Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 4
Technical Integration of Enterprise Security

THE CASP+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

Domain 4: Technical Integration of Enterprise Security
- 4.1 Given a scenario, integrate hosts, storage, networks, and applications into a secure enterprise architecture.
  - Adapt data flow security to meet changing business needs.
  - Standards
    - Open standards
    - Adherence to standards
    - Competing standards
    - Lack of standards
    - De facto standards
  - Interoperability issues
    - Legacy systems and software/current systems
    - Application requirements
    - Software types
      - In-house developed
      - Commercial
      - Tailored commercial
      - Open-source
    - Standard data formats
    - Protocols and APIs
  - Resilience issues
    - Use of heterogeneous components
    - Course of action automation/orchestration
    - Distribution of critical assets
    - Persistence and non-persistence of data
    - Redundancy/high availability
    - Assumed likelihood of attack
  - Data security considerations
    - Data remnants
    - Data aggregation
    - Data isolation
    - Data ownership
    - Data sovereignty
    - Data volume
  - Resource provisioning and deprovisioning
    - Users
    - Servers
    - Virtual devices
    - Applications
    - Data remnants
  - Design considerations during mergers, acquisitions, and demergers/divestitures
  - Network-secure segmentation and delegation
  - Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
  - Security and privacy considerations of storage integration
  - Security implications of integrating enterprise applications
    - CRM
    - ERP
    - CMDB
    - CMS
    - Integration enablers
      - Directory services
      - Domain Name System (DNS)
      - Service-Oriented Architecture (SOA)
      - Enterprise Service Bus (ESB)
- 4.2 Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
  - Technical deployment models (outsourcing/insourcing/managed services/partnership)
    - Cloud and virtualization consideration and hosting options
      - Public
      - Private
      - Hybrid
      - Community
      - Multi-tenancy
      - Single tenancy
    - On-premise versus hosted
    - Cloud service models
      - Software as a Service (SaaS)
      - Infrastructure as a Service (IaaS)
      - Platform as a Service (PaaS)
  - Security advantages and disadvantages of virtualization
    - Type 1 versus Type 2 hypervisors
    - Container-based
    - vTPM
    - Hyperconverged infrastructure
    - Virtual Desktop infrastructure
    - Secure enclaves and volumes
  - Cloud-augmented security services
    - Anti-malware
    - Vulnerability scanning
    - Sandboxing
    - Content filtering
    - Cloud security broker
    - Security as a service (SaaS)
    - Managed security service providers
  - Vulnerabilities associated with comingling of hosts with different security requirements
    - Virtual Machine Escape (VMEscape)
    - Privilege elevation
    - Live Virtual Machine (VM) migration
    - Data remnants
  - Data security considerations
    - Vulnerabilities associated with a single server hosting multiple data types
    - Vulnerabilities associated with a single platform hosting multiple data types/owners on multiple virtual machines
  - Resource provisioning and deprovisioning
    - Virtual devices
    - Data remnants
- 4.3 Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
  - Authentication
    - Certificate-based authentication
    - Single sign-on
    - 802.1x
    - Context-aware authentication
    - Push-based authentication
  - Authorization
    - Open Authorization (OAuth)
    - eXtensible Access Control Markup Language (XACML)
    - Service Provisioning Markup Language (SPML)
  - Attestation
  - Identity proofing
  - Identity propagation
  - Federation
    - Security Assertion Markup Language (SAML)
    - OpenID
    - Shibboleth
    - WAYF
  - Trust models
    - RADIUS configurations
    - LDAP
    - AD
- 4.4 Given a scenario, implement cryptographic techniques.
  - Techniques
    - Key stretching
    - Hashing
    - Digital signature
    - Message authentication
    - Code signing
    - Pseudo-random number generation
    - Perfect forward secrecy
    - Data-in-transit encryption
    - Data-in-memory/processing
    - Data-at-rest encryption
      - Disk
      - Block
      - File
      - Record
    - Steganography
  - Implementations
    - Crypto modules
    - Crypto processors
    - Cryptographic service providers
    - DRM
    - Watermarking
    - GNU Privacy Guard (GPG)
    - Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
    - Secure Shell (SSH)
    - Secure/Multipurpose Internet Mail Extensions (S/MIME)
    - Cryptographic application and proper/improper implementations
      - Strength
      - Performance
      - Feasibility to implement
      - interoperability
    - Steam versus block
    - Public Key Infrastructure (PKI)
      - Wild card
      - Offensive Security Certified Professional (OSCP) vs Certified Revocation List (CRL)
      - Issuance to entities
      - Key escrow
      - Certificate
      - Tokens
      - Stapling
      - Pinning
    - Cryptocurrency/blockchain
    - Mobile device encryption considerations
    - Elliptic curve cryptography P-256, P-384, P-521
- 4.5 Given a scenario, select the appropriate control to secure communications and collaboration solutions.
  - Remote access
    - Resource and services
    - Desktop and application sharing
    - Remote assistance
  - Unified collaboration tools
    - Conferencing
      - Web
      - Video
      - Audio
    - Storage and document collaboration tools
    - Unified communication
    - Instant messaging
    - Presence
    - Email
    - Telephony and Voice over Internet Protocol (VoIP) integration
    - Collaboration sites
      - Social media
      - Cloud-based

Your organization currently uses FTP to transfer files, and you are tasked with upgrading a file transfer solution that answers the need for both integrity and confidentiality. Which of the following is true about the current state of business?
1. Port 20 used for transfer and port 21 used for control
2. Port 20 used for control and port 21 used for transfer
3. Port 20 used by the client and port 21 used by the server
4. Port 20 used for integrity and port 21 used for confidentiality
You are the new CISO for a software organization revising security best practices. Which of these statements regarding best practices is the most accurate?
1. They should be endorsed by end users.
2. They should be extremely specific.
3. They should by extremely general.
4. They should be as short as possible.
As the senior security architect, you create a security policy and standards that instruct employees to use strong passwords. You find that employees are still using weak passwords. Revising the procedures for creating strong passwords, which of these do you LEAST likely require for employees?
1. Change your password every 90 days.
2. Use a combination of numbers, letters, uppercase and lowercase letters, and special characters.
3. Use a minimum number of characters.
4. Use a Merriam-Webster dictionary.
You are part of a small startup nonprofit that has grown to a development stage where a security policy is necessary. Which of these do you NOT include in your security policy?
1. Purpose
2. Scope
3. Compliance
4. Procedures
Employees in your organization must use a Windows 10 desktop with a multicore CPU, a minimum of 8 GB of memory, and a solid-state drive. Which of these describes these technical aspects?
1. A policy
2. A procedure
3. A standard
4. A responsibility
A virtual machine hosted on an ESX server in your data center contains confidential data that is no longer needed by your company. You recommend shutting down the virtual machine and deleting the VM disk (VMDK) from the host. What is the security risk?
1. Data retention
2. Data encryption
3. Data protection
4. Data remanence
Your organization has grown and needs to hire someone for information management. This role is responsible for security marking and labeling. Which of the following BEST describes the role's responsibility?
1. Security marking/labeling is the process of using internal data structure from within information systems to determine criticality.
2. Security labeling is more important than security marking and is required for all information, including marketing information released to the general public.
3. Security marking and security labeling are the same.
4. Security marking and labeling will reflect compliance, requirements, applicable laws, directives, policies, and standards.
You are tasked with deploying a system so that it operates at a single classification level. All users who access this system have the same clearance, classification, and need to know. What is this operating mode?
1. Closed
2. Dedicated
3. Peer to peer
4. Compartmentalized
As a security architect of a medical complex, you are concerned that attackers can steal data from highly secure systems. You are trying to prepare for a system attack that exfiltrates data through existing channels in small increments. What are you trying to prevent?
1. Encryption
2. Backdoors
3. Covert channels
4. Viruses
A third-party software vendor disclosed that a backdoor was left in a product by mistake. What is this called?
