Security + Attempt 1 Flashcards by Daniel Bowley

In a large healthcare organization, multiple departments handle sensitive patient data. Each department requires access to different applications and systems to carry out its tasks efficiently. However, granting broad access rights through long-lived authentication tokens poses security risks. What solution should the IT department implement while adhering to the principle of least privilege and securing sensitive patient data?

Multi-Factor Authentication (MFA)
Open Authorization (OAuth)
JSON Web Token (JWT)
Kerberos

Open Authorization (OAuth)

OAuth (Open Authorization) is a widely used authentication framework that enables secure authorization between different services and aligns with the principle of least privilege.

How well did you know this?

Not at all

Perfectly

To address the escalating operational costs and complexities stemming from multiple standalone applications, an organization plans to restructure its software deployment process. They want to minimize overhead, increase flexibility in development environments, and enhance the efficient use of system resources. What approach would be the MOST effective?

Hybrid cloud infrastructure
Containerization
Virtualization
Microservices

Containerization

How well did you know this?

Not at all

Perfectly

A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail?

Content categorization
Uniform resource locators (URL) scanning
Reputation-based filtering
Block rules

Content categorization

Content categorization classifies websites into categories such as social networking, gambling, adult content, webmail, and many others.

How well did you know this?

Not at all

Perfectly

Which feature of web filtering is the MOST effective for organizations aiming to reduce the risk of malware infections by blocking access to websites known for hosting malicious content?

Block rules
Content categorization
Uniform Resource Locator (URL) scanning
Reputation-based filtering

Uniform Resource Locator (URL) scanning

URL scanning examines the URLs requested by users and can block access to specific URLs known to host malicious content, be inappropriate, or violate the company’s Internet usage policy.

How well did you know this?

Not at all

Perfectly

After a recent breach, an organization mandates increased monitoring of corporate email accounts. What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations?

Antivirus (A-V)
Data loss prevention (DLP)
Simple Network Management Protocol (SNMP) trap
Security content automation protocol (SCAP)

Data loss prevention (DLP)

How well did you know this?

Not at all

Perfectly

A cyber engineer enhances processes and controls surrounding exposures and vulnerabilities to meet all regulatory requirements before a year-end inspection. What focuses on key aspects of the organization’s cybersecurity strategy, including prioritization, considerations of exposure, and risk tolerance contexts?

open-source intelligence (OSINT)
Vulnerability analysis
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)

Vulnerability analysis

How well did you know this?

Not at all

Perfectly

A manufacturing company’s security manager plans to implement corrective operational controls to mitigate potential security threats. Which of the following instances would be the appropriate control?

Regular penetration testing to uncover potential vulnerabilities
A firewall that prevents unauthorized access to the network
A security camera system monitoring the premises
Enabling continuous monitoring to disable abnormal accounts

Enabling continuous monitoring to disable abnormal accounts

How well did you know this?

Not at all

Perfectly

Employees in a large financial institution regularly access their work accounts and systems to process transactions and manage client data. To enhance security, the IT department has implemented a password policy that requires employees to change their passwords every ninety days. However, some employees need help remembering new passwords, leading to frequent password reset requests. This process increases the workload for IT support and may lead to security risks if employees choose weak passwords to simplify the process. The IT department is exploring alternative password expiration concepts to balance security and user convenience. What concept should the IT department consider to address the challenges related to password expiration and enhance security while reducing password reset requests?

Enforcing complex password requirements
Password rotation with a longer expiration period
Implementing biometric authentication
Enabling Single Sign-On (SSO) for user convenience

Password rotation with a longer expiration period

How well did you know this?

Not at all

Perfectly

A medium-sized organization is undergoing an audit for its information security practices. As a security analyst, the auditor seeks to assess the organization’s use of an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor focus on to ensure the organization meets the standards set for information security?

The AUP includes the number of allowed password attempts before locking an account.
The AUP includes clear consequences for noncompliance.
The AUP includes guidance for personal use of organizational resources.
The AUP includes a list of approved software for each department.

The AUP includes clear consequences for noncompliance.

How well did you know this?

Not at all

Perfectly

A major corporation seeks to strengthen its security measures following a recent breach. The actor breached information regarding those not associated with the organization and exploited a weakness in the organization’s physical defenses to gain unauthorized access to sensitive data. What type of security threat did the corporation face?

Unassociated digital threat
Internal physical threat
Internal digital threat
External physical threat

External physical threat

How well did you know this?

Not at all

Perfectly

A cybersecurity manager is preparing to begin working when a police officer comes through the door waving a subpoena. The officer states that the company is under investigation for suspicious activities relating to recent overseas sales, and they are taking the servers with them. What gives police officers the right to take the servers?

Due process
Legal hold
Digital forensics
Data acquisition

Legal hold

How well did you know this?

