Security + Chapter Quizzes Flashcards by Daniel Bowley

A project manager’s assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant protect against?

A.Urgency 
B.Typosquatting
C.Consensus technique
D.Brand impersonation

A.Urgency

Coercion or the use of urgency refers to the intimidation of the target with a bogus appeal to authority or penalty, such as getting fired or not acting quickly enough to prevent some dire outcome.

How well did you know this?

Not at all

Perfectly

A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees’ accounts. What is a primary consideration when using third-party software for any computer function?

A.Costs can be cheaper than doing it all internally.
B.Every vendor is at risk of threats.
C.The risks outweigh the costs.
D.A company cannot hire employees with specific roles.

B.Every vendor is at risk of threats.
- There are risks when using any software, including third-party vendor services or software. It is important to analyze a vendor’s security posture to protect against breaches.

How well did you know this?

Not at all

Perfectly

A large multimedia company is in the process of creating a new marketing campaign for a soon-to-be-released movie. However, before releasing the campaign, the company noticed an increase in fake accounts mimicking it online with a similar-looking campaign. What could the company do to mitigate this issue?

A.Check for typosquatting
B.Check for brand impersonation
C.Check for coercion
D.Check for consensus technique

B.Check for brand impersonation

Brand impersonation occurs when the threat actor commits resources to accurately

How well did you know this?

Not at all

Perfectly

A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company?

A.Insider threat
B.Hacktivism
C.Service disruption
D.Cybercrime

D.Cybercrime

Cybercrime is the overarching term for the organized criminal activity occurring online.

How well did you know this?

Not at all

Perfectly

A.To reduce the risk of supply-chain attacks. 
B.To reduce the risk of insider threats
C.To reduce the risk of nation-state threats
D.To improve the company's security posture

A.To reduce the risk of supply-chain attacks.

By bringing things in-house, a company can limit risk in relation to supply-chain attacks.

How well did you know this?

Not at all

Perfectly

An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company’s virtualized environment. The CFO sees this as a waste of money since the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date?

A.Vulnerability
B.Threat    C.Risk
D.Insider threat

C.Risk

Risk is the level of hazard posed by vulnerabilities and threats. When a company identifies a vulnerability, it calculates the risk as the likelihood of exploitation by a threat actor and the impact of a successful exploitation.

How well did you know this?

Not at all

Perfectly

A company policy states that any wire transfer above a certain value must be authorized by two employees, who must separately perform due diligence to verify invoice details. What specific type of social engineering is this policy designed to mitigate?

Business email compromise

How well did you know this?

Not at all

Perfectly

❔A purchasing manager is browsing a list of products on a vendor’s website when a window opens claiming that antimalware software has detected several thousand files on their computer that are infected with viruses. Instructions in the official-looking window indicate the user should click a link to install software that will remove these infections. What type of social engineering attempt is this, or is it a false alarm?

This is a social engineering attempt utilizing a watering hole attack and brand impersonation.

How well did you know this?

Not at all

Perfectly

A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?

A security operations center (SOC)

How well did you know this?

Not at all

Perfectly

If a security control is described as operational and compensating, what can you determine about its nature and function?

The control is enforced by a person rather than a technical system, and the control has been developed to replicate the functionality of a primary control, as required by a security standard.

How well did you know this?

Not at all

Perfectly

A firewall appliance intercepts a packet that violates policy. It automatically updates its access control list to block all further packets from the source IP. What TWO functions did the security control perform?

Preventive and corrective

How well did you know this?

Not at all

Perfectly

How does accounting provide non-repudiation?

A user’s actions are logged on the system. Each user is associated with a unique computer account. As long as the user’s authentication is secure and the logging system is tamperproof, they cannot deny having performed the action.

How well did you know this?

Not at all

Perfectly

What is the difference between authorization and authentication?

Authorization means granting the account that has been configured for the user on the computer system the right to make use of a resource. Authorization manages the privileges granted on the resource. Authentication protects the validity of the user account by testing that the person accessing that account is who they say they are.

How well did you know this?

Not at all

Perfectly

What process within an access control framework is responsible for logging actions performed by subjects?

Accounting

How well did you know this?

Not at all

Perfectly

What term is used to describe the property of a secure network where a sender cannot deny having sent a messge?