1. A security patch
2. A rootkit
3. A virus
4. A maintenance hook
What form of storage decays over time and must be refreshed constantly?
1. RAM
2. Hard Drive
3. ROM
4. BIOS
You are building a decentralized privilege management solution for your financial organization with user accounts that are defined on each system rather than a centralized server. Which of these BEST describes this?
1. A workgroup
2. RADIUS/DIAMETER
3. Client/Server
4. Terminal services
You are tasked with creating a single sign-on solution for your security organization. Which of these would you not deploy in an enterprise environment?
1. Directory services
2. Kerberos
3. SAML 2.0
4. Workgroup
Your growing startup wants to take advantage of single sign-on. Which of the following is NOT an advantage?
1. Eliminating multiple user accounts and passwords.
2. Signing on once for access to resources.
3. Convenient and leads to fewer tech support password resets.
4. The attacker needs only one password to compromise everything without two-factor authentication.
Your healthcare startup does not currently have any written security standards, so you are creating a security policy. Which of these statements should go into a security standards document?
1. All personally identifiable health information (PHI) must be encrypted using AES to ensure customer privacy and confidentiality.
2. First, you must select the data you want to encrypt, right-click the file, and select encryption. Then, select a password.
3. All data must be encrypted.
4. HIPAA compliance requires customer privacy.
The National Institute of Standards and Technology (NIST) recommends the physical destruction of data storage media at what stage of media life?
1. Initial
2. Backups
3. Final
4. Retention
Your organization's security policy specifies a length of time to keep data, after which the data must be destroyed to help mitigate the risk of that data being compromised. This type of policy helps reduce legal liability if the data becomes unrecoverable. What type of policy is this?
1. Data protection
2. Data remanence
3. Data retention
4. Data destruction
Your job as an information protection specialist is to prevent unauthorized individuals from examining or capturing intellectual property. What do you use to protect the confidentiality of this data?
1. Cryptography
2. Sanitization
3. Legal documentation
4. Zeroization
You are selected to manage a systems development and implementation project. Your manager suggests that you follow the phases in the SDLC. In which of these phases do you determine the controls needed to ensure that the system complies with standards?
1. Testing
2. Initiation
3. Accreditation
4. Acceptance
You have completed the SDLC's accreditation process for a system your organization is going to deploy globally. Management has approved the system. What phase in SDLC comes next?
1. Documentation
2. Acceptance
3. Accreditation
4. Implementation
You assisted your networking organization in upgrading the speed and capabilities of your wireless local area network (WLAN). Currently, everyone utilizes equipment based on 802.11g using central access points. Which of the following would enhance the speed?
1. 802.11a
2. 802.11b
3. 802.11n
4. WiMAX
Your CISO asks you to develop deployment solutions for internally developed software that offers the best customization as well as control over the product. Cost is not an issue. What is the BEST solution for you to choose?
1. Hosted deployment solution with a lower up-front cost but requires maintaining the hardware the software is residing on
2. Cloud-based deployment solutions that require a monthly fee only
3. Elastic virtual hosting based on need
4. An on-premise traditional deployment solution
You decide to use a Type 2 hypervisor to deploy commercial software to test for suitability, vulnerabilities, and functionality. Your CISO questions your decision to use a Type 2 hypervisor instead of a VMM. Which of these is not a valid explanation?
1. A virtual machine monitor (VMM) is another name for a hypervisor. A hypervisor is software that is able to virtualize the physical components of computer hardware.
2. A Type 1 hypervisor is installed on a bare-metal server, meaning that the hypervisor is its own OS. Type 2 hypervisors use a host OS that is compatible with commercial software.
3. A virtual machine (VM) is an instance of a device running on a hypervisor. It is a computing virtual environment that relies on a hypervisor to communicate with the physical hardware it is installed on.
4. A virtual machine is a term used to describe Internet-enabled streaming services or web applications that give end users the ability to activate software locally.
A new program that you are in charge of requires replacing legacy equipment. This equipment touches every major operational system in the company. You establish security requirements and engage with the infrastructure and networking. What is your next step?
1. Document all the requirements, both technical and nontechnical.
2. Organize a tabletop exercise with all the technical personnel.
3. Communicate the security requirements to all the stakeholders.
4. Meet with database and application consultants for migration advice.
You conduct a security assessment and find legacy systems with vital business processes using standard Telnet protocols. What should you do to mitigate the risk?
1. Migrate from IPv4 to IPv6.
2. Install PuTTY.
3. Move the system to a secure VLAN.
4. Unplug the system until a replacement can be ordered.
You are a security architect for a large enterprise bank that recently merged with a smaller local bank. This acquired bank has a legacy virtual cluster, and all these virtual machines use the same NIC to connect to the LAN. Some of the VMs are used for HR, and some are used to process mortgage applications. What is the biggest security risk?
1. Shared NICs negatively impacting the integrity of packets
2. Bridging of networks impacting availability
3. Availability between VMs impacting integrity
4. Visibility between VMs impacting confidentiality
Your CIO requests a meeting with you, the security manager, to discuss the SQL administrators' request for a service-oriented architecture (SOA) and an application programming interface (API). In SOA and APIs, services are provided over a network. What is your biggest concern?
1. Users and services are centralized and available only during business hours.
2. SOA manages all the legacy systems that are vulnerable.
3. SOA is deployed using VMs and is exploited using VMEscape.
4. Users and services are distributed over the Internet, which can be open to outside threats.
In the last five years, your manufacturing group merged twice and acquired three startups, which led to more than 75 unique customer web applications. To reduce cost and improve workflows, you are put in charge of a project to implement centralized security. You need to ensure a model with standard integration, and accurate identity information and authentication as well as repeatability. Which is the BEST solution?
1. Implementation of web access control and relay proxies
2. Automated provisioning of identity management
3. Self-service single sign-on using Kerberos
4. Building an organizational wide granular access control model in a centralized location
A large enterprise social media organization underwent several mergers, divestitures, and acquisitions over the past three years. Because of this, the internal networks and software have extremely complex dependencies. Better integration is necessary. Which of the following integration platforms is BEST for security- and standards-based software architecture?
1. API
2. Point to point
3. SOA
4. ESB
A new business was acquired by your organization. Your CISO tells you that you will oversee the project merging the two organizations. As the security manager, what do you do first?
1. Develop an interconnection policy and perform a risk analysis.
2. Deploy a golden image operating system to all end users' computers.
3. Develop criteria and rate each firewall configuration.
4. Implement NIDS on all desktops and conduct security awareness training for all new employees.
Your company decided to outsource certain computing jobs that need a large amount of processing power in a short duration of time. You suggest the solution of using a cloud provider that enables the company to avoid a large purchase of computing equipment. Which of the following is your biggest concern with on-demand provisioning?
1. Excessive charges if deprovisioning fails
2. Exposure of intellectual property
3. Data remanence from previous customers in the cloud
4. Data remanence of your proprietary data that could be exposed
You are a systems administrator and are asked to draft a policy for several mission-critical legacy application servers that will be replaced in six months. What policy do you create?
1. Data provisioning
2. Data remanence
3. Data retention
4. Data encryption
You are an IT manager and the software list your employees must use has grown to the point that it's mandated that you implement federated identity SSO. It needs to be an extensible markup language used to exchange provisioning requests for account creation. Which of the following is BEST for this task?
1. SAML
2. cURL
3. SOAP
4. SPML
You are a small company administrator who is hosting multiple virtualized client servers on a single host. You are told to add a new host to create a cluster. The new hardware and OS will be different, but the underlying technology will be compatible. Both hosts will be sharing the same storage. What goal are you trying to accomplish?