Not at all

Perfectly

The IT director at a financial institution focuses on implementing compensating managerial controls to augment the institution’s existing security framework. If a mandated control cannot be put into place, which of the following compensating controls should an analyst recommend as a sufficient substitute?

Isolating a critical system that cannot be patched.
An automated system that scans and patches software vulnerabilities
Using biometric access controls on all company systems
Regular employee training on cybersecurity best practices

Isolating a critical system that cannot be patched.

How well did you know this?

Not at all

Perfectly

A robotics company is developing autonomous drones for package delivery. The drones need to operate reliably in different weather conditions, navigate complex terrains, and respond rapidly to changing scenarios. Which choice should be given prime consideration for the selection and design of the system intended for these drones?

Embedded systems
Serverless system
Containerization
Cloud-based systems

Embedded systems

How well did you know this?

Not at all

Perfectly

A healthcare organization is setting up a system to store patient data securely. To ensure that only authorized personnel can access the data and it cannot compromise the system during a breach, which technique should the organization implement?

Asymmetric encryption
Hashing
Symmetric encryption
Tokenization

Hashing

How well did you know this?

Not at all

Perfectly

An attacker gains unauthorized access to an organization’s server and exploits a vulnerability in a web application. The attacker injects malicious code into the application’s memory space, gaining control over the server and compromising sensitive data. What security measure can help mitigate memory injection attacks on OS-based systems?

Configure the firewall to block incoming traffic.
Enable user account control (UAC) on the server.
Implement address space layout randomization (ASLR)
Install antivirus software to scan the web application.

Implement address space layout randomization (ASLR)

Implementing address space layout randomization (ASLR) is a preventive measure against memory injection attacks. ASLR randomizes the memory locations of processes, making it challenging for attackers to predict memory addresses for their malicious code.

How well did you know this?

Not at all

Perfectly

A company is revamping its current IT infrastructure with a focus on enhancing its ability to operate under changing or harmful conditions without suffering a significant loss of functionality. What primary aspect of the system design should the team focus on to achieve this goal?

Load balancing
Availability
Resilience
Network segmentation

Resilience

Resilience refers to the capacity of a system to readily adapt and recover from adverse or harmful conditions. It extends beyond mere availability or recovery, encompassing the capability to function under sub-optimal conditions and to rebound from failure.

How well did you know this?

Not at all

Perfectly

The security manager of a highly sensitive facility is evaluating options for intrusion detection systems to detect physical movement in its secured zones. The ideal technology the facility needs should be less prone to environmental interferences and preferably not depend on physical contact. Which technology should the security manager implement?

Microwave sensors
Ultrasonic sensors
Infrared sensors
Pressure sensors

Ultrasonic sensors

How well did you know this?

Not at all

Perfectly

The IT department of a medium-sized company is in the process of finalizing agreements with various vendors. The legal team drafted the contracts to ensure proper arrangements. The team considers three types of agreements: an NDA, a BPA, and an MOU. The IT team wants to select the MOST appropriate agreement for each vendor to ensure smooth collaboration. Which of the following agreements protects sensitive information shared between the company and its vendors?

Non-disclosure agreement (NDA)
Business partnership agreement (BPA)
Memorandum of understanding (MOU)
Memorandum of agreement (MOA)

Non-disclosure agreement (NDA)

The non-disclosure agreement (NDA) is a suitable agreement for protecting sensitive information shared between parties and maintaining confidentiality.

How well did you know this?

Not at all

Perfectly

A cybersecurity analyst for a large organization permits employees to use Instant Messaging (IM) services on their devices. Despite using encryption, the analyst’s concern is the potential software vulnerabilities and difficulty scanning messages and attachments for threats. Which actions should the cybersecurity analyst use to address this concern?

Regularly update and patch the Instant Messaging apps to address any known software vulnerabilities.
Allow employees to use Instant Messaging services without any changes since the encryption already provides sufficient security.
Implement additional encryption layers on top of the existing Instant Messaging (IM) services to enhance security further.
Disable all Instant Messaging services on Windows, Android, and iOS devices to prevent any potential security risks.

Regularly update and patch the Instant Messaging apps to address any known software vulnerabilities.

How well did you know this?

Not at all

Perfectly

A small department at a company manages a server, separate from IT, for data access and backup purposes. What role does the department fulfill?

Data owner
Data processor
Data controller
Data custodian

Data custodian

The data custodian role manages the system on which the data assets reside. This role includes enforcing access control, encryption, and backup/recovery measures.

How well did you know this?

Not at all

Perfectly

An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario?

Dictionary
Brute force
Spraying
Rainbow table

Spraying

How well did you know this?

Not at all

Perfectly

A cyber team implements new hardening techniques after a data loss prevention (DLP) audit revealed increased data exfiltration. What is a tenet of host-based firewalls?

