Technical Security Controls Flashcards

Question

What are the potential risks associated with adware and spyware? A) Unauthorized access to user accounts B) Loss of sensitive information and identity theft C) Degraded system performance and unwanted advertisements D) All of the above

Answer 1

D) All of the above

Answer 2

- Zero-day refers to vulnerabilities or exploits that are unknown to the software developers and antivirus companies. - Zero-day exploits are called so, because there is zero-day between the discovery of the vulnerability and the release of a fix or patch. - Zero-day vulnerabilities are highly valuable to attackers because they can target systems without being detected or protected against. - A zero-day virus or malware does not have a known signature, making it difficult for antivirus software to detect and prevent its execution. - Zero-day flaws are usually discovered by malicious actors or hackers who keep them secret to maximize their impact and exploit systems undetected. - Without prior knowledge of zero-day vulnerabilities, there is no guaranteed fix or protection against them. * To mitigate the risks associated with zero-day exploits: - Keep systems up to date with the latest patches and updates provided by software vendors. - Implement proactive monitoring systems to detect any unusual activity or indicators of compromise. - Use Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and prevent attacks targeting zero-day vulnerabilities. - Employ network segmentation and access controls to limit the impact of a potential zero-day attack. - Maintain regular backups of critical data to minimize the impact of data loss or system compromise. - Stay informed about emerging threats and vulnerabilities by following security news, advisories, and information from trusted sources. - Collaboration and information sharing within the cybersecurity community can help identify and address zero-day vulnerabilities effectively. - Responsible disclosure of zero-day vulnerabilities to software vendors and relevant authorities can facilitate the development of patches or mitigations to protect systems.

Answer 3

C) An exploit that is unknown to software developers and antivirus companies A zero-day exploit refers to an exploit or vulnerability that is unknown to software developers and antivirus companies. It is called a "zero-day" because there is no prior knowledge or fix available for it. Attackers leverage these unknown vulnerabilities to launch attacks, taking advantage of the fact that there is no immediate defence or patch against them.

Answer 4

C) They allow attackers to target systems without detection or protection Zero-day vulnerabilities are highly valuable to attackers because they are unknown to software developers and antivirus companies. This means that systems are not protected against these vulnerabilities, allowing attackers to exploit them without detection. By leveraging zero-day vulnerabilities, attackers can infiltrate systems, steal data, or carry out other malicious activities without being stopped by existing security measures.

Answer 5

D) All of the above Organizations can mitigate the risks associated with zero-day exploits by implementing a combination of measures. Regularly updating systems with the latest patches and updates ensures that known vulnerabilities are addressed. Maintaining backups of critical data helps in the event of a successful attack. Implementing proactive monitoring systems allows for the detection of unusual activities or indicators of compromise. Employing all of these measures together enhances an organization's ability to detect and respond to zero-day exploits effectively.

Answer 6

Ransomware is a type of malicious software that encrypts files on a victim's computer or network, rendering them inaccessible until a ransom is paid. - Ransomware is typically delivered through email attachments, malicious links, or exploit kits that target software vulnerabilities. - Once the ransomware infects a system, it encrypts files such as documents, spreadsheets, images, and more, making them unusable without the encryption key. - Attackers demand a ransom payment, often in cryptocurrencies like Bitcoin, in exchange for providing the decryption key to unlock the encrypted files. - Ransomware attacks can have severe consequences for businesses and individuals, causing financial losses, data breaches, and disruption of operations. - Some organizations choose to pay the ransom as a quick solution to restore their business operations, while others resist paying and seek alternative recovery methods. - It's crucial to have robust and regular backups of system files and critical data to mitigate the impact of ransomware attacks. - Regularly test backups to ensure they are functioning correctly and can be restored if needed. * Implement a layered defence approach to prevent ransomware infections, including: - Up-to-date antivirus and anti-malware software. - Firewalls and network segmentation to restrict unauthorized access. - Regular software updates and patch management to address vulnerabilities. - User awareness training to educate employees about phishing emails and suspicious attachments or links. - Employ email and web filtering to block known malicious sources and prevent the delivery of ransomware. - Maintain strong password practices and enable multi-factor authentication to protect against unauthorized access. - Implement and regularly test incident response plans to ensure a timely and effective response in the event of a ransomware attack. - Engage in threat intelligence sharing to stay updated on the latest ransomware variants and tactics used by attackers. - Reporting ransomware incidents to law enforcement authorities can contribute to tracking and preventing future attacks.

Answer 7

D) Via malicious email attachments or links Ransomware typically encrypts files on a victim's computer by using malicious email attachments or links. Victims are often tricked into opening an infected attachment or clicking on a malicious link, which then initiates the encryption process and renders the files inaccessible until a ransom is paid.

Answer 8

C) Payment of a ransom in cryptocurrencies to provide a decryption key. In a ransomware attack, the common demand made by attackers is the payment of a ransom in cryptocurrencies (such as Bitcoin) in exchange for a decryption key. Attackers leverage the encrypted files as leverage, demanding payment to unlock and restore access to the victim's data.

Answer 9

D) All of the above All the mentioned measures are key to protecting against ransomware attacks. Regularly updating antivirus and anti-malware software helps defend against known malware strains, including ransomware. Implementing strong password policies helps prevent unauthorized access to systems and network shares. Training employees on email phishing awareness educates them about recognizing and avoiding malicious email attachments or links, which are common ransomware infection vectors. Employing all these measures together strengthens the organization's defence against ransomware attacks.

Answer 10

Trojan: - A trojan is a type of malicious software that disguises itself as harmless software. - It typically carries hidden malicious software inside and executes it when the user runs the seemingly harmless software. - Trojans do not replicate like viruses; they are single instances of malicious code. - Trojans run in the background and perform various malicious activities without the user's knowledge. - They can be discovered as running processes if properly identified. * Botnet Trojan: - A botnet trojan infects a computer, giving remote control to a handler. - The infected computer becomes part of a botnet, a network of compromised computers controlled by the handler. - Botnets can range from a few computers to tens of thousands under centralized control. - Computers in a botnet, known as bots, can be used for launching Distributed Denial of Service (DDoS) attacks. - Bots function normally until instructed by the handler to launch attacks against specific targets. * RAT: Remote Access Trojan: - RAT is a trojan that installs software on a computer, allowing unauthorized remote access. - It creates a backdoor or listens for connections from specific sources. - Once remote access is established, the attacker can launch attacks or repeatedly access the compromised system. - RATs can be used as a launchpad for attacks on other systems or for stealing/compromising data. - Intrusions by RATs often go undetected for a significant duration, with an average discovery time of approximately 200 days. * Proxy Trojan: - A proxy trojan uses a compromised computer as a proxy, acting on behalf of another computer. - Similar to how an ISP's proxy connects to websites on behalf of a user, a proxy trojan makes connections to servers. - The destination server sees the connection as coming from the compromised computer, not the true source. - This can be used to hide the true source of malicious activity, making it appear as if the compromised computer is responsible.

Answer 11

B) It disguises itself as harmless software What sets trojans apart from other types of malware is their ability to disguise themselves as harmless software. Trojans often masquerade as legitimate or desirable programs to trick users into executing them. Once executed, the trojan carries out its hidden malicious activities.

Answer 12

C) It forms a network of compromised computers under remote control The primary characteristic of a botnet trojan is its ability to create a network of compromised computers under remote control. Once infected, the computers become part of a botnet, which is then directed by a remote handler. The compromised computers, known as bots, can be used collectively to launch coordinated attacks, such as Distributed Denial of Service (DDoS) attacks.

Answer 13

C) To provide unauthorized remote access to a compromised computer The purpose of a remote access trojan (RAT) is to provide unauthorized remote access to a compromised computer. Once installed, the RAT allows an attacker to control the compromised system remotely. This can enable the attacker to perform various malicious activities, such as exfiltrating data, launching additional attacks, or maintaining persistent access to the compromised system.

Answer 14

B) To act as a communication intermediary between the user and the destination server The main purpose of a proxy trojan is to act as a communication intermediary between the user and the destination server. When a computer is compromised by a proxy trojan, it sits between the user's computer and the destination server, intercepting and relaying communications. The destination server sees the connection as originating from the compromised computer, rather than the true source. This allows the malicious actor to hide their identity and potentially engage in illicit activities, as the connection appears to come from the compromised computer.

Answer 15

- Active content refers to the code downloaded from the web that is executed locally by the browser, allowing for dynamic and interactive elements on websites. - Previously, web content was primarily static, consisting of text and graphics, but modern websites utilize active content to deliver animations, audio, video, and other dynamic features. - Technologies enabling active content include Java Applets, ActiveX, JavaScript, and Flash. - Active content raises concerns regarding the source and trustworthiness of the code, its intended actions, and potential access to other parts of the computer. - Instances of active content containing trojan software with malicious activities have been observed. - Browsers offer controls to restrict active content, such as warning prompts or blocking execution, but limiting active content can impact the browsing experience.