1. Increased availability
2. Increased confidentiality
3. Increased integrity
4. Increased certification
Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three-day holiday weekend while most of the IT staff was not at work. The network diagram, in order from the outside in, consists of the Internet, firewall, IDS, SSL accelerator, web server farm, internal firewall, and internal network. You attempt a forensic analysis, but all the web server logs have been deleted, and the internal firewall logs show no activity. As the security administrator, what do you do?
1. Review the external firewall logs to find the attack.
2. Review the IDS logs to determine the source of the attack.
3. Correlate all the logs from all the devices to find where the organization was compromised.
4. Reconfigure the network and put the IDS between the SSL accelerator and server farm to better determine the cause of future attacks.
After a meeting with the board of directors, your CEO is looking for a way to boost profits. They identified a need to implement cost savings on non–core-related business activities, and the suggestion was made to move the corporate email system to the cloud. You are the compliance officer tasked with making sure security and data issues are handled properly. What BEST describes your process?
1. End-to-end encryption, creation, and the destruction of mail accounts
2. Vendor selection and RFP/RFQ
3. Securing all virtual environments that handle email
4. Data provisioning and processing, while in transit and at rest
New zero-day attacks are released on a regular timeline against many different technology stacks. Which of the following would be best for you, as a security manager, to implement to manage the risk from these attacks?
1. List all inventory, applications, and updated network diagrams.
2. Establish some type of emergency response hierarchy.
3. Back up all router, firewall, server, and end-user configurations.
4. Hold mandatory monthly risk assessment meetings.
You are a server administrator for a large enterprise using Windows, Linux, and macOS. You need to find a web service that enables HTTP and SMTP using XML-based protocols. Which technology is BEST for this way of exchanging information?
1. HTTPS
2. SSL
3. SOAP
4. SAMLv2
Your global software organization is required to conduct a BIA for any new company acquisition. Your organization has acquired a new software startup. Your organization and the startup both outsource the LMS and CMS for education to noncompatible third parties. What are you most concerned about?
1. Data sovereignty
2. Encryption
3. Data migration
4. Disaster recovery
Your hospital just merged with another hospital in another state that falls under a different legal jurisdiction. You are tasked with improving network security. Your CISO suggests data isolation by blocking communication between the two hospitals. How do you accomplish this?
1. Implementing HIDS
2. Building gateway firewalls
3. Configuring ERP
4. Creating network segmentation
You have been newly hired as a CISO for a governmental contractor. One of your first conversations with the CEO is to review requirements for recovery time and recovery point objectives, and enterprise resource planning (ERP). Who should you bring to the roundtable to discuss metrics surrounding your RTO/RPO?
1. Board of directors
2. Chief financial officer
3. Data owners and custodians
4. Business unit managers and directors
You are a security engineer for a government agency attempting to determine the control of highly classified customer information. Who should advise you on coordinating control of this sensitive data?
1. Sales
2. HR
3. Board of directors
4. Legal counsel
Two CISOs brought their IT leadership together to discuss the BIA and DRP for a merger between two automobile manufacturers. Their first priority is to communicate securely using encryption. What is the BEST recommendation?
1. DNSSEC on both domains.
2. TLS on both domains.
3. Use SMime in select email transmissions.
4. Push all communication to the cloud.
You are a security engineer for a healthcare organization. You are evaluating controls for PHI as well as financial data. Based on this table, what is the best classification?

Data Confidential Integrity Availability

PHI High Medium Low

Financial Medium High Low

PII High Medium Low

Industrial Low Low High
1. High confidentiality, High integrity, Low availability
2. High confidentiality, Medium integrity, Low availability
3. Medium confidentiality, High integrity, Low availability
4. Low confidentiality, Low integrity, Low availability
After the latest acquisition, your security manager asked you to review the business continuity plan. Your organization is required to meet compliance and other regulatory requirements relating to confidentiality. Upper management is concerned that you may miss some of the requirements, which would make your newly blended organization fail an audit. What should you do to improve the existing business continuity plan?
1. AAR
2. BIA
3. RPO and RTO
4. Gap analysis assessment
You own a small training business with two classrooms. Your network consists of a firewall, an enterprise-class router, a 48-port switch, and 1 printer and 18 laptops in each classroom. The laptops are reimaged once a month with a golden patched image with up-to-date antivirus and anti-malware. User authentication is two-factor with passwords and smart cards. The network is configured to use IPv4. You also have a wireless hotspot for students to connect their personal mobile devices. What could you improve on for a more resilient technical security posture?
1. Enhanced TLS controls
2. Stronger user authentication
3. Sufficient physical controls
4. IPv6
You are hired by a large enterprise as a systems security consultant to evaluate and make recommendations for increasing the network security posture. It is your first meeting with the stakeholders. What is your first question?
1. What are your business needs and the corporate assets that need to be protected?
2. What hardware and software do you currently have, and what would work best for securing your network?
3. What is your budget?
4. When is your next audit, and who will be on my team to carry out this security plan?
After merging with a new acquisition, you come to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm to spreading on TCP port 445. What do you advise the administrator to do to immediately to minimize the attack?
1. Run Wireshark to watch for traffic on TCP port 445.
2. Update antivirus software and scan the entire enterprise.
3. Check your SIEM for alerts for any asset with TCP port 445 open.
4. Deploy an ACL to all HIPS: DENY-TCP-ANY-ANY-445.
In an enterprise environment, which common security services would include firewalls and enterprise-grade border routers?
1. Access control
2. Cryptography and encryption
3. Boundary control
4. Authentication and automation
You are a security architect building out a new hardware-based VM. Which of the following would LEAST likely threaten your new virtualized environment?
1. Patching and maintenance
2. VM sprawl
3. Oversight and responsibility
4. Faster provisioning and disaster recovery
You are exploring the best option for your organization to move from a physical data center to virtual machines hosted on bare metal servers. Which of the following is the BEST option for that move?
1. Type 1 hypervisor
2. Type 2 hypervisor
3. iPaas
4. Iaas
You are exploring the best option for your organization to move from a physical data center to VMs hosted on bare-metal servers. Moving to a Type 1 hypervisor was discussed, but they were difficult to deploy. Now, it's been decided to use hosted hypervisors. Which of these is the BEST option for that move?
1. Type 1 hypervisor
2. Type 2 hypervisor
3. iPaas
4. Iaas
A server holding sensitive financial records is running out of room. As the information security manager, what is the BEST option?
1. First in, first out (FIFO)
2. Compress and archive oldest data
3. Move the data to the cloud
4. Add disk space in a RAID configuration
Your HR recruiter is having difficulties finding qualified applicants for an open IT security manager role. Your department discussed moving deployment solutions to a third party that will operate and maintain the processes. Which of the following deployment solutions is this most likely to be?
1. Cloud
2. Hosted
3. On-premise
4. Automated
Your company hires a third party to provide cloud-based processing that will have several different types of virtual hosts configured for different purposes, like multiple Linux Apache web server farms for different divisions. Which of the following BEST describes this service?
1. SaaS
2. PaaS
3. IaaS
4. AaaS
You have joined a company that licenses a third party's software and email service that is delivered to end users through a browser. What type of organization do you work for?
1. IaaS
2. SaaS
3. PaaS
4. BaaS
As a security architect, you decided to build a multiple virtual host with different security requirements. Several virtual hosts will be used for storage, while others will be used as databases. What should you do with these hosts?
1. Encrypt all hosts with AES.
2. Store each host on a separate physical asset.
3. Move these virtual hosts to the cloud for elasticity.
4. Verify that each server has a valid certificate.
Your company has a subscription to use a third party's infrastructure, programming tools, and languages to develop and build out a new cloud-based ESB application. Which acronym properly defines this type of service?
1. PaaS
2. IaaS
3. SaaS
4. MaaS
Your organization needs to be able to use a third party's development tools to deploy specific cloud-based applications. Platform as a service (PaaS) is the choice that has been approved to launch these cloud services. Which of the following is NOT a true statement?