It describes software tools that monitor and protect individual hosts.
It uses signature-based detection and anomaly detection.
It requires deploying and configuring specialized software agents.
It provides controls for incoming and outgoing network traffic.

It provides controls for incoming and outgoing network traffic.

How well did you know this?

Not at all

Perfectly

A logistics company is contemplating certain steps for its data centers in its quest to fortify its systems against long-term power outages and improve the physical security of its equipment. What is the MOST suitable measure the company could undertake?

Implementing high-availability systems
Deploying onsite generators
Incorporating additional Uninterruptible Power Supplies (UPS)
Investing in geographic dispersion

Deploying onsite generators

How well did you know this?

Not at all

Perfectly

A new IT security firm is partnering with an IT support company and is opening its business soon. The firm would like to be a reseller for a popular firewall. Which of the following options allows the firm to become an authorized reseller?

Memorandum of Agreement (MOA)
Business Partners Agreement (BPA)
Memorandum of Understanding (MOU)
Non-Disclosure Agreement (NDA)

Business Partners Agreement (BPA)

A BPA is a partner agreement that large IT companies set up with resellers and solution providers.

How well did you know this?

Not at all

Perfectly

An organization plans to implement a load balancer as part of its network infrastructure to manage the increased web traffic to its services. The organization tasks a network administrator with ensuring that the load balancer configures in line with best security practices to reduce the attack surface and secure the enterprise infrastructure. The network administrator's responsibilities include evaluating the network appliances, securing connectivity, and considering device placement. What is the MOST effective security measure in this scenario? Configure the load balancer to operate in a fail-open mode. Use a proxy server in combination with the load balancer. Place the load balancer in the screened subnet. Implement a Web Application Firewall (WAF) alongside the load balancer.

Implement a Web Application Firewall (WAF) alongside the load balancer.

CryptoCloud is expanding its business and is considering outsourcing its IT resources to a managed services provider (MSP) to improve efficiency and reliability. Which of the following statements about MSPs and their role in the supply chain are correct? (Select the two best answers) Managed services provider (MSP) handle the end-to-end process of designing, manufacturing, and distributing goods and services to customers. Managed services provider (MSP) may introduce a complex security challenge as monitoring their employees can be difficult. Managed services provider (MSP) are only suitable for large enterprises with extensive IT infrastructure and are not recommended for smaller businesses. Managed services provider (MSP) primarily focus on providing support for IT resources such as networks, security, or web infrastructure.

Managed services provider (MSP) may introduce a complex security challenge as monitoring their employees can be difficult. Managed services provider (MSP) primarily focus on providing support for IT resources such as networks, security, or web infrastructure.

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations? Use the NGFW as a load balancer, distributing network traffic across multiple servers. Position the NGFW as a jump server to manage secure access for all network services. Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity. Set the NGFW to operate in a fail-open mode, ensuring continuous network service even if the firewall fails.

Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity. Deploying an NGFW in inline mode enables it to examine all traffic passing through it, identify and mitigate threats, and maintain connectivity without disrupting normal network operations.

A lawyer is preparing a subpoena for an upcoming cybercrime case and is consulting with a digital forensics specialist. The lawyer explains the need for the ability to parse through data quickly and provide a copy of everything fund to the opposing counsel. What utility can accomplish these requests? E-discovery Live acquisition Legal hold Due process

E-discovery E-discovery is the means of gathering digital information for a court case. Several e-discovery utilities provide searches based on syntax, keywords, and file type. The lawyer could easily share this type of electronically stored information with opposing counsel.

A technician prepares a presentation to the board of directors on the variances between compliance reporting and monitoring after the board receives word that the company did poorly on its last assessment. What are the tenets of compliance reporting? (Select the two best options.) It promotes accountability, transparency, and effective compliance management. It conducts thorough investigations and assessments of third parties. It uses automation to improve accuracy and streamlines observation activities. It aims to access and disclose an organization's compliance status.

It promotes accountability, transparency, and effective compliance management. It aims to access and disclose an organization's compliance status.

A software organization enhances its cyber security by using deception technologies to capture attacker tactics and tools. How can a honeytoken assist in the organization's strategy? It acts as a decoy system that mimics real systems or applications at a more finite level. It uses a network of decoy systems to simulate an entire network to capture the attacker's tactics and tools. It creates false credentials, login credentials, or other data types to distract and gain insight on attackers. It creates fake files that appear to contain sensitive information to capture data on attempts to access and steal data.

It creates false credentials, login credentials, or other data types to distract and gain insight on attackers. It is best to use a honeytoken containing false credentials, login credentials, or other data types that distract attackers, trigger alerts, and provide insight into attacker activity.

