ITN 263 FINAL QUESTIONS WITH
VERIFIED ANSWERS
What is an example of security through obscurity? - ANSWER-Using a nonstandard
operating system for workstations such as FreeBSD
Rachel is the cybersecurity engineer for a company that fulfills government contracts
on Top Secret projects. She needs to find a way to send highly sensitive information
by email in a way that won't arouse the suspicion of malicious parties. If she encrypts
the emails, everyone will assume they contain confidential information. What is her
solution? - ANSWER-Hide messages in the company's logo within the email.
Jacob is a network technician who works for a publishing company. He is setting up
a new hire's access permissions. The new hire, Latisha, is an editor. She needs
access to books that have been accepted for publication but are in the review stage.
Jacob gives her access to the network drive containing only books in review, but not
access to administrative or human resources network drives. What principle is Jacob
applying? - ANSWER-The principle of least privilege
Which of the following is described as an approach to network security in which each
administrator is given sufficient privileges only within a limited scope of
responsibility? - ANSWER-separation of duties
Landon is a network contractor. He has been hired to design security for the network
of a small company. The company has a limited budget. Landon is asked to create a
system that will protect the company's workstations and servers without undo
expense. Landon decides to deploy one hardware firewall between the Internet and
the local area network (LAN). What is this solution called? - ANSWER-single
defense
Which of the following can be described as putting each resource on a dedicated
subnet behind a demilitarized zone (DMZ) and separating it from the internal local
area network (LAN)? - ANSWER-n tier deployment
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to
redesign its network security system, which was originally implemented when the
company was a much smaller organization. The company's current solution is to use
multiple firewall platforms from different vendors to protect internal resources.
Alejandro proposes an infrastructure security method that, in addition to firewalls,
adds tools such as an intrusion detection system (IDS), antivirus, strong
authentication, virtual private network (VPN) support, and granular access control.
What is this solution called? - ANSWER-diversity of defense
a filter pathway is designed to - ANSWER-make it hard to bybass a network filtering
system and forece all traffic through one route
,Joaquin is a senior network technician for a mid-sized company who has been
assigned the task of improving security for the IT infrastructure. He has been given a
limited budget and must increase security without redesigning the network or
replacing all internetworking security devices. He focuses on an approach that will
identify a single vulnerability. What does he recommend? - ANSWER-weakest link
A company vice president (VP) finds that the network security restrictions imposed
by the security manager are too confining. To counter them, the VP habitually uses
weak passwords, shares accounts with his assistant, and installed unapproved
software. What security principle is the VP violating? - ANSWER-universal
participation
Amy is a network engineering consultant. She is designing security for a small to
medium-sized government contractor working on a project for the military. The
government contractor's network is comprised of 30 workstations plus a wireless
printer, and it needs remote authentication. Which of the following is a type of
authentication solution she should deploy? - ANSWER-radius
Which of the following is an authentication method that supports smart cards,
biometrics, and credit cards, and is a fully scalable architecture? - ANSWER-802.1x
Which of the following is unlikely to support at-firewall authentication? - ANSWER-
DMZ
Carl is a network engineer for a mid-sized company. He has been assigned the task
of positioning hardware firewalls in the IT infrastructure based on common pathways
of communication. After analyzing the problem, on which aspect of the network does
he base his design? - ANSWER-traffic patterns
What is the basic service of a reverse proxy? - ANSWER-hides the identity of a web
server accessed by a client over the internet
Which of the following is a firewall, proxy, and routing service that does NOT support
caching, encryption endpoint, or load balancing? Note that this service can be found
on almost any service or device that supports network address translation. -
ANSWER-port forwarding
Before an Internet user can access a demilitarized zone (DMZ), extranet, or private
network resource, it first encounters an entity that is sturdy enough to withstand any
sort of attack. What is this entity called? - ANSWER-bastion host operating system
Which operating system (OS) for a bastion host runs on most appliance firewalls as
well as many Internet service provider (ISP) connection devices? - ANSWER-
proprietary OS
The combination of certain techniques allows for relevant information collected by
this solution from multiple systems and processes to be aggregated and analyzed for
use in decision making. What is the name of this solution? - ANSWER-/SIEM
, What is an intrusion detection system/intrusion prevention system (IDS/IPS) that
uses patterns of known malicious activity similar to how antivirus applications work? -
ANSWER-database based detection
Security systems configured by the same security administrator can potentially have
the same misconfiguration or design weakness. - ANSWER-true
The weakest link security strategy gains protection by using abnormal configurations.
