Quiz : How Well Aware Are You On Fundamentals Of Cyber Security?

Shredding mitigates the security threat of dumpster diving. Dumpster diving is a technique used by attackers to retrieve sensitive information by rummaging through trash or discarded documents. Shredding documents makes it difficult for attackers to piece together the information and reduces the risk of unauthorized access to sensitive data.

Confidentiality ensures that the data is only viewable to authorized users. This concept protects sensitive information from being accessed or disclosed to unauthorized individuals. It involves implementing measures such as access controls, encryption, and secure communication channels to prevent unauthorized access or disclosure of data. By maintaining confidentiality, organizations can protect sensitive information from being compromised and maintain the privacy and trust of their users.

Job rotation is a form of access control where a security administrator with full administrative rights on the network is required to change roles with another security administrator on a quarterly basis. This practice helps to minimize the risk of unauthorized access or misuse of privileges by ensuring that no single individual has continuous access and control over the network. By regularly rotating job roles, it becomes more difficult for any one person to exploit their privileges for malicious purposes.

IPSec should be used for the site-to-site VPN tunnel because it provides secure communication over the internet by encrypting the data packets. It ensures confidentiality, integrity, and authentication of the data transmitted between the main office and the remote branch. RTP is used for real-time audio and video communication, SNMP is used for network management, and "None of the above" is not a suitable option as IPSec is the standard protocol for VPN tunnels.

MAC filtering is a form of Network Access Control. MAC filtering is a security feature that allows or denies network access based on the Media Access Control (MAC) address of a device. By implementing MAC filtering, network administrators can restrict access to the network only to devices with specific MAC addresses, enhancing network security and preventing unauthorized access. This form of access control is commonly used in wireless networks and can be an effective measure to protect against unauthorized devices connecting to the network.

SFTP stands for Secure File Transfer Protocol and is an extension of SSH (Secure Shell). It provides a secure way to transfer files over a network, encrypting the data during transfer. Unlike FTP (File Transfer Protocol) and TFTP (Trivial File Transfer Protocol), which do not provide encryption, SFTP ensures the confidentiality and integrity of the transferred files. Therefore, SFTP is the correct answer as it is the file transfer protocol that is an extension of SSH.

A thumbprint scanner is used to test "Something a User is" aspect of human authentication. This means that it verifies the unique physical characteristic of an individual, in this case, the thumbprint, to authenticate their identity.

A protocol analyzer is a tool that captures and analyzes network traffic. It can intercept and examine data packets being transmitted over a network. By using a protocol analyzer, one can inspect the contents of the packets, including any passwords or sensitive information being transmitted. Therefore, a protocol analyzer can be used to determine if an application is transmitting a password in clear-text.

The security administrator is implementing privacy screens, password protected screen savers, and a secure shredding and disposal service to mitigate the attacks of dumpster diving and shoulder surfing. Dumpster diving refers to the act of searching through trash or recycling bins to obtain sensitive information. By securely shredding and disposing of documents, the administrator is preventing attackers from gaining access to confidential information. Shoulder surfing, on the other hand, involves an attacker observing someone's screen or keyboard to obtain sensitive information. The privacy screens and password protected screen savers help to prevent unauthorized individuals from viewing or accessing sensitive information.

The correct answer is CA. A Certificate Authority (CA) is responsible for verifying the authenticity of certificate contents in a PKI (Public Key Infrastructure) implementation. The CA is a trusted third party that issues and signs digital certificates, ensuring that the certificate contains accurate and valid information about the identity of the certificate holder. The CA uses various methods to verify the identity of the certificate requester before issuing the certificate, such as verifying legal documents or conducting background checks.

The proper method to implement port security is to apply a security control that restricts access to specific ports based on the MAC addresses of the end devices. This prevents unauthorized devices from connecting to the network, ensuring only approved devices can access the network through those specific ports.

Phishing techniques involve deceptive methods used by attackers to trick individuals into revealing sensitive information, such as bank account details. By educating employees about these techniques, they can become aware of the signs of a phishing attempt and learn how to protect themselves and their bank account information. This knowledge will help them to recognize and avoid falling victim to phishing attacks, ultimately enhancing the security of the organization's sensitive data.

The security administrator should check the ACLs (Access Control Lists). ACLs are used to control network traffic and can be configured to allow or deny certain types of connections. If the user is no longer able to transfer files to the FTP server, it is possible that the ACLs have been configured to block FTP traffic. By checking the ACLs, the security administrator can determine if this is the cause of the issue and make any necessary adjustments to allow FTP traffic.