A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize? Enhanced lighting Access control vestibule Closed-circuit television (CCTV) Perimeter fencing

Access control vestibule

A company has noticed increasing attacks on its employees via phishing emails and impersonation calls. These attacks have led to unauthorized access to sensitive data and a loss of customer trust. What method should the company implement to counteract these malicious efforts? Strengthen password policies Conduct social engineering awareness training Implement network segmentation Implement the execution phase

Strengthen password policies Conduct social engineering awareness training

A multinational company worries that its IT department is getting complacent regarding cybersecurity. The company begins working with an outside company to create an incident in a sandbox environment to gauge the IT department's response to a strong attack. This situation represents what type of testing scenario? Communication plan Walkthrough Simulation Tabletop exercise

Simulation

A company mandated personnel training within each business unit on their own unit's role in the incident response plan. However, during an incident response, it became apparent that the business units were not working well together, resulting in a delayed resolution. How can the company build a more unified response to an incident? (Select the two best options.) More department training Team building exercises Cross-team training Leaders only training

Team building exercises Cross-team training

A forensic analyst at an international law enforcement agency investigates a sophisticated cyber-espionage case. The analyst must uncover the timeline of document interactions, detect concealed or system-protected files, interpret categories of digital events, and trace digital breadcrumbs left behind during media uploads on social platforms. What combination of data sources would provide the MOST comprehensive information for this multifaceted investigation? File metadata with extended attributes and network transaction logs File metadata and event logs Event logs and gateway security logs Network transaction logs and gateway security logs

File metadata with extended attributes and network transaction logs Paired with network transaction logs, file metadata with extended attributes provides a comprehensive understanding of document interactions, including hidden details from online actions and network operations.

A tech consultant enhances automation and scripting with continuous integration and testing capabilities. What are some characteristics associated with this capability? (Select the three best options.) The system automatically evaluates merges to help detect and fix integration issues The technician makes improvements to code quality and accelerates development cycles. Developers regularly merge their changes back to the main code branch. Different software systems are enabled to communicate and interact, creating seamless workflows.

The system automatically evaluates merges to help detect and fix integration issues The technician makes improvements to code quality and accelerates development cycles. Developers regularly merge their changes back to the main code branch.

In a company's cybersecurity policy, it has implemented two critical measures to protect sensitive data and ensure the security of its time-of-check (TOC) and time-of-use (TOU) systems. What do TOC and TOU each aim to achieve?

Time-of-check (TOC) aims to enforce access controls at the time of user authentication, and Time-of-use (TOU) ensures proper access controls during data usage. TOC verifies and enforces access controls when a user requests access to a specific resource or data. TOU deals with access controls during the actual usage of data.

A company's network security system is flagging an unusually high volume of traffic coming from various sources. The traffic volume is excessively higher than normal, and spoofed IP addresses and ICMP echo request packets are strengthening the signal. What types of cyberattacks can be occurring in this situation? (Select the three best options.) | Amplified Smurf attack Distributed denial-of-service (DDoS) On-path attack

Amplified Smurf attack Distributed denial-of-service (DDoS)

A global corporation assesses risk appetite and how risks in various regions could influence mission-critical operations. It is assessing compliance with local laws and licensing requirements to prevent financial risk or resolve security risks, changing the risk posture, and implementing risk controls to compensate. Conclude what type of assessment the team is performing. Site risk assessment Risk control assessment Penetration testing Vulnerability assessment

Risk control assessment Risk and control self-assessment (RCSA) is the method by which companies evaluate and analyze the operational risks and the efficacy of the controls used to manage them.

An organization is considering a hybrid cloud deployment to leverage the benefits of both private and public cloud resources. While reviewing third-party vendors, what critical aspect should the employees consider for a secure and effective transition?

Establish clear service level agreements (SLAs)

A large organization is planning to restructure its network infrastructure to create better security boundaries and enhance control over network traffic as it undergoes rapid expansion with an increasing number of remote employees. What should the company implement to meet these requirements? Logical segmentation Embedded systems Scalability Blockchain

Logical segmentation

After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive central processing unit (CPU) utilization? Data loss prevention (DLP) Security content automation protocol (SCAP) Simple network management protocol (SNMP) trap Antivirus (A-V)

Simple network management protocol (SNMP) trap A Simple Network Management Protocol (SNMP) trap informs the management system of a notable event such as port failure, chassis overheating, power failure, or excessive Central Processing Unit (CPU) utilization.

An organization plans to implement a load balancer as part of its network infrastructure to manage the increased web traffic to its services. The organization tasks a network administrator with ensuring that the load balancer configures in line with best security practices to reduce the attack surface and secure the enterprise infrastructure. The network administrator's responsibilities include evaluating the network appliances, securing connectivity, and considering device placement. What is the MOST effective security measure in this scenario? Use a proxy server in combination with the load balancer. Place the load balancer in the screened subnet. Configure the load balancer to operate in a fail-open mode. Implement a Web Application Firewall (WAF) alongside the load balancer.

