Defense in Depth,Question & Answers

  • How are attack vectors and attack surfaces related?

An attack surface is the sum of all attack vectors in a system or environment.

  • While antivirus software operates using a ____ binary whitelisting software uses a whitelist instead.

Antivirus software operates using a blacklist, which blocks anything that’s detected as matching on the list. Binary whitelisting software operates using a whitelist, blocking everything by default, unless it’s on the whitelist.

  • Which of these host-based firewall rules help to permit network access from a Virtual Private Network (VPN) subnet?

Part of host-based firewall rules would likely provide Access Control Lists (ACLs) that permit access from the VPN subnet.

  • Which of these plays an important role in keeping attack traffic off your systems and helps to protect users? Check all that apply.

There is a huge amount of attack traffic on the internet, and anti-malware measures play an important role in keeping this type of attack off your systems and helping to protect your users.

Antivirus software will monitor and analyze things, like new files being created or files being modified on the system, for any behavior that matches a known malware signature.

  • What can provide resilience against data theft, and can prevent an attacker from stealing confidential information from a hard drive that was stolen?

Systems with their entire hard drives encrypted are resilient against data theft, preventing an attacker from stealing confidential information from a hard drive that has been stolen or lost.

  • What is the purpose of application software policies? Check all that apply.

Application policies define boundaries of what applications are permitted or not permitted.

Application policies serve to help educate users on how to use software more securely.

  • Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?

It is generally a good idea to have a policy to disallow particularly risky classes of software. Things like file sharing software and piracy-related software tend to be closely associated with malware infections.

  • Having detailed logging serves which of the following purposes? Check all that apply.

    Event reconstruction
  • Securely storing a recovery or backup encryption key is referred to as _______.

    Key escrow
  • If a full disk encryption (FDE) password is forgotten, what can be incorporated to securely store the encryption key to unlock the disk?
    Key escrow
  • What’s the key characteristic of a defense-in-depth strategy to IT security?
    Multiple overlapping layers of defense
  • A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Check all that apply.
  • Security Information and Event Management (SIEM) systemLogs