NPower Security+ (Questions And Verified Solutions)
What are APIs? Right Ans - Application programming interfaces (APls) are
interfaces between clients and servers or applications and operating systems
that define how the client should ask for information from the server and how
the server will respond.
Explain active/active vs. active/passive load balancers. Right Ans -
Active/active load balancer designs distribute the load among multiple
systems that are online and in use at the same time. Active/passive load
balancer designs bring backup or secondary systems online when an active
system is removed or fails to respond properly to a health check.
What is a VPN? Right Ans - A virtual private network (VPN) is a way to
create a virtual network link across a public network that allows the
endpoints to act as though they are on the same network.
What documentation is created to demonstrate that forensic data and artifacts
were handled properly and that they were not modified or changed during the
forensic process? Right Ans - Chain-of-custody documentation.
What is the function of segmentation? Right Ans - It allows network
engineers to place systems of differing security levels and functions on
different network subnets.
Name at least five social engineering techniques. Right Ans - Phishing,
vishing, smishing, misinformation, disinformation, business email
compromise, pretexting, watering hole attack, impersonation, brand
impersonation, and typosquatting.
How do you calculate the impact score for a vulnerability under CVSS?
Right Ans - Impact score= the value of the scope metric* ISS
What are two different approaches to cloud access security broker (CASB)
solutions? Right Ans - Inline CASB solutions physically or logically reside in
the connection path between the user and the service and can see requests
before they are sent to the cloud service, allowing the CASB to block requests
that violate policy. APl-based CASB solutions do not interact directly with the
user but rather interact directly with the cloud provider through the
,provider's API. This approach provides direct access to the cloud service
without custom user device configuration.
What are three tools that can be used in the data obfuscation process?
Right Ans - Hashing uses a hash function to transform a value in our dataset to
a corresponding hash value. Tokenization replaces sensitive values with a
unique identifier using a lookup table. Data masking partially redacts sensitive
information by replacing some or all of sensitive fields with blank characters.
List five common ways to assert or claim an identity. Right Ans -
Usernames, certificates, tokens, SSH keys, and smart cards.
Why should a company establish key performance indicators (KPls)? Right
Ans - KPls quantitatively measure vendors' performance in order to ensure
that vendors are meeting the agreed-upon standards.
Name five common access control schemes. Right Ans - Attribute-based
access control (ABAC), role-based access control (RBAC), rule-based access
control (RBAC or RuBAC), mandatory access control (MAC), and discretionary
access control (DAC)
What are three phases of a baseline's life cycle? Right Ans - Establishing a
baseline, deploying the security baseline, and maintaining the baseline
What is SDN? Right Ans - Software-defined networking (SDN) uses
software-based network configuration to control networks. SDN designs rely
on controllers that manage network devices and configurations, centrally
managing the software-defined network.
List four types of factors in multifactor authentication and explain them.
Right Ans - Something you know, including passwords, PINs, or the answer to
a security question; something you have, like a smartcard or token; something
you are, which relies on a physical characteristic of the person who is
authenticating themselves; and somewhere you are, sometimes called a
location factor, is based on your current location. Location can be detected
with GPS technology or viewing IP address information.
Give some examples of weak configurations. Right Ans - The use of default
settings that pose a security risk; the presence of default credentials or
,unsecured accounts, including both normal user accounts and unsecured root
accounts with administrative privileges; open ports and services that are not
necessary to support normal system operations; and open permissions that
allow users access that violates the principle of least privilege.
What is RFID? Right Ans - RFID (Radio Frequency Identification) is a
relatively short range (from less than a foot of some passive tags to about 100
meters for active tags) wireless technology that uses a tag and a receiver to
exchange information.
What is a data protection officer (DPO)? Right Ans - The European Union's
General Data Protection Regulation (GDPR) requires that every data
controller designate a data protection officer (DPO) who bears overall
responsibility for carrying out the organization's data privacy efforts.
What do you call a document that provides mandatory requirements
describing how an organization will carry out its information security
policies? Right Ans - A Standard
What are four types of documents in the information security policy
framework? Right Ans - Policies, standards, procedures, and guidelines
What are three techniques to verify the authenticity of certificates and identify
revoked certificates? Right Ans - Certificate revocation lists (CRLs), Online
Certificate Status Protocol (OCSP), and certificate stapling
List and explain three major types of authentication in modern Wi-Fi
networks. Right Ans - Open networks do not require authentication or use
encryption and often use a captive portal to information from users.