Implement a Web Application Firewall (WAF) alongside the load balancer. A WAF with a load balancer provides robust security by inspecting web traffic and mitigating threats such as SQL injection and Cross-Site Scripting.

A high-tech corporation has been experiencing numerous security breaches. It has concerns about the constant attacks attempting to steal sensitive data. Which strategies would be the MOST appropriate for the corporation to handle these threats effectively? Purchasing cutting-edge security technology Engaging an external auditing agency Adopting an offensive security approach Implementing a reactive defensive strategy

Adopting an offensive security approach An offensive approach, or "active defense," involves actively searching for threats to prevent an attack before it happens.

A technician prepares a presentation to the board of directors on the variances between compliance reporting and monitoring after the board receives word that the company did poorly on its last assessment. What are the tenets of compliance reporting? (Select the two best options.) It uses automation to improve accuracy and streamlines observation activities. It promotes accountability, transparency, and effective compliance management. It conducts thorough investigations and assessments of third parties. It aims to access and disclose an organization's compliance status.

It promotes accountability, transparency, and effective compliance management. It aims to access and disclose an organization's compliance status.

A cyber team presents a discussion on the use of sideloading and jailbreaking to a group of board members. Which of the following best describe sideloading? (Select the best two options.) It is a method used to gain elevated privileges and access to system files on mobile devices. It does not undergo the same scrutiny and vetting process as those on official application stores. It allows users to install unauthorized applications and customize device appearance and behavior. It refers to the installation of applications from sources other than the official application store of the platform.

It does not undergo the same scrutiny and vetting process as those on official application stores. It refers to the installation of applications from sources other than the official application store of the platform.

A cyber team develops standard operating procedures (SOPs) to encompass how to manage privacy data and how long to keep it. The team includes procedures for data inventories. Why should the team incorporate data inventory procedures in the SOP? It is the comprehensive assessment and evaluation of an organization's data protection practices. It requires individuals or entities to announce their understanding of compliance obligations formally. It is an established timeline for how long organizations should keep documentation. It provides a comprehensive overview of the types of handled data.

It provides a comprehensive overview of the types of handled data.

A manufacturing company's security manager plans to implement corrective operational controls to mitigate potential security threats. Which of the following instances would be the appropriate control? A security camera system monitoring the premises A firewall that prevents unauthorized access to the network Enabling continuous monitoring to disable abnormal accounts Regular penetration testing to uncover potential vulnerabilities

Enabling continuous monitoring to disable abnormal accounts

The IT security team at a large company is reviewing its security practices to improve resilience against cyber threats. The team wants to assess the network's vulnerability to potential attacks. The IT team decides to conduct a penetration testing exercise and hire an external cybersecurity firm with expertise in penetration testing. The goal is to identify security weaknesses and gaps that malicious actors could exploit. The company also ensures that the proper rules of engagement (ROE) are in place for the testing. What is the primary purpose of having ROE in a penetration testing exercise? To identify the external cybersecurity firm responsible for conducting the test To define the scope, limitations, and legal boundaries of the testing To ensure the cybersecurity firm uses specialized tools for the testing To determine the specific vulnerabilities present in the network

To define the scope, limitations, and legal boundaries of the testing

A security architect designs a solution to protect the organization’s network from advanced threats and provides granular access controls based on user roles. The organization has a significant volume of TLS-encrypted traffic that needs inspection and wants to integrate the solution with its network directory for role-based content filtering. Which should the security architect consider the MOST appropriate option? A Web Application Firewall (WAF) designed primarily to protect web applications from targeted attacks A standard stateful firewall with Layer 4 filtering capabilities A jump server with enhanced remote access capabilities A Next Generation Firewall (NGFW) with Layer 7 application-aware filtering and intrusion prevention system (IPS) functionality

A Next Generation Firewall (NGFW) with Layer 7 application-aware filtering and intrusion prevention system (IPS) functionality

An organization wants to enhance its cybersecurity by implementing web filtering. The company needs a solution that provides granular control over web traffic, ensures policy enforcement even when employees are off the corporate network, and can log and analyze Internet usage patterns. Which of the following strategies BEST meets these requirements? Reputation-based filtering Centralized web filtering Manual uniform resource locators (URLs) blocking Agent-based filtering

Agent-based filtering

What action of the incident response process removes affected components from the larger environment? Containment Detection Analysis Eradication

Containment

A technician drafts an article on various attack types. Which of the following represents a cryptographic attack? (Select the best three choices.) Keylogger Collision Birthday Downgrade

Collision Birthday Downgrade A downgrade attack is a cryptographic attack that forces a server or client to use a lower specification protocol with weaker ciphers and key lengths. A collision attack is a cryptographic attack where a weak cryptographic hashing function or implementation allows the generation of the same digest value for two different plaintexts. A birthday attack is a cryptographic attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords. It takes advantage of the probability of different password inputs producing the same encrypted output.