1. PaaS can use an API to develop and deploy specific cloud-based services.
2. Cloud storage is a term used to describe the use of a third-party vendor's virtual file system as a document or repository.
3. You can purchase the resources you need from a cloud service provider on a pay-as-you-go basis.
4. With PaaS, you must buy and manage software licenses.
You work in information security for a stock trading organization. You have been tasked with reducing cost and managing employee workstations. One of the biggest concerns is how to prevent employees from copying data to any external storage. Which of the following BEST manages this situation?
1. Move all operations to the cloud and disable VPN.
2. Implement server virtualization and move critical applications to the server.
3. Use VDI and disable hardware and storage mapping from a thin client.
4. Encrypt all sensitive data at rest and in transit.
You are leading a project for your organization moving to a thin client with the server architecture hosted in the cloud. You are meeting with upper management, and they have asked for your advice about using thin clients. Which of the following is a security advantage?
1. Thin clients are economical and require less security. There is no storage, and the server is protected in the cloud.
2. Thin clients are encrypted with AES, both at rest and in transit.
3. Attackers will have less opportunity to extract data from thin clients.
4. Thin clients do not require external security auditing.
Your newly formed IT team is investigating cloud computing models. You would like to use a cloud computing model that is subscription based for common services and where the vendor oversees developing and managing as well as maintaining the pool of computer resources shared between multiple tenants across the network. Which of the following is the BEST choice for this situation?
1. Public
2. Private
3. Agnostic
4. Hybrid
Your organization opted into a public cloud solution for all of your business customers' testing environments. Which one of these is NOT a disadvantage?
1. TCO can rise exponentially for large-scale use.
2. Not the best solution for security and availability for mission-critical data.
3. Low visibility and control of the environment and infrastructure, which may lead to compliance issues.
4. Reduced complexity and requirements of IT experts as the vendor manages the environment.
Your newly formed IT team is investigating cloud computing models. You want to use a cloud computing model that is dedicated to your organization. The data center and all resources are located at the vendor's site but are isolated through a secure network and not shared with any other customer. Which of the following is the BEST choice for this situation?
1. Public
2. Private
3. Agnostic
4. Hybrid
Your organization opted into a private cloud solution for all your large, highly regulated technical customers. Which one of these is a disadvantage?
1. Dedicated environment
2. Compliance with regulations
3. Scalable and high SLA performance
4. Expensive solution and difficult to scale
Your newly formed IT team is investigating cloud computing models. You want to use a cloud computing model that is orchestrated as an integrated infrastructure environment. Apps and data can share resources based on business and technical policies. Which of the following is the BEST choice for this situation?
1. Public
2. Private
3. Agnostic
4. Hybrid
Your organization has opted into a hybrid cloud solution for all your strategic organizations with multiple verticals with different IT requirements. Which one of these is an advantage?
1. Flexible, scalable, reliable, and improved security posture
2. Strong compatibility and integration requirements
3. Complexity as the organization evolves
4. Can be very expensive
As the IT director of a nonprofit agency, you have been challenged at a local conference to provide technical cloud infrastructure that will be shared between several organizations like yours. Which is the BEST cloud partnership to form?
1. Private cloud
2. Community cloud
3. Hybrid cloud
4. Data centers
Your objectives and key results (OKR) being measured for this quarter include realizing the benefits of a single-tenancy cloud architecture. Which one of these results is NOT applicable to a single-tenancy cloud service?
1. Security
2. Reliability
3. Ease of restoration
4. Maintenance
Your objectives and key results (OKR) being measured for this quarter include realizing the benefits of a multitenancy cloud architecture. Which one of these results is NOT applicable to a multitenancy cloud service?
1. Financial
2. Usage
3. Vulnerabilities
4. Onboarding
As you investigate the itemized receipts from your cloud provider, you notice some VMs being spun up that either were not authorized or have been left running for extended time periods with no usage. What is this called?
1. VM sprawl
2. VM escape
3. VM jacking
4. VM migration
A guest OS escapes from within VM encapsulation to interact directly with the hypervisor. If the VM becomes compromised, this can give an attacker access to all the VMs as well as the host machine. What is this scenario called?
1. DoS
2. VM escape
3. VM jacking
4. VM isolation
One of the concerns you have for your hypervisor environment is the flooding of network traffic to leverage a host's own resources. The availability of botnets to rent on the Dark Web make it easy for attackers to carry out a campaign against specific virtual servers or applications with the goal of bringing services down. What is this type of an attack called?
1. VM DoS
2. VM scraping
3. VM isolation
4. VM migration
You are tasked as a security engineer with mitigating risk for your virtual machines. The first task is to identify all virtual environments and any active security measures currently in place. After you check for antivirus, IDS, and vulnerability scanning, which of these should you do next?
1. VM isolation
2. VM mitigation
3. VM traffic monitoring
4. VM sprawl
You are a cloud security consultant working with a large organization that is advocating applying the highest level of protection across all cloud assets. You suggest this is not what the priority should be. What would be a more strategic priority?
1. Determining what to protect through data discovery and classification
2. Running anti-malware software on all cloud instances
3. Using vulnerability scanning software on mission-critical servers
4. Implementing threat mitigation strategies
While running IaaS environments, you retain the responsibility for the security of all operating systems, applications, and network traffic. Which of these would not be advantageous to deploy to protect this cloud environment?
1. Advanced anti-malware applied to the OS
2. Application whitelisting and machine learning–based protection
3. Memory exploit prevention for single-purpose workloads
4. Negotiation of an SLA spelling out the details of the data the provider will share in case of an incident
You decided to create your own company that will be a service provider integrating security services into a corporate entity with a subscription model. This will be cost effective for companies when they investigate the total cost of ownership (TCO) of cybersecurity. What business model have you just created?
1. DaaS
2. PaaS
3. SECaaS
4. Iaas
You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the [email protected] address. You want to rip open the ransomware to see what it does and what asset it touches. What do you build?
1. Cloud sandbox
2. On-premise sandbox
3. An SLA with a penetration tester
4. A hypervisor
Your organization has increasingly turned to using cloud access security broker (CASB) vendors to address cloud service risks, enforce security policies, and comply with regulations. Which of these is not one of the pillars of CASB?
1. Visibility
2. Data security
3. Threat protection
4. Database normalization
One of the biggest issues your CISO has with migrating to more cloud environments is the process of acquiring and releasing resources. Technical as well as operation issues are associated with these processes. What type of procedure documentation should you create to help with this?
1. How to authenticate and authorize
2. How to dynamically provision and deprovision
3. How to use SaaS, IaaS, and PaaS
4. How to build a Type 2 hypervisor
Not having complete control over networks and servers is a real concern in your organization, and upper management asks you if the company's data is genuinely secure now that you have migrated to the cloud. They have asked you to be present at the next board of directors’ meeting to answer questions regarding cloud security and content filtering. With all the news of the latest breaches, you know they are going to have questions. Which of these questions would NOT apply to this meeting?
1. How is our data protected in the cloud?
2. Who has control over our data in the cloud?
3. Who has access to our data in the cloud?
4. Why move to the cloud?
You are reading about the latest breach of a cloud web application server One key element in the breach was no vTPM was being utilized for encryption. The attack targeted a flaw in the security settings, specifically failing to auto-encrypt files, which left the entire network and every device connected to it vulnerable to attack. Configuration vulnerabilities in the cloud can include which of the following?
1. Unpatched security flaws in server software
2. SSL certificates and encryption settings not configured properly
3. Enabled and accessible administrative and debugging functions
4. All of the above
You are a program developer for a large retail organization. Your CISO returned from a large conference and asked you to clarify exactly what the benefit of a container is over virtual machines. Which of these is the BEST succinct answer?
1. In a VM, hardware is virtualized to run multiple OS instances. Containers virtualize an OS to run multiple workloads on a single OS instance using a container engine.