Answer 16

C) Java Applets Java Applets are one of the technologies that enable the execution of code locally within a web browser, allowing for dynamic and interactive content. Java Applets are small programs written in the Java programming language that can be embedded into web pages and run within a browser's Java Virtual Machine (JVM). They provide enhanced functionality and interactivity on websites. However, it's important to note that Java Applets have become less prevalent in modern web development due to security concerns and compatibility issues.

Answer 17

C) JavaScript JavaScript is the technology that enables client-side scripting and interactivity in web browsers. It is a programming language that runs on the client side, meaning it is executed by the user's web browser rather than on the server. JavaScript allows developers to add dynamic behaviour to web pages, manipulate DOM elements, handle events, and interact with server-side data. It is widely used in modern web development for creating interactive and responsive user interfaces.

Answer 18

- Threat vectors are the various ways through which malware can enter a computer system. - Drive-by downloads occur when a user visits an infected website, leading to unintentional malware downloads onto their computer. - Downloading or installing software from the internet, especially from unknown or untrusted sources, can introduce malware onto a computer. - Infected media, such as USB sticks, can easily transport malware to a computer when plugged in. - Malware can also enter a system through network connections, taking advantage of vulnerabilities in the network. - Email attachments are a common method for malware dissemination, with users being tricked into opening attachments containing malware. - Email attachments are particularly notorious for spreading ransomware, a type of malware that encrypts files and demands a ransom for their release.

Answer 19

D) Email attachments Email attachments are particularly notorious for spreading ransomware, a type of malware that encrypts files and demands a ransom for their release.

Answer 20

- Firewalls: Personal firewalls on end-point computers and network firewalls can be configured to block certain types of traffic or traffic from specific sites or IP addresses. - Network Controls: Network filters, access lists on routers, gateway devices, and proxy servers can be implemented to control and filter traffic, including email attachments and web-based traffic. - Antivirus/Antimalware Solutions: Antivirus or antimalware software helps detect and block known malware by identifying unique signatures. However, they may not be effective against zero-day attacks. - Manual Controls: Measures such as using a sheep dip computer to scan external media, implementing Data Loss Prevention (DLP) systems to track data movement, and controlling software and file entry into the organization. - Intrusion Detection Systems (IDS): IDS detects patterns of malicious network activity based on a database of known signatures and raises alerts for further investigation. - Intrusion Prevention Systems (IPS): IPS, similar to a firewall, can dynamically block potentially malicious traffic based on signatures, providing more proactive protection than IDS. - Application Whitelisting: Also known as allow lists, application whitelisting allows only approved applications to run on a computer, preventing the execution of unauthorized software. - System Hardening: System hardening involves configuring a computer to eliminate unnecessary applications, network connections, and services that are not required, reducing potential attack surfaces. Note: IDS and IPS can be implemented at the network level (NIDS/NIPS) to protect a segment of the network or at the host level (HIDS/HIPS) to protect individual computers. Host-based systems can provide additional protection by monitoring activities on specific hosts.

Answer 21

a) Firewalls Firewalls can be configured to deny certain types of traffic or block traffic from specific sites or IP addresses, providing network-level filtering and protection.

Answer 22

c) Detecting and blocking known malware based on unique signatures Antivirus or antimalware solutions are designed to identify and block known malware by recognizing their unique signatures, providing protection against viruses, worms, trojans, and other identified threats.

Answer 23

c) Manual controls Manual controls include measures such as scanning external media on an isolated computer (sheep dip) before allowing installation into the internal network, ensuring the files are certified as clean.

Answer 24

c) Intrusion Detection Systems (IDS) IDS examines network traffic for patterns that match known malicious signatures, raising alerts to indicate potential security incidents that require investigation.

Answer 25

b) IDS raises alerts for potentially malicious traffic, while IPS blocks the traffic. IDS detects and raises alerts for suspicious network activity, while IPS goes a step further and actively blocks potentially malicious traffic to prevent it from reaching its destination.

Answer 26

c) Application whitelisting Application whitelisting allows administrators to specify which applications are allowed to run on a computer, preventing the execution of unauthorized software and reducing the risk of malware infections.

Answer 27

c) System hardening System hardening involves optimizing the configuration of a computer by removing unnecessary applications, network connections, and services, reducing potential vulnerabilities and attack surfaces.

Answer 28

1. Additional Preventative Measures: - Patching: Implement a robust patching regime to keep systems up to date and remediate vulnerabilities. - Operational Policies: Follow best practices in system operation, use code from reliable sources, and adhere to safe coding practices. - User Awareness: Conduct comprehensive user awareness training programs to educate users about Internet risks, safe practices, and the importance of avoiding opening suspicious attachments. 2. Technical Controls: - IDS and IPS: Intrusion Detection Systems (IDS) detect and raise alerts for suspicious network activity, while Intrusion Prevention Systems (IPS) actively block potentially malicious traffic. - Defence-in-Depth: Implement multiple layers of controls to ensure security, with each layer complementing the others and providing a backup in case of control failure. - Network Connectivity: With the expansion of networks, including the Internet, remote working, VPN connections, and various devices, it is crucial to secure multiple entry points and authorize only authorized connections. - Physical, Administrative, and Technical Layers: Defence-in-depth strategy includes physical security measures, administrative policies, and technical controls to provide comprehensive protection against malware threats. Note: It's important to have a holistic approach to security by combining technical measures with operational and user awareness practices to effectively mitigate the risks posed by malware.

Answer 29

b) To remediate vulnerabilities A robust patching regime ensures that all systems are kept up to date with the latest patches, which helps in addressing vulnerabilities and reducing the risk of malware exploitation.

Answer 30

c) To educate users about safe practices User awareness training programs aim to educate users about the risks associated with Internet usage, opening suspicious attachments, and following best practices to minimize the likelihood of malware entering the organization's systems.

Answer 31

c) By following safe coding practices Operational policies that promote safe coding practices, such as using code from reliable sources and adhering to industry best practices, can help prevent the introduction of malware into the organization's systems by ensuring the integrity and security of the software being developed and deployed.

Answer 32

A Network Intrusion Detection System (NIDS) is a computer software application that can detect and report network security problems by monitoring network or system activities for malicious or anomalous behaviour.

Answer 33

A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity.

Answer 34

A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analysing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

Answer 35

The Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity attempting to negatively affect your computer. HIPS utilizes advanced behavioural analysis coupled with the detection capabilities of network filtering to monitor running processes, files and registry keys.

Answer 36

b) To detect and raise alerts on malicious network activity An IDS is designed to monitor network traffic and identify patterns of potentially malicious activity. It detects known signatures of malicious traffic and raises alerts for further investigation and response.

Answer 37

d) NIDS protects against external threats, while HIDS focuses on internal threats. NIDS is deployed at the network level to monitor and detect external threats targeting the network. HIDS, on the other hand, is installed on individual hosts to monitor and detect internal threats originating from within the network.

Answer 38

b) To block potentially malicious network traffic An IPS is designed to actively block or prevent potentially malicious network traffic based on known signatures or patterns. It goes beyond detection (like an IDS) and can dynamically block or restrict traffic to prevent security breaches.

Answer 39

b) To block all applications except those on an approved list Application whitelisting allows only authorized or approved applications to run on a computer or network. It restricts the execution of unapproved applications, reducing the risk of malware infiltration by allowing only known and trusted applications to operate.

Answer 40

Defence in depth is a strategy that leverages multiple security measures to protect an organization's assets. The thinking is that if one line of defence is compromised, additional layers exist as a backup to ensure that threats are stopped along the way. Defence in depth addresses the security vulnerabilities inherent not only with hardware and software but also with people, as negligence or human error are often the cause of a security breach.

Answer 41

B) Creating multiple layers of security controls to provide overlapping defence. Defence in Depth is a strategy that involves implementing multiple layers of security controls to provide overlapping protection. This approach recognizes that no single security measure can provide complete security. By deploying a combination of physical, technical, and administrative controls, organizations create multiple barriers that make it more difficult for attackers to penetrate their systems. This multi-layered approach enhances the overall security posture and helps mitigate risks associated with single points of failure.

Answer 42

An organization has both a physical perimeter and a technical perimeter that require defence. Physical Perimeter: Secured using physical measures like locks, fences, and access control. Technical Perimeter: The entry point to the network from the outside.