A small online printing company needs to secure its internal web server with Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption. The IT administrator explores the certificate options and their implications. In the context of SSL/TLS certificate generation, which statement correctly explains the roles of Certificate Signing Request, self-signed, and third-party certificates? The server generates a self-signed certificate and submits it to a third-party Certificate Authority for validation but generates a Certificate Signing Request without involving a third party. The server generates a Certificate Signing Request (CSR) and submits it to a third-party Certificate Authority (CA) for validation but generates self-signed certificates without involving a third party. The server generates a self-signed certificate to create a Certificate Signing Request, while a Certificate Authority issues third-party certificates after validating the server's identity. The server generates a Certificate Signing Request to create a self-signed certificate, while a Certificate Authority issues third-party certificates after validating the server's identity.

The server generates a Certificate Signing Request (CSR) and submits it to a third-party Certificate Authority (CA) for validation but generates self-signed certificates without involving a third party.

A proprietary software remains mission-critical ten years after its in-house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.) Network segmentation Patching Compensating controls Vulnerability feeds

Network segmentation Compensating controls

A system administrator prepared to implement full-disk encryption (FDE) on all company laptops to enhance data security. Each laptop contained various levels of sensitive information, and the administrator granted access based on employee roles. What is the MOST crucial factor the system administrator considered while implementing full-disk encryption to ensure data security and to maintain employee accessibility? Use the highest possible encryption level. Use a common encryption key for all laptops. Encrypt only the most sensitive data records. Assign encryption keys based on employee roles.

Assign encryption keys based on employee roles.

A cyber consultant is weighing the various challenges to automation as an organization has tasked the consultant with implementing it in an upcoming project. What is a challenge associated with technical debt? It can result in poorly documented code, leading to instability and increased costs. It can quickly erode if the organization does not continue needed patches and updates. It can impact multiple areas of the organization, causing widespread problems. Poorly planned strategies can make systems difficult to maintain.

It can result in poorly documented code, leading to instability and increased costs

A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device? The security device should be configured to fail-open. The security device should be configured to actively monitor the network. The security device should be configured to fail-closed. The security device should be configured to passively monitor the network.

The security device should be configured to fail-closed. A fail-closed configuration prioritizes confidentiality and integrity over availability. In the event of a failure, a fail-closed device would block access or enter the most secure state available, protecting patient data.

Which organizational policy does a cybersecurity analyst need to outline the procedures in case of a security breach or cyberattack? This policy includes steps for identifying, investigating, controlling, and mitigating the impact of incidents. Acceptable use policy (AUP) Software Development Life Cycle (SDLC) Information security policy Disaster recovery policy

Disaster recovery policy

CryptoCloud is expanding its business and is considering outsourcing its IT resources to a managed services provider (MSP) to improve efficiency and reliability. Which of the following statements about MSPs and their role in the supply chain are correct? (Select the two best options.) Managed services provider (MSP) are only suitable for large enterprises with extensive IT infrastructure and are not recommended for smaller businesses. Managed services provider (MSP) primarily focus on providing support for IT resources such as networks, security, or web infrastructure. Managed services provider (MSP) may introduce a complex security challenge as monitoring their employees can be difficult. Managed services provider (MSP) handle the end-to-end process of designing, manufacturing, and distributing goods and services to customers.

Managed services provider (MSP) primarily focus on providing support for IT resources such as networks, security, or web infrastructure. Managed services provider (MSP) may introduce a complex security challenge as monitoring their employees can be difficult.

A global corporation assesses risk appetite and how risks in various regions could influence mission-critical operations. It is assessing compliance with local laws and licensing requirements to prevent financial risk or resolve security risks, changing the risk posture, and implementing risk controls to compensate. Conclude what type of assessment the team is performing. Risk control assessment Vulnerability assessment Penetration testing Site risk assessment

Risk control assessment Risk and control self-assessment (RCSA) is the method by which companies evaluate and analyze the operational risks and the efficacy of the controls used to manage them.

A medium-sized organization is undergoing an audit for its information security practices. As a security analyst, the auditor seeks to assess the organization's use of an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor focus on to ensure the organization meets the standards set for information security? The AUP includes the number of allowed password attempts before locking an account. The AUP includes guidance for personal use of organizational resources. The AUP includes clear consequences for noncompliance. The AUP includes a list of approved software for each department.

The AUP includes a list of approved software for each department.

An organization has tasked a security consultant with implementing a physical security feature that detects people walking in a specific area where thick foliage covers the exterior fence. What type of sensor sufficiently addresses the organization's concern? Pressure sensor Microwave sensor Ultrasonic sensor Infrared sensor

Pressure sensor The best option to capture foot traffic activity is by using pressure sensors. They can detect unauthorized access in high-security areas or count foot traffic in other places, such as retail environments.

