WGU - Network & Security Foundations - Section 3: Networking Security Operations complete questions bank ( 493 questions & answers )

This determines if corporate data is restricted to only specific internal roles and/or if it can be made public.

Data handling policies (1.1)

What are three things that a data handling policy should include/outline?

(1) Should identify any legal or regulatory restrictions, (2) includes labeling and naming (tagging) schema, and (3) outlines data ownership, custodianship, and stewardship. (1.1)

What are the nine main parts of a sample data handling policy approach?

(1) Defines how much protection the data and information needs, (2) collects and creates only what is necessary, (3) offer the minimum needed access, (4) disclose the lowest amount of information necessary, (5) safeguard data in transit, (6) secure physical storage resources, (7) defend archival media and cloud storage, (8) dispose of data securely in the disposition phase, and (9) stay knowledgeable about new risks. (1.1)

This represents the leadership of security governance towards securing access to data, applications, systems, and services. However, there is a fine line between strong passwords and difficult to remember passwords.

Password policies (1.1)

This is an agreement between 2+ parties outlining the appropriate use of access to a corporate network or the Internet.

Acceptable Use Policy (AUP) (1.1)

This is useful to businesses or educational facilities that offer Internet to their employees or students. Often, users must agree to terms and conditions before every authenticated session.

Acceptable Use Policy (AUP) (1.1)

List nine common Acceptable Use Policy (AUP) elements:

(1) Data access and disclosure, (2) data retention, (3) asset custodianship, (4) passwords, (5) system access, (6) clean desk policy, (7) removable device policy, (8) web surfing, and (9) augmented reality. (1.1)

This permits employees to bring their own personal mobile devices to access enterprise data and systems.

Bring Your Own Device (BYOD) (1.1)

List the four basic options for Bring Your Own Device (BYOD):

(1) Unlimited access for personal devices, (2) access only to non-sensitive systems and data, (3) access with IT control over personal devices, apps, and stored data, and (4) access while preventing local storage of data. (1.1)

The main goals of a privacy policy are to protect which three types of data?

(1) Intellectual Property (IP), (2) Personal Identifiable Information (PII), and (3) Personal Health Information (PHI). (1.1)

Examples of this include organizational secrets, copyright, digital rights, formulas, future products, marketing campaigns, ongoing research, etc.

Intellectual property (IP) (1.1)

Examples of this include ID numbers, addresses, preferences, etc.

Personal Identifiable Information (PII) (1.1)

In network security design, which principle advocates for the use of cryptographic techniques to secure sensitive data and communications:

Defense in depth, Complete mediation, Separation of privilege, or Security?

Security (1.1)

Describe the 'security principle' in network security design:

It advocates for the use of cryptographic techniques to secure sensitive data and communications, ensuring confidentiality, integrity, and authenticity. (1.1)

Describe the 'defense in depth' principle in network security design:

This principle emphasizes the use of multiple layers of security mechanisms but does not specifically focus on cryptographic techniques. (1.1)

Describe the 'complete mediation' principle in network security design:

This principle focuses on continuous access checking against security policies rather than cryptographic techniques. (1.1)

Describe the 'separation of privilege' principle in network security design:

This principle involves dividing system functions among multiple components to enhance security but does not specifically emphasize cryptographic techniques. (1.1)

List the four human-centered design principles:

(1) Ensure the root problem is solved and not the symptom, (2) Focus on the system interactions and not just one part, (3) The people need to be the main focus of the design process, and (4) Perform prototyping and testing quickly and iteratively (1.2)

What are the main things to remember during root problem identification during human-centered design?

(1) Focus on the cause of the problem and not the symptoms, (2) needs to be an integral part of the design process, and (3) solving fundamental problems will solve root problems. (1.2)

What are the main things to remember during a people-centered approach:

(1) Focus should be on people and not on technology, (2) the history, culture, and beliefs of the people are important, and (3) focus on the situation, motivation, and expected outcomes. (1.2)

What three things to remember when focusing on the entire system during human-centered design?

(1) All parts of a system are equally important, (2) improving one part of a system should not weaken another part, and (3) returning and item should be as easy as purchasing an item. (1.2)

What three things to remember when prototyping and testing during human-centered design?

(1) Prototyping should be used to quickly elicit feedback, (2) an iterative process needs to be used to manage development, and (3) testing should always be done with real users. (1.2)

Limiting exposure and access (i.e limit permissions and time) and vary security levels (i.e based on task, lowest level required).

This is the rationale for the Least Privilege principle. (1.3)

What are the two categories of sensitive data?

Confidential and Secret (1.3)

This otherwise known as __________ is a security concept that is based on providing the lowest level of rights and permissions for a user to perform their current task, and no more.

