WGU - Network & Security Foundations - Section 2: Intro to Networking Security exam with 100+ questions and answers

This protects information and resources.

Information security (1.1)

This protects data, networks, hardware, and software.

Network security (1.1)

What are the four main purposes of network security?

(1) prevent and monitor unauthorized access to the network and network resources, (2) prevent any malicious activities such as misuse, modification, disruption, and destruction, (3) protect data during transmission and at rest, and (4) protect network assets. (1.1)

List three main reasons to implement network security:

(1) Ensure availability of resources, (2) provide authentication and authorization on network resources, and (3) protect resources while allowing access to legitimate users. (1.1)

List the six elements of a network that are protected by network security:

(1) Networks, (2) network applications, (3) network devices and systems, (4) network protocols, (5) network services, and (6) data. (1.1)

Explain the importance of protecting networks using network security:

"A network could be a single entity, basically, it could be a small network or it could be a large enterprise network, where it is spread across geographies, it uses different subnets and segments. There is a demilitarized zone for the servers that is facing the Internet. So depending on the size of the organization, the network size may also differ.

You need to ensure that network be of whatever size needs to be protected." (1.1)

Explain the importance of protecting network applications using network security:

"There could be network applications which would be internal to your organization and then there will be web applications which need to be external to your organization. Your customer vendors or a mass population of users would be accessing these web applications. These need to be protected. There is going to be a role of encryption, availability, ensuring that they are load balanced or there is a fault tolerance built into the databases to ensure that the web application does not go down." (1.1)

Explain the importance of protecting network devices using network security:

"In a network, you have the network devices, which could be the router, or the firewall, switches, and then there would be systems, which would be the servers and the endpoints, which are the desktops, mobiles as well as the laptops. It is important to harden the servers, which could include your web server, or DNS server, or domain controller. It is equally important for you to harden the endpoints, which are your desktops. The majority of the attacks are initiated on the end user. Nowadays threat actors have lesser attention on the servers and the network devices, but they have more attention on the endpoints because that is an easy entry point into the network. You need to ensure your network devices and all systems are properly covered under the network security." (1.1)

Explain the importance of protecting network protocols using network security:

"To protect this network component, you need to ensure that we do not use weaker protocols like FTP or Telnet, use stronger protocols which are difficult to break. So you have SFTP, then you have SSH, which is secure shell." (1.1)

Explain the importance of protecting network services using network security:

"To protect this network component, remember there would be a lot of network services that would be running on a network. It could be your, as simple as NTP servers, it could be domain controller services, or it could be any other services such as the voice services. You need to ensure that all these services are secured." (1.1)

Explain the importance of protecting data using network security:

"This network component needs to be well controlled, it needs to be encrypted as and when possible, for instance, data at rest and data in transmission. Then it needs to be also protected using access control lists. So this will ensure that only the legitimate users are able to access it." (1.1)

When you talk about this, it is the larger picture. It is about protecting the information and the resources that exist within your network. If you have a hybrid cloud environment where you have cloud and on-premise infrastructure, this is about the protection of all your information and resources within the hybrid environment or the on-premise environment.

Information security (1.1)

When you talk specifically about this, it is more focused on data, network, hardware, and software. It is a subset of the information security. Therefore, whenever you would refer to network security, you would specifically talk about securing the infrastructure within the network environment. That infrastructure would have your data, it would have the network devices, the hardware, your web servers, your other kinds of servers like DHCP, DNS, or it could be your web applications or the operating system.

Network security (1.1)

This is about preventing and monitoring unauthorized access to the network resources. You want to ensure that only the legitimate users have the legitimate permissions or the privileges to access the network resources.

Network security (1.1)

A network ________ could be a folder shared on the network. So somebody needs to have the privilege to access that particular folder. Now you need to monitor on a continuous basis to ensure that there is no attempt to unauthorized access on that particular folder.

Resource (1.1)

In network security, whenever you are protecting that folder using _________, you are basically preventing the information that is residing within that particular folder.

Access control list (1.1)

Malicious activities such as _________ grants a particular permission or privilege to do something drastic on your network. For instance, delete files and folders.

