1. What is an attack vector?
Answers
· The classification of attack type
· The direction an attack is going in
· A mechanism by which an attacker can interact with your network or systems
· The severity of the attack
Explanation: An attack vector is the sneakiest path a hacker might take to compromise a system. It's how they choose to exploit vulnerabilities and get past defenses. Imagine it as the secret passage they use to break into the fortress of your digital world.
2. Disabling unnecessary components serves which purposes? Check all that apply.
Answers
· Closing attack vectors
· Increasing performance
· Making a system harder to use
· Reducing the attack surface
3. What's an attack surface?
Answers
· The total scope of an attack
· The payload of the attack
· The combined sum of all attack vectors in a system or network
· The target or victim of an attack
Explanation: The attack surface of a system is comparable to a buffet table for hackers since it includes everything that the hackers might possibly target inside the system. It takes into account all of the possible entry points as well as any vulnerabilities that may exist. Therefore, when you minimize the attack surface, you are effectively making that buffet a lot less enticing, and you are making it tougher for potential invaders to locate a weakness that they can exploit.
4. A good defense in depth strategy would involve deploying which firewalls?
Answers
· No firewalls
· Both host-based and network-based firewalls
· Network-based firewalls only
· Host-based firewalls only
5. Using a bastion host allows for which of the following? Select all that apply.
Answers
· Enforcing stricter security measures
· Having more detailed monitoring and logging
· Applying more restrictive firewall rules
· Running a wide variety of software securely
6. What benefits does centralized logging provide? Check all that apply.
Answers
· It blocks malware infections.
· It prevents database theft.
· It allows for easier logs analysis.
· It helps secure logs from tampering or destruction.
7. What are some of the shortcomings of antivirus software today? Check all that apply.
Answers
· It can’t protect against unknown threats.
· It only detects malware, but doesn’t protect against it.
· It’s very expensive.
· It only protects against viruses.
8. How is binary whitelisting a better option than antivirus software?
Answers
· It can block unknown or emerging threats.
· It has less performance impact.
· It’s cheaper.
· It’s not better. It’s actually terrible.
9. What does full-disk encryption protect against? Check all that apply.
Answers
· Data theft
· Malware infections
· Tampering with system files
· IP spoofing attacks
Explanation: Even if someone steals your device and takes it with them, they won't be able to access the data unless they have the encryption key.the next: If you's Depending on the next: If you's : If you's Depending on the next: If you's Depending on the next: If you'suggestablity of you' "
10. What's the purpose of escrowing a disk encryption key?
Answers
· Providing data integrity
· Preventing data theft
· Performing data recovery
· Protecting against unauthorized access
11. Why is it important to keep software up-to-date?
Answers
· To ensure access to the latest features
· To ensure compatibility with other systems
· To address any security vulnerabilities discovered
· It’s not important.
12. What types of software are typically blacklisted? Select all that apply.
Answers
· Word processors
· Web browsers
· Video games
· File Sharing software
13. What does applying software patches protect against?
Answers
· Data tampering
· MITM attacks
· Undiscovered vulnerabilities & newly found vulnerabilities
· Suspicious network traffic.
14. What should be considered when implementing software policies and guidelines?
Answers
· The local weather forecast
· Your reputation within the company
· The company’s technical debt
· What the users need in order to do their jobs
Explanation: Implementing software policies and guidelines is like setting the rules for a well-organized digital society. Clearly communicate policies to users, fostering awareness and understanding to encourage compliance.
15. What is one way to check whether or not a website can be trusted?
Answers
· The company logo
· The quality of pictures on the website
· Check for SSL certificates
· The webpage design
Explanation: Checking the URL of a website to see whether it begins with "https://" is one approach to determine whether or not the website can be trusted. The "s" stands for secure, and it indicates that the website has a valid SSL/TLS certificate, encrypting the data exchanged between your browser and the website. This encryption is crucial for protecting sensitive information and ensuring a secure connection. So, keep an eye out for that little "s" to help ensure you're on a trustworthy site!
16. A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access?
Answers
· A 0-day
· An attack surface
· An ACL
· An attack vector
Explanation: Phishing is the name given to the technique that is often used when a hacker gets access to a system by use of malicious email attachments. Phishing is a kind of social engineering assault in which the attacker attempts to deceive users into opening malicious files or clicking on harmful links in emails. Phishing is also known as spear phishing or email phishing. So, the important method in this scenario is Phishing. It is comparable to the act of throwing a false fishing line in order to catch users who are unaware that they are being targeted.
