Question 1
Table of Contents
Can you really prepare for zero-day vulnerabilities?
Answer
I think so, by having in place an Information Security Management System (ISMS) in which the organization’s information assets have been reliably identified and the relevant security controls for such incidents have been implemented. Remember that, at all times, we must address the mitigation of vulnerabilities of this type of incident.
It’s very hard to to prevent for zero-day vulnerabilities but preparing to reduce the attack surface might lead you readiness to zero-day vulnerabilities. If is not discover, does not mean it is not vulnerable. However, we can use threat hunting to proactively improve security defenses.
Yes, you prepare for anything by knowing everything. If you know what components are required by your architecture, and if your architecture is properly designed, you can turn off minimal functions while waiting for the permanent fix.
I don’t think you really can but that’s one of the things I look to the newsletters for! I keep things as patched as I can and work to keep unused ports inaccessible but what do you do if a software flaw uses a commonly used port? I think you can only try and minimize what risks you can and monitor news of patches. I try to keep our products as patched as possible.
Question 2
How can system administrators reduce the risk of an attack? What is the best way for them to support the cybersecurity team?
Answer
System administrators can help the cybersecurity team applying the hardening guidelines that we have provided to them and correctly configure any device in order to not generate error events that can mess-up our incident detection system (other than reduce the possible attack surface). The system administrators must follow our patch procedure applying and checking all the patches provided by vendors.
Tighten your current security system. Your system and all the software your organization uses offer guidelines for maximizing security controls that you should follow. Some are as simple as turning off unnecessary services or using the lowest privileges settings. Use patches. All it takes is a tiny hole in your system for hackers to poke their way in.
It’s critical to run regular scans of your security system and all software to keep them updated with patches. Protect outbound data. Just as you protect your system from incoming malware and bots with a firewall, you need to make sure certain data never leaves your system. It’s important to focus on egress filtering to prevent rogue employees or employees making honest mistakes from releasing sensitive data or malicious software from your network.
What can a systems administrator do to protect against them? Defending systems against unauthorized access. Performing vulnerability and penetration tests. Monitoring traffic for suspicious activity. Configuring and supporting security tools like firewalls, antivirus, and IDS/IPS software.
For reducing the risk, a Sys Admin can also assess and manage risks, establish extensive cyber security policies, set strict password management rules, secure access to critical systems, separate duties, secure hardware & deploy reliable monitoring solution. However, the best way depends on a case-to-case basis.
System administrator can help cyber security team by working as team during pre/post deployment. I believe the new concept of purple teaming whereby each department sit down together as one to discuss, elaborate, and share experience regarding the impact of having infrastructure without cybersecurity in their mind – not to blame them because they were not cybersecurity aware!
Question 3
Is machine learning a truly applicable solution to modern cybersecurity issues?
Answer
Not sure. The term ‘machine learning’ covers many activities. It may detect anomalous activity, but it most likely will not detect heuristic anomalies well. It could be a valuable tool, but only when used alongside capable system administrators and well-trained and well-motivated colleagues.
Yes, but within a specific context. The data gathering and data combing (i.e., search through logs for exceptions and anomalies) is best done by a machine that doesn’t get tired. However, that means the organization must first define what parameters must be watched, and what decisions are to be supported. Buying an appliance with ML included doesn’t accomplish what the organization has to do for itself in advance of buying the technology.
I think it definitely will be as time goes on. Machine learning can run 24/7 and after it truly nails down the patterns of attack can be set to hunt for and install patches and run playbook-like protection measures. It would need the guidance of cybersecurity professionals but would make a great asset.
Question 4
When you use vulnerability scan tools, how do you deal with false positive or false negative findings?
Answer
We are currently levering manual check or chain the findings to different scanner for cross validation. In the future, we can consider feigned the false positive or false negative findings to machine learning models to filter out low risk ones and reduce the load of manual checking or different scanner cross validation.
In my experience, that will depend on the maturity level of the organization. The more training you have, the easier it is to identify false positives. It requires the team to be constantly learning and as much as possible with access to state-of-the-art tools for this purpose.
The business data was covered by another device, and this was attacked (an OpenBSD server) with no success, it was a just a proxy. However, since that day everything is logged and if an anomaly is found is considered a possible attack.
My answer is surely incomplete, however, we are a small team, since is a local consultant group, but I am trying to step up my game since there is little to no interest on my state (Mexico) to do something to keep data safe, passwords hashed, software updated, etc.
Question 5
Which of the following best describes a container?
A. An OS used on software to imitate hardware
B. The center of a computer’s OS
C. A software package that contains applications for deployment across environments
D. A system software that controls system communication
Answer
C. A software package that contains applications for deployment across environments
Explanation
Containers are essentially a way to virtualize a machine’s resources. They contain all the necessary parts to run software and reduce deployment resources needed.
Question 6
True or false: Containers are VMs.
A. True
B. False
Answer
B. False
Explanation
A common misconception about containers is that they are just lightweight VMs. While containers and VMs both offer ways to provision and use computer resources — such as I/O, processors and memory — they differ in many ways. VMs are OSes installed on a machine to mimic the requisite hardware. Each VM contains its own designated OS that works in isolation from other VMs on the same system. In contrast, containers have only one OS for the entire system. Consequently, VMs are often more secure than containers because of that resource and data isolation, whereas a compromised container can risk the entire ecosystem.
Question 7
Which of the following is not a type of container image?
