Chapter 10 :
Grade Score 78%
1.In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
intrusion detection and prevention
2.On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
Group Policy Editor
Local Users and Groups
3.Which statement describes agentless antivirus protection?
Host-based antivirus systems provide agentless antivirus protection.
The antivirus protection is provided by the router that is connected to a cloud service.
The antivirus protection is provided by the ISP.
Antivirus scans are performed on hosts from a centralized system.
5.The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
6.In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
7.What is a host-based intrusion detection system (HIDS)?
It identifies potential attacks and sends alerts but does not stop the traffic.
It detects and stops potential direct attacks but does not scan for malware.
It is an agentless system that scans files on a host for potential malware.
It combines the functionalities of antimalware applications with firewall protection.
8.What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
9.Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
10.Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
11.In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
12.Which statement describes the term iptables?
It is a file used by a DHCP server to store current active IP addresses.
It is a DHCP application in Windows.
It is a DNS daemon in Linux.
It is a rule-based firewall application in Linux.
13.For network systems, which management system addresses the inventory and control of hardware and software configurations?
14.Which statement describes the anomaly-based intrusion detection approach?
It compares the signatures of incoming traffic to a known intrusion database.
It compares the antivirus definition file to a cloud based repository for latest updates.
It compares the operations of a host against a well-defined security policy.
It compares the behavior of a host to an established baseline to identify potential intrusions.
15.What is the first step taken in risk assessment?
Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
Establish a baseline to indicate risk before security controls are implemented.
Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
Perform audits to verify threats are eliminated.
16.Which statement describes the threat-vulnerability (T-V) pairing?
It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
It is the comparison between known malware and system risks.
It is the detection of malware against a central vulnerability research center.
It is the advisory notice from a vulnerability research center.
17.Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
18.Which statement describes the use of a Network Admission Control (NAC) solution?
It provides network access to only authorized and compliant systems.
A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.
It provides endpoint protection from viruses and malware.
It provides filtering and blacklisting of websites being accessed by end users.
20.Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
21.Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information?
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Federal Information Security Management Act of 2002 (FISMA)
Sarbanes-Oxley Act of 2002 (SOX)
22.Which statement describes the term attack surface?
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
It is the group of hosts that experiences the same attack.
It is the network interface where attacks originate.
It is the total number of attacks toward an organization within a day.
23.Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification?
24.When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
critical asset address space
25.Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
Exploit Code Maturity
27.In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
strength of network security testing
28.Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two)
29.Which statement describes the Cisco Threat Grid Glovebox?
It is a network-based IDS/IPS.
It is a firewall appliance.
It is a host-based intrusion detection system (HIDS) solution to fight against malware
It is a sandbox product for analyzing malware behaviors.