Least privilege (i.e time-limited privilege) (1.3)

What is the purpose of the least privilege principle?

It limits exposure and access by limiting permissions over a limited time. For example, we vary security levels if different security levels are required for different tasks. It's based on task, and we do this rather than always running at a higher security level. Tasks have to be structured in such a way to support least privilege as well. (1.3)

Least privilege doesn't just apply to human users, as applications have run-time privileges as well. This is based on what's known as _________. The context is the user permission level that the application runs under.

Particular security context (1.3)

How do we get to least privilege for non-human users such as applications?

One of the most common ways is to start with no privileges at all. At that point, the need to know must be established. This in turn results in privileges being awarded. One of the most important benefits of least privilege is that it keeps sensitive data confidential. It maintains the secrecy level required by also ensuring that users that don't require higher level of permissions don't have access to that sensitive data in order to purposely or inadvertently disclose information. (1.3)

When designing a network security system, which principle ensures that users are only granted the minimum level of access necessary to perform their tasks?

Least privilege, Separation of privilege, Economy of mechanism, or Complete mediation?

Least privilege (i.e time-limited privilege) (1.3)

Which ensures that users are granted only the minimum level of access required to perform their tasks, reducing the potential impact of security breaches.

Least privilege (i.e time-limited privilege) (1.3)

Which principle involves dividing system functions among multiple components to enhance security?

Separation of privilege (1.3)

Which principle focuses on minimizing system complexity to improve security?

Economy of Mechanism (1.3)

Which principle emphasizes the need for every access to be checked against security policy?

Complete mediation (1.3)

What is a fail safe?

This is a design principle that says when a system does experience a failure, and almost every software does at some point, it should fail to a safe state. That is, it should fail in a way that does not compromise security. In the event of an error, exception, any kind of failure, assets must above all be protected. (1.4)

What are two exceptions to the fail safe?

(1) Events outside the natural process flow and (2) not necessarily an error (1.4)

These are defined as mistakes or faults.

Errors (1.4)

These could be due to human error and have specific handling requirements.

Errors (1.4)

The following describes what process:

(i) Error/exception occurs, (ii) system fails safely, and then (iii) system returns to normal operation

Error/exceptions handling (1.4)

Explain the 'explicit deny' concept:

This means 'Deny by Default', meaning that authorization should be denied by default. (1.4)

Explain the idea "Think error codes not error messages" in the context of fail safes:

Another principle in fail safe is non-verbose errors. So think error codes or error IDs, rather than error messages. Verbose error messages that provide line numbers and explicit comprehensive explanations of the error or exception are certainly not going to help an average user. However, for an attacker, this could be incredibly useful information to take back to home base and improve on the attack. (1.4)

These are not the same as errors, and are events outside the natural process flow of the software.

Exceptions (1.4)

Do errors, exceptions, or both have specific handling requirements?

Both (1.4)

The idea behind the ________ is that errors and exceptions are handled in a predictable and acceptable way. This means ideally we don't want the system to fail and just be entirely disabled. Rather, when an error or exception does occur, we want the system to securely and then have the system return to normal operation.

Fail-safe principle (1.4)

In designing a network security system, which principle focuses on ensuring that the system remains secure even if individual components fail:

Security, Design, Economy of mechanism, or Fail-safe?

Fail-safe (1.4)

This principle focuses on ensuring that a system defaults to a secure state in the event of component failure, thereby minimizing the impact of such failures on overall security.

Fail-safe principle (1.4)

This principle emphasizes simplicity and minimizing complexity to enhance security.

Economy of mechanism (1.4)

Explain the 'Economy of Mechanism' idea?

The idea is to keep things simple, or at least as simple as possible. Understand that complex software can be difficult to protect and is prone to problems. Understand that security is already a complex process. So the simpler that we can keep everything, the easier it will be to defend, troubleshoot, and administer. (1.5)

In the Economy of Mechanism idea, what are the three trusted existing components:

(1) Trusted libraries, (2) trusted infrastructures, and (3) trusted utilities (1.5)

What is one way to apply the principle of economy of mechanism?

To use existing trusted components because you can use existing components instead of creating new ones every time (e.g tried and tested login process like single sign-on, federated identity management, or OAuth). (1.5)

What is the downside of applying the principle of economy of mechanism?

The principle of economy of mechanism which uses existing trusted components because you can use existing components instead of creating new ones every time. There is a downside, however, and the fact is that if you are using the same trusted components across multiple products or parts of a product, if there is a vulnerability found or a flaw, then that vulnerability exists everywhere that you've deployed that particular component. (1.5)

Another idea of the economy of mechanism is that you eliminate non-essential ___________.

Services and protocols (1.5)

How can one determining the essentials in order to follow the economy of mechanism principle?

