Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah's computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions.
Identify the Internet access policy demonstrated in the above scenario.
Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.
Identify the type of IDS employed by Messy in the above scenario.
Answer : C
Anomaly-based IDS is a type of IDS that detects intrusions by comparing the observed network events with a baseline of normal behavior and identifying any deviation from it. Anomaly-based IDS can detect unknown or zero-day attacks that do not match any known signature, but they can also generate false positives due to legitimate changes in network behavior. Anomaly-based IDS can use various techniques to model the normal behavior, such as statistical analysis, machine learning, or artificial intelligence. Anomaly-based IDS is the type of IDS employed by Messy in the above scenario, as he deployed an IDS that depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it. Reference:
Anomaly-Based Intrusion Detection System - Chapter 2: Anomaly-Based Intrusion Detection System
Network Defense Essentials (NDE) | Coursera - Week 10: Intrusion Detection and Prevention Systems
Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora's account, the application sent an OTP to Kevin's mobile for confirmation.
Which of the following authentication mechanisms is employed by the banking application in the above scenario?
Answer : D
Two-factor authentication (2FA) is a type of authentication that requires users to provide two or more forms of verification to access an online account. 2FA is a multi-layered security measure designed to prevent hackers from accessing user accounts using stolen or shared credentials. 2FA typically combines something the user knows (such as a password or PIN), something the user has (such as a phone or a token), and/or something the user is (such as a fingerprint or a face scan). In the above scenario, the banking application employs 2FA by asking Kevin to enter his registered credentials (something he knows) and an OTP sent to his mobile (something he has) before transferring the amount to Flora's account. Reference:
Improve Your Cybersecurity with Password MFA - Defense.com
What Is Two-Factor Authentication (2FA)? | Microsoft Security
Selecting Secure Multi-factor Authentication Solutions
Joseph, a security professional, was instructed to secure the organization's network. In this process, he began analyzing packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.
Identify the attack signature analysis technique performed by Joseph in the above scenario.
Answer : D
Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission. Reference:
[Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring
Network Defense Essentials (NDE) | Coursera - Week 12: Network Traffic Monitoring
[Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?
Steve was sharing his confidential file with John via an email that was digitally signed and encrypted. The digital signature was made using the "Diffie-Hellman (X9.42) with DSS" algorithm, and the email was encrypted using triple DES.
Which of the following protocols employs the above features to encrypt an email message?
Answer : A
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that provides security services for email messages, such as encryption, digital signature, authentication, and integrity. S/MIME is based on the MIME standard, which defines the format and structure of email messages. S/MIME uses public-key cryptography to encrypt and decrypt the message content and to sign and verify the message sender. S/MIME supports various algorithms for encryption and digital signature, such as Diffie-Hellman, DSS, RSA, and triple DES. S/MIME is widely used for secure email communication in various applications and platforms, such as Outlook, Gmail, and Thunderbird. S/MIME is the protocol that employs the features mentioned in the question, namely Diffie-Hellman (X9.42) with DSS for digital signature and triple DES for encryption. Reference:
S/MIME - Week 7: Email Security
S/MIME Version 3.2 Message Specification
Kelly, a cloud administrator at TechSol Inc., was instructed to select a cloud deployment model to secure the corporate data and retain full control over the data.
Which of the following cloud deployment models helps Kelly in the above scenario?
Answer : D
A private cloud is a cloud deployment model that is exclusively used by a single organization and is hosted either on-premises or off-premises by a third-party provider. A private cloud offers the highest level of security and control over the data and resources, as the organization can customize the cloud infrastructure and services according to its needs and policies. A private cloud also ensures better performance and availability, as the organization does not share the cloud resources with other users. A private cloud is suitable for organizations that have sensitive or confidential data, strict compliance requirements, or high demand for scalability and flexibility. A private cloud can help Kelly secure the corporate data and retain full control over the data in the above scenario. Reference:
Private Cloud - Week 6: Virtualization and Cloud Computing
Private Cloud vs Public Cloud vs Hybrid Cloud
Private Cloud Security: Challenges and Best Practices
Below are various authentication techniques.
1.Retina scanner
2.One-time password
3.DNA
4.Voice recognition
Identify the techniques that fall under biometric authentication.
Answer : A
Biometric authentication is a type of authentication that uses the physical or behavioral characteristics of a person to verify their identity. Biometric authentication is more secure and convenient than other methods such as passwords or tokens, as biometric traits are unique, hard to forge, and easy to use. Some examples of biometric authentication techniques are retina scanner, DNA, and voice recognition. Retina scanner uses a low-intensity light beam to scan the pattern of blood vessels at the back of the eye, which is unique for each individual. DNA uses the genetic code of a person to match their identity, which is the most accurate and reliable biometric technique. Voice recognition uses the sound and pitch of a person's voice to verify their identity, which is influenced by factors such as anatomy, physiology, and psychology. These techniques fall under biometric authentication, as they use the physical or behavioral traits of a person to authenticate them. Reference:
Biometric Authentication - Week 2: Identification, Authentication, and Authorization
Biometric Authentication: What You Need To Know
Biometric Authentication Techniques