1. What is an attack vector?
- The classification of attack type
- The direction an attack is going in
- A mechanism by which an attacker can interact with your network or systems
- The severity of the attack
2. Disabling unnecessary components serves which purposes? Check all that apply.
- Closing attack vectors
- Increasing performance
- Making a system harder to use
- Reducing the attack surface
3. What’s an attack surface?
- The total scope of an attack
- The payload of the attack
- The combined sum of all attack vectors in a system or network
- The target or victim of an attack
4. A good defense in depth strategy would involve deploying which firewalls?
- No firewalls
- Both host-based and network-based firewalls
- Network-based firewalls only
- Host-based firewalls only
5. Using a bastion host allows for which of the following? Select all that apply.
- Enforcing stricter security measures
- Having more detailed monitoring and logging
- Applying more restrictive firewall rules
- Running a wide variety of software securely
6. What benefits does centralized logging provide? Check all that apply.
- It blocks malware infections.
- It prevents database theft.
- It allows for easier logs analysis.
- It helps secure logs from tampering or destruction.
7. What are some of the shortcomings of antivirus software today? Check all that apply.
- It can’t protect against unknown threats.
- It only detects malware, but doesn’t protect against it.
- It’s very expensive.
- It only protects against viruses.
8. How is binary whitelisting a better option than antivirus software?
- It can block unknown or emerging threats.
- It has less performance impact.
- It’s cheaper.
- It’s not better. It’s actually terrible.
9. What does full-disk encryption protect against? Check all that apply.
- Data theft
- Malware infections
- Tampering with system files
- IP spoofing attacks
10. What’s the purpose of escrowing a disk encryption key?
- Providing data integrity
- Preventing data theft
- Performing data recovery
- Protecting against unauthorized access
11. Why is it important to keep software up-to-date?
- To ensure access to the latest features
- To ensure compatibility with other systems
- To address any security vulnerabilities discovered
- It’s not important.
12. What types of software are typically blacklisted? Select all that apply.
- Word processors
- Web browsers
- Video games
- File Sharing software
13. What does applying software patches protect against?
- Data tampering
- MITM attacks
- Undiscovered vulnerabilities & newly found vulnerabilities
- Suspicious network traffic.
14. What should be considered when implementing software policies and guidelines?
- The local weather forecast
- Your reputation within the company
- The company’s technical debt
- What the users need in order to do their jobs
15. What is one way to check whether or not a website can be trusted?
- The company logo
- The quality of pictures on the website
- Check for SSL certificates
- The webpage design
16. A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access?
- A 0-day
- An attack surface
- An ACL
- An attack vector
17. Which of these host-based firewall rules help to permit network access from a Virtual Private Network (VPN) subnet?
- Secure Shell (SSH)
- Group Policy Objects (GPOs)
- Access Control Lists (ACLs)
- Active Directory
18. Having detailed logging serves which of the following purposes? Select all that apply.
- Data protection
- Event reconstruction
- Auditing
- Vulnerability detection
19. What model does an antivirus software operate off of?
- Greylist
- Secure list
- Blacklist
- Whitelist
20. If a full disk encryption (FDE) password is forgotten, what can be incorporated to securely store the encryption key to unlock the disk?
- Secure boot
- Application hardening
- Key escrow
- Application policies
21. What does applying software patches protect against? Select all that apply.
- Undiscovered vulnerabilities
- Newly found vulnerabilities
- MITM attacks
- Data tampering
22. Besides software, what other things will also need patches? Select all that apply.
- Infrastructure firmware
- Hardware
- Operating systems
- NFC tags
23. What are the two primary purposes of application software policies? Select all that apply.
- To help educate users on how to use software more securely
- To use a database of signatures to identify malware
- To define boundaries of what applications are permitted
- To take log data and convert it into different formats
24. What is a defining characteristic of a defense-in-depth strategy to IT security?
- Multiple overlapping layers of defense
- Encryption
- Confidentiality
- Strong passwords
25. Why is it important to disable unnecessary components of software and systems?
- Less complexity means less work.
- Less complexity means less expensive.
- Less complexity means less time required.
- Less complexity means less vulnerability.
26. What are Bastion hosts?
- A VPN subnet
- Users that have the ability to change firewall rules and configurations.
- VLANs
- Servers that are specifically hardened and minimized to reduce what’s permitted to run on them.
27. Which of these plays an important role in keeping attack traffic off your systems and helps to protect users? Select all that apply.
- Multiple Attack Vectors
- Full disk encryption (FDE)
- Antimalware measures
- Antivirus software
28. Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?
- The software can normalize log data
- The software could be infected with malware
- The software could disable full disk encryption (FDE)
- The software can shrink attack vectors
29. Ideally, an attack surface is ___
- open and defended.
- frequently updated.
- as large as possible.
- as small as possible.
30. A core authentication server is exposed to the internet and is connected to sensitive services. What are some measures you can take to secure the server and prevent it from getting compromised by a hacker? Select all that apply.
- Patch management
- Access Control Lists (ACLs)
- Designate as a bastion host
- Secure firewall
31. What are the two main issues with antivirus software? Select all that apply.
- They depend on antivirus signatures distributed by the antivirus software vendor.
- There are no issues with antivirus software.
- They depend on the IT support professional to discover new malware and write new signatures.
- They depend on the antivirus vendor discovering new malware and writing new signatures for newly discovered threats.
32. What does full-disk encryption protect against? Select all that apply.
- Data theft
- Data tampering
- Malware
- Eavesdropping
33. A hacker exploited a bug in the software and triggered unintended behavior which led to the system being compromised by running vulnerable software. Which of these helps to fix these types of vulnerabilities?
- Application policies
- Implicit deny
- Software patch management
- Log analysis
34. How can software management tools like Microsoft SCCM help an IT professional manage a fleet of systems? Select all that apply
- Detect and prevent malware on managed devices
- Analyze installed software across multiple computers
- Confirm update installation
- Force update installation after a specified deadline
35. While antivirus software operates using a ______, binary whitelisting software uses a whitelist instead.
- Secure list
- Blacklist
- Greylist
- Whitelist
36. What is the combined sum of all attack vectors in a corporate network?
- The antivirus software
- The attack surface
- The Access Control List (ACL)
- The risk
37. When looking at aggregated logs, you are seeing a large percentage of Windows hosts connecting to an Internet Protocol (IP) address outside the network in a foreign country. Why might this be worth investigating more closely?
- It can indicate what software is on the binary whitelist
- It can indicate ACLs are not configured correctly
- It can indicate a malware infection
- It can indicate log normalization
38. What can provide resilience against data theft, and can prevent an attacker from stealing confidential information from a hard drive that was stolen?
- OS upgrades
- Software patch management
- Key escrow
- Full disk encryption (FDE)
39. When installing updates on critical infrastructure, it’s important to be what?
- Calm
- Careful
- Patient
- Fast
40. A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Select all that apply.
- Full disk encryption (FDE)
- Security Information and Event Management (SIEM) system
- Logs
- Binary whitelisting software
41. Which of the following are potential attack vectors? Select all that apply
- Passwords
- Network protocols
- Email attachments
- Network interfaces
42. What is the best way to avoid personal, one-off software installation requests?
- A strict no-installation policy
- A clear application whitelist policy
- An application honor code policy
- An accept-all application policy
43. What is the purpose of installing updates on your computer? Select all that apply.
- Updating improves performance and stability
- Updating helps block all unwanted traffic
- Updating addresses security vulnerabilities
- Updating adds new features