Non-repudiation

How well did you know this?

Not at all

Perfectly

A copmany provides a statement of deviations from framework best practices to a regulator. What process has the company performed?

Gap analysis

How well did you know this?

Not at all

Perfectly

What are the properties of a secure information processing system?

C.I.A (and non-repudiation)

How well did you know this?

Not at all

Perfectly

As part of a business continuity plan, a company wants to create a resilient work model that securely allows employees to access critical network resources, regardless of physical location. This model must enforce strict access controls and multifactor authentication while facilitating on-site and remote work capabilities. What type of work environment mostly aligns with these requirements?

A.Fully remote work environment
B.Hybrid work environment
C.On-premises work environment
D.Third-party outsourced work environment

Hybrid work environment

How well did you know this?

Not at all

Perfectly

An organization has seen an uptick in phishing emails slipping through its security filters. It is enhancing technical security measures but is considering immediate actions to involve employees more effectively in its defense strategy to mitigate related risks. Which actions should the organization undergo? (Select the best three options.)

A.Conduct training sessions for employees to recognize phishing attempts
B.Implement a system for employees to report detected suspicious emails
C.Deploy a new firewall to inspect incoming email traffic
D.Enforce two-factor authentication for all company accounts

Conduct training sessions for employees to recognize phishing attempts

Implement a system for employees to report detected suspicious emails

Enforce two-factor authentication for all company accounts

How well did you know this?

Not at all

Perfectly

A company is prioritizing the security of its sensitive financial information. With a diverse team of remote and in-office staff, the IT security team must ensure that this data is secure, whether on a server in the data center, sent via email to international partners, or actively used by an authorized user on the corporate network. Which two methods are MOST effective for securing this company’s data?

A.Encryption and hashing
B.Tokenization and masking
C.Obfuscation and segmentation
D.Permission restrictions and geographic restrictions

Encryption and hashing

How well did you know this?

Not at all

Perfectly

A healthcare provider located in an EU member state must maintain comprehensive patient records while ensuring the privacy of individuals’ information. How can the provider navigate legal requirements for data retention with respect to patients who request that their information be amended?

A.Establishing a specific data retention policy
B.Maintaining extended data inventory
C.Complying with mandated regulations
D.Regularly reviewing and updating privacy policies

Complying with mandated regulations

How well did you know this?

Not at all

Perfectly

A healthcare provider is modernizing its data storage solutions to comply with health information privacy laws. The chief information security officer (CISO) must ensure that sending data access logs to healthcare regulatory authorities is in a specific format. What kind of reporting is taking place?

A.Internal compliance reporting
B.External compliance reporting
C.Data retention policy enforcement
D.Privacy impact assessment

External compliance reporting

How well did you know this?

Not at all

Perfectly

A tech startup has just suffered a data breach where sensitive customer financial data leaked. The chief executive officer (CEO) has an immediate concern about the tangible penalty the company will face due to violating data protection regulations. What is the CEO primarily concerned with in this situation?

A.Privacy policy updates
B.Reputational damage
C.Fines
D.Security infrastructure overhaul

Fines

How well did you know this?

Not at all

Perfectly

A company evaluates its security policies to prevent potential data leakage and malware infection through portable storage devices. Which action would MOST effectively reduce the risks associated with the unauthorized use of such devices?

A.Implementing a strict removable media policy
B.Regularly updating the company's firewall settings
C.Increasing the frequency of employee cybersecurity training
D.Replacing all Ethernet cables with shielded versions

Implementing a strict removable media policy

How well did you know this?

Not at all

Perfectly

A company's risk manager has recently identified a potential risk involving its inventory management software and has listed the risk in the risk register. As a result, the manager must decide on the most suitable response to this risk. Which of the following is the MOST appropriate step for the risk manager? A.Identify and assess the potential vulnerabilities and threats associated with the risk B.Identify the mission essential functions of the company and assess the risk's impact on them C.Determine the likelihood and impact of the risk on the company's operations D.Update the risk register with the mitigation strategies and inform the stakeholders