An international e-commerce corporation is working to enhance its cybersecurity measures. It's recently faced numerous advanced persistent threat (APT) attacks that have targeted specific vulnerabilities in their infrastructure. The board of directors has decided to focus on reducing the risk of similar attacks in the future. What approach should the corporation prioritize? Focus on compliance with cybersecurity regulations Invest in more aggressive security measures Adopt a defensive cybersecurity strategy Opt for third-party cybersecurity services

Adopt a defensive cybersecurity strategy Adopting a defensive cybersecurity strategy involves using tools and practices designed to protect the organization's infrastructure and data from potential threats, which aligns with the corporation's goal of reducing the risk of future APT attacks.

An organization's IT security team has discovered that a recent software update, unknowingly deployed, contained a zero-day exploit. This vulnerability has now made the company's systems susceptible to potential unauthorized access. Which of the following immediate actions should the security team execute to manage this zero-day exploit situation? Isolate the impacted systems and apply a patch or remediation strategy. Reformat all affected systems and restore data from backup. Contact all clients and inform them about the security breach. Disconnect the company's entire network from the internet.

Isolate the impacted systems and apply a patch or remediation strategy.

Hashing

A cyber team presents a discussion on the use of sideloading and jailbreaking to a group of board members. Which of the following best describe sideloading? (Select the best two options.) It does not undergo the same scrutiny and vetting process as those on official application stores. It allows users to install unauthorized applications and customize device appearance and behavior. It refers to the installation of applications from sources other than the official application store of the platform. It is a method used to gain elevated privileges and access to system files on mobile devices.

An organization wants to implement a hybrid cloud strategy and understand the security implications of its responsibility matrix. What should the employees consider in this analysis? Completely relying on third-party security audits Implementing a full IaaS model, handing all infrastructure security responsibilities to the cloud provider Choosing the cloud provider based only on pricing Balancing security responsibilities between on-premises and cloud, ensuring clear definition in the responsibility matrix

Balancing security responsibilities between on-premises and cloud, ensuring clear definition in the responsibility matrix

A system administrator implemented encryption across the organization's IT infrastructure. The infrastructure includes various types of data storage methods. Which of the following data storage methods can the system administrator encrypt to increase the security of data at rest? (Select the three best options.) User interface Partition File Volume

Partition File Volume

A small start-up has recently launched its first web application. To ensure high availability and to handle potential traffic spikes, the start-up decides to implement a load balancer in its network infrastructure. The network technician must secure the load balancer against basic threats. What is the fundamental step the network technician should take to secure the load balancer? Disable unnecessary services on the load balancer. Implement an intrusion detection system (IDS) alongside the load balancer. Enable all available features on the load balancer. Configure the load balancer to operate in fail-closed mode.

Disable unnecessary services on the load balancer.

A cybersecurity team plans to launch awareness programs to educate employees about potential security threats. They are in the process of defining objectives, selecting tools, and outlining the scope of the programs. What phase of the process should they initiate? Campaigns Password management User guidance and training Initial phase

Initial phase The initial phase refers to the beginning stage of a project, where objectives, tools, and scope receive their definitions. In the context of planning awareness programs, this phase sets the groundwork and ensures proper alignment with organizational goals.

What advantages can automation and scripting bring to IT operations ticketing platforms? Automated testing helps improve code quality and speeds up development cycles. Security policies are enforced to prevent risky activities and unauthorized behavior. Better managed services and access within an IT environment. Support tickets are automatically generated and routed for incidents detected by monitoring systems.

Support tickets are automatically generated and routed for incidents detected by monitoring systems.

In a large financial institution, the chief information security officer (CISO) is responsible for ensuring the organization's information security. As part of the risk management strategy, the CISO plans to conduct an independent assessment of the organization's cybersecurity measures. What is the primary purpose of using questionnaires in the independent assessment of the financial institution's cybersecurity measures? To identify and exploit vulnerabilities in the organization's information systems To gather information from various departments within the company To replace the need for external cybersecurity audits and assessments To directly assess the security posture of the organization's network and systems

To gather information from various departments within the company

An organization is transitioning to an Infrastructure as a Service (IaaS) model with a third-party vendor. What should the organization's security officer do to ensure the security of deployed applications and data? Rely entirely on the vendor's encryption and access control mechanisms Focus solely on securing the foundational elements of networking Implement user identity management and access controls to cloud resources Assume that physical security of the data is the user's responsibility

Implement user identity management and access controls to cloud resources In an IaaS model, the organization maintains control over the security of its applications and data. This includes implementing user identity management and access controls to ensure that only authorized individuals can access the cloud resources.

