1. Understanding Security Threads

Malicious Software

Question 1

In the CIA Triad, “Confidentiality” means ensuring that data is:

  • accurate and was not tampered with.
  • not accessible by unwanted parties.
  • accessible anonymously.
  • available and that people can access it.

“Confidentiality,” in this context, means preventing unauthorized third parties from gaining access to the data.

Question 2

In the CIA Triad, “Integrity” means ensuring that data is:

  • available and that people can access it.
  • not accessible by unwanted parties.
  • truthful and honest.
  • accurate and was not tampered with.

That’s not the kind of integrity we’re referring to here. Data integrity means ensuring that data is not corrupted or tampered with.

Question 3

In the CIA Triad, “Availability” means ensuring that data is:

  • available to anyone from anywhere.
  • accurate and was not tampered with.
  • not accessible by unwanted parties.
  • available and people can access it.

“Availability,” in this context, means ensuring that data and services remain accessible to those who are authorized to access them.

Question 4

What’s the relationship between a vulnerability and an exploit?

  • A vulnerability takes advantage of an exploit to run arbitrary code or gain access.
  • An exploit takes advantage of a vulnerability to run arbitrary code or gain access.
  • They’re unrelated.
  • An exploit creates a vulnerability in a system.

A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.

Question 5

Which statement is true for both a worm and a virus?

  • They’re self-replicating and self-propagating.
  • They’re undetectable by antimalware software.
  • They infect other files with malicious code.
  • They don’t cause any harm to the target system.

Both worms and viruses are capable of spreading themselves using a variety of transmission means.

Question 6

Check all examples of types of malware:

  • Key Generators
  • Adware
  • Worms
  • Viruses

These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is

Question 7

What are the characteristics of a rootkit? Check all that apply.

  • Is difficult to detect
  • Is harmless
  • Is destructive
  • Provides elevated credentials

A rootkit is designed to provide administrator-level access to a third party without the system owner’s knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.

Network Attacks

Question 1

What are the dangers of a man-in-the-middle attack? Check all that apply.

  • An attacker can block or redirect traffic.
  • An attacker can destroy data at rest.
  • An attacker can eavesdrop on unencrypted traffic.
  • An attacker can modify traffic in transit.

A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!

Question 2

Why is a DNS cache poisoning attack dangerous? Check all that apply.

  • It allows an attacker to redirect targets to malicious webservers.
  • Errrr…it’s not actually dangerous.
  • It affects any clients querying the poisoned DNS server.
  • It allows an attacker to remotely control your computer.

By inserting fake DNS records into a DNS server’s cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.

Question 3

Which of the following is true of a DDoS attack?

  • This type of attack causes a significant loss of data.
  • An attacker sends attack traffic directly to the target.
  • Attack traffic comes from lots of different hosts.
  • Attack traffic is encrypted.

The “Distributed” in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.

Question 4

Which of the following result from a denial-of-service attack? Check all that apply.

  • Malware infection
  • Data destruction
  • Slow network performance
  • Service unreachable

A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.

Other Attacks

Question 1

How can you protect against client-side injection attacks? Check all that apply.

  • Use data sanitization
  • Use a SQL database
  • Utilize strong passwords
  • Use input validation

By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that’s supposed to contain special characters to ensure they don’t result in an injection attack.

Question 2

True or false: A brute-force attack is more efficient than a dictionary attack.

  • TRUE

A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn’t generate the passwords and has a smaller number of guesses to attempt.

Question 3

Which of the following scenarios are social engineering attacks? Check all that apply.

  • An attacker performs a DNS Cache poisoning attack.
  • Someone uses a fake ID to gain access to a restricted area.
  • An attacker performs a man-in-the-middle attack.
  • You receive an email with an attachment containing a virus.

A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you’re not permitted is impersonation, a classic social engineering technique.

Graded Assessment

Click here to view

2. Pelgbybtl

Cryptography Applications

Question 1

What information does a digital certificate contain? Check all that apply.

  • Public key data
  • Identifying information of the certificate owner
  • Digital signature
  • Private key data

A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to.

Question 2

Which type of encryption does SSL/TLS use?