Misuse (1.1)

Malicious activities such as ________ could mean that somebody has a certain level of permissions which he or she should not have. For instance, one particular Excel sheet is modified and incorrect data is entered into that Excel sheet.

Modifications (1.1)

Malicious activities such as ________ could mean initiating an internal DoS attack to disrupt the web services that are running on web server. Whereas ________ could be simply deleting a folder that contains the confidential information.

Disruption; destruction (1.1)

Data at rest that is stored on the network, it needs to be __________.

Encrypted (1.1)

In data during transmission, there are two endpoints -- one is the sender, another one is the recipient. Any information exchange that is happening between these two endpoints, whether they are within the network or one is within the network, another one is outside the network on the public network such as Internet, the information exchange must be protected using _________.

Encryption (1.1)

Whenever you refer to __________, that is the data, network devices, the hardware, or the software they need to be protected and that is what network security brings in. There is a limited access given to the users only to do their job. Then there are defined permissions or the access control lists that will protect these assets, such as a shared folder on the network.

Network assets (1.1)

What does the CIA triad stand for?

Confidentiality, integrity, and availability (1.1)

When implementing network security, what does it mean to ensure availability of resources?

Somebody might simply delete a file or a folder that is critical for the organization or they might initiate a DoS attack on your web server that is facing the Internet. Availability is, as and when, the user is required to access a particular resource, it should be available for them. So network security plays a critical role in protecting these assets and ensuring that there is availability of resources. (see CIA triad) (1.1)

When implementing network security, what does it mean to provide authentication and authorization on network resources?

It means you would have a user account in a domain. You would be given permission to access a particular folder on a file server. For example, there is an authentication that takes place when you log on to the domain and then there is authorization that takes place when you attempt to access that particular shared folder. During the authorization phase, your user account is checked against the access control list that is implemented on that shared folder. If you're in the allowed list, you are given access. Then you are authorized to access the network resource, which is the shared folder in this case. (1.1)

When implementing network security, what does it mean to protect resources while allowing access to legitimate users?

You are restricting the access based on what type of user you have within that application. Now, that is the whole goal of network security, protect your resource. For instance, a user will not be able to log on to the administrative interface because he's not authorized. (1.1)

List the three main approaches to cybersecurity:

(1) Compliance-based, (2) risk-based, and (3) ad hoc-based (1.1)

This approach to cybersecurity is known as 'security-based cybersecurity' which uses a checklist-based attitude to implement security controls based on a standard.

Compliance-based (1.1)

This approach to cybersecurity focuses security implementation base don 1+ security risks and addresses security risk that may be beyond the organization's tolerance and business needs.

Risk-based (1.1)

This approach to cybersecurity can be driven by a vendor and implements security without any rationale, and my portray insufficient subject knowledge to handle security.

Ad hoc-based (1.1)

It is important to highlight here that an organization if it is going with compliance-based approach, it is also using the _______ approach. This is because most of the compliance frameworks such as ISO 27001 or PCI DSS focus a great deal on the risk management.

Risk-based (1.1)

This approach to cybersecurity may be driven by a vendor or the organization may not have the complete skillset to implement cybersecurity and therefore they would implement anything and everything that they think seems fit in their environment. They may have redundant firewalls, intrusion detection systems, and/or web application firewalls.

Ad hoc-based (1.1)

This is anything that has value to an organization which can be in intangible or tangible forms (e.g users, information).

Assets

Give two examples of the intangible form of assets:

Information (i.e information in any form that has been created, owned, collected, classified, organized, or stored by the organization) and data (i.e databases, files, and archives) (1.1)

Give two examples of the tangible form of assets:

Servers and network devices (1.1)

Give four examples of assets:

(1) Information (e.g databases, files), (2) Software (e.g. OS, MS Office), (3) Physical assets (e.g systems, building, furniture), and (4) Services (e.g voice, data). (1.1)

These are defined as a potential or probability that a loss might occur. They are focused of the potential of future events, not present ones, and cannot always be eliminated.

Risks (1.1)

Give two examples of risks to an organization:

(1) Non-compliance to a policy or (2) loss of information or data. (1.1)

What is the definition of a 'threat' in cybersecurity?

