1. What is an attack vector?
Answers
·
The classification of attack type
·
The direction an attack is going in
·
A mechanism by which an
attacker can interact with your network or systems
· The severity of the attack
Explanation: An attack vector is the
sneakiest path a hacker might take to compromise a system. It's how they choose to exploit vulnerabilities and get past defenses. Imagine it as the secret passage they use to break into the fortress of your digital world.
2. Disabling unnecessary
components serves which purposes? Check all that apply.
Answers
·
Closing attack vectors
·
Increasing performance
·
Making a system harder to use
· Reducing the attack surface
3. What's an attack
surface?
Answers
·
The total scope of an attack
·
The payload of the attack
·
The combined sum of all
attack vectors in a system or network
· The target or victim of an attack
Explanation: The attack surface of a system is comparable to a buffet table for hackers since it includes everything that the hackers might possibly target inside the system. It takes into account all of the possible entry points as well as any vulnerabilities that may exist. Therefore, when you minimize the attack surface, you are effectively making that buffet a lot less enticing, and you are making it tougher for potential invaders to locate a weakness that they can exploit.
4. A good defense in
depth strategy would involve deploying which firewalls?
Answers
·
No firewalls
·
Both host-based and
network-based firewalls
·
Network-based firewalls only
· Host-based firewalls only
5. Using a bastion host
allows for which of the following? Select all that apply.
Answers
·
Enforcing stricter
security measures
·
Having more detailed
monitoring and logging
·
Applying more restrictive
firewall rules
· Running a wide variety of software securely
6. What benefits does
centralized logging provide? Check all that apply.
Answers
·
It blocks malware infections.
·
It prevents database theft.
·
It allows for easier logs
analysis.
· It helps secure logs from tampering or destruction.
7. What are some of the
shortcomings of antivirus software today? Check all that apply.
Answers
·
It can’t protect against
unknown threats.
·
It only detects malware, but doesn’t
protect against it.
·
It’s very expensive.
· It only protects against viruses.
8. How is binary
whitelisting a better option than antivirus software?
Answers
·
It can block unknown or
emerging threats.
·
It has less performance impact.
·
It’s cheaper.
· It’s not better. It’s actually terrible.
9. What does full-disk
encryption protect against? Check all that apply.
Answers
·
Data theft
·
Malware infections
·
Tampering with system
files
· IP spoofing attacks
Explanation: Even if someone steals your device and takes it with them, they won't be able to access the data unless they have the encryption key.the next: If you's Depending on the next: If you's : If you's Depending on the next: If you's Depending on the next: If you'suggestablity of you' "
10. What's the purpose
of escrowing a disk encryption key?
Answers
·
Providing data integrity
·
Preventing data theft
·
Performing data recovery
· Protecting against unauthorized access
11. Why is it important
to keep software up-to-date?
Answers
·
To ensure access to the latest
features
·
To ensure compatibility with other
systems
·
To address any security
vulnerabilities discovered
· It’s not important.
12. What types of
software are typically blacklisted? Select all that apply.
Answers
·
Word processors
·
Web browsers
·
Video games
· File Sharing software
13. What does applying
software patches protect against?
Answers
·
Data tampering
·
MITM attacks
·
Undiscovered
vulnerabilities & newly found vulnerabilities
· Suspicious network traffic.
14. What should be
considered when implementing software policies and guidelines?
Answers
·
The local weather forecast
·
Your reputation within the company
·
The company’s technical debt
· What the users need in order to do their jobs
Explanation: Implementing software policies and guidelines is like setting the rules for a well-organized digital society. Clearly communicate policies to users, fostering awareness and understanding to encourage compliance.
15. What is one way to
check whether or not a website can be trusted?
Answers
·
The company logo
·
The quality of pictures on the website
·
Check for SSL certificates
· The webpage design
Explanation: Checking the URL of a website to see whether it begins with
"https://" is one approach to determine whether or not the website
can be trusted. The "s" stands for secure, and it indicates that the
website has a valid SSL/TLS certificate, encrypting the data exchanged between
your browser and the website. This encryption is crucial for protecting
sensitive information and ensuring a secure connection. So, keep an eye out for
that little "s" to help ensure you're on a trustworthy site!
16. A hacker gained access to a
network through malicious email attachments. Which one of these is important
when talking about methods that allow a hacker to gain this access?
Answers
·
A
0-day
·
An
attack surface
·
An
ACL
· An attack vector
Explanation: Phishing is the name given
to the technique that is often used when a hacker gets access to a system by
use of malicious email attachments. Phishing is a kind of social engineering
assault in which the attacker attempts to deceive users into opening malicious
files or clicking on harmful links in emails. Phishing is also known as spear
phishing or email phishing. So, the important method in this scenario is
Phishing. It is comparable to the act of throwing a false fishing line in order
to catch users who are unaware that they are being targeted.
