D. <\/strong>Backdoor<\/span><\/p>\nCorrect Answer: C<\/b><\/p>\n
Explanation:\u00a0<\/b><\/p>\n
Lack of system updates, when a new vulnerability is found, is the most common issue with IoT devices. In the case of most embedded systems with the programming directly on the chips, it would require physical replacement of the chip to patch the vulnerability. For many systems, it may not be cost-effective to have someone visit each one to replace a chip, or manually connect to the chip to reprogram it.<\/span><\/p>\nOption A is incorrect <\/b>since logical network segmentation is the best way to isolate IoT environments from other devices on the network and it is not a security threat.<\/span><\/p>\nOptions B and D are the correct<\/b> security threats against IoT devices but except for <\/span>Option C<\/b>, the other two options do not have very common security against most IoT devices hence if we have to choose the most common security threat in IoT devices then <\/span>Option C is correct,<\/b> and <\/span>Option B & D<\/b> are incorrect.<\/b><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
Domain: Network Security\u00a0<\/b><\/h4>\n
Question 2: <\/b>Which of the below is a challenge in micro-segmentation in cyber security?<\/strong><\/p>\n A. <\/strong>Reducing the attack surface<\/span>
\n B. <\/strong>Easy to configure and map to a business need<\/span>
\n C. <\/strong>Secure Critical Applications<\/span>
\n D. <\/strong>Improves Regulatory Compliance Posture<\/span><\/p>\nCorrect Answer: B<\/b><\/p>\n
Explanation:<\/b><\/p>\n
Deployment of network-based micro-segmentation is not very granular because it is extremely difficult to map business segmentation needs to networking constructs.\u00a0<\/span><\/p>\nOption A is incorrect <\/b>since micro-segmentation reduces the attack surface.<\/span><\/p>\nOption B is correct <\/b>since configuration of micro-segmentation and map to network based on business requirements is a big challenge in micro-segmentation.<\/span><\/p>\nOption C is incorrect <\/b>since micro-segmentation helps to secure critical applications.<\/span><\/p>\nOption D is incorrect<\/b> since micro segmentation helps to improve regulatory compliance also.<\/span><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
<\/span>Domain: Network Security\u00a0<\/b><\/span><\/h3>\nQuestion 3: <\/b>Which type of security control micro-segmentation supports?<\/strong><\/p>\n A. <\/strong>Logical rules<\/span>
\n B. <\/strong>Physical rules<\/span>
\n C. <\/strong>Logical and physical rules\u00a0<\/span>
\n D. <\/strong>Network-defined rules<\/span><\/p>\nCorrect Answer: A<\/b><\/p>\n
Explanation: <\/b>\u00a0<\/b><\/p>\n
These are logical rules, not physical rules, and do not require additional hardware or manual interaction with the device (that is, the administrator can apply the rules to various machines without having to physically touch each device or the cables connecting it to the networked environment).<\/span><\/p>\nOption A is correct <\/b>since micro segmentation is based on logical rules where admin is not required to touch the system physically to implement these rules.<\/span><\/p>\nOption B is incorrect <\/b>since micro segmentation does not require touching the system physically to implement these rules.<\/span><\/p>\nOption C is incorrect <\/b>as mentioned in options A and B.<\/span><\/p>\nOption D is incorrect<\/b> since there is no keyword or methodology named network defined rules.<\/span><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
<\/span>Domain: Network Security\u00a0<\/b><\/span><\/h3>\nQuestion 4: Which of the below methods is best for hosting streaming video files for the company’s remote users where we can ensure that the data is protected while it’s streaming?\u00a0<\/strong><\/p>\n A. <\/strong>Symmetric encryption<\/span>
\n B. <\/strong>Hashing<\/span>
\nC. <\/strong>Asymmetric encryption<\/span>
\n D. <\/strong>VLANs<\/span><\/p>\nCorrect Answer: A<\/b><\/p>\n
Explanation: <\/b>\u00a0<\/b><\/p>\n
Symmetric encryption offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data.<\/span><\/p>\nOption A is correct <\/b>since symmetric encryption is best for secure streaming communication.<\/span><\/p>\nOption B is incorrect <\/b>since hashing would not provide confidentiality of the data.\u00a0<\/span><\/p>\nOption C is incorrect <\/b>since asymmetric encryption provides more overhead compared to symmetric encryption hence it would not be the best choice.<\/span><\/p>\nOption D is incorrect<\/b> since VLANs are useful for the logical segmentation of networks, but do not serve a purpose of streaming data to remote users.<\/span>\u00a0<\/span><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
<\/span>Domain: Network Security\u00a0<\/b><\/span><\/h3>\nQuestion 5:<\/b> Which of the below technologies does not guarantee a network\u2019s security?<\/strong><\/p>\n A. <\/strong>VLAN<\/span>
\n B. <\/strong>Firewall<\/span>
\n C. <\/strong>IDS\/IPS<\/span>
\n D. <\/strong>VPN<\/span><\/p>\nCorrect Answer: A<\/b><\/p>\n
Explanation: <\/b>\u00a0<\/b><\/p>\n
VLANs do not guarantee a network\u2019s security. Most of the time that traffic cannot be intercepted because communication within a VLAN is restricted to member devices. However, there are attacks that allow a malicious user to see traffic from other VLANs (so-called VLAN hopping).<\/span><\/p>\nOption A is correct <\/b>since VLAN alone does not guarantee a network\u2019s security; rather VLAN technology is used for improving the overall security of a network.<\/span><\/p>\nOptions B, C and D are incorrect <\/b>since Firewall, IDS\/IPS, and VPN provides network security.\u00a0<\/span><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
<\/span>Domain: Network Security\u00a0<\/b><\/span><\/h3>\nQuestion 6: <\/b>Which of the below VLAN configurations could be a threat to network security?<\/strong><\/p>\n A. <\/strong>Separate the data center from all other network traffic<\/span>
\n B. <\/strong>VOIP and the rest of the network are using different VLANs<\/span>
\n C. <\/strong>A VLAN is configured to communicate with other VLANs<\/span>
\nD. <\/strong>NAC (Network Access Control) systems use VLANs to control whether devices connect to the corporate network or to a guest network<\/span><\/p>\nCorrect Answer: C<\/b><\/p>\n
Explanation:\u00a0<\/b><\/p>\n
Main purpose of using<\/span> VLANs is micro segmentation. If two VLANs are talking to each other then segmentation is not there and if one vlan is hacked by an external hacker, he would be able to get access to the entire network.<\/span><\/p>\nOptions A and B are incorrect <\/b>since in both cases VLAN is providing proper network segmentation.<\/span><\/p>\nOption C is correct <\/b>since network segmentation is not happening here and this could lead to network security threat.<\/span><\/p>\nOption D is not correct <\/b>since proper network segmentation is in place here.<\/span><\/p>\nReference:\u00a0<\/b><\/p>\n
ISC2 Self-Paced Course \u2013 Chapter 4-Module 3: Understand Network Security Infrastructure<\/p>\n
<\/span>Domain: Network Security\u00a0<\/b><\/span><\/h3>\nQuestion 7: <\/b>Which of the below technologies\/protocols does not necessarily provide encryption?<\/strong><\/p>\n A. <\/strong>SSH<\/span>
\n B. <\/strong>TLS<\/span>