  • Asymmetric encryption
  • Symmetric encryption
  • Neither
  • Both

SSL/TLS use asymmetric algorithms to securely exchange information used to derive a symmetric encryption key.

Question 3

What are some of the functions that a Trusted Platform Module can perform? Check all that apply.

  • Remote attestation
  • Malware detection
  • Secure user authentication
  • Data binding and sealing

A TPM can be used for remote attestation, ensuring that a host is a known good state and hasn’t been modified or tampered (from a hardware and a software perspective). TPMs can also seal and bind data to them, encrypting data against the TPM. This also allows it to be decrypted by the TPM, only if the machine is in a good and trusted state.


Question 1

How is hashing different from encryption?

  • Hashing operations are one-directional.
  • Hashing is meant for large amounts of data, while encryption is meant for small amounts of data.
  • It’s less secure.
  • It’s faster.

Hash functions, by definition, are one-way, meaning that it’s not possible to take a hash and recover the input that generated the hash. Encryption, on the other hand, is two-directional, since data can be both encrypted and decrypted.

Question 2

What’s a hash collision?

  • When two identical files generate different hash digests
  • When a hash digest is reversed to recover the original
  • When two different hashing algorithms produce the same hash
  • When two different files generate the same hash digest

If two different files result in the same hash, this is referred to as a hash collision. Hash collisions aren’t awesome, as this would allow an attacker to create a fake file that would pass hash verification.

Question 3

How is a Message Integrity Check (MIC) different from a Message Authentication Code (MAC)?

  • A MIC only hashes the message, while a MAC incorporates a secret key.
  • A MAC requires a password, while a MIC does not.
  • They’re the same thing.
  • A MIC is more reliable than a MAC.

A MIC can be thought of as just a checksum or hash digest of a message, while a MAC uses a shared secret to generate the checksum. This also makes it authenticated, since the other party must also have the same shared secret, preventing a third party from forging the checksum data.

Question 4

How can you defend against brute-force password attacks? Check all that apply.

  • Store passwords in a rainbow table.
  • Incorporate salts into password hashing.
  • Run passwords through the hashing function multiple times.
  • Enforce the use of strong passwords.

A brute-force password attack involves guessing the password. So, having complex and long passwords will make this task much harder and will require more time and resources for the attacker to succeed. Incorporating salts into password hashes will protect against rainbow table attacks, and running passwords through the hashing algorithm lots of times also raises the bar for an attacker, requiring more resources for each password guess.

Symmetric Encryption

Question 1

What are the components that make up a cryptosystem? Check all that apply.

  • Decryption algorithms
  • Encryption algorithms
  • Transmission algorithms
  • Key generation algorithms

A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations.

Question 2

What is steganography?

  • The study of languages
  • The practice of encoding messages
  • The study of stegosauruses
  • The practice of hiding messages

Steganography involves hiding messages, but not encoding them.

Question 3

What makes an encryption algorithm symmetric?

  • High speed
  • Different keys used for encryption and decryption
  • The same keys used for encryption and decryption
  • Very large key sizes

The symmetry of a symmetric algorithm refers to one key being used for both encryption and decryption.

Question 4

What’s the difference between a stream cipher and a block cipher?

  • Block ciphers are only used for block device encryption.
  • Stream ciphers can’t save encrypted data to disk.
  • Stream ciphers encrypt data as a continuous stream, while block ciphers operate on chunks of data.
  • There is no difference.

A stream cipher takes data in as a continuous stream, and outputs the ciphertext as a continuous stream, too. A block cipher encrypts the data in chunks, or blocks.

Question 5

True or false: The smaller the encryption key is, the more secure the encrypted data is.

  • TRUE

The reverse is true. The larger the key, the more secure the encrypted data will be.

Week Two Practice Quiz

Question 1

Plaintext is the original message, while _ is the encrypted message.

  • Ciphertext
  • Digest
  • Cipher
  • Algorithm

Once the original message is encrypted, the result is referred to as ciphertext.

Question 2

The specific function of converting plaintext into ciphertext is called a(n) __.

  • Encryption algorithm
  • Integrity check
  • Data protection standard
  • Permutation

An encryption algorithm is the specific function or steps taken to convert plaintext into encrypted ciphertext.

Question 3

Studying how often letters and pairs of letters occur in a language is referred to as _.

