Unit 3 - Practice Quiz

Correct Answer: Stateful Inspection

Explanation: Stateful Inspection firewalls monitor the state of active connections and use this information to determine which network packets to allow through, unlike stateless filters that examine packets in isolation.

Correct Answer: Granting users only the permissions necessary to perform their job functions

Explanation: The Principle of Least Privilege dictates that a subject should be given only those privileges needed for it to complete its task, minimizing the potential impact if an account is compromised.

Correct Answer: SSH

Explanation: SSH (Secure Shell) provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server, primarily used for remote command-line login.

Correct Answer: To monitor network or system activities for malicious activities or policy violations

Explanation: An IDS monitors traffic and system logs to detect suspicious activity and alerts administrators. Unlike an IPS (Prevention System), a standard IDS primarily detects and alerts rather than actively blocking.

Correct Answer: Role-Based Access Control (RBAC)

Explanation: RBAC assigns permissions to specific roles (e.g., 'Manager', 'Admin', 'Clerk') rather than directly to individual users, simplifying management in large organizations.

Correct Answer: Data has not been altered or tampered with by unauthorized entities

Explanation: Integrity ensures the accuracy and completeness of data over its entire lifecycle, guaranteeing that it has not been modified in an unauthorized manner.

Correct Answer: chmod

Explanation: The chmod (change mode) command is used to set file permissions (read, write, execute) for the owner, group, and others in Unix-like operating systems.

Correct Answer: A physical sub-network that contains and exposes an organization's external-facing services to an untrusted network

Explanation: A DMZ acts as a buffer zone between the internal trusted network and the untrusted internet, hosting public-facing servers like web and email servers to protect the internal network.

Correct Answer: Implementing a biometric fingerprint scanner at the server room door

Explanation: Biometric scanners control physical access to sensitive areas, which is a component of physical security, whereas firewalls and VLANs are logical/network controls.

Correct Answer: Confidentiality

Explanation: The Bell-LaPadula model is a state machine model used for enforcing access control in government and military applications. It focuses on Confidentiality using the 'No Read Up, No Write Down' rules.

Correct Answer: Default Deny (Drop all unless explicitly allowed)

Explanation: A Default Deny policy ensures that only traffic specifically authorized is allowed to pass, significantly reducing the attack surface compared to a Default Allow policy.

Correct Answer: To logically segment a network, reducing broadcast domains and isolating traffic

Explanation: VLANs allow network administrators to group hosts together even if they are not on the same network switch, improving security by isolating sensitive traffic from general traffic.

Correct Answer: Brute-force attacks on login services

Explanation: fail2ban scans log files (like /var/log/auth.log) and bans IPs that show malicious signs, such as too many password failures, effectively mitigating brute-force attacks.

Correct Answer: Mandatory Access Control (MAC)

Explanation: MAC uses security labels for information and clearance levels for users. The operating system constrains the ability of a subject to access or perform operations on an object based on these labels.

Correct Answer: Disable password authentication and use key-based authentication

Explanation: Using SSH keys is significantly more secure than passwords, which can be guessed or brute-forced. Disabling password auth ensures only users with the private key can log in.

Correct Answer: To prevent unauthorized modification of information

Explanation: The Biba model focuses on Integrity. Its rules ('No Read Down, No Write Up') are designed to prevent data corruption by ensuring lower integrity subjects cannot write to higher integrity objects.

Correct Answer: Is installed on individual servers to monitor internal logs and file integrity

Explanation: HIDS runs on the host (server) itself, monitoring system files, log files, and kernel activity, whereas NIDS monitors network traffic packets traversing the network segment.

Correct Answer: HTTPS

Explanation: HTTPS (HyperText Transfer Protocol Secure) uses SSL/TLS to encrypt communication between a web browser and a web server.

Correct Answer: A small room with two doors where the first must close before the second opens

Explanation: A mantrap is a physical security control used to prevent tailgating. It consists of a small space with two interlocking doors; one must close and lock before the other can be opened.

Correct Answer: A user setting 'Read' permission for their colleague on a file they own

Explanation: In DAC, the data owner has the discretion to grant or deny access to others. Standard Unix/Windows file permissions are examples of DAC.

Correct Answer: Tunnel Mode

Explanation: Tunnel Mode encrypts the entire original packet (header and payload) and encapsulates it in a new IP packet, typically used for VPNs between gateways.

Correct Answer: Asymmetric Encryption

Explanation: Asymmetric Encryption (using a public and private key pair) is the foundation of PKI/SSL/TLS, allowing secure key exchange and authentication.

Correct Answer: To map private IP addresses to a public IP address

Explanation: NAT allows multiple devices on a private network to share a single public IP address, masking the internal network structure from the outside world.

Correct Answer: Minimum 12 characters, mix of uppercase, lowercase, numbers, and symbols

Explanation: Strong passwords require complexity (character variety) and length to resist brute-force and rainbow table attacks.