- ANSWER-false
users with the minimum level of access to resources needed to complete their
assigned tasks follow the principle of least privilege. - ANSWER-true
The less complex a solution, the more room there is for mistakes, bugs, flaws, or
oversights by security administrators. - ANSWER-false
When the defense in depth security strategy is followed, a single component failure
does not result in compromise or intrusion. - ANSWER-true
In an N-tier deployment, multiple subnets are deployed in series to separate private
resources from public. - ANSWER-true
With diversity of defense, most layers use a different security mechanism. -
ANSWER-true
Multiple firewalls in a series is considered diversity of defense but not defense in
depth. - ANSWER-false
A drawback of multiple-vendor environments is the amount of network staff training
that is typically needed. - ANSWER-true
In the fail-safe security stance, when any aspect of security fails, the best result of
that failure is to fail into a state that supports or maintains essential security
protections. - ANSWER-true
An intrusion detection system (IDS) serves as a companion mechanism to a firewall.
- ANSWER-true
Reverse proxy is a firewall service that allows external users access to internally
hosted web resources. - ANSWER-true
Under the universal participation security stance, every employee, consultant,
vendor, customer, business partner, and outsider must be forced to work within the
security policy's limitations. - ANSWER-true
Firewall logging helps to ensure that defined filters or rules are sufficient and
functioning as expected. - ANSWER-true
One common firewall event that usually warrants an alert is a firewall reboot. -
ANSWER-true
VERIFIED ANSWERS
What is an example of security through obscurity? - ANSWER-Using a nonstandard
operating system for workstations such as FreeBSD
Rachel is the cybersecurity engineer for a company that fulfills government contracts
on Top Secret projects. She needs to find a way to send highly sensitive information
by email in a way that won't arouse the suspicion of malicious parties. If she encrypts
the emails, everyone will assume they contain confidential information. What is her
solution? - ANSWER-Hide messages in the company's logo within the email.
Jacob is a network technician who works for a publishing company. He is setting up
a new hire's access permissions. The new hire, Latisha, is an editor. She needs
access to books that have been accepted for publication but are in the review stage.
Jacob gives her access to the network drive containing only books in review, but not
access to administrative or human resources network drives. What principle is Jacob
applying? - ANSWER-The principle of least privilege
Which of the following is described as an approach to network security in which each
administrator is given sufficient privileges only within a limited scope of
responsibility? - ANSWER-separation of duties
Landon is a network contractor. He has been hired to design security for the network
of a small company. The company has a limited budget. Landon is asked to create a
system that will protect the company's workstations and servers without undo
expense. Landon decides to deploy one hardware firewall between the Internet and
the local area network (LAN). What is this solution called? - ANSWER-single
defense
Which of the following can be described as putting each resource on a dedicated
subnet behind a demilitarized zone (DMZ) and separating it from the internal local
area network (LAN)? - ANSWER-n tier deployment
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to
redesign its network security system, which was originally implemented when the
company was a much smaller organization. The company's current solution is to use
multiple firewall platforms from different vendors to protect internal resources.
Alejandro proposes an infrastructure security method that, in addition to firewalls,
adds tools such as an intrusion detection system (IDS), antivirus, strong
authentication, virtual private network (VPN) support, and granular access control.