2. In a container, hardware is virtualized to run a single OS, where a VM can run multiple applications across multiple assets with a single OS.
3. A VM is virtualized technology, but a container is not.
4. A container is the same thing as a virtual machine, just smaller in size.
As a leader in your organization in DevOps, you want to convince your CISO to move toward containerization. Which of these is not an advantage to using containers over VMs?
1. Reduced and simplified security updates
2. Less code to transfer, migrate, and upload
3. Quicker spinning up applications
4. Large file size of snapshots
At the latest IT department meeting, a discussion on the best virtual methodology centered around using VMs versus containers. Which of these statements BEST aligns with those two models?
1. VMs are better for lightweight native performance, while containers are better for heavyweight limited performance.
2. VMs are for running applications that need all the OS has to offer, while containers are better when maximizing number of applications on minimal resources.
3. VMs share the host OS, while containers run on their own OSs.
4. Containers are fully isolated and more secure, whereas VMs use process-level isolation.
Containerization provides many benefits in flexibility and faster application development. Which of the following statements is false?
1. Containers share the host OS's kernel during runtime.
2. Containers do not need to fully emulate an OS to work.
3. One physical server running five containers needs only one OS.
4. Containers are pure sandboxes just like VMs are.
You are a security analyst reviewing corporate settings on multiple assets. You notice some settings were disabled and are allowing untrusted programs to be installed on mobile devices. What settings should be adjusted so that applications can be sandboxed and tested before deploying securely?
1. Updates
2. Digitally signed applications
3. Containerization
4. Remote wiping
After merging two disparate networks, a security incident led you to the discovery of an attacker gaining access to the network, overwriting files and installing backdoor software. What should you use to detect attacks like this in the future?
1. Containerization
2. Firewalls
3. VM patch management
4. FIM
A newly installed application has a large database and needs additional hardware. Your budget is stretched tight, and your CIO will not approve new purchases for the data center. Which cloud hosting option would BEST fit your need?
1. SaaS
2. PaaS
3. IaaS
4. SECaaS
Your CISO asked you to help review system configurations and hardening guides that were developed for cloud deployment. He would like you to make a list of improvements. What is the BEST source of information to help you build this list?
1. Pentesting reports
2. CVE database
3. Implementation guides
4. Security assessment reports
You and a colleague are discussing the differences between 2FA and MFA. They say it's the same thing, and you are explaining to them that it isn't. Which is the BEST statement that describes the difference?
1. Multifactor authentication (MFA) requires users to verify their identity by providing multiple pieces of evidence that can include something they know, something they have, or something they are. MFA can be push based such as sending an SMS to a phone to approve or decline. Two-factor authentication (2FA) is a user providing two authentication methods like a password and a fingerprint.
2. 2FA and MFA have the same process with the caveat that 2FA must be two separate types of authentication method. MFA could be two or more of the same method.
3. 2FA is safer and easier for end users than MFA.
4. Multifactor authentication (MFA) requires users to verify their identity by providing at least two pieces of evidence that can include something they know, something they have, or something they are. Two-factor authentication (2FA) is a user providing two or more authentication methods like a password and a fingerprint.
Your employees have various computer systems they must access during a workday. A security audit shows that many of them are reusing passwords. Your CISO is interested in a system that will allow employees to use one set of credentials to access all systems. What type of authentication is this called?
1. Single sign-on
2. 2FA
3. MFA
4. Biometrics
Your CISO wants to implement a solution within the organization where employees are required to authenticate once and then permitted to access the various computer systems they are authorized to access. The organization uses primarily Microsoft products. Which solution is BEST suited for this organization?
1. Kerberos
2. SSL
3. OTP
4. Kubernetes
Your organization uses an authentication system that enables users to authenticate once and includes a service that grants tickets for specific services. Of the following options, which technology BEST matches this description?
1. OSPF
2. Kerberos
3. LDAP
4. Biometrics
Your organization wants to automate the process of assigning corporate resources to employees. For example, when an HR rep enters data into the HR system for a new employee, the organization wants the HR system to reach out to various other systems like the email system to configure resources for the new employee automatically. What automated identity management propagation solution could perform this task?
1. SPML
2. SOAP
3. Active Directory
4. SSO
Your organization has partnerships with various other companies that require employees of each company to access information from the others. Of course, each company has an authentication process for their employees. What identity management system would allow employees of each company to log in to their respective company and also access the needed information at the others?
1. SSO
2. SSL
3. Federal Identity Management
4. Kerberos
You are logged into a website. While performing activities within the website, you access a third-party application. The application asks you if it can access your profile data as part of its process. What technology is this process describing?
1. OATH
2. OAUTH
3. Malware
4. Cookies
You are a system admin for a large organization with many deployed web services. You are looking for a protocol to implement that would allow the web services to communicate over HTTP using XML. What solution would suit your needs?
1. SOAP
2. SAML
3. Kerberos
4. LDAP
You visit a website that requires credentials to log in. Besides providing the option of a username and password, you are also given the option to log in using your Facebook credentials. What type of authentication scheme is used?
1. SAML
2. OAUTH
3. ClosedID
4. OpenID
You are managing a new project to bring the OAUTH framework into the organization. Which one of these statements is incorrect?
1. OAUTH gives a third-party application access to resources.
2. OAUTH is an open standard authorization framework.
3. OAUTH is designed around four roles: owner, client, resource server, and authorization server.
4. OAUTH shares password information with third-party applications.
You need to develop a security logging process for your mission-critical servers to hold users accountable for their actions on a system after they log in. What is this called?
1. Authorization
2. Authentication
3. Verification
4. Accountability
Your IT management team is wary of open-source tools and does not want to implement an OASIS open standard tool for authentication. Which tool will not be considered based on the scenario?
1. OAUTH
2. SAML
3. SPML
4. XACML
You are conducting a security survey and want to ensure that only one authenticated person at a time can enter the building at a specific point and time. What is the BEST way to authenticate, and what perimeter defense do you recommend?
1. Badge through a turnstile
2. Signature through a mantrap
3. Presentation of an ID at a closed gate
4. Bollards and physical locked door
Your organization needs an AAA server to support the users accessing the corporate network via a VPN. Which of the following will be used to provide AAA services?
1. RADIUS
2. L2TP
3. LDAP
4. AD
You determined that there is a need for a client-based technology using a sandbox to limit the amount of system resources utilized by a program. If the program attempts to exceed those resources, the browser terminates the program. Which of these technologies uses sandboxing as a security control?
1. Java applet
2. ActiveX
3. SAML
4. SOAP
Which of the following access control principles should you implement to create a system of checks and balances on employees with heightened privileged access?
1. Rotation of duties
2. Need to know
3. Mandatory access control
4. Separation of duties
Your company hired a third-party company to fulfill compliance requirements to test for weaknesses in your company's security. The contractor attempted to hack wireless networks and enter secure areas without authorization and used phishing to gain access to credentials. What BEST describes this process?
1. Vulnerability scans
2. Active reconnaissance
3. Penetration test
4. Passive reconnaissance
You need to find a web-based language that is used to exchange security information with single sign-on (SSO). Which of the following is the BEST language to use?
1. SOAP
2. Kerberos
3. SAML
4. API
You work for a software company and learned that a certain developer hard-coded secret authentication credentials into one of your applications. What is this called?
1. Backdoor
2. Logic bomb
3. Maintenance window
4. Isolation
Your network administrator wants to use an authentication protocol to encrypt usernames and passwords on all Cisco devices. What is the BEST option for them to use?
1. RADIUS
2. DIAMETER
3. CHAP
4. TACACS+
You need to review the logs in the finance department from application servers to look for any malicious activity. What BEST describes your activity?
1. Identification
2. Authentication
3. Malware analysis
4. Accountability
Your IT manager wants to move from a centralized access control methodology to a decentralized access control methodology. You need a router that authenticates users from a locally stored database. This requires subjects to be added individually to the local database for access, which creates a security domain, or sphere of trust. What BEST describes this type of administration?