  • Codebreaking
  • Cryptography
  • Frequency analysis
  • Espionage

Frequency analysis involves studying how often letters occur, and looking for similarities in ciphertext to uncover possible plaintext mappings.

Question 4

True or false: The same plaintext encrypted using the same algorithm and same encryption key would result in different ciphertext outputs.

  • TRUE

If the plaintext, algorithm, and key are all the same, the resulting ciphertext would also be the same.

Question 5

The practice of hiding messages instead of encoding them is referred to as __.

  • Encryption
  • Hashing
  • Obfuscation
  • Steganography

Steganography involves hiding messages from discovery instead of encoding them.

Question 6

ROT13 and a Caesar cipher are examples of _.

  • Digital signatures
  • Steganography
  • Substitution ciphers
  • Asymmetric encryption

These are both examples of substitution ciphers, since they substitute letters for other letters in the alphabet.

Question 7

DES, RC4, and AES are examples of __ encryption algorithms.

  • Asymmetric
  • Strong
  • Symmetric
  • Weak

DES, RC4, and AES are all symmetric encryption algorithms.

Question 8

What are the two components of an asymmetric encryption system, necessary for encryption and decryption operations? Check all that apply.

  • Private key
  • Random number generator
  • Digest
  • Public key

In asymmetric encryption systems, there’s a private key used for encryption, and a public key used for decryption.

Question 9

To create a public key signature, you would use the __ key.

  • Decryption
  • Symmetric
  • Private
  • Public [INCORRECT]

Question 10

Using an asymmetric cryptosystem provides which of the following benefits? Check all that apply.

  • Non-repudiation
  • Authenticity
  • Hashing
  • Confidentiality

Confidentiality is provided by the encryption, authenticity is achieved through the use of digital signatures, and non-repudiation is also provided by digitally signing data.

Question 11

If two different files result in the same hash, this is referred to as a __.

  • Mistake
  • Coincidence
  • Key collision
  • Hash collision

A hash collision is when two different inputs yield the same hash.

Question 12

When authenticating a user’s password, the password supplied by the user is authenticated by comparing the __ of the password with the one stored on the system.

  • Hash
  • Plaintext
  • Ciphertext
  • Length

Passwords are verified by hashing and comparing hashes. This is to avoid storing plaintext passwords.

Question 13

If a rainbow table is used instead of brute-forcing hashes, what is the resource trade-off?

  • Rainbow tables use less computational resources and more storage space
  • Rainbow tables use less RAM resources and more computational resources
  • Rainbow tables use less storage space and more RAM resources
  • Rainbow tables use less storage space and more computational resources

Instead of computing every hash, a rainbow table is a precomputed table of hashes and text. Using a rainbow table to lookup a hash requires a lot less computing power, but a lot more storage space.

Question 14

In a PKI system, what entity is responsible for issuing, storing, and signing certificates?

  • Government
  • Certificate Authority
  • Intermediary Authority
  • Registration Authority

The certificate authority is the entity that signs, issues, and stores certificates.

Graded Assessment

Click here to view

3. AAA Security


Question 1

How is authentication different from authorization?

  • They’re the same thing.
  • Authentication is verifying access to a resource; authorization is verifying an identity.
  • Authentication is identifying a resource; authorization is verifying access to an identity.
  • Authentication is verifying an identity; authorization is verifying access to a resource.

Authentication is proving that an entity is who they claim to be, while authorization is determining whether or not that entity is permitted to access resources.

Question 2

What are some characteristics of a strong password? Check all that apply,

  • Contains dictionary words
  • Includes numbers and special characters
  • Is used across accounts and systems
  • Is at least eight characters long

A strong password should contain a mix of character types and cases, and should be relatively long — at least eight characters, but preferably more.

Question 3

In a multi-factor authentication scheme, a password can be thought of as:

  • something you know.
  • something you have.
  • something you use.
  • something you are.

Biometrics as an additional authentication factor is something you are, while passwords are something you know.

Question 4

What are some drawbacks to using biometrics for authentication? Check all that apply.

  • Biometric authentication is much slower than alternatives.
  • Biometrics are easy to share.
  • There are potential privacy concerns.
  • Biometric authentication is difficult or impossible to change if compromised.

