Question 1mediummultiple choice
Read the full Protection of Information Assets explanation →CISA Protection of Information Assets • Complete Question Bank
Complete CISA Protection of Information Assets question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` # cat /etc/shadow | grep -E "^(root|admin|test):" root:$6$xyz...$abc:18000:0:99999:7::: admin:!:18001:0:99999:7::: test:$6$def...$ghi:18001:0:99999:7::: ```
Refer to the exhibit.
```
# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
```Refer to the exhibit. ``` [Storage Policy: HR_Data] Retention: 7 years Encryption: AES-256 Access: Restricted (HR Managers only) Backup: Daily, stored in Offsite Vault Last Compliance Check: 2023-02-15 Status: Non-compliant (Reason: Backup media not encrypted) ```
Refer to the exhibit. Exhibit: Firewall rule excerpt (Cisco ASA) access-list INSIDE extended permit tcp 10.1.1.0 255.255.255.0 any eq 443 access-list INSIDE extended permit udp 10.1.1.0 255.255.255.0 host 10.2.2.10 eq 53 access-list INSIDE extended deny ip any any interface GigabitEthernet0/0 nameif INSIDE security-level 100 ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet0/1 nameif OUTSIDE security-level 0 ip address 192.168.1.1 255.255.255.0 route OUTSIDE 0.0.0.0 0.0.0.0 192.168.1.254 1
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Preventive
Detective
Corrective
Administrative
Technical
Drag a concept onto its matching description — or click a concept then click the description.
Financial reporting controls
Payment card data security
Health information privacy
Personal data protection
Refer to the exhibit.
```
# show access-lists
Extended IP access list 101
10 permit tcp 192.168.1.0 0.0.0.255 any eq 443
20 permit tcp 192.168.2.0 0.0.0.255 any eq 80
30 deny ip any any log
```Refer to the exhibit.
```
{
"PolicyName": "DataRetentionPolicy",
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::corporate-data-archive/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
```Refer to the exhibit. ``` [Error] Authentication failed for user 'john.doe' from IP 10.0.0.5. Timestamp: 2024-03-21 14:32:15 UTC Log Source: RADIUS Server Additional Info: Invalid certificate CN in client certificate. ```
Access Control List (ACL) applied to interface GigabitEthernet0/0: permit ip host 10.0.0.1 any deny ip 10.0.0.0/24 any permit ip any any
Configuration snippet from a Windows server security policy: Password Policy: Enforce password history: 5 passwords remembered Maximum password age: 90 days Minimum password age: 1 day Minimum password length: 8 characters Complexity requirements: Enabled Account Lockout Policy: Account lockout threshold: 5 invalid logon attempts Account lockout duration: 15 minutes Reset account lockout counter after: 15 minutes
SAML 2.0 Response excerpt:
<saml:Assertion>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml:NameID>
</saml:Subject>
<saml:Conditions NotBefore="2024-01-01T00:00:00Z" NotOnOrAfter="2024-01-01T00:00:30Z" />
<saml:AuthnStatement>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>Refer to the exhibit.
Exhibit:
Configuration file for an Amazon S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Refer to the exhibit. Exhibit: Output from a database audit log: Timestamp: 2024-03-15 14:23:45 User: john.doe Action: SELECT Table: Employee_salaries Rows: 500 Source_IP: 10.0.0.15 Query: SELECT salary FROM Employee_salaries WHERE department = 'Executive'
Refer to the exhibit. Exhibit: Extract from a server audit log: [2024-03-20 08:12:34] User: admin (privileged) executed: cmd.exe /c "taskkill /F /IM svchost.exe" [2024-03-20 08:12:37] System event: Service 'Windows Update' stopped unexpectedly. [2024-03-20 08:12:40] System event: Security Center service stopped. [2024-03-20 08:12:45] Network connection from 10.0.0.50 to 203.0.113.5 on port 4444 (outbound) established.
access-list 100 permit tcp any host 10.1.1.100 eq 443 access-list 100 permit tcp any host 10.1.1.100 eq 22 access-list 100 deny ip any any
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}Event 4648: A logon was attempted using explicit credentials. Subject: Account Name: svc_backup Target Account: KORP\administrator Target Server: FILESRV01 Process Name: C:\Windows\System32\wbem\wmiprvse.exe
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "123456789012"
}
}
}
]
}-rw-rw-rw- 1 root root 1024 Jan 1 12:00 sensitive.txt