17. Which of these host-based firewall rules help to permit network access from a Virtual Private Network (VPN) subnet?
Answers
· Secure Shell (SSH)
· Group Policy Objects (GPOs)
· Access Control Lists (ACLs)
· Active Directory
Explanation: Generally speaking, if you wish to provide network access from a Virtual Private Network (VPN) subnet via a host-based firewall, you will need to establish a rule that enables traffic from the VPN subnet. This ensures that the host-based firewall allows incoming connections from the specified VPN subnet, allowing secure communication from your VPN users.
Answers
· Data protection
· Event reconstruction
· Auditing
· Vulnerability detection
Answers
· Greylist
· Secure list
· Blacklist
· Whitelist
Explanation: A Signature-Based Detection Model is often the foundation upon which antivirus software functions. In this model, the software looks for known patterns or signatures of malicious code within files or programs. When it identifies a match with a known signature, it flags the file as potentially harmful.
However, it's important to note that modern antivirus solutions often use a combination of detection models, including behavior analysis, heuristics, and machine learning, to enhance their effectiveness and catch new, previously unseen threats. So, while signature-based detection is a key part, it's not the only trick up their sleeves!
Answers
· Secure boot
· Application hardening
· Key escrow
· Application policies
Explanation: It is usual practice to add a recovery option into a full disk encryption (FDE) system by making use of a method known as Key Escrow. This is done in the event that the FDE password is forgotten. Key escrow involves securely storing a copy of the encryption key in a separate, trusted location. In the event that the password is lost or there are other problems gaining access, this gives authorized users the ability to recover the key and unlock the disk.
It is the same as having a backup key that is housed in a secure vault; it provides a safety net for scenarios in which the original key cannot be accessed. However, it's crucial to ensure that the key escrow process itself is well-secured to prevent unauthorized access to sensitive information.
Answers
· Undiscovered vulnerabilities
· Newly found vulnerabilities
· MITM attacks
· Data tampering
Answers
· Infrastructure firmware
· Hardware
· Operating systems
· NFC tags
Answers
· To help educate users on how to use software more securely
· To use a database of signatures to identify malware
· To define boundaries of what applications are permitted
· To take log data and convert it into different formats
Answers
· Multiple overlapping layers of defense
· Encryption
· Confidentiality
· Strong passwords
Explanation: A defining characteristic of a defense-in-depth strategy is the layered approach to security. Instead of relying on a single line of defense, a defense-in-depth strategy involves implementing multiple layers of security controls. Each layer provides a different level of protection, creating a more robust and comprehensive defense against various threats.
It's like having multiple security checkpoints in a fortress; even if one layer is breached, there are additional layers to prevent or mitigate the impact of an attack.
Answers
· Less complexity means less work.
· Less complexity means less expensive.
· Less complexity means less time required.
· Less complexity means less vulnerability.
26. What are Bastion hosts?
Answers
· A VPN subnet
· Users that have the ability to change firewall rules and configurations.
· VLANs
· Servers that are specifically hardened and minimized to reduce what’s permitted to run on them.
Explanation: The bastion hosts that you use are analogous to the watchmen that protect your digital stronghold. They are special-purpose servers or systems that are strategically placed on a network to provide an additional layer of security.Bastion hosts may be included into a network design to improve network security, monitor remote access, and manage entry points. This makes it more difficult for unauthorized entities to get access to the network.
Answers
· Multiple Attack Vectors
· Full disk encryption (FDE)
· Antimalware measures
· Antivirus software
Answers
· The software can normalize log data
· The software could be infected with malware
· The software could disable full disk encryption (FDE)
· The software can shrink attack vectors
Explanation: File-sharing software often comes with security vulnerabilities that could be exploited by malicious actors. Allowing such software increases the risk of unauthorized access, data breaches, and malware infections.
File-sharing applications may lead to unintentional data exposure or loss if not properly configured. Users might share sensitive information outside of the intended scope, compromising data security.
Answers
· open and defended.
· frequently updated.
· as large as possible.
· as small as possible.
Explanation: Ideally, an attack surface is minimized. The attack surface refers to all potential vulnerabilities and entry points that attackers could exploit to compromise a system or network. Minimizing
the attack surface involves reducing the number of available entry points, limiting unnecessary services, and implementing security measures to decrease the likelihood of successful attacks. The goal is to create a more secure environment with fewer opportunities for malicious actors to exploit vulnerabilities.
Answers
· Patch management
· Access Control Lists (ACLs)
· Designate as a bastion host
· Secure firewall
Answers
· They depend on antivirus signatures distributed by the antivirus software vendor.
· There are no issues with antivirus software.