They (1.1)

What is the definition of a 'vulnerability' in cybersecurity?

They (1.1)

A ________ is a method or a medium to generate information or data (e.g Office 365).

Software (can be application software or there could be system software) (1.1)

(Application/System) software would be something like Process Monitor, operating system, or your Task Manager that is used to do some specific system-related task.

System (1.1)

Office 365 is a software that helps you generate documents, which are information, Office 365 is an (application/system) software.

Application (1.1)

These are tangible resources for an organization or physical equipment to run a business operation such as a table, chair, communication equipment, storage devices, electrical devices, etc.

Physical assets (1.1)

A system exposed to the Internet has higher ______ of threats, as compared to a system that is not exposed to the Internet.

Risk (1.1)

This group not only works with servers, they are also responsible for best practices, policies, and processes.

Security teams (1.1)

Many believe that only larger organizations get targeted, however __________ businesses are perfect targets for cyber criminals.

Small to mid-sized (1.1)

List the seven most popular myths about security teams in organizations:

(1) "Security teams are the no people within organization", (2) "security teams just fiddle with computers and servers all day", (3) "all security team members are hackers", (4) "small to medium-sized businesses are not at risk for cyberattacks", (5) "business leaders saying they would rather not mitigate a security breach and instead manage it should it happen because perhaps the scope of the breach won't be so bad", (6) "the misconception that people don't have data worth stealing", and (7) "the only security software an organization needs is an anti-virus or anti-malware on its computers". (1.1)

Explain how the following statement is a myth: "Security teams are the no people within organization".

While security teams sometimes have to deny access to applications, services, or websites, they do so as part of their responsibilities for identifying and mitigating digital risks to the organization. Security teams play an essential part in an organization's innovation and growth strategies. A good security team works with, not against other departments to help achieve organizational objectives while maintaining the organization's security posture. (1.1)

Explain how the following statement is a myth: "security teams just fiddle with computers and servers all day".

They play a critical role in evaluating new tools, services, or features, and identifying potential security risks associated with them. They also work collaboratively with other teams within an organization to find ways to address these risks while still enabling the business to move forward. In addition to identifying risks, security teams provide guidance on best practices for implementing security controls, draft policies for maintaining information security compliance, and assist in creating security-related processes. Among many other responsibilities, security teams ensure that all initiatives meet regulatory and compliance requirements and build a culture of security throughout the organization. By working collaboratively with other teams, security teams can help identify new growth opportunities while maintaining a strong security posture. This can help organizations stay ahead of the curve and remain competitive in their industry. (1.1)

Explain how the following statement is a myth: "all security team members are hackers".

While there are ethical hackers who work to test an organization's security through penetration testing, not all InfoSec professionals are hackers. An InfoSec team will include a variety of roles to fulfill a wide range of duties. Some examples include analysts, engineers, architects, compliance officers, incident responders, managers, etc. (1.1)

Explain how the following statement is a myth: "small to medium-sized businesses are not at risk for cyberattacks"

All organizations, regardless of size, are potential targets for cybercriminals. In fact, small to medium-sized businesses may be more vulnerable to attacks due to their limited resources and less sophisticated security measures. Consider that larger organizations will have the people, resources, and knowledge to mitigate a potential cyberattack, or a small organization may rely on the business owner, a single IT person, or a technical employee to fulfill these needs. (1.1)

Explain how the following statement is a myth: "business leaders saying they would rather not mitigate a security breach and instead manage it should it happen because perhaps the scope of the breach won't be so bad".

Dealing with a security breach after it happens can result in financial losses, reputational damage, legal liabilities, and loss of customer trust. In every situation, it's less expensive to mitigate the risk of a cyberattack than it is to deal with the exposure. Not if, but when it happens. (1.1)

Explain how the following statement is a myth: "the misconception that people don't have data worth stealing".

