ITN 263 Final Pt 1 | Questions with complete solutions
18 views 0 purchase
Course
ITN 263
Institution
ITN 263
ITN 263 Final Pt 1 | Questions with complete solutions What is an example of security through obscurity? Using a nonstandard operating system for workstations such as FreeBSD Rachel is the cybersecurity engineer for a company that fulfills government contracts on Top Secret projects. She needs to...
What is an example of security through obscurity?
Using a nonstandard operating system for workstations such as FreeBSD
Rachel is the cybersecurity engineer for a company that fulfills government contracts on
Top Secret projects. She needs to find a way to send highly sensitive information by
email in a way that won't arouse the suspicion of malicious parties. If she encrypts the
emails, everyone will assume they contain confidential information. What is her
solution?
Hide messages in the company's logo within the email.
Jacob is a network technician who works for a publishing company. He is setting up a
new hire's access permissions. The new hire, Latisha, is an editor. She needs access to
books that have been accepted for publication but are in the review stage. Jacob gives
her access to the network drive containing only books in review, but not access to
administrative or human resources network drives. What principle is Jacob applying?
The principle of least privilege
Which of the following is described as an approach to network security in which each
administrator is given sufficient privileges only within a limited scope of responsibility?
Separation of duties
Landon is a network contractor. He has been hired to design security for the network of
a small company. The company has a limited budget. Landon is asked to create a
system that will protect the company's workstations and servers without undo expense.
Landon decides to deploy one hardware firewall between the Internet and the local area
network (LAN). What is this solution called?
Single defense
Which of the following can be described as putting each resource on a dedicated subnet
behind a demilitarized zone (DMZ) and separating it from the internal local area network
(LAN)?
N-tier deployment
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to
redesign its network security system, which was originally implemented when the
company was a much smaller organization. The company's current solution is to use
multiple firewall platforms from different vendors to protect internal resources. Alejandro
proposes an infrastructure security method that, in addition to firewalls, adds tools such
as an intrusion detection system (IDS), antivirus, strong authentication, virtual private
network (VPN) support, and granular access control. What is this solution called?
Diversity of defense
,A filter pathway is designed to:
Make it hard to bypass a network filtering system and force all traffic through one route
Joaquin is a senior network technician for a mid-sized company who has been assigned
the task of improving security for the IT infrastructure. He has been given a limited
budget and must increase security without redesigning the network or replacing all
internetworking security devices. He focuses on an approach that will identify a single
vulnerability. What does he recommend?
Weakest link
A company vice president (VP) finds that the network security restrictions imposed by
the security manager are too confining. To counter them, the VP habitually uses weak
passwords, shares accounts with his assistant, and installed unapproved software.
What security principle is the VP violating?
Universal participation
Amy is a network engineering consultant. She is designing security for a small to
medium-sized government contractor working on a project for the military. The
government contractor's network is comprised of 30 workstations plus a wireless printer,
and it needs remote authentication. Which of the following is a type of authentication
solution she should deploy?
RADIUS
Which of the following is an authentication method that supports smart cards,
biometrics, and credit cards, and is a fully scalable architecture?
802.1x
Which of the following is unlikely to support at-firewall authentication?
Demilitarized zone (DMZ) firewall
Carl is a network engineer for a mid-sized company. He has been assigned the task of
positioning hardware firewalls in the IT infrastructure based on common pathways of
communication. After analyzing the problem, on which aspect of the network does he
base his design?
Traffic patterns
What is the basic service of a reverse proxy?
Hides the identity of a web server accessed by a client over the Internet
Which of the following is a firewall, proxy, and routing service that does NOT support
caching, encryption endpoint, or load balancing? Note that this service can be found on
almost any service or device that supports network address translation.
Port forwarding
, Before an Internet user can access a demilitarized zone (DMZ), extranet, or private
network resource, it first encounters an entity that is sturdy enough to withstand any sort
of attack. What is this entity called?
Bastion host operating system
Which operating system (OS) for a bastion host runs on most appliance firewalls as well
as many Internet service provider (ISP) connection devices?
Proprietary OS
The combination of certain techniques allows for relevant information collected by this
solution from multiple systems and processes to be aggregated and analyzed for use in
decision making. What is the name of this solution?
Security information and event management (SIEM)
What is an intrusion detection system/intrusion prevention system (IDS/IPS) that uses
patterns of known malicious activity similar to how antivirus applications work?
Database-based detection
Security systems configured by the same security administrator can potentially have the
same misconfiguration or design weakness.
True
The weakest link security strategy gains protection by using abnormal configurations.
False
Users with the minimum level of access to resources needed to complete their assigned
tasks follow the principle of least privilege.
True
The less complex a solution, the more room there is for mistakes, bugs, flaws, or
oversights by security administrators.
False
When the defense in depth security strategy is followed, a single component failure
does not result in compromise or intrusion.
True
In an N-tier deployment, multiple subnets are deployed in series to separate private
resources from public.
True
With diversity of defense, most layers use a different security mechanism.
True
Multiple firewalls in a series is considered diversity of defense but not defense in depth.
False
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Bri254. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.99. You're not tied to anything after your purchase.