Correct Answer: Commercial data integrity and separation of duties

Explanation: Clark-Wilson focuses on integrity in commercial environments. It uses the concept of 'Well-formed Transactions' and 'Separation of Duties' to prevent fraud and errors.

Correct Answer: A decoy system configured to be attractive to attackers to study their behavior

Explanation: A Honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. It mimics a target for hackers.

Correct Answer: Inspects the payload of the packet to understand the application protocol (e.g., HTTP, FTP)

Explanation: Application Layer Firewalls (Proxies) operate at Layer 7 of the OSI model and can inspect the actual content of the traffic (e.g., blocking specific URLs or SQL injection commands).

Correct Answer: iptables

Explanation: iptables is the user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall.

Correct Answer: It increases the attack surface, providing more potential entry points for attackers

Explanation: Every open port represents a service listening for connections. If the service is unneeded or vulnerable, it provides an attack vector. Closing unused ports is a key hardening technique.

Correct Answer: Patch Management

Explanation: Patch Management involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system to fix bugs and security holes.

Correct Answer: When benign (harmless) traffic is flagged as a threat

Explanation: A False Positive occurs when the IDS incorrectly identifies legitimate activity as malicious, potentially leading to blocked legitimate traffic or alert fatigue.

Correct Answer: It contains a security breach to a specific subnet, preventing lateral movement

Explanation: Segmentation divides a network into smaller parts. If an attacker compromises one segment, they cannot easily access the rest of the network, limiting the 'blast radius' of the attack.

Correct Answer: SFTP

Explanation: SFTP (SSH File Transfer Protocol) uses SSH to encrypt both commands and data, whereas FTP sends credentials and data in cleartext.

Correct Answer: A secure tunnel established over a public network to connect remote users or sites

Explanation: A VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

Correct Answer: To block electromagnetic fields and prevent wireless signal leakage

Explanation: A Faraday Cage is an enclosure used to block electromagnetic fields. In security, it prevents electronic eavesdropping or external signals from interfering with sensitive equipment.

Correct Answer: netstat

Explanation: netstat (or the newer ss) displays network connections, routing tables, and interface statistics, showing which ports are in the LISTEN state.

Correct Answer: A technique used by attackers to determine the software and version running on a server

Explanation: Attackers connect to a port and look at the welcome message (banner) to identify the service version (e.g., 'Apache 2.4.1'). Administrators often disable or obfuscate banners to hide this info.

Correct Answer: It creates and runs virtual machines (VMs) and manages their access to physical hardware

Explanation: A Hypervisor (or VMM) sits between the hardware and the virtual machines, managing resource allocation and isolation between the VMs.

Correct Answer: HVAC systems maintaining optimal temperature and humidity

Explanation: Environmental controls protect hardware from physical damage due to heat, humidity, or fire. HVAC systems are critical for maintaining server health.

Correct Answer: If a condition is not explicitly met by an Allow rule, the request is automatically rejected

Explanation: Most ACLs end with an implicit deny. If traffic or a user doesn't match any specific 'permit' rule, they are denied by default.

Correct Answer: A popular open-source Network Intrusion Detection/Prevention System (NIDS/NIPS)

Explanation: Snort is a widely used open-source IDS/IPS capable of performing real-time traffic analysis and packet logging on IP networks.

Correct Answer: DHCP Snooping and ARP Inspection

Explanation: DHCP Snooping prevents rogue DHCP servers, and Dynamic ARP Inspection prevents ARP poisoning, both common techniques for Man-in-the-Middle attacks on LANs.

Correct Answer: Authentication verifies who you are; Authorization determines what you can do

Explanation: Authentication is the process of verifying identity (e.g., logging in). Authorization checks if the authenticated user has permission to access a specific resource.

Correct Answer: SHA-256

Explanation: SHA-256 (Secure Hash Algorithm) is a cryptographic hash function. Hashing is used to verify integrity; if data changes, the hash changes completely. RSA/AES are for encryption.

Correct Answer: Physical Security

Explanation: Restricting access to the actual hardware via locks, racks, and rooms falls under the domain of Physical Security.

Correct Answer: A vulnerability that has been known for 0 days (just discovered) and has no patch

Explanation: A Zero Day exploit attacks a security flaw that the software vendor is unaware of or has not yet patched, making it highly dangerous.

Correct Answer: Virtual Switch (vSwitch)

Explanation: A vSwitch is a software program that allows one virtual machine to communicate with another within the same host, handling traffic internally.

Correct Answer: Running only the services and daemons absolutely necessary for the system's function

Explanation: Service minimization reduces the attack surface. If a service (like FTP or Telnet) isn't running, it cannot be exploited.

Correct Answer: Discretionary Access Control (DAC)

Explanation: DAC implementations (like Windows NTFS or standard Linux permissions) often use ACLs to list which users or groups have access to a specific object.

Correct Answer: It provides an audit trail to investigate incidents and detect anomalies

Explanation: Logs provide the historical record of what happened on a system. Without logs, it is impossible to perform forensics or understand how a breach occurred.