FREE NSA Cybersecurity Knowledge Questions and Answers
You need to configure a Unified Threat Management(UTM) security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?
Explanation:
URL Filter is the most likely configuration because it allows you to block access to specific websites or categories of websites based on their URLs. By configuring a URL filter on the Unified Threat Management (UTM) security appliance to restrict traffic going to social media sites, you can effectively control and enforce internet usage policies within your organization, enhancing security and productivity.
Which type of virtualization allows a computer's operating system kernel to run multiple isolated instances of a guest virtual machine, with each guest sharing the kernel?
Explanation:
Container Virtualization is the best description because it allows a computer's operating system kernel to run multiple isolated instances of a guest virtual machine, with each guest sharing the kernel. In container virtualization, applications and their dependencies are packaged together as containers, which share the host operating system's kernel while remaining isolated from each other. This approach offers lightweight and efficient virtualization compared to traditional hypervisor-based virtualization.
Louie hid several plaintext documents within an image file. He then sent the image file to Tony. Which of the following BEST describes the purpose of his action?
Explanation:
Obfuscation is the best description because Louie's action involves hiding plaintext documents within an image file, which obscures the true nature of the data. Obfuscation aims to make data or code more difficult to understand or interpret, often for the purpose of concealing information or thwarting analysis by unauthorized parties.
Attackers have recently launched several attacks against servers in your organization's DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice?
Explanation:
An in-band IPS is the best choice because it operates directly within the network traffic path, allowing it to inspect and block malicious activity in real time. This proactive approach can effectively prevent attacks by identifying and blocking malicious traffic before it reaches the targeted servers in the DMZ, thereby enhancing the security posture of the organization's network.
Lisa is enabling The Network Time Protocol(NTP) on some servers within the DMZ. Which of the following uses cases is she MOST likely supporting with this action?
Explanation:
Time Synchronization is the most likely use case because the Network Time Protocol (NTP) is primarily used to synchronize the clocks of computers and network devices within a network. By enabling NTP on servers within the DMZ (Demilitarized Zone), Lisa ensures that the servers' system clocks are synchronized accurately with a reference time source. This is crucial for maintaining consistency in timestamps for logging, authentication, and other time-sensitive operations across the network.
You need to transmit PII via email and you want to maintain its confidentiality. Which of the following choices is the BEST solution?
Explanation:
Encrypt it before sending is the best solution because encryption ensures that the content of the email is scrambled in such a way that only the sender and the intended recipient can decipher it using encryption keys. This helps safeguard the confidentiality of the Personally Identifiable Information (PII) during transmission.
Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this primarily support?
Explanation:
Supporting non-repudiation is the primary use case for mandating the use of digital signatures. Digital signatures provide a way to verify the authenticity and integrity of electronic documents or messages, thereby ensuring that the sender cannot later deny having sent the message or document. This helps establish accountability and trust in electronic transactions within the organization.
You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?
Explanation:
Firewall is the best description because iptables is a software-based firewall solution commonly used on Linux systems to inspect and handle network-based traffic. By configuring iptables rules, you can control the flow of traffic to and from the Linux computer, allowing it to act as a firewall to protect the network from unauthorized access and malicious activity.
Which type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any
Explanation:
Firewall is the correct answer because the provided entries represent firewall rules that allow or deny specific types of traffic based on source, destination, and port numbers. In this case, the entries permit traffic on ports 80 (HTTP) and 443 (HTTPS) while denying all other traffic. This configuration is commonly found in firewall devices, which enforce security policies by filtering and controlling network traffic based on defined rules.
Your organization has implemented a Virtual Desktop Infrastructure (VDI) for most users. When a user logs off, the desktop reverts to its original state without saving any changes made by the user. Which of the following BEST describes this behavior?
Explanation:
Non-Persistence is the best description because the desktop environment reverts to its original state without saving any changes made by the user upon logoff. This behavior is characteristic of non-persistent VDI configurations, where changes made by users during their sessions are discarded, ensuring a clean and consistent desktop environment for each user session.
You are preparing to deploy a heuristic-based detection system to monitor network activity. Which of the following would you create first?
Explanation:
Baseline is the best description because before deploying a heuristic-based detection system to monitor network activity, you would create a baseline to establish a reference point for normal network behavior. This baseline helps the system identify deviations or anomalies that may indicate suspicious or malicious activity. By establishing a baseline, you can enhance the accuracy and effectiveness of the heuristic-based detection system in identifying potential threats.