A tech company tasked a security analyst with improving the overall security posture of its systems to protect against various types of attacks. The analyst implemented a combination of cryptographic techniques, including key stretching, key exchange, and obfuscation. Given the scenario above, which of the following correctly describes why the security analyst would implement these techniques? (Select the three best options.) Key stretching increases the computational effort to crack a password through brute-force attacks. Obfuscation encrypts individual files, making them unreadable without the correct key. Obfuscation makes the system's operation harder to comprehend, making it more difficult for an attacker to exploit. Key exchange allows for the secure sharing of cryptographic keys over an insecure network.

Key stretching increases the computational effort to crack a password through brute-force attacks. Obfuscation makes the system's operation harder to comprehend, making it more difficult for an attacker to exploit. Key exchange allows for the secure sharing of cryptographic keys over an insecure network.

A system administrator prepared to implement full-disk encryption (FDE) on all company laptops to enhance data security. Each laptop contained various levels of sensitive information, and the administrator granted access based on employee roles. What is the MOST crucial factor the system administrator considered while implementing full-disk encryption to ensure data security and to maintain employee accessibility? Use the highest possible encryption level. Use a common encryption key for all laptops. Assign encryption keys based on employee roles. Encrypt only the most sensitive data records.

Assign encryption keys based on employee roles.

When cleaning out the server closet, a company discovers a box of old disk drives. When considering which disposal method to use, what are the characteristics associated with the destruction concept? (Select the best two options.) It refers to removing sensitive information from storage media to prevent unauthorized access or data breaches. Its methods include shredding, crushing, or incinerating storage devices. Its process uses specialized techniques, such as data wiping, degaussing, or encryption. It involves the physical or electronic elimination of information stored on media, rendering it inaccessible and irrecoverable.

Its methods include shredding, crushing, or incinerating storage devices. It involves the physical or electronic elimination of information stored on media, rendering it inaccessible and irrecoverable.

During a cybersecurity attack, how would a threat actor use image files as a lure to target a vulnerability in a browser or document editing software? They may use a program file with concealed exploit code, like Trojan Horse malware, to create backdoor access. The threat actor embeds malicious code in word processing and PDF format files to exploit vulnerabilities in document viewer or editor software. The threat actor conceals exploit code within an image file that targets a vulnerability in the browser or document editing software. The threat actor conceals malware on a USB thumb drive or memory card and tricks employees into connecting the media to a PC, laptop, or smartphone.

The threat actor conceals exploit code within an image file that targets a vulnerability in the browser or document editing software.

During routine monitoring, an incident response analyst at a prominent corporation notices suspicious network activity on a server. The analyst can access various network data sources. Which data sources would provide the MOST relevant information for the analyst to investigate and identify the potential threat actor and tools used in this activity? Network logs Firewall logs Packet captures Metadata

Packet captures

A company is evaluating different vulnerability scanning methods to automate its discovery of software vulnerabilities. They specifically want to understand the difference between client-based and agentless vulnerability scanning. Which statements correctly distinguish these two approaches? (Select the two best options.) Agentless is preferred for threat actor reconnaissance due to its non-intrusive nature, while client-based involves direct interaction with the target system. Agentless scanning provides higher accuracy for on-premises servers, and client-based is more suitable for cloud-based services. Both methods are equally effective in reducing disruptions during vulnerability scanning. Client-based scanning requires installing scanning agents on each host, while agentless scanning does not need any installation.

Agentless is preferred for threat actor reconnaissance due to its non-intrusive nature, while client-based involves direct interaction with the target system. Client-based scanning requires installing scanning agents on each host, while agentless scanning does not need any installation.

What action of the incident response process removes affected components from the larger environment? Eradication Containment Analysis Detection

Containment Containment occurs after detection and analysis. It is the process of removing affected components from the larger environment. The eradication process applies mitigation techniques and controls to remove the intrusion tools and unauthorized configuration changes from systems.

Which of the following options is NOT a challenge typically encountered while implementing web filtering solutions in an enterprise? Overblocking Incorrect categorization of websites Difficulty in handling encrypted traffic (HTTPS) Decrease in network latency

Decrease in network latency A decrease in network latency is not a common challenge with web filtering. In fact, web filtering could potentially increase network latency due to the added inspection of web content, but proper implementation and optimization usually mitigate this impact.

A field technician adds automation to assist in streamlining the new human resource interviewing process. How does using Application Programming Interfaces (APIs) assist in this scenario? Developers regularly merge their changes back to the main code branch. Different software systems are enabled to communicate and interact, creating seamless workflows. The technician makes improvements to code quality and accelerates development cycles. The system automatically evaluates merges to help detect and fix integration issues.

Different software systems are enabled to communicate and interact, creating seamless workflows.

Security + Attempt 1 Flashcards

(83 cards)