Answer 43

The primary defence mechanism for the technical perimeter is a firewall. Firewall provides separation between two or more networks. It acts as a barrier that filters and controls incoming and outgoing network traffic. A firewall is a security device that can be either a physical hardware device or a software-based application. Its primary function is to protect the network by filtering and blocking traffic. - Two-way protection: A firewall performs filtering in both directions. It not only blocks inbound traffic to prevent unauthorized access to the internal network but also prevents unauthorized data leakage or loss by blocking certain outbound traffic. - Blocking unwanted traffic: Firewalls can block unwanted traffic and help prevent malicious software from entering the network. They can provide different levels of protection, ranging from blocking traffic from specific sources to blocking traffic based on content. - Gatekeeper function: Firewalls act as gatekeepers by controlling the flow of traffic through the firewall. They analyse the traffic and make forwarding decisions based on manually configured rules. - Rule-based configuration: Firewall rules define what traffic is allowed to pass through the firewall, while denying all other traffic. These rules can be configured based on the following criteria: - Source address of the traffic - Destination address of the traffic - Protocols being used (e.g., web, file transfer, email) - Content of the traffic - Effective firewall configuration: To ensure an effective firewall, it is important to determine what traffic needs to be controlled and in which direction. This requires proper configuration of rules and settings to align with the organization's security policies and requirements. - Regular review and updates: Firewalls should be regularly reviewed and updated to adapt to changing security threats and to ensure they remain effective in protecting the network. This includes reviewing and modifying firewall rules as needed and keeping the firewall software up to date with the latest patches and firmware. - Integration with other security measures: Firewalls are an integral part of a layered security approach. They should be integrated with other security measures, such as intrusion detection and prevention systems (IDS/IPS), antivirus software, and access control mechanisms, to provide comprehensive network protection. - Ongoing monitoring and logging: Firewalls should be monitored and logged to track network traffic, detect anomalies, and investigate security incidents. Monitoring and logging data can be analysed to identify potential security breaches or policy violations. - Regular security audits: Periodic security audits should be conducted to assess the effectiveness of the firewall configuration and ensure compliance with security standards and regulations. - User awareness: Users should be educated about the role of firewalls and the importance of following security policies and best practices. User awareness training can help prevent unauthorized access attempts and ensure responsible use of network resources.

Answer 44

a) Filtering and blocking outbound traffic b) Filtering and blocking inbound traffic At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall's main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.

Answer 45

d) All of the above Firewall rules can be configured based on the source address, destination address, and protocols being used to control the traffic flow.

Answer 46

b) To prevent unauthorized data leakage or loss Two-way protection in a firewall ensures that not only inbound traffic is blocked but also unauthorized outbound traffic to prevent data leakage or loss.

Answer 47

b) By analysing and controlling the flow of traffic Firewalls act as gatekeepers by analysing network traffic and making decisions based on configured rules to control the flow of traffic.

Answer 48

d) All of the above A firewall should be integrated with other security measures like IDS/IPS, antivirus software, and access control mechanisms to provide comprehensive network protection.

Answer 49

1. Packet Filter Firewall: - Most common type of firewall. - Filters traffic based on addresses and protocols. - Determines the source and destination addresses of packets and the protocol used. - Can allow or deny traffic based on predefined rules. - Primarily focuses on the form and type of traffic. 2. Web Application Firewall (WAF): - Specifically designed for web traffic. - Examines the content of data packets to and from web applications. - Prevents undesirable content from being downloaded or uploaded. - Protects web applications from common web-based attacks. 3. Proxy Firewall: - Acts as an intermediary between client browsers and web servers. - Analyses traffic passing through the proxy. - Can provide additional security measures and control over network traffic. - Offers enhanced privacy and anonymity by masking the client's IP address. 4. Multi-Layer Stateful Inspection Firewall: - Combines various functionalities in one firewall. - Performs packet filtering, content inspection, and connection analysis. - Verifies the integrity and state of network connections. - Provides advanced security features and comprehensive protection. - Ensures traffic is in the correct direction and meets specific criteria. 5. Next-Generation Firewall (NGFW): - Incorporates features of multi-layer firewalls and adds advanced capabilities. - Includes antivirus scanning for incoming traffic. - Integrates identity and access management solutions. - Responds to advanced attacks with enhanced threat intelligence. - Offers comprehensive security controls and features. Summary of Firewall Functions: - Intercepts and controls traffic between two points. - Uses rule sets to define allowed or denied traffic. - Protects the technical perimeter of the network. - Filters content to prevent undesirable or malicious data. - Helps enforce the organization's security policy. - Generates an audit trail by logging all firewall activity.

Answer 50

a) Packet Filter Firewall Packet Filter Firewall: - Most common type of firewall. - Filters traffic based on addresses and protocols. - Determines the source and destination addresses of packets and the protocol used. - Can allow or deny traffic based on predefined rules. - Primarily focuses on the form and type of traffic.

Answer 51

b) Web Application Firewall Web Application Firewall (WAF): - Specifically designed for web traffic. - Examines the content of data packets to and from web applications. - Prevents undesirable content from being downloaded or uploaded. - Protects web applications from common web-based attacks.

Answer 52

c) Proxy Firewall Proxy Firewall: - Acts as an intermediary between client browsers and web servers. - Analyses traffic passing through the proxy. - Can provide additional security measures and control over network traffic. - Offers enhanced privacy and anonymity by masking the client's IP address.

Answer 53

d) Multi-Layer Stateful Inspection Firewall Multi-Layer Stateful Inspection Firewall: - Combines various functionalities in one firewall. - Performs packet filtering, content inspection, and connection analysis. - Verifies the integrity and state of network connections. - Provides advanced security features and comprehensive protection. - Ensures traffic is in the correct direction and meets specific criteria.

Answer 54

d) Next-Generation Firewall Next-Generation Firewall (NGFW): - Incorporates features of multi-layer firewalls and adds advanced capabilities. - Includes antivirus scanning for incoming traffic. - Integrates identity and access management solutions. - Responds to advanced attacks with enhanced threat intelligence. - Offers comprehensive security controls and features.

Answer 55

1. DMZ (Demilitarized Zone): - A DMZ is a subnetwork that functions as a protected and monitored segment of an organization's network. - It acts as an exposed point to untrusted networks, typically the Internet. - The goal of a DMZ is to add an extra layer of security to an organization's local area network. - It allows external traffic to reach certain services while protecting the internal network from direct access. 2. Purpose of a DMZ: - The DMZ exists to protect hosts that are vulnerable to attacks, such as email and web servers. - By placing these hosts in the DMZ, they are isolated from the internal network and provide a layer of protection. - A properly implemented DMZ helps detect and mitigate security breaches before they reach the internal network. 3. Implementing a DMZ: - There are two common methods: a single firewall (three-legged model) or dual firewalls. - Single firewall: Involves using a single firewall with a minimum of 3 network interfaces. The DMZ is placed inside this firewall, creating separation from the external network and internal network. - Dual firewall: The more secure approach involves using two firewalls. The frontend firewall only allows traffic to the DMZ, while the backend firewall controls traffic from the DMZ to the internal network. 4. Network Components: - Hubs: Basic network devices that provide connectivity by broadcasting data to all connected devices. - Switches: More advanced network devices that create a direct connection between devices, allowing for better performance and security. - Routers: Network devices that connect different networks together and direct traffic based on IP addresses.

Answer 56

B) To protect vulnerable hosts from external attacks The primary purpose of a DMZ in network architecture is to provide an additional layer of security by isolating vulnerable hosts, such as web servers or email servers, from the internal network. It acts as a buffer zone between the trusted internal network and the untrusted external network.

Answer 57

C) By isolating vulnerable hosts from the internal network A DMZ enhances network security by isolating vulnerable hosts from the internal network. This helps to prevent unauthorized access to sensitive internal resources and reduces the risk of compromising the entire network if a DMZ host is compromised.

Answer 58

D) Web server for hosting public-facing websites Hosting a web server for public-facing websites is a common example of a service that is placed in a DMZ. By placing the web server in the DMZ, organizations can provide public access to the website while minimizing the risk to their internal network.

Answer 59

D) To detect and mitigate security breaches before they reach the internal network The primary goal of implementing a DMZ is to detect and mitigate security breaches before they reach the internal network. By monitoring and controlling the traffic entering and leaving the DMZ, organizations can identify and respond to potential threats before they can impact the internal network.

Answer 60

C) Dual firewall model The network architecture that involves using two firewalls to create a DMZ is known as the dual firewall model. In this model, the first firewall allows traffic destined for the DMZ, while the second firewall controls the traffic that moves from the DMZ to the internal network. Using two firewalls adds an extra layer of protection and helps prevent unauthorized access to the internal network.

