1.2.4 Section Quiz
1.2.4 Section Quiz
1.2.4 Section Quiz
4 Section Quiz
Candidate: Ashley Allen (aallen24@s.tooeletech.edu)
Date: 2/12/2024, 9:10:32 AM • Time Spent: 04:57
Question 1. Correct
The Application layer of the security model includes which of the following? (Select two.)
Log management
User education
User management
Environmental controls
Explanation
The Application layer includes user management and web application security.
References
q_def_plan_application_secp7.question.fex
Question 2. Correct
When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)
Encryption policies
Password policies
Group policies
Usage policies
Explanation
Be sure to have an effective password policy and clean desk policy in place, and don't forget to enforce them. Be sure to train your employees on how to identify all
the various attacks that could target them. Train them on how to spot suspicious emails, instant messages, downloads, attachments, and websites.
Encryption policies should protect you in the event you experience a physical security breach. For example, if a hard drive were stolen, the thief wouldn't be able to
access the information stored on it.
An Acceptable Use Policy (AUP) determines the rules for using a website or internet service.
You can use Windows group policies to administer your Windows systems.
References
1.2.3 Defense Planning Facts
Question 3. Correct
Which of the following reduces the risk of a threat agent being able to exploit a vulnerability?
Implementation of VLANs
Countermeasures
Explanation
A countermeasure is a means of mitigating potential risk. Countermeasures reduce the risk of a threat agent being able to exploit a vulnerability. An appropriate
countermeasure:
Must provide uniform or consistent protection for all assets and users
Should be tamper-proof
References
q_def_plan_counter_secp7.question.fex
Question 4. Correct
Which of the following items would be implemented at the Data layer of the security model?
Auditing
Group policies
Authentication
Cryptography
Explanation
Authentication, authorization, and group policies are implemented at the Application layer.
References
1.2.3 Defense Planning Facts
q_def_plan_crypto_secp7.question.fex
Question 5. Correct
Which of the following items would you secure in the Perimeter layer of the security model?
VLANs
Switches
Firewalls
Routers
Explanation
References
q_def_plan_firewall_secp7.question.fex
Question 6. Correct
Email phishing
Weak passwords
Employees
Explanation
Employees are the single greatest threat to network security. Therefore, user education is very important.
Employees need to be aware that they are the primary targets in most attacks.
Phishing attacks are one of the most common attacks directed toward employees.
Employees should be able to identify attacks through email, instant messages, downloads, and websites.
Effective password policies should be enforced, and passwords should not be written down.
References
Question 7. Correct
Which of the following is a security approach that combines multiple security controls and defenses?
Cumulative security
Network security
Perimeter security
Countermeasure security
Layered security
Explanation
Layered security, sometimes called defense in depth security, is a security approach that combines multiple security controls and defenses to create a cumulative
effect.
Perimeter security includes firewalls with ACLs and a wireless network. Network security includes the installation and configuration of switches and routers, the
implementation of VLANs, penetration testing, and the utilization of virtualization. A countermeasure is a means of mitigating a potential risk. Countermeasures
reduce the risk of a threat agent exploiting a vulnerability.
References
q_def_plan_layered_secp7.question.fex
Question 8. Incorrect
Which of the following items would be implemented at the Network layer of the security model?
Wireless networks
Penetration testing
Network plans
Explanation
The installation and configuration of switches and routers, the implementation of VLANs, penetration testing, and virtualization are implemented at the Network
layer.
Firewalls with ACLs and wireless networks are secured in the Perimeter layer.
Network plans are implemented at the Policies, Procedures, and Awareness layer.
References
Question 9. Correct
Phishing attack
Remote attack
DNS attack
Password attack
Explanation
Phishing attacks are one of the most common attacks directed at employees. In most cases, employees are lured into clicking a link or downloading an attachment
from a seemingly legitimate email.
References
The Policies, Procedures, and Awareness layer of the security model includes which of the following? (Select two.)
User education
Motion detectors
Server cages
Environmental controls
Employee onboarding
Explanation
User education and employee onboarding and off-boarding procedures are included in the Policies, Procedures, and Awareness layer.
The Physical layer deals with server cages, motion detectors, and environmental controls.
References
q_def_plan_policy_secp7.question.fex