All data is valuable to cybercriminals, regardless of the size or industry of the organization. Even seemingly innocuous data, such as an employee or customer information, can be used to launch targeted attacks and lead to significant financial and reputational damage. Storing data in-house is not necessarily safer than keeping it in the cloud. Cloud service providers often have more advanced security measures in place than small to medium-sized businesses. They can afford large security teams made up of the best talent. (1.1)

Explain how the following statement is a myth: "the only security software an organization needs is an anti-virus or anti-malware on its computers".

A good anti-virus or anti-malware tool is a great starting point into the world of endpoint security. The keyword here is good. Any piece of software, including anti-virus or anti-malware, can create a potential vulnerability. Additionally, anti-virus or anti-malware software does not combat threats like social engineering or consider employee training or instant response plans. Finally, the absence of a security breach does not necessarily indicate that an organization is immune to future cyberattacks. In fact, attack methods are constantly evolving and organizations need to continuously assess and improve the security measures to stay ahead of potential risks posed to them. (1.1)

The relationship between security and usability is __________.

Inverted (1.1)

When there is (high/low) usability, there is often (high/low) security.

High; low (1.1)

When there's (high/low) usability, we likely, have (high/low) security.

Low; high (1.1)

The (less/more) a system is open, the (less/more) function that it has.

More; more (1.1)

The (less/more) it integrates, the (less/more) difficult it is to secure.

More; more (1.1)

The (less/more) usability there is, the easier it is to secure and thus, the (less/more) security you would have.

Less; more (1.1)

Finding that balance between usability and security can be a challenge since every organization has its own ___________ levels.

Security tolerance (1.1)

Organizations using an application for the core of their business, but the application requires many ports to be open across the firewall that exposes the company to the internet. Opening many ports can lead to greater exposure of the system for network mapping, port scanning, and other types of vulnerability scanning attacks. This scenario exemplifies what?

The inverse relationship between security and usability. (1.1)

The (less/more) we keep the system open, the (higher/lower) the probability is that our vulnerability will be found and will be used against us.

More; higher (1.1)

An employee receives an email from an unknown sender with a suspicious attachment. What is the fundamental network security principle that should be applied?

Anti-malware, Authentication, Firewalls, or Encryption?

Anti-malware (1.1)

A company regularly updates its software and patches vulnerabilities in its systems. Which fundamental network security principle is being followed?

Authentication, Encryption, Least privilege, or Patch management?

Patch management (1.1)

This software helps detect and remove malicious software, such as viruses or malware, which may be contained within suspicious email attachments.

Anti-malware software (1.1)

This process involves regularly updating software and applying patches to address known vulnerabilities, thereby enhancing the security of network systems and infrastructure.

Patch management (1.1)

This would verify the identity of users or devices but does not directly address the threat posed by suspicious email attachments.

Authentication (1.1)

This would control incoming and outgoing network traffic based on predetermined security rules but do not directly address the risk posed by suspicious email attachments.

Firewalls (1.1)

This protects data during transmission or storage but does not directly address the risk posed by suspicious email attachments.

Encryption (1.1)

This idea restricts access rights for users to the minimum levels necessary for performing their tasks, but it is not directly related to updating software and patching vulnerabilities.

Least privilege principle (1.1)

A company's wireless network does not require authentication for access.

Which network security vulnerability is present?

Unauthorized access, Packet sniffing, Eavesdropping, or Man-in-the-middle attack?

Unauthorized access (1.2)

This attack involves capturing and analyzing network traffic, which is not specific to the absence of authentication on a wireless network.

Packet sniffing (1.2)

This attack refers to unauthorized listening to private conversations, which is not directly related to the lack of authentication on a wireless network.

Eavesdropping (1.2)

This attack involves intercepting communication between two parties, which is not directly related to the lack of authentication on a wireless network.