Answer 61

Provides physical connectivity for devices to connect and communicate with each other. Lacks intelligence and does not have knowledge of the destination of traffic. Forwards traffic to all connected devices, which can lead to interception of contents. Operates in half-duplex mode, allowing communication in one direction at a time. Collisions occur when data packets collide on the wire, leading to retransmissions and increased network delays.

Answer 62

b) A hub provides physical connectivity but lacks intelligence. A hub simply provides physical connectivity for devices to connect and communicate with each other. It lacks intelligence and does not have knowledge of the destination of traffic.

Answer 63

d) Hubs forward traffic to all connected devices, increasing the risk of interception and collisions. A hub forwards traffic to all connected devices, regardless of whether the intended recipient is there or not. This increases the risk of interception of contents and introduces collisions, leading to retransmissions and network delays.

Answer 64

The switch is an improved network device compared to the hub, offering more functionality and enhanced network security. A switch provides physical connectivity like a hub but with the advantage of intelligence. Devices connected to a network have both an IP address and a MAC address. The MAC address is a unique identifier that stays with the device regardless of its IP address. When devices connect to a switch, their MAC addresses are stored in a memory table. A switch uses its intelligence to identify the destination device based on its MAC address and forwards traffic only to that device. This ensures that other connected devices do not see the traffic, improving security. Switches enable simultaneous communication in both directions, known as full duplex, using separate pairs of wires. Unlike hubs, switches eliminate collisions on the network. Switches can have additional capabilities, such as creating logical switches (VLANs) and implementing additional security measures on each switch port.

Answer 65

b) A switch eliminates collisions on the network. Unlike hubs, which operate in half-duplex mode and can cause collisions when data packets collide on the wire, switches operate in full-duplex mode and eliminate collisions. Switches provide separate pairs of wires for communication in each direction, ensuring efficient and collision-free data transmission.

Answer 66

c) To uniquely identify a device on the network. The MAC address (Media Access Control) is a unique identifier assigned to a network interface card (NIC) of a device. In a switch, MAC addresses are stored in a memory table, allowing the switch to identify the destination device based on its MAC address and forward traffic only to that specific device.

Answer 67

b) Full duplex Full duplex is the feature that enables simultaneous communication in both directions on a switch. Unlike half-duplex communication, where data can flow in only one direction at a time, full duplex allows data to be transmitted and received simultaneously on separate pairs of wires. This increases the efficiency and speed of data transmission in the network.

Answer 68

The router connects networks together and acts as a point of connectivity for forwarding traffic from one network to another. Routers make forwarding decisions based on the IP address of the traffic. The Internet is composed of thousands of networks interconnected with routers. Routers exchange information with neighbouring routers to determine the best path for forwarding traffic. If a link between two routers breaks, the routers can dynamically select an alternative path if available, allowing the network to heal itself. Routers maintain a routing table that contains information about networks, which is used to make forwarding decisions. Routers can be configured with access lists, similar to firewall rules, to control traffic flow between neighbouring networks.

Answer 69

c) Connecting networks and forwarding traffic A router's primary function is to connect networks together and forward traffic between them. Routers examine the IP address of incoming traffic and determine the best path for forwarding it to its destination across different networks.

Answer 70

c) Information about connected networks A routing table in a router contains information about connected networks, including the network addresses and the corresponding interfaces through which traffic should be forwarded. This information helps the router make routing decisions and determine the next hop for traffic destined to different networks.

Answer 71

a) By rerouting traffic through neighbouring routers When a link between two routers breaks or a network becomes unavailable, routers exchange information with neighbouring routers and dynamically select alternative paths, if available, to reroute traffic and maintain connectivity. This helps ensure that network communication continues even in the event of failures or network changes.

Answer 72

All devices connected to a network require a unique IP (Internet Protocol) address. IP addresses consist of a source and destination address for communication, and routers use the destination address to forward traffic. IPv4 is the most widely used version of IP addressing, based on a 32-bit binary number represented by four octets (four sets of eight binary bits). The IP address space was originally divided into classes but became less relevant as address consumption increased. Typical IP addresses encountered are those used by home broadband routers, such as 192.168.0.X, where X represents a specific host on the network. Certain IP addresses are reserved for specific functions, such as private use within a network (e.g., 192.168.0.X). The growth of the Internet led to the creation of IPv6, which uses a larger address space of 128 binary bits (converted to hexadecimal). IPv6 addresses are much larger and represented in a shorter or longer form. E.G. 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 provides an ample address space to accommodate the increasing number of devices connected to the Internet.

Answer 73

A) IPv4 IPv4 is based on a 32-bit binary number represented by four octets (four sets of eight binary bits).

Answer 74

A) 255.255.255.255 In the IPv4 address space, the highest IP address is represented as 255.255.255.255.

Answer 75

A) To provide a larger address space IPv6 was developed to address the issue of IPv4 address exhaustion and to provide a significantly larger address space with 128 binary bits, accommodating the increasing number of devices connected to the Internet.

Answer 76

- VLAN stands for Virtual LAN and it involves dividing a single physical switch into multiple logical switches. - VLANs create virtual networks that appear as separate devices, allowing for logical separation and improved network security. - Devices within the same VLAN can communicate with each other, while communication between VLANs requires the use of a router. - Multiple VLANs can be created on a single switch to accommodate different groups or functions. - To enable communication between VLANs across multiple switches, trunk connections are used. - Trunk connections carry data between switches and also identify the VLAN to which the data belongs. - VLAN trunking is the concept of establishing trunk connections between switches to facilitate communication between VLANs.

Answer 77

B) To logically separate devices connected to a switch VLANs create virtual networks within a physical switch, allowing devices to be logically separated and isolated from one another. This segregation improves network security and provides flexibility in grouping devices based on function or department.

Answer 78

B) By using a router VLANs create separate broadcast domains, and communication between VLANs requires the use of a router. The router forwards traffic between VLANs based on their IP addresses, enabling inter-VLAN communication.

Answer 79

D) To facilitate communication between VLANs across multiple switches VLAN trunking involves establishing trunk connections between switches, allowing the transmission of data between VLANs. Trunk connections carry data and also identify the VLAN to which the data belongs, enabling communication between VLANs in different switches.

Answer 80

- Wireless networks combine wired and wireless connectivity or can be purely wireless, eliminating the need for physical cables. - Wireless networks transmit data as radio waves, making interception possible for anyone within range of the wireless signal. - Early wireless networks lacked security, making traffic interception straightforward. The radio waves extend beyond the network boundary, allowing potential interception from outside. - Each wireless network is identified by an SSID (Service Set Identifier), which is broadcasted regularly. Using a recognizable SSID can make a network a target. Hiding the network by disabling SSID broadcast provides some security but can still be discovered. * Wireless security has evolved over time to protect transmitted data: - WEP (Wired Equivalent Privacy): Totally obsolete and should not be used. - WPA (Wi-Fi Protected Access): Also obsolete and should not be used. - WPA2 (WPA version 2): Currently the most common wireless security and still recommended for use. - WPA3 (WPA version 3): The latest version, not yet widely adopted but provides enhanced security. - When configuring wireless networks, it is important to use the latest available security measures and evaluate network security before connecting. - Public places often offer free wireless networks without proper security measures. Using a VPN (Virtual Private Network) can provide additional security if the network lacks encryption.

Answer 81

c) WEP WEP is an outdated wireless security protocol that is no longer considered secure and should not be used. It has known vulnerabilities that make it easy for attackers to compromise the network.

Answer 82

b) Service Set Identifier SSID is a unique name assigned to a wireless network. It helps identify and differentiate one wireless network from another. Devices use the SSID to determine which network to connect to when multiple networks are available.

Answer 83

c) To provide an extra layer of encryption and secure the connection When connecting to public wireless networks that do not have proper encryption, using a VPN (Virtual Private Network) can add an additional layer of security by encrypting the data transmitted between the device and the VPN server, protecting it from potential eavesdropping or interception by malicious actors.

Answer 84

1. Monitoring and Alerting: - Automated monitoring helps identify potential incidents and avert them. - Centralizing logs from devices to a central point improves efficiency. - SIEM (Security Information and Event Management) systems provide capabilities such as centralizing logs, correlating events, setting thresholds for alerting, and producing reports. 2. Security Operations Centre (SOC): - SOC manages the SIEM and performs various security functions. - Activities of a SOC include continuous monitoring, preventative maintenance, alert management, threat response, incident recovery, log management, compliance management, and security process improvement. - SOC enhances security incident detection and response through ongoing analysis and continuous activity monitoring. 3. Additional Security Activities: - Vulnerability assessments help identify weaknesses in systems and infrastructure. - Periodic penetration testing evaluates the effectiveness of security controls by simulating real-world attacks. - Digital forensic capabilities may be part of a SOC's role to investigate incidents and gather evidence.

