Chapter 57 Β· Quiz

Hardening Techniques Quiz

6 multiple-choice questions + 1 matching section. Select your answers, then click Submit.

Question 1 of 6
A security analyst discovers that a workstation was compromised by a novel ransomware variant with no existing antivirus signature. The ransomware was delivered via a phishing email attachment: the user opened a Word document containing a macro, which spawned PowerShell, which downloaded and executed the ransomware payload. Which endpoint security technology would have been MOST likely to detect and block this attack despite the absence of an antivirus signature?
Question 2 of 6
An organization's penetration tester successfully logs into a network router's management interface on the first attempt without any prior reconnaissance of the specific device's credentials. Which hardening failure MOST directly enabled this access?
Question 3 of 6
During a hardening assessment, a security engineer uses Nmap to scan a production database server and discovers that port 23 (Telnet) and port 21 (FTP) are open in addition to the expected port 1433 (SQL Server). What is the MOST appropriate immediate remediation for these findings?
Question 4 of 6
A user's workstation is infected with malware. The malware attempts to: (1) install a kernel-mode driver for keylogging; (2) stop the endpoint detection service; (3) write files to C:\Windows\System32\. All three actions FAIL. The workstation user is configured as a standard (non-administrator) account. Which hardening control is responsible for preventing all three actions?
Question 5 of 6
A vulnerability scan reveals that 200 workstations have a critical unpatched vulnerability in a version of Java that was installed 2 years ago as a dependency for a legacy application now decommissioned. No users on these workstations have any need for Java. What is the MOST appropriate hardening action?
Question 6 of 6
A host-based firewall provides capabilities that a network perimeter firewall cannot. Which capability is UNIQUE to host-based firewalls compared to traditional network firewalls?

Matching β€” Hardening Concepts

Match each term on the left to its correct description on the right.

1. EDR
2. HIPS
3. Nmap
4. Removal of Unnecessary Software
A. A hardening practice that permanently eliminates attack surface by uninstalling applications, OS components, and features not required for the system's function β€” removing the risk entirely rather than patching or restricting it
B. An endpoint security platform that detects threats using signatures, behavioral analysis, machine learning, and process monitoring; investigates through root cause analysis; and autonomously responds by isolating the system, quarantining threats, and rolling back configurations
C. A network scanning tool used during hardening assessments to discover open ports and running services on systems β€” the standard method for creating a port baseline, verifying post-hardening changes, and detecting new open ports in ongoing monitoring
D. A security control integrated into endpoint protection platforms that monitors OS-level activity β€” including memory access, registry modifications, and file system writes to protected directories β€” and blocks malicious actions such as buffer overflows and unauthorized kernel driver installation before they complete