· They depend on the IT support professional to discover new malware and write new signatures.
· They depend on the antivirus vendor discovering new malware and writing new signatures for newly discovered threats.
Explanation: Traditional antivirus software relies heavily on signature-based detection, which involves identifying known patterns of malicious code. This approach can be less effective against new and evolving threats that don't have predefined signatures.
Antivirus software has the potential to produce false positives, in which safe applications are incorrectly identified as dangerous. Conversely, it can also miss certain types of threats, leading to false negatives. Striking the right balance between thorough detection and minimizing false alarms is challenging.
Answers
· Data theft
· Data tampering
· Malware
· Eavesdropping
Answers
· Application policies
· Implicit deny
· Software patch management
· Log analysis
Answers
· Detect and prevent malware on managed devices
· Analyze installed software across multiple computers
· Confirm update installation
· Force update installation after a specified deadline
Explanation: Software management tools like Microsoft SCCM (System Center Configuration Manager) provide various functionalities to help IT professionals efficiently manage a fleet of systems. SCCM enables IT professionals to install and manage software updates and patches across various platforms, therefore guaranteeing that all devices are up to date and protected from potential vulnerabilities.
IT professionals can use SCCM to deploy and install applications on multiple systems simultaneously, streamlining the software distribution process.Inventory Management SCCM has tools for inventory management, which enable IT workers to monitor changes, keep an accurate record of the system configuration, and track hardware and software assets.
Operating System Deployment: It facilitates the deployment of operating systems to multiple computers, enabling IT professionals to standardize system configurations across the fleet.
Answers
· Secure list
· Blacklist
· Greylist
· Whitelist
Explanation: While antivirus software operates using a Signature-Based Detection Model, binary whitelisting software uses a whitelist. In binary whitelisting, only known and approved binaries or applications are allowed to run, creating a list of trusted entities and restricting the execution of unauthorized or unknown binaries.
36. What is the combined sum of all attack vectors in a corporate network?
Answers
· The antivirus software
· The attack surface
· The Access Control List (ACL)
· The risk
Explanation: The combined sum of all attack vectors in a corporate network refers to the total range of potential ways that attackers could exploit vulnerabilities and gain unauthorized access. The attack vectors include various methods such as phishing, malware, social engineering, and more. The precise amount is determined by the complexity of the network, the safety precautions already in place, and the ever-changing nature of the landscape of cyber threats. In the field of cybersecurity, the objective is to strengthen the total defensive posture by reducing the attack surface as much as feasible and protecting against as many attack routes as possible.
Answers
· It can indicate what software is on the binary whitelist
· It can indicate ACLs are not configured correctly
· It can indicate a malware infection
· It can indicate log normalization
Explanation: It's possible that the Windows hosts are infected with malware at this point. Malicious software might establish connections to external servers for various purposes, such as downloading additional payloads or sending stolen data.
38. What can provide resilience against data theft, and can prevent an attacker from stealing confidential information from a hard drive that was stolen?
Answers
· OS upgrades
· Software patch management
· Key escrow
· Full disk encryption (FDE)
Explanation: Encrypting the data on the hard drive can provide resilience against data theft and prevent an attacker from easily stealing confidential information even if the physical hard drive is stolen. The data is rendered inaccessible without the correct decryption key or password when it is protected using full-disk encryption or file-level encryption.
In the case that someone steals your hard drive, the data will still be safe even if they don't have the encryption key. This adds an extra layer of protection, especially when dealing with sensitive or confidential information. It's like having a secure lock on your data, making it significantly more challenging for unauthorized individuals to access or misuse it, even if they have physical possession of the storage device.
Answers
· Calm
· Careful
· Patient
· Fast
Explanation: When installing updates on critical infrastructure, it's important to be cautious and strategic. Critical infrastructure, such as systems that control essential services like power grids or water supply, requires careful consideration when applying updates to avoid disruptions.
40. A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Select all that apply.
Answers
· Full disk encryption (FDE)
· Security Information and Event Management (SIEM) system
· Logs
· Binary whitelisting software
41. Which of the following are potential attack vectors? Select all that apply
Answers
· Passwords
· Network protocols
· Email attachments
· Network interfaces
42. What is the best way to avoid personal, one-off software installation requests?
Answers
· A strict no-installation policy
· A clear application whitelist policy
· An application honor code policy
· An accept-all application policy
43. What is the purpose of installing updates on your computer? Select all that apply.
Answers
· Updating improves performance and stability
· Updating helps block all unwanted traffic
· Updating addresses security vulnerabilities
· Updating adds new features