1. Decentralized access control requires more administrative work.
2. Decentralized access control creates a bottleneck.
3. Decentralized access control requires a single authorization server.
4. Decentralized access control stores all the users in the same administrative location using RADIUS.
Your company hired customer service representatives from a third-party vendor working out of a remote facility. What is the BEST way to prevent unauthorized access to your systems?
1. Two-factor authentication (2FA)
2. Site-to-site VPN
3. Encrypted VDI
4. IPSec to the required systems for the vendor
You are a security administrator helping a network engineer troubleshoot RADIUS authentication problems. You see the following message in the logs: RADIUS message received from invalid client 192.168.1.109. What should you check first to remedy the situation?
1. Examine the RADIUS policy
2. Register the RADIUS server
3. Modify the authenticated client
4. Add the IP address of the authorized client
Your enterprise is dealing with an increase in malicious activity traced back to insiders. Much of the activity seems to target privileged users, but you don't believe much of this activity is from the employees on your network. What will most likely deter these attacks?
1. Role-based training and best practices
2. More frequent vulnerability scans
3. Full disk encryption
4. Tightening security policy for least privilege and separation of duties
Your company currently uses Kerberos authentication protocols and tickets to prove identity. You are looking for another means of authentication because Kerberos has several potential vulnerabilities, the biggest being which of the following?
1. Single point of failure
2. Dynamic passwords
3. Limited read/write cycles
4. Consensus
The Domain Name System (DNS) maintains an index of every domain name and corresponding IP address. Before someone visits a website on your corporate network, DNS will resolve your domain name to its IP address. Which of the following is a weakness of DNS?
1. Spoofing
2. Latency
3. Authentication
4. Inconsistency
Your CIO approached the CISO with the idea to configure IPSec VPNs for data authentication, integrity, and confidentiality. Which of the following reasons would help support the CIO's goals?
1. IPSec only supports site-to-site VPN configurations.
2. IPSec can only be deployed with IPv6.
3. IPSec authenticates clients against a Windows server.
4. IPSec uses secure key exchange and key management.
You work for a university and are monitoring your dedicated faculty wireless network. You see many mobile devices not authorized to use this network, and malicious activity has been reported. Your IT security manager suggested adding contextual authentication. Which of the following falls in that category?
1. GPS
2. IDS
3. MAC filtering
4. Bluetooth
You just accepted a CISO position for a small customer service business, and your first priority is to increase security and accessibility for current SaaS applications. The applications are configured to use passwords. What do you implement first?
1. Deploy password managers for all employees.
2. Deploy password managers for only the employees who use the SaaS tool.
3. Create a VPN between your organization and the SaaS provider.
4. Implement a system for time-based, one-time passwords.
You are a SQL database administrator managing security initiatives. Based on controlling the confidentiality of your customers’ financial information, what controls BEST meet the need of your company?
1. UPS and partial disk encryption
2. IPS generator and strong authentication controls
3. Vulnerability scanning and peer review of all changes
4. CMDB and an analysis of all code modifications
Your credit card company identified that customers' top transaction on the web portal is resetting passwords. Many users forget their secret questions, so customers are calling to talk to tech support. You want to develop single-factor authentication to cut down on the overhead of the current solution. What solution do you suggest?
1. Push notification
2. Hardware tokens
3. Login with third-party social media accounts
4. SMS message to a customer's mobile number with an expiring OTP
You are a service provider responsible for ensuring that an audit for PCI-DSS occurs and that the correct documentation is completed by the relevant parties. This is part of the assessment you provide. What is this process called?
1. Service provider request
2. Attestation of compliance
3. Payment requests
4. Security standards council
You purchase software from an online store. On the download page next to the link to download the software, there is a string of characters that looks like SHA256: e2ad113ea0d826d8c208bd0eabd3fb4b76c7d85618d4f38b5d54d4788a5ececa. What is the string of characters after SHA256 used for?
1. Serial number of software
2. Product ID of software
3. Encryption key to decrypt the software
4. Unique identifier of the software
You need to provide software for your end users to download. You want the users to be able to verify that the software has not changed during the download process. How might you provide this verification?
1. Compute a hash of the software and list it along with the software on a server for download. End users can then use the hash to verify that the software hasn't been altered.
2. Encrypt the software and list the encrypted software along with the encryption key on a server for download. End users can then use the encryption key to verify that the software hasn't been altered.
3. The user can attempt to install and run the program. If it installs and operates properly, it hasn't been altered.
4. Have the user authenticate first. If the user is authenticated, the software they download must be genuine.
You want to send a confidential message to a colleague in such a way that only the colleague can read it. You encrypt the message and then send it. What key is used to encrypt the message?
1. Your public key
2. Your private key
3. Your colleague's public key
4. Your colleague's private key
You want to send a confidential message to a colleague in such a way that only the colleague can read it. You encrypt the message and then send it. What key is used to decrypt the message?
1. Your public key
2. Your private key
3. Your colleague's public key
4. Your colleague's private key
You want to send an email securely to a colleague in such a way that the colleague is sure it came from you. What key would you use to sign the email so that the colleague is sure it came from you?
1. Your public key
2. Your private key
3. Your colleague's public key
4. Your colleague's private key
You want to send an email securely to a colleague in such a way that the colleague is sure it came from you. What key would your colleague use to decrypt the email, ensuring that the message came from you?
1. Your public key
2. Your private key
3. Your colleague's public key
4. Your colleague's private key
Your colleague hashes a message, encrypts the associated hash with her private key, and sends it to you. What is this process called?
1. Digital signature
2. Nonrepudiation
3. Digital transfer
4. Digital privacy
Your colleague hashes a message, encrypts the message with your public key, encrypts the associated hash with her private key, and sends it to you. What will this process do?
1. Provides confidentiality, integrity, and nonrepudiation
2. Provides availability, confidentiality, and integrity
3. Provides availability, integrity, and nonrepudiation
4. Provides availability, confidentiality, and nonrepudiation
You have an application that requires data to be encrypted on legacy equipment with minimum hardware resources. Which type of cipher is BEST suited for this situation?
1. Stream cipher
2. Serial cipher
3. Block cipher
4. Parallel cipher
You have an application that requires data to be encrypted on legacy equipment with minimum hardware resources. Which of the following ciphers BEST suits your needs?
1. Twofish
2. RC4
3. AES
4. Blowfish
You have an application that needs to send large amounts of data in a secure fashion. Which of the following ciphers is BEST suited for this need?
1. ECC
2. RC4
3. 3DES
4. AES
You suspect that an employee is stealing company information, but you're not sure how they are removing the information from the premises. During an investigation, you find a folder with numerous pictures in it. Later, you also discover that many of these pictures were emailed to an external email account. What may you deduce from this information and want to investigate further?
1. Someone loves photography and sharing photos via email.
2. Information could be hidden in the photos.
3. The recipient of the photos could be in the marketing department.
4. You could reach out to human resources to bring this person in for a discussion and review the NDA they signed.
You investigate an incident of malware on a corporate computer, and you come across a steganography program on an employee's laptop. It turns out that this tool was downloaded for free onto the system and that the downloaded file is the source of the malware. What might explain this information?
1. Company information may be extracted using the steganography tool by the employee who downloaded it as well as the developer of the program itself.
2. Someone downloaded the steganography tool to protect data as a form of encryption.
3. You should reverse engineer the unauthorized software to determine how it works.
4. You only need worry about the malware. You can always trust employees.
You are a forensic investigator analyzing a copyrighted video file for hidden information. You only have the file. What type of analysis technique will you use?
1. Known message
2. Known stego
3. Stego only
4. Chosen
You found a suspicious USB in the corporate parking lot and brought the USB back to your lab for testing in a sandbox. It contains unreadable documents and audio files. You pick one that is abnormally large to analyze, looking for hidden information. What is this process referred to as?