Answer 85

A) Centralize log information in one place SIEM systems are designed to collect and centralize log entries from various devices and sources. They provide a centralized repository for log information, enabling correlation, analysis, and alerting functionalities.

Answer 86

C) Monitor and manage security incidents The main responsibility of a SOC is to continuously monitor the security posture, detect and respond to security incidents, and manage the overall incident response process. They coordinate incident handling, investigate root causes, and ensure timely response and recovery.

Answer 87

A) Identify vulnerabilities in systems and infrastructure Periodic penetration testing involves simulating real-world attacks on systems and infrastructure to identify vulnerabilities and weaknesses in security controls. It helps organizations assess the effectiveness of their security measures and prioritize remediation efforts.

Answer 88

1. Vulnerability assessments involve analysing systems for known vulnerabilities and flaws that could be exploited. 2. Technical vulnerability assessments use applications like Nessus, which have a database of known vulnerabilities. 3. Vulnerability scans are conducted against the vulnerability database to identify outstanding patches and assess the criticality of vulnerabilities. 4. Vulnerability assessments may provide information about potential exploits that could be leveraged. 5. Regular vulnerability scans should be conducted, and the scanning software should be kept up to date with the latest known vulnerabilities. 6. Vulnerability assessment is a standalone activity, but it is also incorporated into a penetration test.

Answer 89

B) To analyse and identify known vulnerabilities in systems A vulnerability assessment aims to identify and assess vulnerabilities in systems or applications, providing insights into potential weaknesses that could be exploited by attackers.

Answer 90

C) Nessus Nessus is an example of an application used for technical vulnerability assessments. It contains a database of known vulnerabilities and performs scans against this database to identify vulnerabilities and provide information about patches and potential exploits.

Answer 91

D) Regularly and on an ongoing basis Vulnerability scans should be conducted regularly to ensure that systems are continuously assessed for known vulnerabilities. The frequency may vary depending on factors such as the organization's risk appetite and the nature of the systems being assessed.

Answer 92

- Penetration testing is the process of simulating the actions of a malicious person to validate the security of a technical environment. - It involves using hacker tools and techniques to discover and exploit vulnerabilities. - Penetration tests can be conducted externally (testing what is visible to the outside world) or internally (simulating an attacker with access to the premises and network). - Different types of penetration tests include: Black Box Test (no knowledge of the target) Grey Box Test (partial knowledge) White Box Test (full knowledge) - Prior permission and agreement from the network and system owners are crucial before conducting any penetration test. - Actions to be carried out before a penetration test include defining the scope, signing a non-disclosure agreement, determining how vulnerabilities will be handled, specifying the tools and techniques to be used, considering potential disruptions, and addressing social engineering techniques. - The results of a penetration test are presented in a report, which includes findings, methods used, and recommendations for remediation. - The pen test report is a sensitive document that should be protected to prevent vulnerabilities from falling into the wrong hands.

Answer 93

A) To validate the security footprint of the organization Penetration testing aims to identify vulnerabilities and assess the security of a technical environment, not to gain unauthorized access or disrupt operations

Answer 94

A) Black Box Test In a Black Box Test, the tester has no knowledge of the target network and simulates a typical external attacker. Grey Box Test involves partial knowledge, and White Box Test involves full knowledge of the target network. Red Team Test refers to a broader, more comprehensive assessment involving multiple techniques.

Answer 95

A) Signing a non-disclosure agreement Prior to conducting a penetration test, it is essential to establish the scope, sign a non-disclosure agreement, and obtain permission from the network and system owners. Exploiting vulnerabilities, conducting social engineering attacks, or disrupting normal operations may not be allowed or desired during the test.

Answer 96

- Acceptable Use Policy (AUP) is an administrative control that supports technical security measures. - Policies are mandates and statements of intent that are mandatory within an organization. - A series of policies cover aspects of how technology should be used, including acceptable use, email, passwords, remote access, and home working. - The AUP defines the acceptable use of computer and network-related equipment and services within the organization. - A typical AUP may include "do not" statements to define unacceptable behaviour. - Common areas covered by the AUP include downloading/installing unauthorized software, infringing copyright, accessing inappropriate material, causing offense to others, affecting network infrastructure, using unauthorized identities/passwords, sharing personal credentials, and engaging in unauthorized activities on the network infrastructure. - The use of the Internet is a significant aspect of AUP, and access should be appropriate, legal, and aligned with corporate governance principles. - AUP helps protect individuals from engaging in illegal activities and safeguards the organization's operations and reputation

Answer 97

B) To define acceptable and unacceptable use of computer and network resources An Acceptable Use Policy (AUP) outlines the rules and guidelines for the appropriate use of technology resources within an organization, defining what is acceptable and what is not.

Answer 98

B) Social media usage guidelines An Acceptable Use Policy (AUP) may cover various topics, including acceptable use, email, passwords, remote access, and home working. Social media usage guidelines are commonly included in an AUP to provide guidance on appropriate behaviour when using social media platforms.

Answer 99

A) It ensures compliance with legal and ethical standards. An Acceptable Use Policy (AUP) helps organizations establish guidelines and rules to ensure that employees and users of technology resources comply with legal regulations and ethical standards. It promotes responsible and appropriate use of resources to protect individuals and maintain the organization's reputation

Answer 100

Network management involves routine tasks to ensure the functionality and security of the network. Tasks include network monitoring, logging, anti-malware updates, patching, and vulnerability scanning. Tools like IDS and IPS can be used to learn and distinguish between normal and malicious network behaviour. Good network management requires an understanding of infrastructure, risks, countermeasures, business processes, policies, and regulatory requirements. Metrics and measurement are essential for monitoring and improvement processes. Regular reporting to senior management is necessary to demonstrate return on investment and progress towards goals.

Answer 101

D) Data encryption Data encryption is not typically considered a task of network management. Data encryption is more closely related to securing services and protecting data during transmission. Network management tasks typically include network monitoring, patching, and anti-malware updates to ensure the functionality and security of the network.

Answer 102

A) Knowledge of infrastructure and system architecture Knowledge of infrastructure and system architecture is an essential component of effective network management. Understanding the network's physical and intangible assets, system architecture, and interconnectivity helps in managing and securing the network effectively.

Answer 103

- Protective measures are needed for real-time activities such as communication, web services, e-commerce, and data exchange. - Remote working and collaborative tools have become more prevalent, requiring secure connections and encryption. - Awareness training is important to prevent social engineering and phishing attacks on social media platforms. - Legacy technologies like modems can be susceptible to attacks such as war-dialling. - Wi-Fi should use secure protocols, and remote workers must use VPN connections for added security on public wireless networks. - Mobile technologies and data capabilities of 3G, 4G, and 5G networks are growing in importance. - Web services should be protected with authentication and secure connections using the latest TLS version.

Answer 104

C) Performing regular vulnerability scans Performing regular vulnerability scans is a recommended measure for securing network services. Vulnerability scans help identify potential weaknesses or vulnerabilities in the network infrastructure, allowing organizations to address them proactively and reduce the risk of exploitation.

Answer 105

- Cloud computing provides on-demand availability of computer system resources without direct user management. - It involves the use of a network of remote servers hosted on the Internet for storing, managing, and processing data. - Cloud computing relies on virtualization to create virtual machines (VMs) running on shared hardware resources. - Virtualization allows for greater hardware utilization and consolidation, providing a higher return on investment. - Cloud environments can host multiple VMs, with hardware resources allocated appropriately.

Answer 106

A) Greater hardware utilization Greater hardware utilization is the primary benefit of virtualization in cloud computing. Virtualization allows for the consolidation of multiple virtual machines (VMs) on shared hardware resources, resulting in more efficient use of the physical hardware and a higher return on investment.

Answer 107

C) Distributed functions across multiple data centres Distributed functions across multiple data centres is a characteristic of cloud computing. Cloud computing involves the on-demand availability of computer system resources, with functions distributed over multiple locations, typically data centres. This distribution allows for scalability, redundancy, and increased availability of services.

Answer 108

1. Terminology in cloud computing includes the cloud provider, consumer/subscriber, and tenant. 2. There are six essential characteristics of cloud computing: a) On-demand self-service: Consumers can provision computing capabilities without human interaction. b) Broad network access: Capabilities are accessible over the network via various client platforms. c) Resource pooling: Computing resources are pooled and dynamically assigned to serve multiple consumers. d) Rapid elasticity: Capabilities can be quickly scaled up or down based on demand. e) Measured service: Resource usage is automatically monitored and metered, allowing for pay-as-you-use billing. f) Multi-tenancy: Resources are allocated and controlled to ensure isolation between different end user organizations. 3. Cloud resources can be delivered using different service and deployment models. 4. Service models describe how user organizations utilize services provided by cloud providers.