17. Which of these host-based
firewall rules help to permit network access from a Virtual Private Network
(VPN) subnet?
Answers
·
Secure
Shell (SSH)
·
Group
Policy Objects (GPOs)
·
Access
Control Lists (ACLs)
· Active Directory
Explanation: Generally speaking, if you
wish to provide network access from a Virtual Private Network (VPN) subnet via
a host-based firewall, you will need to establish a rule that enables traffic
from the VPN subnet. This ensures that the host-based firewall allows incoming
connections from the specified VPN subnet, allowing secure communication from
your VPN users.
Answers
·
Data
protection
·
Event reconstruction
·
Auditing
·
Vulnerability
detection
Answers
·
Greylist
·
Secure
list
·
Blacklist
· Whitelist
Explanation: A Signature-Based Detection Model is often the foundation upon which antivirus software functions. In this model, the software looks for known patterns or signatures of malicious code within files or programs. When it identifies a match with a known signature, it flags the file as potentially harmful.
However,
it's important to note that modern antivirus solutions often use a combination
of detection models, including behavior analysis, heuristics, and machine
learning, to enhance their effectiveness and catch new, previously unseen
threats. So, while signature-based detection is a key part, it's not the only
trick up their sleeves!
Answers
·
Secure
boot
·
Application
hardening
·
Key
escrow
· Application policies
Explanation: It is usual practice to add a recovery option into a full disk encryption (FDE) system by making use of a method known as Key Escrow. This is done in the event that the FDE password is forgotten. Key escrow involves securely storing a copy of the encryption key in a separate, trusted location. In the event that the password is lost or there are other problems gaining access, this gives authorized users the ability to recover the key and unlock the disk.
It is the
same as having a backup key that is housed in a secure vault; it provides a
safety net for scenarios in which the original key cannot be accessed. However,
it's crucial to ensure that the key escrow process itself is well-secured to
prevent unauthorized access to sensitive information.
Answers
·
Undiscovered
vulnerabilities
·
Newly
found vulnerabilities
·
MITM
attacks
·
Data
tampering
Answers
·
Infrastructure firmware
·
Hardware
·
Operating systems
·
NFC
tags
Answers
·
To help educate users on how to use software
more securely
·
To
use a database of signatures to identify malware
·
To
define boundaries of what applications are permitted
·
To
take log data and convert it into different formats
Answers
·
Multiple
overlapping layers of defense
·
Encryption
·
Confidentiality
· Strong passwords
Explanation: A defining characteristic of a defense-in-depth strategy is the layered approach to security. Instead of relying on a single line of defense, a defense-in-depth strategy involves implementing multiple layers of security controls. Each layer provides a different level of protection, creating a more robust and comprehensive defense against various threats.
It's like
having multiple security checkpoints in a fortress; even if one layer is
breached, there are additional layers to prevent or mitigate the impact of an
attack.
Answers
·
Less
complexity means less work.
·
Less
complexity means less expensive.
·
Less
complexity means less time required.
· Less complexity means less vulnerability.
26. What are Bastion hosts?
Answers
·
A
VPN subnet
·
Users
that have the ability to change firewall rules and configurations.
·
VLANs
· Servers that are specifically hardened and minimized to reduce what’s permitted to run on them.
Explanation: The bastion hosts that you
use are analogous to the watchmen that protect your digital stronghold. They
are special-purpose servers or systems that are strategically placed on a
network to provide an additional layer of security.Bastion hosts may be included
into a network design to improve network security, monitor remote access, and
manage entry points. This makes it more difficult for unauthorized entities to
get access to the network.
Answers
·
Multiple
Attack Vectors
·
Full
disk encryption (FDE)
·
Antimalware measures
·
Antivirus software
Answers
·
The
software can normalize log data
·
The software could be infected with malware
·
The
software could disable full disk encryption (FDE)
· The software can shrink attack vectors
Explanation: File-sharing software often comes with security vulnerabilities that could be exploited by malicious actors. Allowing such software increases the risk of unauthorized access, data breaches, and malware infections.
File-sharing
applications may lead to unintentional data exposure or loss if not properly
configured. Users might share sensitive information outside of the intended
scope, compromising data security.
Answers
·
open
and defended.
·
frequently
updated.
·
as
large as possible.
· as small as possible.
Explanation: Ideally, an attack surface is
minimized. The attack surface refers to all potential vulnerabilities and entry points that attackers could exploit to compromise a system or network. Minimizing
the attack surface involves reducing the number of available entry points, limiting unnecessary services, and implementing security measures to decrease the likelihood of successful attacks. The goal is to create a more secure environment with fewer opportunities for malicious actors to exploit vulnerabilities.
Answers
·
Patch
management
·
Access Control Lists (ACLs)
·
Designate as a bastion host
·
Secure firewall
Answers
·
They depend on antivirus signatures
distributed by the antivirus software vendor.
·
There
are no issues with antivirus software.