If a biometric characteristic, like your fingerprints, is compromised, your option for changing your “password” is to use a different finger. This makes “password” changes limited. Other biometrics, like iris scans, can’t be changed if compromised. If biometric authentication material isn’t handled securely, then identifying information about the individual can leak or be stolen.

Question 5

In what way are U2F tokens more secure than OTP generators?

  • They’re password-protected.
  • They can’t be cloned.
  • They’re resistant to phishing attacks.
  • They’re cheaper.

With one-time-password generators, the one-time password along with the username and password can be stolen through phishing. On the flip side, U2F authentication is impossible to phish, given the public key cryptography design of the authentication protocol.

Question 6

What elements of a certificate are inspected when a certificate is verified? Check all that apply.

  • Trust of the signatory CA
  • Certificate key size
  • “Not valid after” date
  • “Not valid before” date

To verify a certificate, the period of validity must be checked, along with the signature of the signing certificate authority, to ensure that it’s a trusted one.

Question 7

What is a CRL?

  • Certified Recursive Listener
  • Certificate Revocation List
  • Certificate Recording Language
  • Caramel Raspberry Lemon

CRL stands for “Certificate Revocation List.” It’s a list published by a CA, which contains certificates issued by the CA that are explicitly revoked, or made invalid.

Question 8

What are the names of similar entities that a Directory server organizes entities into?

  • Clusters
  • Groups
  • Trees
  • Organizational Units

Directory servers have organizational units, or OUs, that are used to group similar entities.

Question 9

True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.

  • True
  • False

The Network Access Server only relays the authentication messages between the RADIUS server and the client; it doesn’t make an authentication evaluation itself.

Question 10

True or false: Clients authenticate directly against the RADIUS server.

  • True
  • False

Clients actually don’t interact with the RADIUS server directly. Instead, they relay authentication via the Network Access Server.

Question 11

What does a Kerberos authentication server issue to a client that successfully authenticates?

  • A ticket-granting ticket
  • A master password
  • An encryption key [INCORRECT]
  • A digital certificate

Question 12

What advantages does single sign-on offer? Check all that apply.

  • It provides encrypted authentication.
  • It reduces the total number of credentials,
  • It enforces multifactor authentication.
  • It reduces time spent authenticating.

SSO allows one set of credentials to be used to access various services across sites. This reduces the total number of credentials that might be otherwise needed. SSO authentication also issues an authentication token after a user authenticates using username and password. This token then automatically authenticates the user until the token expires. So, users don’t need to reauthenticate multiple times throughout a work day.

Question 13

What does OpenID provide?

  • Certificate signing
  • Digital signatures
  • Authentication delegation
  • Cryptographic hashing

OpenID allows authentication to be delegated to a third-party authentication service.

Authorization and Accounting

Question 1

What role does authorization play?

  • It determines whether or not an entity has access to a resource.
  • It verifies an entity’s identity.
  • It verifies passwords.
  • It provides strong encryption.

Authorization has to do with what resource a user or account is permitted or not permitted to access.

Question 2

What does OAuth provide?

  • Confidentiality
  • Integrity
  • Access delegation
  • Secure communications

OAuth is an open authorization protocol that allows account access to be delegated to third parties, without disclosing account credentials directly.

Question 3

How is auditing related to accounting?

  • They’re not related.
  • They’re the same thing.
  • Accounting is reviewing records, while auditing is recording access and usage.
  • Accounting is recording access and usage, while auditing is reviewing these records.

Accounting involves recording resource and network access and usage. Auditing is reviewing these usage records by looking for any anomalies.

Peer Graded Assessment

Click here to view

4. Securing Your Networks

Network Monitoring

Question 1

What does tcpdump do? Select all that apply.

  • Encrypts your packets
  • Analyzes packets and provides a textual analysis
  • Captures packets
  • Generates packets

Tcpdump is a packet capture and analysis utility, not a packet generator.

Question 2

What does wireshark do differently from tcpdump? Check all that apply.

  • It can write packet captures to a file.
  • It has a graphical interface.
  • It understands more application-level protocols.
  • It can capture packets and analyze them.

tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump understands some application-layer protocols, wireshark expands on this with a much larger complement of protocols understood.