1. Stego-analysis
2. Stegoanalysis
3. Steganography
4. Steganalysis
You examine a file for hidden information but do not find any. What technique might the attacker use to make it more difficult to detect the hidden information?
1. Encryption
2. Deception
3. FIM
4. Randomization
Your company relies on certificates to verify entities it does business with. It is important that the validity of certificates is verified as quickly as possible. What method of checking certificate validity is BEST for this situation?
1. CRL
2. OCSP
3. CLR
4. OSCP
Your CISO is concerned with the secure management of cryptographic keys used within the organization. She wants to use a system where the keys are broken into parts, and each part is encrypted and stored separately by contracted third parties. What is this process called?
1. Key objectives
2. Key revenue
3. Key escrow
4. Key isolation
You manage a CA on your global corporate network. When a certificate authority revokes a certificate, what certificate information is placed on the revocation list?
1. Certificate's private key
2. Certificate's public key
3. Certificate's serial number
4. Certificate's hash
You work with a certificate authority to create digital certificates for your organization. You do not want to use OCSP stapling which holds the certificate and will be the one to provide status of any revocation. What cryptographic key do you provide to the certificate authority?
1. You don't provide keys to the certificate authority.
2. You provide both the private and public keys.
3. You provide the private key.
4. You provide the public key.
You need a hardware solution that will provide your employees a secure way to store digital certificates and private keys in multiple domains. The solution must be mobile. Which of the following options BEST suits your need?
1. Wild card PKI token
2. PKI badge
3. Token ring
4. RAID
You were tasked with choosing the correct encryption for your mobile device management program. Which asymmetric encryption algorithm is BEST suited for mobile devices?
1. AES
2. ECC
3. IDEA
4. Serpent
You intend to use asymmetric encryption to transmit various amounts of data from one endpoint to another over the Internet. You are concerned that if the private key used for this transmission is compromised, all encrypted data will be exposed. What technology could you use that generates temporary session keys based on your asymmetric keys?
1. Perfect Forward Secrecy
2. Pretty Good Privacy
3. Public Key Infrastructure
4. PaaS
Your company generates documents intended for public viewing. While your company wants to make these documents public, it stills wants to prove the documents originated from the company. How can these documents be marked in such a way that information about their origin is maintained while not distorting the visual contents of the documents?
1. Blowfish
2. Steganographic watermarking
3. Digital signatures
4. PKI
Your end users are using mobile devices to access confidential information on the corporate network. You need to ensure the information is kept secure as it is transmitted to these mobile devices. Encryption is a requirement. Of the following answers, which one BEST describes a major concern with implementing encryption on mobile devices?
1. They have more processing power than other computing devices.
2. They typically have less processing power than other computing devices.
3. Increased complexities.
4. Obfuscation.
Your small company wants to utilize asymmetric encryption to send secure emails but doesn't want the expense of using a certificate authority or a pinned certificate. Which of the following options is a good alternative?
1. PKI
2. CA/RA
3. GPG
4. Kerberos
Your business cannot overlook the need for allowing remote access by employees. You never know when an employee will need to connect to the corporate intranet from a remote location. The first thing to do is create a comprehensive network security policy. Which one of these will not fit into that policy?
1. Definition of the classes of users and their levels of access
2. Identification of what devices are allowed to connect through a VPN
3. The maximum idle time before automatic termination
4. Whitelist ports and protocols necessary to everyday tasks
You must decide what to do to formulate an efficient and effective security policy that includes the network, cryptocurrency and blockchain. This technology will enable electronic transactions that are resilient even when large amounts of money are at stake. What type of an assessment should you do?
1. Risk assessment
2. Penetration test
3. Compliance audit
4. Black-box testing
You have a three-layer line of defense working to protect remote access to your network, which includes a firewall, antivirus software, and a VPN. What action should your network security team take after standing up this defense?
1. Log all security transactions.
2. Monitor alerts from these assets.
3. Check the firewall configuration monthly and antivirus weekly.
4. Run tests for VPN connectivity once every 24 hours.
You are a security architect and were asked to review the project for a new VPN. You were asked to review a solution that operates on the network layer of the OSI model and uses authentication and encryption and cryptographic keys to protect data moving between hosts. What type of VPN remote access solution is this?
1. L2TP
2. XAUTH
3. IKE
4. IPSec
You have decided that an IPSec VPN is not a good fit for your organization. Employees need access only to specific applications, not the entire network. What VPN option would work BEST in this situation?
1. SSH
2. SSL
3. IKE
4. RDP
You need a way to enable tech support from your organization to have complete remote access to your systems. It has become difficult to walk end users through a complicated set of steps, so it is best to let a well-trained technician do it for them. Which of the following are the major risks with desktop sharing and remote access?
1. Authentication and access control
2. Authorization and verification
3. Validation and isolation
4. Regulation and application
You need to prevent attackers from being able to access copyrighted and digitally protected data from a group of transactions, even if they are able to break the encryption for a single communication sent over the Web by devices creating a unique session key for each transaction. What is this called?
1. Perfect Forward Secrecy
2. Pretty Good Privacy
3. GNU Privacy Guard
4. IETF standards
Your SMB organization is exploring a tool that combines VoIP, video, chat, and email together in one messaging system. What type of tool is this called?
1. Cloud computing
2. Unified communications
3. Global transformation
4. Competitive collaboration
You are a network engineer for an SMB. You are evaluating the placement of your new unified communications (UC) server. Your UC server does have some built-in capabilities for attack mitigation, but you do not want to solely rely on it. Where should you place this UC server?
1. Sequestered behind a firewall
2. Connected directly to the Internet
3. Between two web servers, email and messaging
4. Connected directly to your intranet
An email with a document attachment from a known individual is received with a digital signature. The email client is unable to validate the signature. What should you NOT do?
1. Contact the sender.
2. Contact your security administrator.
3. Open the attachment to see if the signature is valid.
4. Determine why the signature is not valid before you open the attachment.
You would like to periodically update records in multiple remote locations to ensure the appropriate levels of fault tolerance and redundancy. What is this is known as?
1. Shadowing
2. Mirroring
3. Archiving
4. Fail safe
Users are reporting to you that some Internet websites are not accessible anymore while on VPN. Which of the following will allow you to quickly isolate the problem causing the network communication issue so that it can be reported to the responsible party?
1. IPConfig
2. Ping
3. MMC
4. Tracert
What is the best security practice for keeping your collaborative software updated with patches and bug fixes as well as knowing how those updates will impact the system?
1. Patch management
2. Vulnerability management
3. Encryption
4. Security policy and procedures
The art of having people divulge sensitive information about the organization or about themselves by masquerading as a valid identity in your collaboration platform is known as which of the following?
1. Dumpster diving
2. Phishing
3. Social engineering
4. Active reconnaissance
Your team is conducting a risk assessment to assign an asset value to the collaboration servers in your data center. The primary concern is how and what to replace in the case of a disaster. Which one of the following is the BEST choice?
1. Purchase cost
2. Depreciated cost
3. Retail cost
4. Replacement cost
You are working with upper management to classify data to be shared in your collaboration tool, which will create extra security controls limiting the likelihood of a data breach. What principle of information security are you trying to enforce?
1. Confidentiality
2. Integrity
3. Accountability
4. Availability
You chose a vendor for your collaboration tool and will sign an agreement that requires that a vendor not disclose confidential information learned during the scope of the proof of concept, deployment, and usage of the tool. Which document needs to be signed by both your organization and the vendor?
1. SLA
2. MOU
3. NDA
4. RFP
VoIP is dependent on continuous reliable packet flow. It is an issue in the face of attacks. High levels of packet loss raise questions about VoIP reliability. Which of these attacks could be called the “busy signal” of VoIP?
