09 Network Security
Mini Quiz Answers

Question 1: A security administrator plans to enhance the security posture of an organization. The administrator starts by documenting the current state of all system configurations and intends to establish a foundation to enforce security standards. Which security technique is the security administrator preparing to implement that ensures consistent application of security configurations across all systems?

Question 1 Explanation: Secure baselines involves documenting the current configuration to apply consistent security configurations across all systems.

Patch management refers to the process of updating software to remediate vulnerabilities, nothing to do with configurations.

MFA is an authentication tool.

An IDS (Intrusion Detection System) monitors for malicious activity and policy violations but does not enforce configurations.

Question 2: During a wireless site survey, a network engineer discovers that the Wi-Fi signal extends 50 feet beyond the building perimeter into the parking lot, allowing potential attackers to connect from outside the physical facility. Which wireless security practice should have been implemented during the initial design phase to prevent this?

Question 2 Explanation: Implementing WPA3-Enterprise encryption provides strong encryption for wireless traffic but does not prevent signals from travelling beyond the physical building perimeter.

Conducting proper site surveys with heat maps to ensure appropriate placement of WAPs would have revealed the signal leakage, allowing adjustment of access point placement or power levels to contain the signal.

Enabling MAC address filtering only restricts which specific devices can connect based on hardware addresses, it does not help with Wi-Fi signal leakage.

Disabling SSID broadcasts only hides the network name from casual discovery but does not prevent the actual radio signal from travelling beyond the building.

Question 3: A coffee shop wants to provide encrypted Wi-Fi access for customers without requiring passwords, while ensuring that traffic cannot be decrypted even on an "open" network. Which feature supports this requirement?

Question 3 Explanation: SAE (Simultaneous Authentication of Equals) is the authentication mechanism used in WPA3-Personal that requires a password, but the question specifies no password.

Enhanced Open provides encryption for open networks without requiring users to enter passwords, ensuring that traffic cannot be easily decrypted even on publicly accessible networks.

PSK (Pre-Shared Key) requires users to possess a shared password to access the encrypted network, which contradicts the requirement for password-free access.

DPP (Device Provisioning Protocol) facilitates easy Wi-Fi configuration but does not inherently provide the encryption capability for open networks described in the question.

Question 4: A security administrator reviews the network configurations of a recently deployed server. The administrator notices that certain unnecessary services have access to the server, potentially creating vulnerabilities. The administrator decides to refine the Access Control List (ACL) to enhance the server's security. Which action will the security administrator MOST likely take when refining the ACL to ensure that only necessary services communicate with the server, thereby reducing potential attack vectors?

Question 4 Explanation: Permitting all incoming traffic violates the principle of least privilege and leaves the server exposed to unnecessary attack vectors.

Permitting traffic only from trusted MAC addresses provides limited security since MAC addresses can be easily spoofed by attackers.

Denying all traffic and allowing exceptions based on business requirements (deny by default) implements the principle of implicit deny, ensuring that only specifically authorized services and sources can communicate with the server while blocking all other unnecessary traffic.

Implementing a stateful firewall does not specifically mention any rules that would help with this situation.

Question 5: A mid-sized healthcare organization needs to harden their Windows 11 workstations. They search for consensus-based configuration guides developed by cybersecurity professionals worldwide that provide step-by-step hardening instructions. Which hardening standard should they implement?

Question 5 Explanation: STIG provides hardening guidance specific to US Department of Defense systems and federal requirements rather than being consensus-based guides developed by cybersecurity professionals worldwide for general use.

CIS Benchmarks are consensus-based configuration guides developed through collaboration with security professionals around the world, providing step-by-step hardening instructions specifically tailored for various operating systems.

ISO 27001 controls provide a high-level framework for compliance, rather than detailed technical configuration guides for hardening specific operating systems.

PCI-DSS requirements focus specifically on protecting payment card data and processing systems.

Question 6: An organisation needs to enforce configuration management across 1,000 servers. They require a solution that can retrieve and apply configuration updates. Which configuration management solution BEST fits this requirement?

Question 6 Explanation: Automating configuration management with Ansible or Puppet helps automate the deployment retrieval and application of configuration updates across large numbers of servers.

Instructing administrators to perform all configuration updates manually is not scalable for 1,000 servers, would be extremely time-consuming and error-prone.

Writing a Bash script for every server does not provide centralized management and is time consuming.

SCAP (Security Content Automation Protocol) provides standards for checking compliance.

Question 7: During a security audit, an assessor discovers that a Windows Server has Telnet, TFTP, and the Windows Fax and Scan services enabled despite the application never using these features. These unnecessary services present potential attack vectors that could be exploited. Which hardening baseline practice addresses this finding?

Question 7 Explanation: The principle of least privilege applies to restricting user access rights and permissions, it does not refer to disabling features or services.

Attack surface reduction is the hardening practice that involves disabling or removing unnecessary services features and protocols to minimize the number of potential entry points.

Mandatory Access Control is a type of access control for accessing files or resources.

Segregation of duties is an administrative control that divides responsibilities among different people to prevent fraud and errors.

Question 8: A large organization faces increasing threats from unauthorized devices trying to gain access to its network. The Chief Information Security Officer (CISO) wants to modify the company's network infrastructure to incorporate a more rigorous method of validating users and devices before granting them access to resources. Which network access control method should the CISO implement to ensure rigorous validation of both users and devices, offering the highest level of security against unauthorized access to the company's network resources?

Question 8 Explanation: 802.1X is the standard for port-based network access control that provides rigorous authentication of both users and devices before granting network access (typically using RADIUS servers).

Media Access Control address filtering can be easily spoofed by attackers.

A VPN concentrator manages remote access VPN connections for users connecting from outside the network rather than controlling access for devices attempting to connect to the internal network infrastructure.

A stateless firewall filters traffic based on source and destination addresses and ports, but does not perform rigorous validation of users and devices before granting access to network resources.

Question 9: A newly-hired cybersecurity manager of a software company is evaluating the intrusion detection and intrusion prevention capabilities of the company. The manager is concerned about unusual activity that differs from normal corporate operations. What method would best detect this activity?

Question 9 Explanation: Signature-based detection relies on matching known patterns of attacks and would not detect unusual activity that differs from normal operations.

Packet sniffing is merely the act of capturing network traffic for analysis and does not inherently detect anomalous behavior.

User and Entity Behavioural Analytics establishes baselines of normal user and system behavior, then uses algorithms and machine learning to detect deviations and anomalies that differ from standard corporate operations, making it ideal for identifying unusual activity that does not match known attack patterns.

Network traffic analysis examines network communications and data but is a broad category that may not specifically focus on behavioral baselines.

Question 10: A DevOps team notices that production servers have gradually deviated from their original secure baselines over the past year due to manual emergency fixes, temporary software installations, and undocumented configuration changes made during incident response. This accumulation of changes has created security inconsistencies and exploitable gaps across the environment. What is this phenomenon called?