Question 3

What factors should you consider when designing an IDS installation? Check all that apply.

  • Internet connection speed
  • Storage capacity
  • OS types in use
  • Traffic bandwidth

It’s important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet capture retention reasons.

Question 4

What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

  • An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
  • An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
  • An IDS can detect malware activity on a network, but an IPS can’t
  • They are the same thing.

An IDS only detects intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack traffic.

Question 5

What factors would limit your ability to capture packets? Check all that apply.

  • Network interface not being in promiscuous or monitor mode
  • Anti-malware software
  • Encryption
  • Access to the traffic in question

If your NIC isn’t in monitor or promiscuous mode, it’ll only capture packets sent by and sent to your host. In order to capture traffic, you need to be able to access the packets. So, being connected to a switch wouldn’t allow you to capture other clients’ traffic.

Secure Network Architecture

Question 1

Why is normalizing log data important in a centralized logging setup?

  • Log normalizing detects potential attacks.
  • Uniformly formatted logs are easier to store and analyze.
  • The data must be decrypted before sending it to the log server.
  • It’s difficult to analyze abnormal logs.

Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system.

Question 2

What type of attacks does a flood guard protect against? Check all that apply.

  • Man-in-the-middle attacks
  • Malware infections
  • SYN floods
  • DDoS attacks

A flood guard protects against attacks that overwhelm networking resources, like DoS attacks and SYN floods.

Question 3

What does DHCP Snooping protect against?

  • Rogue DHCP server attacks
  • DDoS attacks
  • Brute-force attacks
  • Data theft

DHCP snooping is designed to guard against rogue DHCP attacks. The switch can be configured to transmit DHCP responses only when they come from the DHCP server’s port.

Question 4

What does Dynamic ARP Inspection protect against?

  • Rogue DHCP server attacks
  • Malware infections
  • ARP poisoning attacks
  • DDoS attacks

Dynamic ARP inspection protects against ARP poisoning attacks by watching for ARP packets. If an ARP packet doesn’t match the table of MAC address and IP address mappings generated by DHCP snooping, the packet will be dropped as invalid or malicious.

Question 5

What does IP Source Guard protect against?

  • IP spoofing attacks
  • Brute-force attacks
  • Rogue DHCP server attacks
  • DDoS attacks

IP Source Guard prevents an attacker from spoofing an IP address on the network. It does this by matching assigned IP addresses to switch ports, and dropping unauthorized traffic.

Question 6

What does EAP-TLS use for mutual authentication of both the server and the client?

  • Biometrics
  • Usernames and passwords
  • Digital certificates
  • One-time passwords

The client and server both present digital certificates, which allows both sides to authenticate the other, providing mutual authentication.

Question 7

Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

  • For protection for mobile devices, like laptops
  • For protection against DDoS attacks
  • For protection against compromised hosts on the same network
  • For protection against man-in-the-middle attacks

Using both network- and host-based firewalls provides protection from external and internal threats. This also protects hosts that move between trusted and untrusted networks, like mobile devices and laptops.


Wireless Security

Question 1

What are some of the weaknesses of the WEP scheme? Check all that apply.

  • Its small IV pool size
  • Its use of ASCII characters for passphrases
  • Its use of the RC4 stream cipher
  • Its poor key generation methods

The RC4 stream cipher had a number of design flaws and weaknesses. WEP also used a small IV value, causing frequent IV reuse. Lastly, the way that the encryption keys were generated was insecure.

Question 2

What symmetric encryption algorithm does
WPA2 use?

  • DES
  • DSA
  • RSA
  • AES

WPA2 uses CCMP. This utilizes AES in counter mode, which turns a block cipher into a stream cipher.

Question 3

How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

  • Implement lockout periods for incorrect attempts.
  • Update firewall rules.
  • Use a very long and complex passphrase.
  • Disable WPS.

Question 4

Select the most secure WiFi security configuration from below:

  • WPA2 enterprise
  • WEP 128 bit
  • WPA personal
  • WPA enterprise
  • WPA2 personal
  • None

WPA2 Enterprise would offer the highest level of security for a WiFi network. It offers the best encryption options for protecting data from eavesdropping third parties, and does not suffer from the manageability or authentication issues that WPA2 Personal has with a shared key mechanism. WPA2 Enterprise used with TLS certificates for authentication is one of the best solutions available.