Determine the likelihood and impact of the risk on the company's operations

An organization plans to outsource its customer service operations to a third-party vendor. The organization needs to evaluate potential vendors based on their risk profiles to ensure data security and compliance with regulatory requirements. Which of the following considerations would be the MOST important in the vendor assessment process? A. The vendor's market reputation and branding to check for reliability and quality B.The vendor's financial stability, operational reliability, and data security practices C. The vendor's geographical location and proximity to the company's headquarters D. Finding a vendor who can offer the lowest price for data security and compliance

The vendor's financial stability, operational reliability, and data security practices

An organization is expanding its operations into a new region with unfamiliar regulatory requirements. The risk management team conducts a thorough risk assessment and identifies a need for robust controls to ensure compliance. Which of the following would be the MOST effective metric for tracking regulatory compliance risk in this situation? A. The employee percentage who have received compliance training B. The total revenue the company generated from the new region C. The number of market competitors the company has identified D. The frequency of audits conducted by the regulatory authority

The employee percentage who have received compliance training

A large financial institution is considering outsourcing its IT infrastructure to a third-party cloud service provider. The company has concerns about the risks of giving its sensitive financial data to an external vendor. What approach should the company use to ensure the vendor complies with the appropriate security standards and regulations? A.Enter into a contract without clauses for regular assessments or audits of the vendor's security practices. B.Rely on the vendor's reputation in the industry without the need to conduct any further assessments. C.Ensure the vendor consents to and undergoes regular penetration testing to verify their security practices. D.Prioritize the vendor's cost and ease of use over security considerations based on their capabilities.

C.Ensure the vendor consents to and undergoes regular penetration testing to verify their security practices.

A small software development company is about to start a project with a new client. The client wants to understand what they can expect from the software development company in terms of the services it will provide and the timeline for the project. Which legal document would be MOST appropriate for outlining the project's specific details, including the scope, deliverables, and timeline? A.Memorandum of understanding (MOU) B.Nondisclosure agreement (NDA) C.Service level agreement (SLA) D.Statement of work (SOW)

Statement of work (SOW)

A cybersecurity consultant is analyzing risks for a new e-commerce website. The consultant identifies potential risks, evaluates their impact and likelihood, and considers the organization's ability to mitigate them. Which risk analysis methodology is the consultant MOST likely using? A.Qualitative risk analysis B.Quantitative risk analysis C.Qualitative and quantitative risk analysis D.Ad hoc risk assessments

Qualitative and quantitative risk analysis

A risk manager for a company providing IT support services conducts a business impact analysis (BIA) and identifies a Mission Essential Function (MEF) that relies on a server with a Mean Time Between Failures (MTBF) of 2,500 hours and a Mean Time to Repair (MTTR) of 4 hours. Given a Maximum Tolerable Downtime (MTD) of 24 hours and a Recovery Time Objective (RTO) of 6 hours for this function, what should the risk manager prioritize in the risk management strategy? A.Improving the MTBF of the server B.Reducing the MTTR of the server C.Increasing the MTD for the function D.Extending the RTO for the function

Reducing the MTTR of the server

A large healthcare organization is considering an alliance with a third-party medical software provider. The organization wants to ensure they well-document all aspects of the alliance, with both parties understanding their roles and responsibilities. Which of the following should the healthcare organization prioritize to clearly define the parameters, the expectations for both parties, and the protocols for managing risks and security? A.Business Partnership Agreement (BPA) and Rules of Engagement (RoE) B.Memorandum of Understanding (MOU) and nondisclosure agreement (NDA) C.Service level agreement (SLA) and statement of work (SOW) D.Questionnaires and master services agreement (MSA)

Business Partnership Agreement (BPA) and Rules of Engagement (RoE)

A security analyst at a large financial institution must find areas of security operations that cannot maximize the advantages of automation and orchestration. The organization aims to enhance efficiency and combat operator fatigue. Which of the following areas will experience minimal improvement by implementing automation and orchestration? A.Customization and application of vulnerability scanning B.Manually initiated threat detection and response C.Monitoring systems solely for anomalous activities D.Face-to-face cyber risk awareness training

Face-to-face cyber risk awareness training

A nationwide company realizes its current standardized approach to security is not working. The different company business units need more autonomy and the ability to make decisions that meet their local needs and priorities. What type of security governance should they follow? A.Decentralized security governance B.Centralized security governance C.Governance committees D.Data protection authorities

