Zero Day Attacks
teancum144
Member Posts: 229 ■■■□□□□□□□
in Network+
Below are similar questions from two different test banks. However the answers are different. If I encounter a similar question on the N10-004 test tomorrow, what should I answer?
The boss has just read an article about zero-day attacks and rushes into your office in a panic, demanding to know what you'll do to save the company network. What security technique would best protect against such attacks?
A. keep antivirus definitions updated.
B. Use aggressive patch management.
C. Implement user awareness training.
D. Implement effective security policies.
Test bank answer: D
Which of the following security mitigation techniques is the MOST effective against zero-day attacks?
A. Update antivirus definitions
B. MAC filtering
C. Effective security policies
D. User awareness training
Test bank answer: D
The boss has just read an article about zero-day attacks and rushes into your office in a panic, demanding to know what you'll do to save the company network. What security technique would best protect against such attacks?
A. keep antivirus definitions updated.
B. Use aggressive patch management.
C. Implement user awareness training.
D. Implement effective security policies.
Test bank answer: D
Which of the following security mitigation techniques is the MOST effective against zero-day attacks?
A. Update antivirus definitions
B. MAC filtering
C. Effective security policies
D. User awareness training
Test bank answer: D
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
ChooseLife Member Posts: 941 ■■■■■■■□□□I think both answers are good.“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
JDMurray Admin Posts: 13,092 AdminBoth exam items are basically asking the same question, they both have the same two answers, yet the correct answer choice is different for each item?
Give the two choices of "effective security policies" and "user awareness training," which one is the best defense against zero-day attacks?
From the two exam items given, the correct choices would be either C & D or D & C. They both can't be D. -
Zectel Registered Users Posts: 5 ■□□□□□□□□□If both of these questions are correct, the only logical explanation of this is the way the questions are worded so you have to dissect the semantics. One puts it vaguely at "security techniques" and the other gets a little more specific by adding "security migration techniques."
The best overall security technique, I would think, would definitely be effective security policies on the network, but if you want the best security "mitigation" technique, you might see how "user awareness training" can be the best answer since you can be migrating information from one person to the other in order to protect your network. An even simpler way to look at it is people migrate and security policies in this situation wouldn't be. -
JDMurray Admin Posts: 13,092 AdminI think you are too thinly slicing the semantics of what is a basic security exam item. Policies are useless without the user awareness training that forces the users to read and agree to the "what" of the polices. That's true whether including the term mitigation or not. The answer to the first item is incorrect.
-
teancum144 Member Posts: 229 ■■■□□□□□□□From the two exam items given, the correct choices would be either C & D or D & C. They both can't be D.If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
-
the_hutch Banned Posts: 827I kinda think both of those questions are kinda bullshit... You don't implement good security policy or awareness training to protect your organization from zero-day attacks. Zero day attacks by definition have no effective countermeasure. By definition, the only risk management option in this case is risk acceptance. There is no way to effectivley mitigate them, and you would never tell your boss that you protect against zero days because "you have good security policy and/or awareness training." That's how you get fired when somebody exploits a zero-day vulnerability and you had mislead the boss to believe it was taken care of because of security policy. You would tell your boss that its a risk that he must accept...and explain to him why. That being said...try not to think too much when taking a comptia exam. It will get you into trouble.
-
JDMurray Admin Posts: 13,092 AdminWell, that's a whole 'nother ballgame.
The best possible answer is, "Unplug your network from the Internet and don't let anyone touch your systems--including the users." However, this isn't practical. The best practical answer is, "Reduce your attack surface by uninstalling unnecessary applications." The fewer the entry points the less chance of a zero-day being discovered or exploited. Not a quick solution, but it's typically the most effective.
However, in the universe of cert exam questions, you can only work with the answers given. -
ptilsen Member Posts: 2,835 ■■■■■■■■■■You don't implement good security policy or awareness training to protect your organization from zero-day attacks. Zero day attacks by definition have no effective countermeasure. By definition, the only risk management option in this case is risk acceptance. There is no way to effectivley mitigate them
I disagree. A zero-day attack is exploitation of a specific vulnerability. It does not mean that the vulnerability in question can be exploited in all instances nor does it mean that it cannot be mitigated against. For example, an RPC vulnerability may have a zero-day expoit, but good policies on separating systems and networks can still prevent the vulnerability from being exploited and/or limit the scope of the exploit to certain systems. This is mitigation, rather than elimination of the vulnerability.
The second question is better-phrased in this regard because it focuses on mitigation against the attack, rather than "defense". It's an important distinction, because as you said, a zero-day exploit it cannot be defended against or prevented, but as I am saying its effects can still be mitigated. -
the_hutch Banned Posts: 827You're right. My point was there, but I mispoke when using the term mitigation. I will concede to your distinction between prevention and mitigation.
-
the_hutch Banned Posts: 827My reply was mostly in response to the idea of a panicked boss running into your office asking what you are going to do about Zero Days. And you responding with..."all is as it should be sir...our security policy is sound"
-
ptilsen Member Posts: 2,835 ■■■■■■■■■■Gotcha, and that's fair. With anything of that nature, I think the idea is managing expectations. I would tell the boss that by definition, we cannot patch vulnerabilities before they are exploited in the case of zero-day exploits, but that we can help prevent the chances and limit the effects of exploitation through good security policies. I would also indicate that we have effective policies in place to respond to such attacks in a timely and effective manner.
All of this is of course assuming we actually have good policies and posture in place. If not, I would use it as an opportunity to get the business on board with making the changes and getting the resources necessary to effect good security policies. -
JDMurray Admin Posts: 13,092 AdminThe second question is better-phrased in this regard because it focuses on mitigation against the attack, rather than "defense". It's an important distinction, because as you said, a zero-day exploit it cannot be defended against or prevented, but as I am saying its effects can still be mitigated.
-
ptilsen Member Posts: 2,835 ■■■■■■■■■■Perhaps I'm interpreting defense as "definitively preventing", which in hindsight is probably not a good interpretation. I do prefer the word "mitigate" to "defense" in this context, but I would interpret the question the same either way.
-
Jasiono Member Posts: 896 ■■■■□□□□□□I kinda think both of those questions are kinda bullshit... You don't implement good security policy or awareness training to protect your organization from zero-day attacks.
Exactly what I was thinking when I read those questions. Glad I'm not the only one