Graded Assessment

Click here to view

4. Defense in Path

Application Hardening

Question 1

Why is it important to keep software up-to-date?

  • To address any security vulnerabilities discovered
  • To ensure compatibility with other systems
  • It’s not important. It’s just annoying.
  • To ensure access to the latest features

As vulnerabilities are discovered and fixed by the software vendor, applying these updates is super important to protect yourself against attackers.

Question 2

What are some types of software that you’d want to have an explicit application policy for? Check all that apply.

  • Software development kits
  • Video games
  • Filesharing software
  • Word processors

Video games and filesharing software typically don’t have a use in business (though it does depend on the nature of the business). So, it might make sense to have explicit policies dictating whether or not this type of software is permitted on systems.

System Hardening

Question 1

What is an attack vector?

  • The classification of attack type
  • The direction an attack is going in
  • The severity of the attack
  • A mechanism by which an attacker can interact with your network or systems

An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them.

Question 2

Disabling unnecessary components serves which purposes? Check all that apply.

  • Reducing the attack surface
  • Making a system harder to use
  • Increasing performance
  • Closing attack vectors

Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disabling unnecessary components closes attack vectors, thereby reducing the attack surface.

Question 3

What’s an attack surface?

  • The target or victim of an attack
  • The payload of the attack
  • The total scope of an attack
  • The combined sum of all attack vectors in a system or network

The attack surface describes all possible ways that an attacker could interact and exploit potential vulnerabilities in the network and connected systems.

Question 4

A good defense in depth strategy would involve deploying which firewalls?

  • No firewalls
  • Network-based firewalls only
  • Both host-based and network-based firewalls
  • Host-based firewalls only

Defense in depth involves multiple layers of overlapping security. So, deploying both host- and network-based firewalls is recommended.

Question 5

Using a bastion host allows for which of the following? Select all that apply.

  • Running a wide variety of software securely
  • Applying more restrictive firewall rules
  • Having more detailed monitoring and logging
  • Enforcing stricter security measures

Bastion hosts are special-purpose machines that permit restricted access to more sensitive networks or systems. By having one specific purpose, these systems can have strict authentication enforced, more firewall rules locked down, and closer monitoring and logging.

Question 6

What benefits does centralized logging provide? Check all that apply.

  • It prevents database theft.
  • It blocks malware infections.
  • It helps secure logs from tampering or destruction.
  • It allows for easier logs analysis.

Centralized logging is really beneficial, since you can harden the log server to resist attempts from attackers trying to delete logs to cover their tracks. Keeping logs in place also makes analysis on aggregated logs easier by providing one place to search, instead of separate disparate log systems.

Question 7

What are some of the shortcomings of antivirus software today? Check all that apply.

  • It can’t protect against unknown threats.
  • It’s very expensive.
  • It only detects malware, but doesn’t protect against it.
  • It only protects against viruses.

Antivirus software operates off a blacklist, blocking known bad entities. This means that brand new, never-before-seen malware won’t be blocked.

Question 8

How is binary whitelisting a better option than antivirus software?

  • It’s cheaper.
  • It can block unknown or emerging threats.
  • It’s not better. It’s actually terrible.
  • It has less performance impact.

By blocking everything by default, binary whitelisting can protect you from the unknown threats that exist without you being aware of them.

Question 9

What does full-disk encryption protect against? Check all that apply.

  • Data theft
  • IP spoofing attacks
  • Malware infections
  • Tampering with system files

With the contents of the disk encrypted, an attacker wouldn’t be able to recover data from the drive in the event of physical theft. An attacker also wouldn’t be able to tamper with or replace system files with malicious ones.

Question 10

What’s the purpose of escrowing a disk encryption key?

  • Providing data integrity
  • Protecting against unauthorized access
  • Preventing data theft
  • Performing data recovery

Key escrow allows the disk to be unlocked if the primary passphrase is forgotten or unavailable for whatever reason.

Peer Graded Assessment

Click here to view

6. Creating Company Culture For Society

Peer Graded Assessment

Click here to view