Decentralized security governance

An IT manager prepares a proposal to implement change management. Before being able to start the program, the manager needs support from key personnel within every department. What key personnel does the manager need support from? A.Controller B.Owner C.Stakeholders D.Processor

Stakeholders

A company helps employees get up to speed quickly with correct documentation. Guidelines can be beneficial in accomplishing this goal. To ensure guidelines remain relevant, what must the company do to them? (Select the two best options.) A.Mandatory employee review B.Continually update them C.Regular review D.Periodic assessments and updates

Regular review Periodic assessments and updates

12 of 21 Question Security governance relies heavily on specially designed and interdependent roles. Each role has unique responsibilities that contribute to effective security oversight and control. What are some of these roles? (Select the three best options.) A.Owner B.Controller C.Processor D.Maintenance custodian

Owner Controller Processor

A manager reprimands an IT employee because the employee did not follow instructions on the server build. Each server's configuration was different, including different software and settings. What should the employee have followed to build the server correctly? A.Standards B.Access control models C.Policy D.Guidelines

Standards

An organization has hired an HR director to improve the performance of the HR Division. The director first identified a lack of digital-only exit processes for employees or contractors. What are some IT security areas an exit process should focus on? (Select the three best options.) A.Account management B.Personal assets C.Physical security D.Company assets

Account management Personal assets Company assets

An earthquake occurred near the company HQ, causing severe damage in the area. The earthquake affected the building, which will not be usable for several weeks. What plan will the company follow to maintain its business? (Select the two best options.) A.COOP B.Disaster recovery C.Incident response D.AUP

COOP Disaster recovery

An IT admin receives an alert regarding an employee's web activity in which requested addresses are not written in plaintext, but contain entries such as %2e%2e%2f%2e%2e%2f%2e%2e%2f. What could this employee be attempting to do? (Select the two best options.) A.Command injection attack B.Directory traversal attack C.Canonicalization attack D.Server-side attack

Directory traversal attack Canonicalization attack

An IT intern looks for information on previous network attacks, specifically indicators of attempted and successful replay, forgery, and injection attacks. Where could the intern find this information? (Select the two best options.) A.Buffer overflow B.URL analysis C.Session cookies D.Web server logs

URL analysis Web server logs

A hacker infiltrated a company's network and made a big show of removing files and causing network connection issues. After stopping the hacker and completing the cleanup, the IT department began noticing logs of users with multiple logins at varying times. What is the BEST explanation for how another user accessed the accounts? A.Users sharing passwords B.A backdoor virus C.A botnet D.Installation of a key logger

Installation of a key logger

A new IT intern has been reviewing logs to gain familiarity and understanding of the systems they will support. During these reviews, the intern noticed that for the last few weeks, at the same time every day, several MBs of data are being sent out. What could this indicate? (Select the two best options.) A.Denial of service B.Reconnaissance C.Teleworker D.Unauthorized data exfiltration

Reconnaissance Unauthorized data exfiltration

A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved? A.Password spraying B.Brute force C.Dictionary D.Offline

Offline

A salesman reached out to a customer to find out why the firm backed out of the contract. The customer replied that the contract numbers were far more than verbally discussed. What kind of attack could potentially change transmitted information? (Select the two best options.) A.On-path attack B.Denial of service C.Reconnaissance D.Address resolution protocol poisoning

On-path attack Address resolution protocol poisoning

A company prepares to add additional protection to its networks due to ongoing attacks. It is adding resiliency and high availability services, such as load balancing and cluster services. What attacks could the company be experiencing? A.Denial of Service B.On-path C.Rogue Access Point D.Cryptographic

Denial of Service

A company CEO is upset after running into an issue where going to a specific website brings them to a malicious website instead. The security team ran checks and found the HOSTS file was manipulated redirecting the unsuspecting CEO to the malicious website. What kind of attack does this describe? A.Domain name system client cache poisoning B.Domain name system poisoning C.Domain name system-based on-path attack D.Domain name system attack indicators

Domain name system client cache poisoning

A help desk receives multiple calls from customers stating that they are experiencing incredibly slow connections to needed files, and an increasing number of users are having problems logging into their user accounts. Resource consumption and resource inaccessibility are typically indicators of what type of attack? A.Trojan B.Account compromise C.Denial of Service D.Ransomware