Preshared keys (PSK) require that a passphrase or key is shared with anybody
who wants to use the network and provides encryption. Enterprise
authentication relies on a RADIUS server and utilizes an EAP protocol for
authentication.
How does FDE work? Right Ans - Full disk encryption (FDE) encrypts the
disk and requires that the bootloader or a hardware device provide a
decryption key and software or hardware to decrypt the drive for use.
, What term describes the means that an attacker uses to gain access to a
system? Right Ans - Threat vectors are the means that threat actors use to
obtain access to a system.
List at least five connectivity methods. Right Ans - Cellular, Wi-Fi,
Bluetooth, NFC, RFID, Infrared, GPS, USB
What are the three major components of a security assessment? Right Ans
- Security tests, security assessments, and security audits
What are two distinct goals of digital signature infrastructure? Right Ans -
Digitally signed messages assure the recipient that the message truly came
from the claimed sender. They enforce nonrepudiation. Digitally signed
messages assure the recipient that the message was not altered while in
transit between the sender and recipient. This protects against both malicious
modification and unintentional modification.
List and explain two principles we need to apply in application resilience.
Right Ans - Scalability says that applications should be designed so that
computing resources they require may be incrementally added to support
increasing demand; elasticity goes a step further than scalability and says that
applications should be able to automatically provision resources to scale
when necessary and then automatically deprovision those resources to reduce
capacity (and cost) when it is no longer needed.
What is ransomware? Right Ans - Ransomware is malware that takes over
a computer then demands a ransom or payment.
How do organizations determine where to place access points to handle poor
coverage areas? Right Ans - They conduct site surveys and create heat
maps showing where coverage is relative to existing access points.
What provides cybersecurity professionals with insight into the traffic on
their virtual networks? Right Ans - Software-defined visibility (SDV).
Who are the typical team members in an incident response team? Right
Ans - Members of management or organizational leadership, technical
experts, communications and public relations staff, legal and human relations
staff, law enforcement
What are APIs? Right Ans - Application programming interfaces (APls) are
interfaces between clients and servers or applications and operating systems
that define how the client should ask for information from the server and how
the server will respond.
Explain active/active vs. active/passive load balancers. Right Ans -
Active/active load balancer designs distribute the load among multiple
systems that are online and in use at the same time. Active/passive load
balancer designs bring backup or secondary systems online when an active
system is removed or fails to respond properly to a health check.
What is a VPN? Right Ans - A virtual private network (VPN) is a way to
create a virtual network link across a public network that allows the
endpoints to act as though they are on the same network.
What documentation is created to demonstrate that forensic data and artifacts
were handled properly and that they were not modified or changed during the
forensic process? Right Ans - Chain-of-custody documentation.
What is the function of segmentation? Right Ans - It allows network
engineers to place systems of differing security levels and functions on
different network subnets.
Name at least five social engineering techniques. Right Ans - Phishing,
vishing, smishing, misinformation, disinformation, business email
compromise, pretexting, watering hole attack, impersonation, brand
impersonation, and typosquatting.
How do you calculate the impact score for a vulnerability under CVSS?
Right Ans - Impact score= the value of the scope metric* ISS
What are two different approaches to cloud access security broker (CASB)
solutions? Right Ans - Inline CASB solutions physically or logically reside in
the connection path between the user and the service and can see requests
before they are sent to the cloud service, allowing the CASB to block requests
that violate policy. APl-based CASB solutions do not interact directly with the
user but rather interact directly with the cloud provider through the
,provider's API. This approach provides direct access to the cloud service
without custom user device configuration.
What are three tools that can be used in the data obfuscation process?
Right Ans - Hashing uses a hash function to transform a value in our dataset to
a corresponding hash value. Tokenization replaces sensitive values with a
unique identifier using a lookup table. Data masking partially redacts sensitive
information by replacing some or all of sensitive fields with blank characters.
List five common ways to assert or claim an identity. Right Ans -
Usernames, certificates, tokens, SSH keys, and smart cards.