Answer 109

b) On-demand self-service On-demand self-service is a cloud computing characteristic that enables consumers to unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without the need for human interaction with the service provider.

Answer 110

a) Multi-tenancy Multi-tenancy is a cloud computing characteristic that involves allocating and controlling resources in a way that different end user organizations or tenants are isolated and cannot access each other's processing and data. This ensures data privacy and security between different tenants.

Answer 111

c) Rapid elasticity Rapid elasticity is a cloud computing characteristic that enables capabilities to be elastically provisioned and released, allowing for rapid scaling of resources outward and inward based on demand. This scalability ensures that computing resources can efficiently accommodate fluctuating workloads.

Answer 112

SaaS stands for Software as a Service. In SaaS, the consumer uses applications provided by the cloud service provider. The applications are accessed through client devices, either through a program interface or a web browser. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating system, or storage. Configuration options for the application are limited to user settings. Examples of SaaS include Microsoft Office 365, Adobe Creative Suite, and Salesforce. SaaS is typically subscription-based, where users pay for the service on a recurring basis. User files are typically stored within the cloud, which should be considered when terminating a subscription.

Answer 113

C) SaaS offers applications that can only be accessed through a specific web browser. In the SaaS model, applications are provided by the cloud service provider and accessed by consumers through a web browser or program interface. Consumers do not manage or control the underlying cloud infrastructure.

Answer 114

D) Cisco Webex Cisco Webex is a collaboration and communication tool that is delivered as a SaaS solution. Amazon Web Services (AWS) is an example of Infrastructure as a Service (IaaS), Dropbox is a cloud storage service, and VMware is a virtualization software provider.

Answer 115

C) SaaS applications are typically accessed through a web browser. In the SaaS model, applications are accessed by consumers through a web browser or program interface. Consumers do not have full control over the underlying cloud infrastructure, and the configuration options for the application are usually limited. The amount of storage space provided may vary depending on the specific SaaS provider and subscription plan.

Answer 116

- Platform as a Service (PaaS) allows consumers to deploy their own or acquired applications into a cloud environment. - Consumers can execute their applications within the cloud using libraries and tools provided by the PaaS provider. - Consumers are responsible for configuring and managing their applications and any data created within the PaaS environment. - Consumers do not have access to the underlying operating system or have control over the cloud infrastructure. - Examples of PaaS include Microsoft Windows Azure and Force.com. - With PaaS, consumers have the ability to use and customize their own applications within the cloud environment, but they cannot access or manage the underlying infrastructure.

Answer 117

B) Consumers can configure or manage the applications deployed in the cloud. The consumer is responsible for and can configure the application and manage any data created but the consumer does not have access to the operating system or manage the underlying cloud infrastructure.

Answer 118

C) Microsoft Windows Azure Windows Azure is a well-known example of a PaaS provider. It offers a platform for consumers to deploy and manage their own applications within the Azure cloud environment.

Answer 119

C) Simplified application deployment and management. One of the key benefits of PaaS is that it provides a platform for consumers to deploy and manage their applications without having to worry about the underlying infrastructure. PaaS abstracts away the complexities of infrastructure management, allowing consumers to focus on their applications.

Answer 120

1. Infrastructure as a Service (IaaS) is a cloud computing model that provides consumers with virtualized access to computing resources such as processing power, storage, and network infrastructure. The consumer has control over the operating system and software stack, while the underlying physical infrastructure is managed by the cloud provider. 2. Consumer's control and capabilities: With IaaS, the consumer has the ability to provision and manage virtual servers within the cloud environment. They can choose the operating system and software configurations for their servers, as well as scale resources up or down based on their needs. The consumer has administrative control over their virtual infrastructure, allowing them to configure and manage it as if it were a physical environment. 3. Benefits of IaaS: IaaS offers several benefits to organizations, including: - Scalability: Consumers can easily scale their computing resources up or down based on demand, allowing for flexibility and cost optimization. - Cost savings: By using virtual infrastructure instead of investing in physical hardware, organizations can reduce capital expenditure and operational costs. - Agility: IaaS enables rapid deployment of new applications and services, allowing organizations to quickly respond to business needs and market changes. - Disaster recovery and business continuity: IaaS providers often offer built-in backup and disaster recovery capabilities, ensuring data resilience and minimizing downtime. 4. Security considerations: While IaaS provides control and flexibility, it also introduces security considerations. Some key points to remember include: - Shared security responsibility: The cloud provider is responsible for securing the underlying infrastructure, while the consumer is responsible for securing their applications and data within the virtual environment. - Data protection: Consumers should implement appropriate encryption and access controls to protect sensitive data stored and transmitted within the IaaS environment. - Identity and access management: Strong authentication and access controls should be in place to prevent unauthorized access to the virtual infrastructure and resources. - Monitoring and logging: Implementing robust monitoring and logging mechanisms helps detect and respond to security incidents and ensures compliance with regulatory requirements. 5. Examples of IaaS providers: Popular examples of IaaS providers include Amazon Web Services (AWS) Elastic Compute Cloud (EC2), Microsoft Azure Virtual Machines, and Google Cloud Platform (GCP) Compute Engine. These platforms offer a wide range of computing resources and services to support organizations' infrastructure needs.

Answer 121

B) IaaS allows consumers to provision processing, storage, and network resources with control over the operating system. In IaaS, consumers have the flexibility to manage their virtual infrastructure, including the operating system and applications running on it.

Answer 122

C) Control over the operating system and applications. With IaaS, consumers have the freedom to customize and configure their operating systems and applications according to their specific requirements.

Answer 123

B) Provisioning and managing virtual computing resources. In IaaS, the consumer is responsible for provisioning the required computing resources, such as servers, storage, and network, and managing them within the virtual environment provided by the IaaS provider. The physical infrastructure and data centre management are the responsibilities of the IaaS provider.

Answer 124

Private Cloud: Provisioned for exclusive use by a single organization and may be owned, managed, and operated by the organization or a third party. It can exist on or off-premise. Community Cloud: Provisioned for the exclusive use of a specific community of users with shared concerns. It may be owned or managed by organizations within the community or a third party and can exist on or off-premise. Public Cloud: Provisioned for open use by the public and not restricted to any particular entity or community. It can be owned, managed, and operated by businesses, academic or government organizations, and can be hosted anywhere in the world. Hybrid Cloud: A composition of two or more deployment models bound together by standardized or proprietary technology to enable data and application portability.

Answer 125

A) Private Cloud In the private cloud deployment model, the cloud infrastructure is provisioned for exclusive use by a single organization. It may be owned, managed, and operated by the organization or a third party. This model is designed to cater to the needs of a specific organization comprising multiple consumers.

Answer 126

B) Community Cloud In the community cloud deployment model, the cloud infrastructure is provisioned for the exclusive use of a specific community of users with shared concerns. It may be owned or managed by one or more organizations in the community or a third party. This model allows organizations with similar requirements to share cloud resources.

Answer 127

C) Public Cloud In the public cloud deployment model, the cloud infrastructure is provisioned for open use by the public. It is not restricted to any particular entity or community and can be owned, managed, and operated by businesses, academic or government organizations, or any combination of these entities. Public cloud services are accessible to anyone over the internet.

Answer 128

D) Hybrid Cloud The hybrid cloud deployment model combines two or more deployment models, such as private, community, or public clouds, which remain unique entities but are bound together by technology to enable data and application portability. This model allows organizations to leverage the benefits of multiple cloud models while maintaining flexibility and control over their resources.

Answer 129

Initial costs: Cloud deployment eliminates significant upfront capital expenditure as there is no need to purchase and configure company-owned infrastructure. Ongoing costs: Local equipment does not depreciate, and maintenance is not required. The subscription model allows for better budgeting and predictability. Economies of scale: Multi-tenanted physical servers in data centre's are more cost-efficient than separate physical server environments. Operational responsibilities: Cloud providers take responsibility for availability and a degree of protection, but ownership and accountability of data remain with the consumer or subscriber. Eliminates knowledge of location: The cloud can be located anywhere, improving resilience and security, provided jurisdictional requirements are satisfied. Scalability: Cloud resources can be rapidly scaled up or down based on demand, allowing businesses to have resources available when needed and return them when not required.

Answer 130

B) On-premises infrastructure maintenance The economic benefit of cloud computing includes the reduction of on-premises infrastructure maintenance costs. With cloud computing, organizations do not have to bear the expenses of maintaining and managing their own physical infrastructure, including servers, networking equipment, and data centres. These responsibilities are transferred to the cloud service provider, resulting in cost savings for the organization.