1. DDoS
2. SQLi
3. MiTM
4. Bluejacking
You evaluate several unified communication vendors. You have a need for one with their own data center facility hosting their own instance of the platform with built-in redundant power, remote backup, and secured entry as well as 24/7 staffing. Why would a UC vendor have minimal data center security?
1. Cost savings
2. Compliance requirements
3. Ease of setup and use
4. Perfect forward secrecy
You investigate a breach and trace it back to your unified communications tool. The malicious user attacked the UC network and spoofed a MAC address to register an employee's soft phone and made international calls through your UC network. Which one of the following options would NOT have affected this attack?
1. Vulnerabilities in the UC platform
2. Weak firewall configurations
3. Social media posts
4. Cipher lock on the server room door
You are a security manager looking to improve security and performance of your unified communications server. Which of the following options might help with decreasing the attack surface?
1. Adding more users
2. Adding more devices
3. Turning off unused services
4. Ease of setup
Your organization is analyzing the risk of using more and more diverse technology. Your task is to look at video collaboration tools because it houses your most important information, customer data, and innovative ideas in one single space. With data security in mind, what do you suggest doing to protect against privileged users compromising sensitive data?
1. Deploying flexible levels of access across the platform
2. Creating alerts when specific data file types have been uploaded
3. Putting individual projects in their own dedicated spaces with restricted access
4. Creating a strict password policy
The audio collaboration tool that your company uses follows a username and password login model. If an employee's credentials are compromised, it could give attackers access to financial information, intellectual property, or client information. How would you mitigate this type of risk with a collaboration tool?
1. Strict password guidelines
2. Only use HTTPS
3. Restrict usage to VPN
4. Disable SSO
You recently were made aware that your collaboration tool is sending daily summaries to employees, contractors, and vendors through a publicly shared email service. You suspect this might be risky. If there is a vulnerability in your email server, you're opening up even more security risks. What should you have employees do instead?
1. Turn off the feature.
2. Use a tool that has a “recent activities” summary that pops up when a user securely logs in.
3. Set up an export via VPN.
4. Perform weekly check-in phone calls to review all the summaries.
While doing risk analysis, you realize that you set up a presence collaboration tool using the URL mycompanyname.appname.com. What should you do to protect this collaboration tool from an attacker randomly finding this login portal?
1. Choose a tool that enables your IT team flexibility to control security settings and to determine a URL structure that is customizable.
2. Make sure that the entire team using the tools understands encryption.
3. Require strict usernames and passwords.
4. Check for compliance if you are a healthcare organization.
You are a healthcare provider accessing a cloud-based server where your collaboration tool resides. What is the most important question you need to ask the vendor/host of this cloud-based server?
1. Is this server HIPAA HITECH compliant?
2. Is this server SCADA compliant?
3. What is your SLA if the server goes down?
4. What is my TCO of this software?
You are choosing a collaboration tool to be used across the finance department. For evaluation, which of the following questions is NOT as important as the others?
1. How established is the solution?
2. What support is required to roll out the solution?
3. Can we change the brand logo and color scheme?
4. What training and best practices can you offer to avoid issues in the future?
Management of your hosted application environment requires end-to-end visibility and a high-end performance connection while monitoring for security issues. What should you consider for the most control and visibility?
1. You should consider a provider with connections from your location directly into the applications cloud ecosystem.
2. You should have a T1 line installed for this access.
3. You should secure a VPN concentrator for this task.
4. You should use HTTPS.
Your organization has a policy that passwords must be at least 12 characters long; include a combination of upper- and lowercase letters, numbers, and special characters; and be changed every 30 days. Which of the following solutions will enforce this policy organization-wide?
1. Active Directory GPO
2. LDAP
3. RADIUS
4. DIAMETER
Your organization was the victim of brute-force attacks where the attacker discovered usernames and continually tried to log in to the corporate network using various passwords until the account was compromised. What following option could reduce the likelihood of a brute force attack being successful?
1. Allow only one attempt for privileged users.
2. Configure Group Policy in Active Directory to lock out an account for 10 minutes after five unsuccessful login attempts.
3. Create federated identities with Shibboleth and WAYF. SSO.
4. Have stricter password requirements.
To enter your facility, a guest must sign in and present a picture ID. A security guard will check both for accuracy, and if both match, the guest is allowed to enter into the building as long as they are escorted by a sponsor. What has the security guard performed?
1. Identity proofing
2. Identity authentication
3. Identity accounting
4. Identity confidentiality
Phishing is a successful way to initiate a security breach. One of the collaboration-based attacks your company suffered last quarter was phishing using malicious URLs via an instant messaging tool. Which of the following is why this attack is so successful?
1. Your guard was down, you were worried about deadlines, and you trusted those people.
2. You logged into the collaborative tools with credentials.
3. Phishing is only used for emails.
4. Malicious files or URLs are not blocked automatically in IMs.
You are evaluating remote desktop software that enables help-desk personnel to remotely access a user's computer for troubleshooting purposes. For ease of use, you want the product to be browser based. While evaluating a product, you notice a padlock next to the URL in the browser. What does the padlock indicate?
1. You are connected using HTTP.
2. You are connected using SSH.
3. You are connected using TLS.
4. You are connected using TPM.
You want to access network equipment on the corporate LAN remotely. A colleague suggests using the program PuTTY. After downloading and running PuTTY, you find that it offers various means of remote connectivity. Which of the following options is the most secure option?
1. Telnet
2. SSH
3. FTP
4. HTTP
You are a network engineer and need to access network equipment on the corporate LAN remotely. The solution to provide this function must include a secure login per user that is easily managed. Tracking login activity is also important. Which of the following is the BEST solution?
1. Common passwords should be set on each network device.
2. A common username and password should be set on each network device.
3. Unique usernames and passwords should be set on each network device.
4. Use a RADIUS solution and have each network device configured to use it.
Your company is migrating systems from on-premise systems to a data center managed by a third party. Remote access must be available at all times. Controls on access must be auditable. Which of these controls BEST suits these needs?
1. Access is captured in event logs.
2. Access is limited to single sign-on.
3. Access is configured using SSH.
4. Access is restricted using port security.
You are evaluating a remote desktop solution that is browser based. While performing the evaluation, you discover that the latest version of SSL is used to encrypt data. Which statement is true about this connection?
1. The connection is using SSL, and it is secure.
2. The latest version of SSL is version 1.96.
3. SSL is obsolete. TLS should be used instead.
4. TLS is obsolete. SSL is the best solution.
You found that an attacker compromised a web conferencing server utilizing a known vulnerability of the software. Which option should be performed to prevent this intrusion?
1. Install a firewall in front of the server.
2. Keep the web conferencing software patches up to date.
3. Install AV on the web conferencing server.
4. Ensure HTTPS is always used.
You have a user who wants to conduct video conferences from his computer. He finds a free program that does what he wants and downloads it. The program was published for only a few months. Unfortunately, the free program includes malware and infects his system and others. What technology could have prevented this situation from occurring?
1. Redlisting
2. Blacklisting
3. Graylisting
4. Whitelisting
Your CISO is concerned that employees are posting confidential information on social media. Which of the following two options BEST addresses this issue?
1. Block social media sites from corporate resources.
2. Train employees on the importance of not divulging company information on social media.
3. Forbid employees from having social media accounts.
4. Create a corporate policy outlining the requirement not to divulge corporate information on social media sites and the consequences of doing so.
You want to implement a technology that will verify an email originated from a particular user and that the contents of the email were not altered. Of the answers provided, which technology provides such a function?
1. Digital signature
2. Symmetric encryption
3. Asymmetric encryption
4. Nonrepudiation

Data	Confidential	Integrity	Availability
PHI	High	Medium	Low
Financial	Medium	High	Low
PII	High	Medium	Low
Industrial	Low	Low	High

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 4: Technical Integration of Enterprise Security

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 4: Technical Integration of Enterprise Security