which employees can bring their own devices?

Answer 54

BYOD security policy

Question 55

Which BYOD best practice helps recover data if a device is lost or stolen?

Answer 55

Backing up data

Question 55

Which BYOD best practice uses software to let IT implement security settings and manage all devices connected to company networks?

Answer 55

Using MDM (Mobile Device Management) software

Question 56

What refers to the laws and codes of protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction that network professionals must be familiar with?

Answer 56

INFOSEC (information security)