Why should a company establish key performance indicators (KPls)? Right
Ans - KPls quantitatively measure vendors' performance in order to ensure
that vendors are meeting the agreed-upon standards.
Name five common access control schemes. Right Ans - Attribute-based
access control (ABAC), role-based access control (RBAC), rule-based access
control (RBAC or RuBAC), mandatory access control (MAC), and discretionary
access control (DAC)
What are three phases of a baseline's life cycle? Right Ans - Establishing a
baseline, deploying the security baseline, and maintaining the baseline
What is SDN? Right Ans - Software-defined networking (SDN) uses
software-based network configuration to control networks. SDN designs rely
on controllers that manage network devices and configurations, centrally
managing the software-defined network.
List four types of factors in multifactor authentication and explain them.
Right Ans - Something you know, including passwords, PINs, or the answer to
a security question; something you have, like a smartcard or token; something
you are, which relies on a physical characteristic of the person who is
authenticating themselves; and somewhere you are, sometimes called a
location factor, is based on your current location. Location can be detected
with GPS technology or viewing IP address information.
Give some examples of weak configurations. Right Ans - The use of default
settings that pose a security risk; the presence of default credentials or
,unsecured accounts, including both normal user accounts and unsecured root
accounts with administrative privileges; open ports and services that are not
necessary to support normal system operations; and open permissions that
allow users access that violates the principle of least privilege.
What is RFID? Right Ans - RFID (Radio Frequency Identification) is a
relatively short range (from less than a foot of some passive tags to about 100
meters for active tags) wireless technology that uses a tag and a receiver to
exchange information.
What is a data protection officer (DPO)? Right Ans - The European Union's
General Data Protection Regulation (GDPR) requires that every data
controller designate a data protection officer (DPO) who bears overall
responsibility for carrying out the organization's data privacy efforts.
What do you call a document that provides mandatory requirements
describing how an organization will carry out its information security
policies? Right Ans - A Standard
What are four types of documents in the information security policy
framework? Right Ans - Policies, standards, procedures, and guidelines
What are three techniques to verify the authenticity of certificates and identify
revoked certificates? Right Ans - Certificate revocation lists (CRLs), Online
Certificate Status Protocol (OCSP), and certificate stapling
List and explain three major types of authentication in modern Wi-Fi
networks. Right Ans - Open networks do not require authentication or use
encryption and often use a captive portal to information from users.
Preshared keys (PSK) require that a passphrase or key is shared with anybody
who wants to use the network and provides encryption. Enterprise
authentication relies on a RADIUS server and utilizes an EAP protocol for
authentication.
How does FDE work? Right Ans - Full disk encryption (FDE) encrypts the
disk and requires that the bootloader or a hardware device provide a
decryption key and software or hardware to decrypt the drive for use.
, What term describes the means that an attacker uses to gain access to a
system? Right Ans - Threat vectors are the means that threat actors use to
obtain access to a system.
List at least five connectivity methods. Right Ans - Cellular, Wi-Fi,
Bluetooth, NFC, RFID, Infrared, GPS, USB
What are the three major components of a security assessment? Right Ans
- Security tests, security assessments, and security audits
What are two distinct goals of digital signature infrastructure? Right Ans -
Digitally signed messages assure the recipient that the message truly came
from the claimed sender. They enforce nonrepudiation. Digitally signed
messages assure the recipient that the message was not altered while in
transit between the sender and recipient. This protects against both malicious
modification and unintentional modification.
List and explain two principles we need to apply in application resilience.
Right Ans - Scalability says that applications should be designed so that
computing resources they require may be incrementally added to support
increasing demand; elasticity goes a step further than scalability and says that
applications should be able to automatically provision resources to scale
when necessary and then automatically deprovision those resources to reduce
capacity (and cost) when it is no longer needed.
What is ransomware? Right Ans - Ransomware is malware that takes over
a computer then demands a ransom or payment.
How do organizations determine where to place access points to handle poor
coverage areas? Right Ans - They conduct site surveys and create heat
maps showing where coverage is relative to existing access points.
What provides cybersecurity professionals with insight into the traffic on
their virtual networks? Right Ans - Software-defined visibility (SDV).
Who are the typical team members in an incident response team? Right
Ans - Members of management or organizational leadership, technical
experts, communications and public relations staff, legal and human relations
staff, law enforcement