What is this solution called? - ANSWER-diversity of defense
a filter pathway is designed to - ANSWER-make it hard to bybass a network filtering
system and forece all traffic through one route
,Joaquin is a senior network technician for a mid-sized company who has been
assigned the task of improving security for the IT infrastructure. He has been given a
limited budget and must increase security without redesigning the network or
replacing all internetworking security devices. He focuses on an approach that will
identify a single vulnerability. What does he recommend? - ANSWER-weakest link
A company vice president (VP) finds that the network security restrictions imposed
by the security manager are too confining. To counter them, the VP habitually uses
weak passwords, shares accounts with his assistant, and installed unapproved
software. What security principle is the VP violating? - ANSWER-universal
participation
Amy is a network engineering consultant. She is designing security for a small to
medium-sized government contractor working on a project for the military. The
government contractor's network is comprised of 30 workstations plus a wireless
printer, and it needs remote authentication. Which of the following is a type of
authentication solution she should deploy? - ANSWER-radius
Which of the following is an authentication method that supports smart cards,
biometrics, and credit cards, and is a fully scalable architecture? - ANSWER-802.1x
Which of the following is unlikely to support at-firewall authentication? - ANSWER-
DMZ
Carl is a network engineer for a mid-sized company. He has been assigned the task
of positioning hardware firewalls in the IT infrastructure based on common pathways
of communication. After analyzing the problem, on which aspect of the network does
he base his design? - ANSWER-traffic patterns
What is the basic service of a reverse proxy? - ANSWER-hides the identity of a web
server accessed by a client over the internet
Which of the following is a firewall, proxy, and routing service that does NOT support
caching, encryption endpoint, or load balancing? Note that this service can be found
on almost any service or device that supports network address translation. -
ANSWER-port forwarding
Before an Internet user can access a demilitarized zone (DMZ), extranet, or private
network resource, it first encounters an entity that is sturdy enough to withstand any
sort of attack. What is this entity called? - ANSWER-bastion host operating system
Which operating system (OS) for a bastion host runs on most appliance firewalls as
well as many Internet service provider (ISP) connection devices? - ANSWER-
proprietary OS
The combination of certain techniques allows for relevant information collected by
this solution from multiple systems and processes to be aggregated and analyzed for
use in decision making. What is the name of this solution? - ANSWER-/SIEM
, What is an intrusion detection system/intrusion prevention system (IDS/IPS) that
uses patterns of known malicious activity similar to how antivirus applications work? -
ANSWER-database based detection
Security systems configured by the same security administrator can potentially have
the same misconfiguration or design weakness. - ANSWER-true
The weakest link security strategy gains protection by using abnormal configurations.
- ANSWER-false
users with the minimum level of access to resources needed to complete their
assigned tasks follow the principle of least privilege. - ANSWER-true
The less complex a solution, the more room there is for mistakes, bugs, flaws, or
oversights by security administrators. - ANSWER-false
When the defense in depth security strategy is followed, a single component failure
does not result in compromise or intrusion. - ANSWER-true
In an N-tier deployment, multiple subnets are deployed in series to separate private
resources from public. - ANSWER-true
With diversity of defense, most layers use a different security mechanism. -
ANSWER-true
Multiple firewalls in a series is considered diversity of defense but not defense in
depth. - ANSWER-false
A drawback of multiple-vendor environments is the amount of network staff training
that is typically needed. - ANSWER-true
In the fail-safe security stance, when any aspect of security fails, the best result of
that failure is to fail into a state that supports or maintains essential security
protections. - ANSWER-true
An intrusion detection system (IDS) serves as a companion mechanism to a firewall.
- ANSWER-true
Reverse proxy is a firewall service that allows external users access to internally
hosted web resources. - ANSWER-true
Under the universal participation security stance, every employee, consultant,
vendor, customer, business partner, and outsider must be forced to work within the
security policy's limitations. - ANSWER-true
Firewall logging helps to ensure that defined filters or rules are sufficient and
functioning as expected. - ANSWER-true
One common firewall event that usually warrants an alert is a firewall reboot. -
ANSWER-true
