28. Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?
- The software can normalize log data
- The software could be infected with malware
- The software could disable full disk encryption (FDE)
- The software can shrink attack vectors
29. Ideally, an attack surface is ___
- open and defended.
- frequently updated.
- as large as possible.
- as small as possible.
30. A core authentication server is exposed to the internet and is connected to sensitive services. What are some measures you can take to secure the server and prevent it from getting compromised by a hacker? Select all that apply.
- Patch management
- Access Control Lists (ACLs)
- Designate as a bastion host
- Secure firewall
31. What are the two main issues with antivirus software? Select all that apply.
- They depend on antivirus signatures distributed by the antivirus software vendor.
- There are no issues with antivirus software.
- They depend on the IT support professional to discover new malware and write new signatures.
- They depend on the antivirus vendor discovering new malware and writing new signatures for newly discovered threats.
32. What does full-disk encryption protect against? Select all that apply.
- Data theft
- Data tampering
- Malware
- Eavesdropping
33. A hacker exploited a bug in the software and triggered unintended behavior which led to the system being compromised by running vulnerable software. Which of these helps to fix these types of vulnerabilities?
- Application policies
- Implicit deny
- Software patch management
- Log analysis
34. How can software management tools like Microsoft SCCM help an IT professional manage a fleet of systems? Select all that apply
- Detect and prevent malware on managed devices
- Analyze installed software across multiple computers
- Confirm update installation
- Force update installation after a specified deadline
35. While antivirus software operates using a ______, binary whitelisting software uses a whitelist instead.
- Secure list
- Blacklist
- Greylist
Whitelist
36. What is the combined sum of all attack vectors in a corporate network?
- The antivirus software
- The attack surface
- The Access Control List (ACL)
- The risk
37. When looking at aggregated logs, you are seeing a large percentage of Windows hosts connecting to an Internet Protocol (IP) address outside the network in a foreign country. Why might this be worth investigating more closely?
- It can indicate what software is on the binary whitelist
- It can indicate ACLs are not configured correctly
- It can indicate a malware infection
- It can indicate log normalization
Shuffle Q/A 2
38. What can provide resilience against data theft, and can prevent an attacker from stealing confidential information from a hard drive that was stolen?
- OS upgrades
- Software patch management
- Key escrow
- Full disk encryption (FDE)
39. When installing updates on critical infrastructure, it’s important to be what?
- Calm
- Careful
- Patient
- Fast