·
They
depend on the IT support professional to discover new malware and write new
signatures.
· They depend on the antivirus vendor discovering new malware and writing new signatures for newly discovered threats.
Explanation: Traditional antivirus software relies heavily on signature-based detection, which involves identifying known patterns of malicious code. This approach can be less effective against new and evolving threats that don't have predefined signatures.
Antivirus
software has the potential to produce false positives, in which safe
applications are incorrectly identified as dangerous. Conversely, it can also
miss certain types of threats, leading to false negatives. Striking the right
balance between thorough detection and minimizing false alarms is challenging.
Answers
·
Data theft
·
Data tampering
·
Malware
·
Eavesdropping
Answers
·
Application
policies
·
Implicit
deny
·
Software
patch management
·
Log
analysis
Answers
·
Detect
and prevent malware on managed devices
·
Analyze
installed software across multiple computers
·
Confirm
update installation
· Force update installation after a specified deadline
Explanation: Software management tools like Microsoft SCCM (System Center Configuration Manager) provide various functionalities to help IT professionals efficiently manage a fleet of systems. SCCM enables IT professionals to install and manage software updates and patches across various platforms, therefore guaranteeing that all devices are up to date and protected from potential vulnerabilities.
IT professionals can use SCCM to deploy and install applications on multiple systems simultaneously, streamlining the software distribution process.Inventory Management SCCM has tools for inventory management, which enable IT workers to monitor changes, keep an accurate record of the system configuration, and track hardware and software assets.
Operating
System Deployment: It facilitates the deployment of operating systems to
multiple computers, enabling IT professionals to standardize system
configurations across the fleet.
Answers
·
Secure
list
·
Blacklist
·
Greylist
·
Whitelist
Explanation: While antivirus software operates
using a Signature-Based Detection Model, binary whitelisting software uses a
whitelist. In binary whitelisting, only known and approved binaries or applications are allowed to run, creating a list of trusted entities and restricting the execution of unauthorized or unknown binaries.
36. What is the combined sum of all
attack vectors in a corporate network?
Answers
·
The
antivirus software
·
The
attack surface
·
The
Access Control List (ACL)
· The risk
Explanation: The combined sum of all
attack vectors in a corporate network refers to the total range of potential
ways that attackers could exploit vulnerabilities and gain unauthorized access.
The attack vectors include various methods such as phishing, malware, social
engineering, and more. The precise amount is determined by the complexity of
the network, the safety precautions already in place, and the ever-changing
nature of the landscape of cyber threats. In the field of cybersecurity, the
objective is to strengthen the total defensive posture by reducing the attack
surface as much as feasible and protecting against as many attack routes as
possible.
Answers
·
It
can indicate what software is on the binary whitelist
·
It
can indicate ACLs are not configured correctly
·
It
can indicate a malware infection
· It can indicate log normalization
Explanation: It's possible that the Windows hosts are infected with malware at this point. Malicious software might establish connections to external servers for various purposes, such as downloading additional payloads or sending stolen data.
38. What can provide resilience
against data theft, and can prevent an attacker from stealing confidential
information from a hard drive that was stolen?
Answers
·
OS
upgrades
·
Software
patch management
·
Key
escrow
· Full disk encryption (FDE)
Explanation: Encrypting the data on the hard drive can provide resilience against data theft and prevent an attacker from easily stealing confidential information even if the physical hard drive is stolen. The data is rendered inaccessible without the correct decryption key or password when it is protected using full-disk encryption or file-level encryption.
In the
case that someone steals your hard drive, the data will still be safe even if
they don't have the encryption key. This adds an extra layer of protection,
especially when dealing with sensitive or confidential information. It's like
having a secure lock on your data, making it significantly more challenging for
unauthorized individuals to access or misuse it, even if they have physical
possession of the storage device.
Answers
·
Calm
·
Careful
·
Patient
· Fast
Explanation: When installing updates on
critical infrastructure, it's important to be cautious and strategic. Critical
infrastructure, such as systems that control essential services like power
grids or water supply, requires careful consideration when applying updates to
avoid disruptions.
40. A network security
analyst received an alert about a potential malware threat on a user’s
computer. What can the analyst review to get detailed information about this
compromise? Select all that apply.
Answers
·
Full disk encryption (FDE)
·
Security Information and
Event Management (SIEM) system
·
Logs
· Binary whitelisting software
41. Which of the
following are potential attack vectors? Select all that apply
Answers
·
Passwords
·
Network protocols
·
Email attachments
· Network interfaces
42. What is the best way
to avoid personal, one-off software installation requests?
Answers
·
A strict no-installation policy
·
A clear application
whitelist policy
·
An application honor code policy
· An accept-all application policy
43. What is the purpose
of installing updates on your computer? Select all that apply.
Answers
·
Updating improves
performance and stability
·
Updating helps block all unwanted
traffic
·
Updating addresses
security vulnerabilities
·
Updating adds new features