A. Application image
B. Top image
C. Base image
D. Intermediate image
Answer
B. Top image
Explanation
The three most common container images include base images as the first layer on top of the OS; intermediate images that provide available languages for runtimes; and application images that make up a database of ready-to-use information stored within the container. This layered image system enables containers to maintain, share and reuse all components and deploy isolated processes.
Question 8
Where are container images stored?
A. A node
B. A repository
C. A unit
D. A data center
Answer
B. A repository
Explanation
Instead of creating code files for every deployment, containers store images in repositories that can be extracted for use when needed.
Question 9
True or false: A container repository and a container registry are the same thing.
A. True
B. False
Answer
B. False
Explanation
While it can be easy to confuse the two, they are different: A container repository stores collections of container images for setup and deployment, whereas a registry is a collection of repositories that store container images. Container registries can store multiple repositories, in addition to API paths and access control rules.
Question 10
What are the primary components of an operational container ecosystem?
A. Files
B. Environment variables
C. Dependencies
D. Libraries
E. All of the above
Answer
E. All of the above
Explanation
Files, environment variables, dependencies and libraries are all necessary to run a container. Within these components, hosting, connectivity, orchestration and work distribution are the main elements necessary to create an ecosystem for smooth development and deployments. Each component helps standardize a container and create consistency throughout its lifecycle.
Question 11
True or false: A container uses only one OS to carry out all functions.
A. True
B. False
Answer
A. True
Explanation
A container environment requires only one host OS for all containers within that system — regardless of how many there are. This means they are much smaller in size, consume less memory than VMs and can number into the thousands. However, a common OS does pose a security threat for containerized environments, as any security breach can expose the whole ecosystem.
Question 12
Which of the following is a disadvantage of using containers?
A. Immutability
B. Speed
C. Storage
D. Size
Answer
C. Storage
Explanation
Containers are stateless: When a container shuts down, all the data it contains disappears. For data to remain, the application must be designed to store it externally. Storage tools, such as Docker Data Volumes and Rook, support persistent storage and enable data to be saved after the container is destroyed.
Question 13
What are the benefits of container management?
A. Help admins run and maintain applications without manual intervention
B. Automate the process of making applications
C. Check the health and status of a container
D. All of the above
Answer
D. All of the above
Explanation
Container management can be complex, and it is important that all staff is trained in the necessary skills to carry out the task. IT organizations should create a strategy upfront and evaluate their options to ensure they choose the right vendor or tools to fit their needs.
Question 14
How do application containers differ from system containers?
A. They are the same.
B. Application containerization is an OS-level process of virtualizing a container to run apps.
C. Application containers organize container images within containers.
D. None of the above
Answer
B. Application containerization is an OS-level process of virtualizing a container to run apps.
Explanation
Application containers are a method of application virtualization, while system containers focus on running an entire OS inside a container. Application containerization expands a container’s capabilities and helps with creation and maintenance. It focuses on software development that isolates processes on a shared OS kernel. System containers move application requests to components within the application container but do not mimic hardware. However, both application and system containers extend processes on the host system.
Question 15
True or false: VMs and containers cannot be used together.
A. True
B. False
Answer
B. False
Explanation
VMs and containers can exist in the same environment or on the same server. However, while it is possible — and common — for containers to run on VMs, VMs should not be deployed within a container.
Question 16
A classic application of graph analytics in action is:
A. Bank account transactions
B. An inventory list
C. A recommendation engine
Answer
C. A recommendation engine
Explanation
Recommendation engines suggest products to consumers based on previous purchases and purchases made by similar buyers. They examine complex relationships between trends, relationships between products and relationships between comparable customers. Considerations between these different data points are more obvious to plot with graph analytics.
Question 17
How do graph data analytics help with data visualization?
A. They map connections between nodes to show relationships
B. It’s easier to analyze data in a graph format
C. They ignore unusual relationships, making high-level analytics clearer
Answer
A. They map connections between nodes to show relationships
Explanation
Graphs treat the relationships between nodes as additional data, making it easy to visualize the map between point A to point B to point C. Seeing these connections makes visualizations easier, and makes relationship-driven decision-making easier.
Question 18
True or false? A graph database falls under the categorization of relational databases.
A. True
B. False
Answer
B. False
Explanation
While graph data analytics are best known for prioritizing relationships between data, they are not considered relational databases. Graph databases are categorized as NoSQL.
Question 19
What factor is holding back graph analytics adoption the most?
A. The cost of implementing graph databases typically outweigh the benefits
B. The technology isn’t easy for business users to operate
C. Graph technology hasn’t advanced enough in recent years
Answer
B. The technology isn’t easy for business users to operate
Explanation
Gartner expects the market for graph data analytics to expand in the next few years and many use cases can benefit from their application, but the technology isn’t the easiest for end users. Data scientists are the most common graph database users, not business analysts.
Question 20
What makes graph databases unique?
A. They treat relationships between nodes as data
B. It’s easier to add data to a graph database than any other database
C. Graph databases are the easiest to query
Answer
A. They treat relationships between nodes as data
Explanation
Connections between data points are treated as additional data. Relational databases map the connections between data points using tables, but graph databases prioritize relationships between data points, which often exhibit more complex relationships.
Question 21
True or false? Graph data analytics are only available to large organizations because of their cost.
A. True
B. False
Answer
B. False
Explanation
Larger organizations with larger data sets typically see a benefit from implementing graph technology. But smaller organizations, especially ones focusing on AI, fraud or commerce, can also take advantage of graph analytics.