Man-in-the-middle (1.2)

List the protocol vulnerabilities which are things that are outdated or insecure by default:

(1) Telnet, (2) FTP, (3) HTTP, (4) POP3 and IMAP, (5) ciphers and hashing algorithms, (6) SSH, (7) SFTP, (8) HTTPS, (9) POP3 and IMAPS, (10) TLS 1.3 and SHA-3. (1.2)

Give six examples of network vulnerabilities:

(1) Message compromise, (2) masquerade, (3) message modification, (4) denial-of-service (DoS), (5) social engineering, and (6) weak passwords. (1.2)

List the seven types of software vulnerabilities:

(1) Cloud, (2) a software vulnerability existing in both locations, (3) on-premises network, (4) administrative privileges, (5) inherent bugs and errors, (6) misconfigurations, and (7) backdoor. (1.3)

List the seven types of threat actors:

(1) Advanced persistent threat (ADT), (2) cybercriminals, (3) hacktivist, and (4) terrorist, (5) insider threat, (6) script kiddies, (7) nation-state actors. (1.3)

What are the two categories of threat actors:

(1) External and (2) internal (1.3)

Give an example of a threat from a nation-state to an organization vs a government:

Organization: IP theft

Government: Political information theft, disrupting the functionalities (1.3)

Give an example of a threat from a hacktivist to an organization vs a government:

Organization: Confidential data theft

Government: Web defacement (1.3)

Give an example of a threat from a cyber criminal to an organization vs a government:

Organization: IP theft, credentials theft

Government: IP theft, research data theft (1.3)

Give an example of a threat from a insider threat to an organization vs a government:

Organization: Data leakage insider fraud

Government: Data leakage (1.3)

These protect your environment against internal personnel. They define penalties for violations.

Administrative controls (1.3)

List the main external security concerns an individual/organization might have:

(1) Physical humans, (2) physical security, (3) attacks from the outside can make their way inbound, over your internet link, (4) when you purposely allow remote connections. (1.3)

What are physical security concerns and why is it important to guard against them?

This occurs where outsiders may attempt to gain physical entry into the building. If they're able to gain physical entry, then they can interact with your hardware, steal your equipment, plant listening devices, or read data off of your computer systems. Therefore having locked doors, security guards, or video cameras recording the events taking place the physical world, are some potential ways of defending against that type of intrusion. (1.3)

What are some ways to ensure physical security?

Having locked doors, security guards, or video cameras recording the events taking place the physical world. (1.3)

How do external threats over the internet occur in a organization?

By having an open resource that an outside attacker can connect in indirectly, such as offering your own web services, or running your own email or file server that the outside internet actions can reach, or if your using the internet as a way to reach out to the internet and retrieve data from it, you may retrieve malicious code because of that, and possibly become infected by a remote access Trojan or a backdoor. (1.3)

What makes allowing remote connections such as virtual private network (VPN) potentially be vulnerable to external threats?

A VPN is an encrypted connection from some outside entity into your private network. When that's truly a valid entity on the outside connecting in, then it's fine. However, anyone can attempt those connections in the first place. If a malicious attacker is able to take over the control of the machine at the remote site, and then initiate the VPN, the VPN may still serve as a conduit for an attacker to ultimately come across that link and still breach your security, because they are impersonating or taking over the remote computer that is otherwise authorized. (1.3)

A __________ is an encrypted connection from some outside entity into your private network.

Virtual private network (VPN) (1.3)

An individual uses pre-written scripts and tools to exploit known vulnerabilities without understanding the underlying mechanisms.

Which type of attacker is involved?

Red team, White hat hacker, Black hat hacker, or Script kiddie?

Script kiddie (1.3)

What is a script kiddies?

They are individuals who use readily available tools and scripts to launch attacks without understanding the technology behind them. (1.3)

What are red teams?

They are groups within organizations tasked with simulating real-world attacks to test defenses and improve security posture. (1.3)

What are white hat hackers?

These people are ethical hackers who use their skills for defensive purposes or to improve security. (1.3)

What are black hat hackers?

These engage in unauthorized activities for personal gain or malicious intent. (1.3)

A group of security professionals simulates attacks on a company's network to identify vulnerabilities and improve defenses. Which type of team is involved?

White team, Red team, Purple team, or Blue team?

Red team (1.3)

These are groups that simulate attacks on a company's network to identify vulnerabilities and test defenses, often providing valuable insights for improving security.

Red teams (1.3)

What is a purple teams?

These groups combine the functions of red and blue teams, facilitating collaboration and knowledge sharing between offensive and defensive security teams. (1.3)