Answer 131

D) Rapid provisioning of resources Cloud computing offers the benefit of rapid provisioning of resources. Organizations can quickly scale up or down their computing resources based on demand. This agility allows them to accommodate fluctuations in workload and efficiently meet their resource requirements without delays or significant investments.

Answer 132

C) Improved business agility Cloud computing provides organizations with improved business agility, which is a strategic advantage. By leveraging the cloud, organizations can quickly adapt to market changes, deploy new services or applications, and respond to customer needs faster. The scalability, flexibility, and accessibility of cloud resources enable organizations to be more agile and responsive in their operations.

Answer 133

Control: Infrastructure as a Service (IaaS) provides the greatest control over resources Platform as a Service (PaaS) limits control to applications Software as a Service (SaaS) is the most restrictive with the cloud provider controlling all resources. Vulnerabilities: Cloud computing introduces vulnerabilities such as dependency on connectivity, susceptibility to DDoS attacks, reliance on cloud providers' management and configuration skills, and the need to manage hardware lifecycle to avoid performance issues.

Answer 134

C) Infrastructure as a Service (IaaS) Among the given options, Infrastructure as a Service (IaaS) provides the subscriber with the greatest control over their resources. In the IaaS model, the consumer has control over the operating system, applications, and other elements within the cloud infrastructure. They can provision and manage their own servers, choose the operating system and software, and have more granular control compared to other service models.

Answer 135

B) Exposure to external communication and access The vulnerability associated with the dependence on connectivity in cloud computing is exposure to external communication and access. Cloud computing heavily relies on network connectivity for users to access and interact with cloud services. Any disruption or outage in connectivity can impact the availability and accessibility of cloud resources. Additionally, cloud services are susceptible to distributed denial-of-service (DDoS) attacks, which can result in service unavailability.

Answer 136

Cloud computing relies entirely on connectivity, and without it, cloud services cannot function. Disruptions in connectivity can have a significant impact on businesses relying on cloud services. For example, an outage in Microsoft Office 365, a commonly used cloud application, can disrupt business operations. Cloud environments are vulnerable to Distributed Denial of Service (DDoS) attacks, where an overwhelming amount of traffic is directed at the cloud infrastructure, causing service unavailability. It is essential to have measures in place to ensure continuous connectivity, such as redundant network connections and backup communication channels. Robust security measures, including network monitoring and intrusion detection systems, should be implemented to mitigate the risk of DDoS attacks and unauthorized access to cloud resources.

Answer 137

B) Susceptibility to Distributed Denial of Service (DDoS) attacks. Exposure to external communication and access in cloud computing makes the cloud environment vulnerable to DDoS attacks. DDoS attacks involve overwhelming the cloud infrastructure with a massive amount of traffic, rendering the services unavailable to legitimate users. These attacks exploit the cloud's reliance on connectivity and can disrupt business operations. It is essential for organizations to implement robust security measures to mitigate the risk of DDoS attacks and ensure the continuous availability of cloud services.

Answer 138

Misconfiguration in cloud computing refers to improper setup or management of the cloud infrastructure. Cloud providers are responsible for managing and configuring the physical infrastructure in all service models. There is a reliance on the cloud provider to have the necessary skills and processes in place to ensure proper configuration. In service models that allow subscribers to configure their own needs, prerequisite skills and knowledge are required within the subscriber organization. Misconfiguration can lead to security vulnerabilities, performance issues, and operational disruptions. It is important for both the cloud provider and the subscriber to have expertise and proper understanding of the cloud environment to mitigate the risks associated with misconfiguration.

Answer 139

Cloud misconfigurations are vulnerabilities waiting to happen. Malicious attackers are always hunting for misconfigured cloud assets because they can be a doorway to the theft of location data, passwords, financial information, phone numbers, health records and other exploitable personal data.

Answer 140

C) Misconfiguration can lead to security vulnerabilities, performance issues, and operational disruptions. Misconfiguration refers to improper setup or management of the cloud infrastructure, which can have serious consequences for the overall functionality and security of the cloud environment. It is a shared responsibility between the cloud provider and the subscriber to ensure proper configuration and mitigate the risks associated with misconfiguration.

Answer 141

Cloud environments rely on a large amount of physical infrastructure. This infrastructure has a life cycle, and hardware becomes outdated over time. Periodic replacement of hardware is necessary to maintain optimal performance. Failure to manage technology updates and replacements can lead to degraded performance levels. It is important for cloud providers to effectively manage hardware refresh cycles to ensure reliable and up-to-date infrastructure. Subscribers should consider the cloud provider's hardware management practices when evaluating cloud services.

Answer 142

B) It highlights the need for periodic replacement of hardware in the cloud. Becoming outdated in cloud computing refers to the fact that hardware used in cloud environments ages over time and requires regular replacement to maintain optimal performance. This is essential to ensure that the cloud infrastructure remains up to date and capable of meeting the demands of users. The other options in the question, while related to cloud computing, do not specifically address the concept of becoming outdated.

Answer 143

Cloud computing involves outsourcing services to a third-party provider. Trust is essential when relying on a cloud provider for service delivery. The level of trust required for a cloud provider is often higher compared to other suppliers. Trust is linked to the provider's ability to deliver security, availability, and privacy. Cloud users must have confidence in the reliability and integrity of the cloud provider. Trust is a critical factor in ensuring the success and effectiveness of cloud computing services.

Answer 144

B) Compliance with legal regulations Establishing trust in cloud computing requires adherence to legal regulations and compliance standards. This ensures that the cloud provider operates within legal frameworks and safeguards the confidentiality, integrity, and availability of data. Compliance with regulations such as data protection and privacy laws builds trust by demonstrating the provider's commitment to protecting customer data and meeting industry-specific requirements. Factors like cost-effectiveness, hardware specifications, and network bandwidth availability are important but do not directly address the trust aspect in cloud computing.

Answer 145

Location of data centres: Legislation in many countries requires certain categories of data to be stored within specific jurisdictional boundaries. Offshoring restrictions: Certain types of privacy and financial data cannot be offshore to ensure compliance with legal requirements. Backup storage: Considerations arise when cloud providers make backups of data and store them in alternate data centres, ensuring compliance with data protection regulations. Shared responsibilities: Data protection responsibilities are typically shared between the subscriber and the cloud provider, with clear definitions and accountability remaining with the data owner. Confidentiality and IP protection: Legal requirements related to confidentiality and protection of intellectual property should be communicated and understood by the cloud provider to ensure compliance. Note: It's important to keep in mind that legal requirements may vary depending on the jurisdiction, and it's advisable to consult relevant legal experts and regulations specific to your region

Answer 146

B) Data centre location and jurisdictional requirements Legal issues in cloud computing include considerations related to the location of data centres and compliance with jurisdictional requirements. Many countries have legislation that mandates certain categories of data to be stored within specific jurisdictional boundaries. Offshoring restrictions may apply, and the location of backups is also a factor to consider. Ensuring compliance with legal requirements regarding data centre location is crucial in cloud computing.

Answer 147

Availability is defined in the Service Level Agreement (SLA) between the subscriber and the cloud provider. Understanding the supplier's obligations and expected levels of availability is crucial for business-critical activities. Fall back arrangements should be considered if there is a need for alternative options in case of service disruptions. Resilience measures, such as distributed and replicated file systems and storage, help prevent data loss in the event of failures. Legal requirements regarding data distribution across multiple centres should be taken into account. Using multiple cloud providers can enhance resilience by diversifying resources. Maintaining off-site backups external to the cloud can provide additional protection against major incidents that may disrupt business operations.

Answer 148

a) Implementing distributed and replicated file systems and storage This measure helps ensure data redundancy and minimizes the risk of data loss in case of failures. Option b) is incorrect because relying solely on a single cloud provider may increase the vulnerability to service disruptions. Option c) is not recommended as storing backups and data exclusively within the cloud may be insufficient for major incidents that could disrupt business. Option d) is incorrect because legal requirements for data distribution across multiple centres should be considered to meet compliance obligations.

Answer 149

Security responsibilities in cloud computing vary depending on the service model used. In traditional on-premises environments, the organization is responsible for all aspects of its infrastructure and security. In IaaS (Infrastructure as a Service) deployments, the subscriber is responsible for securing applications and operating systems. In PaaS (Platform as a Service) deployments, the subscriber's security responsibility is limited to protecting the application and data. In SaaS (Software as a Service) deployments, the cloud provider assumes responsibility for all aspects of security. It is essential to have a clear understanding of security responsibilities in the chosen service model to ensure appropriate security measures are implemented.