NTLM is an improved and substantially backwards compatible replacement for LANMAN. LANMAN (LAN Manager) is an outdated and insecure authentication protocol used in early versions of Windows. NTLM (NT LAN Manager) was introduced as a more secure alternative to LANMAN, providing better encryption and authentication mechanisms. Therefore, NTLM replaced LANMAN to enhance the security of Windows authentication.

The correct answer is LANMAN. LANMAN is a password hashing algorithm that splits the password into two 7-character halves and hashes them separately. This makes it vulnerable to attacks where the first half is cracked, and then the second half is cracked separately. This is why the security administrator discovered that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password.

The last rule on any firewall is most likely to be "Implicit deny." This rule is commonly used as a default rule that denies all traffic that does not match any of the preceding rules. It acts as a safety net to ensure that any traffic that is not explicitly allowed is denied by default. This helps to enhance the security of the network by blocking any unauthorized access attempts.

Mac filtering should be enabled to ensure only certain wireless clients can access the network. Mac filtering is a security feature that allows the network administrator to specify which devices are allowed to connect to the network based on their MAC addresses. By enabling Mac filtering, only devices with approved MAC addresses will be able to access the network, providing an additional layer of security.

The best remediation action for a web application vulnerable to a SQL injection attack is to add input validation to forms. Input validation helps to ensure that any user input is properly validated and sanitized before it is used in SQL queries, preventing malicious SQL code from being injected. Changing the server's SSL key and adding it to the Certificate Revocation List (CRL) or installing a host-based firewall may be important security measures, but they do not directly address the specific vulnerability of SQL injection.

PEAP-TLS (Protected Extensible Authentication Protocol with Transport Layer Security) requires the use of a CA (Certificate Authority) based authentication process. This protocol uses digital certificates issued by a trusted CA to verify the identity of the server and client during the authentication process. The CA ensures the authenticity and integrity of the certificates, providing a secure and trusted method of authentication.

A host-based firewall would be installed on a single computer to prevent intrusion. This type of firewall monitors and controls incoming and outgoing network traffic on that specific computer, protecting it from unauthorized access and potential threats. It acts as a barrier between the computer and the external network, allowing only authorized connections and blocking any suspicious or malicious activity. This helps to enhance the security of the individual computer and prevent unauthorized access or intrusion attempts.

Platform as a service (PaaS) is the best description for providing an easy-to-configure OS and on-demand computing for customers. PaaS allows users to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. It provides a platform that includes an operating system, programming language execution environment, database, and web server, allowing customers to focus on application development rather than infrastructure management.

An antivirus scanner is unlikely to discover a Pharming malware because it does not rely on traditional malicious code or files. Pharming involves manipulating DNS settings to redirect users to fake websites, making it difficult for an antivirus scanner to detect. Similarly, a Logic Bomb is a type of malware that is triggered by a specific event or condition, making it harder to detect by an antivirus scanner that primarily looks for known patterns or signatures of malicious code.

The correct answer is XML injection. XML injection is a type of attack where an attacker injects malicious code into an XML input, causing the application to behave unexpectedly. In this scenario, the security analyst discovers JavaScript being used to send random data to another service on the same system, which suggests that the JavaScript is being injected into an XML input to manipulate the data being sent. This is a clear indication of XML injection.

When conducting a corporate vulnerability assessment, the best action to perform would be to organize the data based on severity and asset value. This approach allows for prioritization of vulnerabilities, focusing on those that pose the highest risk to the organization's assets. By organizing the data in this manner, the assessment team can effectively allocate resources and address the most critical vulnerabilities first, ensuring that the organization's most valuable assets are protected.

ARP poisoning is a technique where an attacker sends false Address Resolution Protocol (ARP) messages to a switch, causing it to associate the attacker's MAC address with the IP address of another machine on the network. This allows the attacker to intercept and redirect network traffic to their malicious machine, enabling them to eavesdrop on or modify the traffic. MAC spoofing, on the other hand, involves changing the MAC address of a network interface to impersonate another device. DNS poisoning involves corrupting the DNS cache to redirect users to malicious websites. Therefore, the correct answer is ARP poisoning.

An HSM (Hardware Security Module) is a device that provides secure storage and cryptographic operations. It can integrate with an existing server and provide encryption capabilities. HSMs are often used in enterprise environments to protect sensitive data and ensure the security of cryptographic operations. They offer a high level of security and can be used for tasks such as key management, encryption, and digital signing. Therefore, an HSM would meet the requirement of integrating with an existing server and providing encryption capabilities.

When the private key of a web server has been compromised by an intruder, the security administrator must submit the public key to the Certificate Revocation List (CRL). This is because the CRL is a list of revoked certificates, and by submitting the public key, it informs other entities that the private key associated with it is no longer trusted. This helps prevent any further use of the compromised private key for malicious purposes.