You can start with minimal services and protocols, only those that you know are required for that specific purpose. Then activate services and protocols as required. This can be a difficult and time consuming task. It goes a long way with keeping things simple, and that is economy of mechanism. (1.5)

Describe the concept of complete mediation:

This refers to the concept that when a subject requests access with respect to an object and an action. That authorization is verified, then it must be verified each and every time that access is requested with respect to that object and action. We must ensure that authorization is never bypassed, regardless of how many times it's requested and how many repeated accesses are attempted. (1.5)

Explain how the security kernel and operating systems which can never be circumvented are examples of the complete mediation principle in network security design:

Most paths to a breach or compromise involve circumventing critical systems like authentication. Consider session management methods, such as cookies, cached credentials, tokens, and certificates. The risk is that user credentials may change from the time of the initial authorization and the actual system use, potentially leading to time of check to time of use attack. In this situation we can implement timeouts that will lock a session out after some period of time of non-activity, or lock an account or a session after a certain number of failed login attempts. This follows the principle that when request is accessed, and the authentication is verified, it must be verified each time a request in made for that action. (1.6)

In network security design, which principle ensures that access to resources is checked against the security policy, even after initial authentication:

Security, Fail-safe, Least privilege, or Complete mediation?

Complete mediation (1.6)

Which principle ensures that access to resources is checked against the security policy, even after initial authentication, to prevent unauthorized access?

Complete mediation principle (1.6)

This principle emphasizes maintaining system security even in the event of component failure, rather than continuous access checking.

Fail-safe principle (1.6)

Which principle of network security design emphasizes the importance of keeping security mechanisms transparent and understandable:

Least common mechanism, Psych acceptability, Trust, or Open design?

Open design (1.7)

This is the fact that the security of the system must be entirely independent of its design, meaning that that the algorithm must be open and accessible and that security must not be dependent at all on the design.

Open design (1.7)

It was once thought that security through obscurity was a valid form of security. This, for example, meant hiding keys and passwords inside the source code. But with differential code analysis and with reverse engineering, the secrets have easily been discovered. This is really not a valid form of security. Adhering to the _________ principle, it means that our code can be open to review.

Open design (1.7)

Under this process, missed issues can be uncovered. This may also be used to ensure that standards have been complied with. There's also a mentoring opportunity. If code and algorithms have some issues, then a more senior developer could provide some mentoring advice on how to close or address that issue. Code that's opened to review after undergoing this process is a higher quality product. What's the process?

Peer review (1.7)

This principle of network security design focuses on ensuring that security mechanisms are acceptable and understandable to users rather than security experts.

Psych acceptability (1.7)

This principle of network security design emphasizes minimizing shared mechanisms between different components to enhance security.

Least common mechanism (1.7)

This principle of network security design is a broader concept involving the reliance on entities or systems for specific purposes.

Trust (1.7)

When designing network security, which principle emphasizes the need to verify the identity of users and restrict access based on their roles or permissions:

Trust, Least common mechanism, Least privilege, or Separation of privilege?

Separation of privilege (1.8)

Describe the 'separation of duties' principle:

This is another fundamental approach to security. This ensures multiple parties are required for any particular task to be completed. In order to apply this principle, some tasks may need to be split amongst a critical path. (1.8)

What is the rationale for separation of duties?

The concept here is that no single individual can complete a specific task. Therefore, no single individual may misuse those permissions. For example, most organizations require two signatures on checks or on approval of contract situations. (1.8)

What is secret sharing (or splitting) and how is it applied in situations where very sensitive data is involved?

This is defined as a method for distributing a secret amongst a group of participants, with each of those participants being allocated their share of the secret. The secret can be totally reconstructed only when there is a sufficient number or a sufficient type of shares combined together. Therefore, individual shares are of no use on their own, so it requires the collaboration of several individuals. (1.8)

Describe the purpose of the design principle of least common mechanism:

It is to avoid unintentional sharing of information, to eliminate potential pathways for information sharing amongst users and processes. The mechanisms, therefore, utilized for accessing resources should not be shared. (1.9)

Having separate services or different services with different priorities provided to two separate sets of users. The more that they share resources, the more susceptible the system is to influence from one or the other to disclose data in an unauthorized fashion via covert channels or even the ability to limit availability by using, for example, a denial of service. This is an example of what?

Shared mechanisms (1.9)

If a choice must be made between a single shared process operating over a range of different processes with different priorities and multiple, separate, isolated or compartmentalized processes, the separate processes is the better choice to make. The whole idea here is that the choice is a balance that must be made taking into consideration the level of risk involved. This example illustrates which concept in network security design?

Separation (1.9)

In network security design, which principle suggests that security mechanisms should be easy to understand and use by users to encourage compliance:

Least privilege, Trust, Separation of privilege, or Psych acceptability?