Answer 150

A) Infrastructure as a Service (IaaS) In an IaaS deployment, the cloud provider offers virtualized infrastructure resources, and the subscriber is responsible for managing and securing applications and operating systems. This includes implementing security measures such as access controls, patch management, and configuring firewalls. In contrast, in PaaS and SaaS models, the security responsibilities are typically shared or primarily handled by the cloud provider.

Answer 151

C) Software as a Service (SaaS) In a SaaS model, the cloud provider delivers applications over the internet, and they are responsible for securing the applications and the underlying infrastructure. This includes implementing security measures such as access controls, encryption, and vulnerability management. The subscriber's responsibility mainly revolves around ensuring the security of their own data and user access to the SaaS application.

Answer 152

A) Infrastructure as a Service (IaaS) In an IaaS model, the cloud provider offers virtualized infrastructure resources, such as servers, storage, and networking, while the subscriber has control over the operating system, applications, and data. With this level of control, the subscriber also assumes the highest level of responsibility for securing the infrastructure, operating systems, applications, and data within their environment. They are responsible for implementing security measures, managing access controls, applying patches and updates, and ensuring the overall security posture of their infrastructure. In PaaS and SaaS models, the cloud provider takes on more responsibility for security, with the subscriber's responsibilities focused on securing their applications and data, rather than the underlying infrastructure. Public Cloud deployment refers to the deployment model rather than the specific security responsibilities within a service model.

Answer 153

C) User access management In a Software as a Service (SaaS) model, the cloud provider is responsible for managing user access to the application. This includes tasks such as user authentication, authorization, and identity management. The cloud provider ensures that appropriate access controls are in place to protect the application and its data from unauthorized access. Data encryption (option A) may be a shared responsibility, with the cloud provider handling encryption of data at rest and in transit, while the subscriber may be responsible for encrypting data within the application. Application security (option B) is typically the responsibility of the subscriber, who is responsible for securing the application code, implementing secure coding practices, and addressing vulnerabilities. Network firewall configuration (option D) is also usually the responsibility of the subscriber, as they configure their own network security controls to protect their application and data. Therefore, the correct answer is C) User access management, as it is a security responsibility typically handled by the cloud provider in a SaaS model.

Answer 154

Audit is an important aspect of ensuring trust and security in cloud computing. - Cloud providers can undergo security or accreditation processes to gain assurance for their services. * The Cloud Security Alliance (CSA) offers programs such as: CSA STAR for formal accreditation of cloud providers. - ISO 27001 is a well-known standard for Information Security Management Systems (ISMS) that can be used for accreditation. - SOC (Service Organization Control) reports provide third-party audits of the cloud provider's security. - confidentiality, integrity, availability, privacy, business continuity, and operational capabilities. - SOC reports are not ISO audits but are closely aligned with similar subject areas. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance - Cloud providers may make their SOC reports available to subscribers for assurance. - Amazon Web Services (AWS) and Microsoft Azure are examples of cloud providers that publish their latest SOC reports for subscribers to review.

Answer 155

B) Cloud Security Alliance (CSA) The Cloud Security Alliance (CSA) offers a formal accreditation process for cloud providers through their Security Trust and Assurance Registry (STAR). They maintain a list of suppliers who have completed this process.

Answer 156

A) To verify operational capabilities of cloud providers SOC reports are third-party audits that cover various aspects of security, including operational capabilities, confidentiality, integrity, availability, privacy, and business continuity. They provide assurance regarding the operational capabilities of cloud providers.

Answer 157

The subscriber should be concerned about who is running the cloud data centre and ensure the cloud provider has appropriately trained and skilled staff. Background checks on staff and appropriate security clearances are important factors in building trust with the cloud provider. When negotiating a contract with a cloud provider, the subscriber should inquire about the background checks conducted during employee hiring, the training provided to staff, and their qualifications and certifications. The cloud provider's internal and external audit processes should be examined to ensure proper oversight and accountability. Employee activities should be tracked and logged, and all processes and procedures should be adequately documented. Administrators may require a higher level of audit access due to their privileged roles. Off-boarding processes for staff leaving the cloud provider should be considered to protect data and ensure security. The same level of diligence and questioning should be applied to staffing in the cloud environment as in managing an on-premises environment.

Answer 158

C) What background checks do you carry out when employing staff? When assessing the staffing practices of a cloud provider, it is crucial for the subscriber to inquire about the background checks conducted during employee hiring. This helps ensure that the cloud provider has appropriate measures in place to maintain the trust and security of the subscriber's data. Options A, B, and D are not directly related to staffing practices and do not address the specific concern of verifying the qualifications and trustworthiness of the cloud provider's staff.

Answer 159

C) The training and qualifications of the cloud provider's staff. When evaluating the staffing practices of a cloud provider, it is essential for the subscriber to consider the training and qualifications of the staff. This ensures that the cloud provider has competent and knowledgeable personnel managing their environment. Options A, B, and D are not directly related to staffing practices and do not address the specific concern of assessing the expertise and qualifications of the cloud provider's staff.

Answer 160

B) Are all processes and procedures adequately documented? When negotiating a contract with a cloud provider, it is important to assess the documentation of processes and procedures. This ensures that the cloud provider has a systematic approach to managing their operations and that their staffing practices are well-documented. Options A, C, and D are not directly related to staffing practices and do not address the specific concern of evaluating the documentation of processes and procedures.

Answer 161

Data separation ensures that your organization's data stored in the cloud is only accessible by your organization and not by other tenants. It is crucial to have assurance from the cloud provider regarding how they ensure data separation, especially for highly sensitive data. When data is no longer needed or is deleted, it is important to have assurance that the data has been permanently removed and cannot be recovered. The process of data deletion in the cloud should be clearly defined and implemented by the cloud provider. When exiting the cloud, proper measures should be taken to ensure that all data is removed, without leaving any residual data behind. Cloud providers may provide verification, such as a destruction certificate, to confirm that all data has been removed. Alternatively, organizations may choose to copy their data off the cloud and perform a crypto erase, where the storage is encrypted and the encryption key is destroyed to prevent decryption. After data removal, the cloud provider should delete the storage containers and make them available for new subscribers.

Answer 162

C) Preventing unauthorized access to data Data separation in cloud computing focuses on preventing unauthorized access to data by ensuring that the data of different organizations or tenants is isolated and inaccessible to others.

Answer 163

C) To permanently remove data and prevent recovery Data deletion in cloud computing is performed to permanently remove data and prevent any possibility of recovery, ensuring data privacy and security

Answer 164

D) Perform a crypto erase of the encrypted cloud storage When exiting the cloud, organizations can ensure proper data removal by revoking user access rights, encrypting data, and either obtaining a destruction certificate or performing a crypto erase of the encrypted cloud storage.

Answer 165

Risk management in cloud computing is essential and encompasses various areas. In the traditional on-premises model, organizations are responsible for managing risks such as business continuity and disaster recovery (BCDR), availability, incident management, and legal/regulatory compliance. When transitioning to the cloud, these areas of risk may still apply but with potential implications and modifications. BCDR: Assess the cloud provider's capabilities and contractual obligations for BCDR, and consider modifying your plan in case of cloud failure. Availability: Understand the level of availability you have subscribed to in the cloud, as it may vary based on your payment and service agreements. Incident management: Cloud-related incidents may require joint management efforts, and it is crucial to ensure the cloud provider has the necessary capabilities to support investigations and provide relevant incident information. Legal and regulatory compliance: Jurisdictional differences can complicate compliance efforts, and it is important to understand the legal requirements in the jurisdictions where your cloud provider operates.

Answer 166

D) All of the above In the cloud environment, organizations may need to modify their approach to risk management in various areas, including incident management, legal and regulatory compliance, and business continuity and disaster recovery (BCDR). The cloud introduces new considerations and responsibilities in these domains, requiring organizations to adapt their risk management practices accordingly.

Answer 167

B) The contractual obligations regarding BCDR When assessing the cloud provider's capabilities for business continuity and disaster recovery (BCDR), organizations should carefully review the contractual obligations specified in their agreement. The contract should outline the cloud provider's commitments and responsibilities regarding BCDR, ensuring that the provider meets the required standards and can effectively support the organization during disruptions or disasters

Answer 168

C) It ensures compliance with data protection laws Understanding the legal requirements in different jurisdictions is crucial for managing risk in the cloud. Each jurisdiction has its own data protection laws and regulations, and organizations must ensure compliance with these laws to protect sensitive data. Failing to meet legal requirements can lead to legal and regulatory consequences, making it essential for organizations to align their cloud operations with the applicable jurisdictional regulations.

Technical Security Controls Flashcards

(192 cards)