1.2.

4 Section Quiz
Candidate: Ashley Allen (aallen24@s.tooeletech.edu)
Date: 2/12/2024, 9:10:32 AM • Time Spent: 04:57

Score: 90% Passing Score: 80%

Individual Responses Objective Analysis

Question 1. Correct

The Application layer of the security model includes which of the following? (Select two.)

Log management

Web application security

User education

User management

Environmental controls

Explanation

The Application layer includes user management and web application security.

The Policies, Procedures, and Awareness layer includes user education.

The Physical layer includes environmental controls.

The Host layer includes log management.

References

1.2.3 Defense Planning Facts

q_def_plan_application_secp7.question.fex

Question 2. Correct

When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)

Encryption policies

Clean desk policies

Password policies

Group policies

Usage policies

Explanation

Be sure to have an effective password policy and clean desk policy in place, and don't forget to enforce them. Be sure to train your employees on how to identify all
the various attacks that could target them. Train them on how to spot suspicious emails, instant messages, downloads, attachments, and websites.

Encryption policies should protect you in the event you experience a physical security breach. For example, if a hard drive were stolen, the thief wouldn't be able to
access the information stored on it.

An Acceptable Use Policy (AUP) determines the rules for using a website or internet service.

You can use Windows group policies to administer your Windows systems.

References
 1.2.3 Defense Planning Facts

13.1.1 Personnel Policies

13.1.2 Personnel Policy Facts

q_def_plan_clean_secp7.question.fex

Question 3. Correct

Which of the following reduces the risk of a threat agent being able to exploit a vulnerability?

Implementation of VLANs

Manageable network plans

Secure data transmissions

Countermeasures

Explanation

A countermeasure is a means of mitigating potential risk. Countermeasures reduce the risk of a threat agent being able to exploit a vulnerability. An appropriate
countermeasure:

Must provide a security solution to an identified problem

Should not depend on secrecy

Must be testable and verifiable

Must provide uniform or consistent protection for all assets and users

Should be independent of other safeguards

Should require minimal human intervention

Should be tamper-proof

Should have overrides and fail-safe defaults

References

1.2.3 Defense Planning Facts

q_def_plan_counter_secp7.question.fex

Question 4. Correct

Which of the following items would be implemented at the Data layer of the security model?

Auditing

Group policies

Authentication

Cryptography

Explanation

Cryptography is implemented at the Data layer.

Authentication, authorization, and group policies are implemented at the Application layer.

Auditing is implemented at the Host layer.

References
 1.2.3 Defense Planning Facts

q_def_plan_crypto_secp7.question.fex

Question 5. Correct

Which of the following items would you secure in the Perimeter layer of the security model?

VLANs

Switches

Firewalls

Routers

Explanation

Firewalls using ACLs are secured in the Perimeter layer.

Switches, routers, and VLANs are secured in the Network layer.

References

1.2.3 Defense Planning Facts

5.6.2 Configuring Web Threat Protection

12.2.2 Reconfigure and Protect Endpoints Facts

q_def_plan_firewall_secp7.question.fex

Question 6. Correct

Which of the following is the single greatest threat to network security?

Email phishing

Weak passwords

Unsecure physical access to network resources

Employees

Explanation

Employees are the single greatest threat to network security. Therefore, user education is very important.

Employees need to be aware that they are the primary targets in most attacks.

Phishing attacks are one of the most common attacks directed toward employees.

Employees should be able to identify attacks through email, instant messages, downloads, and websites.

Effective password policies should be enforced, and passwords should not be written down.

Employees should be able to identify both internal and external threats.

Employees need to be aware of the company's security policies.

References

1.1.3 Security Introduction

1.2.3 Defense Planning Facts

2.1.1 Threat Actor Types

2.1.2 Threat Agents Overview

2.1.5 Attack and Defense Strategy Overview

 2.3.4 Social Engineering Motivation Facts
q_def_plan_insider_secp7.question.fex

Question 7. Correct

Which of the following is a security approach that combines multiple security controls and defenses?

Cumulative security

Network security

Perimeter security

Countermeasure security

Layered security

Explanation

Layered security, sometimes called defense in depth security, is a security approach that combines multiple security controls and defenses to create a cumulative
effect.

Perimeter security includes firewalls with ACLs and a wireless network. Network security includes the installation and configuration of switches and routers, the
implementation of VLANs, penetration testing, and the utilization of virtualization. A countermeasure is a means of mitigating a potential risk. Countermeasures
reduce the risk of a threat agent exploiting a vulnerability.

References

1.2.3 Defense Planning Facts

q_def_plan_layered_secp7.question.fex

Question 8. Incorrect

Which of the following items would be implemented at the Network layer of the security model?

Wireless networks

Penetration testing

Firewalls using ACLs

Network plans

Explanation

The installation and configuration of switches and routers, the implementation of VLANs, penetration testing, and virtualization are implemented at the Network
layer.

Firewalls with ACLs and wireless networks are secured in the Perimeter layer.

Network plans are implemented at the Policies, Procedures, and Awareness layer.

References

1.2.3 Defense Planning Facts

q_def_plan_pen_test_secp7.question.fex

Question 9. Correct

Which of the following is one of the MOST common attacks on employees?

Phishing attack
 Remote attack

DNS attack

Password attack

Explanation

Phishing attacks are one of the most common attacks directed at employees. In most cases, employees are lured into clicking a link or downloading an attachment
from a seemingly legitimate email.

References

1.2.3 Defense Planning Facts

2.3.1 Social Engineering Overview

2.3.2 Social Engineering Overview Facts

2.3.3 Social Engineering Motivation

2.3.4 Social Engineering Motivation Facts

2.3.5 Social Engineering Techniques

2.3.6 Social Engineering Techniques Facts

2.3.7 Phishing and Internet-Based Techniques

2.3.8 Phishing and Internet-Based Techniques Facts

2.3.9 Use the Social Engineer Toolkit

2.3.10 Investigating a Social Engineering Attack

2.3.11 Identify Social Engineering

5.6.4 Web Threat Protection Facts

13.3.2 Email Security Facts

q_def_plan_phishing_secp7.question.fex

Question 10. Correct

The Policies, Procedures, and Awareness layer of the security model includes which of the following? (Select two.)

User education

Motion detectors

Server cages

Environmental controls

Employee onboarding

Explanation

User education and employee onboarding and off-boarding procedures are included in the Policies, Procedures, and Awareness layer.

The Physical layer deals with server cages, motion detectors, and environmental controls.

References

1.2.3 Defense Planning Facts

9.8.2 BYOD Security Facts

13.1.1 Personnel Policies

13.1.2 Personnel Policy Facts

q_def_plan_policy_secp7.question.fex