Psych acceptability (1.10)

Describe the concept of psychological acceptability:

The users themselves are key to the security of those systems. Therefore, security must be designed to be psychologically acceptable to the users themselves. When the security of the system is perceived to impede or obstruct the user from completing their work they'll find ways to bypass that security altogether. (1.10)

A security policy that prohibits sending PDF files as attachments in emails. If a user came up against this policy and it was critical for them in order to complete their job, or complete the task as part of their job that they send that PDF with information. They could get around that policy by simply using a utility to zip the PDF up and then sending the attachment that way, thereby entirely bypassing that security policy. Which exemplifies which concept?

Psychological acceptability (1.10)

If the password policy makes those passwords so complex that they can't possibly be remembered, that's counter to making software usable and making users productive. This exemplifies which concept?

Psychological acceptability (1.10)

A screen layout should be simple and easy to follow, intuitive in its design and you shouldn't have extraneous and extra key presses or mouse presses and so on in order to be productive for an organization. This exemplifies which concept?

Psychological acceptability (1.10)

What are the five zero-trust fundamentals?

(1) Distrust by default, (2) threats always exist, (3) no local trust assumptions, (4) multi-factor authentication, and (5) always require authorization (1.11)

Previously, security assumptions were based on strong perimeter security, that once on the internal network behind strong firewalls and stringent security. We can't make that assumption now and this illustrates which of the five zero-trust fundamentals?

No local trust assumptions (1.11)

This concept requires strong authentication, using strong encryption with strong passwords and keys. We assert this through active monitoring of traffic.

Trust (1.11)

In zero-trust approaches, _________ for resources must be approached in terms of enforcement, which is our front line _________ process.

Authorization (1.11)

This which checks the authorization, it's the policy engine component preventing against unauthorized access.

Policy (1.11)

This, which is our risk analysis component, typically producing a risk factor value that we can use to assess how risky it is to trust the authorization or continued authorization.

Trust (1.11)

What are the four main zero-trust priorities?

(1) Always authenticate before processing - you can sink or dead-end network data that isn't authenticated; (2) Encrypt before transmitting - End-to-end security is important, as is securing the endpoints; (3) Deprecate weak authentication and encryption; and (4) Keep hardware and software up-to-date. (1.11)

This type of design focuses on solving root issues (not just symptoms) with people as the central focus, adopting a systems view, and engaging in continuous prototyping and testing.

Human-centered design (1)

This network security principle involves granting minimal necessary permissions to users and applications, thus limiting access based on tasks and time to minimize exposure and risk.

Least privilege (1)

This type of design ensures that systems fail securely without compromising security, with errors and exceptions handled predictably and acceptably. This design also emphasizes the adoption of principles like "deny by default."

Fail-safe design (1)

These types of concepts include data handling, password policies, acceptable use, and BYOD policies. These policies emphasize the importance of clear guidelines and user compliance for security.

Security policies (1)

This model emphasizes distrust by default—requiring strong authentication, least privilege, active monitoring, and rigorous authorization processes.

Zero trust (1)

This idea refers to the idea that security systems should be user-friendly and not impede users' tasks, as complex security measures might lead to bypassing and compromises.

Psychological acceptability (1)

This network security principle minimizes unintentional information sharing by avoiding shared mechanisms among users and processes and instead favoring separate, isolated processes.

Least common mechanism (1)

This network security principle requires multiple parties for task completion to prevent misuse of permissions. It also involves the use of secret sharing in sensitive scenarios.

Separation of duties (1)

What is a firewall?

A software or hardware used to control ingress and egress of network traffic and that refers to the direction (i.e traffic coming in and/or traffic coming out). It is designed to prevent unauthorized access to a private network. (2.1)

Name the two major types of firewalls:

Software based firewall and Host-based firewall (2.1)

This type of firewall runs on a host PC or server.

Software based firewall (2.1)

This type of firewall is configurable software on the a system (i.e the host).

Host-based firewall (2.1)

All recent Windows clients and servers included a firewall by default ever since which version of Windows? You can just configure it through the Control Panel.

Windows XP (2.1)

This type of network typically segregates a LAN from devices on an untrusted network (i.e the Internet).

Network-based firewall (2.1)

The primary difference between this firewall type and others is that it is designed really to protect the entire network.

Network based firewall (2.1)

This filtering technique used in firewalls accepts or rejects packets entering or leaving the network. You can configure the criteria yourself with respect to what is allowed and what is not, so it examines the packets. If it meets the criteria, it is accepted, and if it does not meet the criteria, it is discarded.

Packet filter (2.1)

A(n) _________ applies security mechanisms to specific applications. So it depends on the application you are using.

Application gateway (2.1)