Denial of Service

A network administrator runs down a complex virus infection on the company's network. The file the administrator is chasing gained SYSTEM-level access. It is also cleaning logs and uses variations on known file names to remain unfound. What type of virus is the network administrator dealing with? A.Rootkit B.Trojan C.Malware D.Ransomware

Rootkit

A user contacts a company help desk complaining about intermittent access to files/shares while working from different locations in the building. The user also noticed connection problems occur when the network signal strength is at its highest. What could this be a sign of? (Select the two best options.) A.Rogue access point B.Wireless denial of service C.Wireless replay D.Downgrade attack

Rogue access point Wireless denial of service

A company employee brought a personal computer to the IT department when it locked after receiving a file from a co-worker. The screen shows a countdown clock with a threat of encrypting files permanently unless the user pays money. What type of virus was the user's computer MOST likely infected with? (Select the two best options.) A.Ransomware B.Crypto-ransomware C.Logic bomb D.Cryptojacking malware

Ransomware Crypto-ransomware

A company has noticed an apparent uptick in users disconnecting their sessions, then immediately reestablishing them. Their behavior after reestablishing the session is also noticeably different. What could this indicate? (Select the two best options.) A.Replay attack B.Cross-site Scripting C.Forgery attack D.Injection attack

Replay attack Cross-site Scripting

An incident response team member identifies an attack on the system network. Upon further analyses, it is determined that a threat actor was attempting to send data to the system in a manner that would change the commands being sent to the server. What type of attack is occurring in this situation? A.Injection attack B.Replay attack C.Forgery attack D.Cross-site Scripting

Injection attack

What is the primary purpose/action of the containment phase of cybersecurity incident management during an incident response lifecycle for a user account? (Select the two best options.) A.Remove all traces of the incident from affected systems B.Identify the root cause of the incident and gather evidence for legal action C.Limit the immediate impact of the incident while securing data and notifying stakeholders D.Disable a user account

Limit the immediate impact of the incident while securing data and notifying stakeholders Disable a user account

In digital forensics, why is the order of volatility significant during the data acquisition process? A.The order of volatility determines the legality of the data seizure in progress for accurate investigations. B.The order of volatility impacts the admissibility of evidence in court from the data collection process. C.The order of volatility ensures evidence from volatile sources gets collected before less volatile sources. D.The order of volatility applies to physical crime scenes, not digital ones, for accurate investigation purposes.

The order of volatility ensures evidence from volatile sources gets collected before less volatile sources.

The cybersecurity team at a large multinational corporation has a robust incident response and a threat-hunting framework to defend against cyber threats. The organization recently received intelligence indicating a new type of advanced persistent threat (APT) targeting companies in its industry, and the security team has initiated threat hunting within the network. Why is the security team implementing threat-hunting tactics? A.To respond to security incidents after they have occurred. B.To harden systems and create incident response resources. C.To proactively discover evidence of threat actor activity. D.To recover systems and restore data from backup.

To proactively discover evidence of threat actor activity.

An organization's computer incident response team (CIRT) receives an alert that shows possible malicious activity on a critical server within the network, and they initiate the CompTIA incident response process. The team follows the incident response lifecycle to address the situation, which involves several key steps. What order must the CIRT follow when performing the CompTIA incident response process? A.Preparation, analysis, isolation, containment, recovery B.Detection, analysis, eradication, restoration, improvement C.Detection, analysis, containment, eradication, recovery D.Isolation, analysis, restoration, eradication, improvement

Detection, analysis, containment, eradication, recovery

Which tool or concept can provide a unified view of network hosts and appliances by collecting and aggregating log data from multiple sources, offering better visibility into security events? A.Event Viewer format logging B.Syslog protocol C.Event metadata analysis D.Single pane of glass analysis

Single pane of glass analysis

An analyst receives an overwhelming number of low-priority alerts that could potentially lead the analyst to disregard a critical high-impact alert. What may be occurring in this situation? A.Alert tuning B.Alert fatigue C.Threat hunting D.False positive

Alert fatigue

When it comes to monitoring network security, which logs help detect any attempts made by a threat actor to attack a wireless network through disassociation events? A.System logs from routers B.Access logs from switches C.Firewall audit logs D.Access point logs

Access point logs

The leader of the cybersecurity team for a major e-commerce company recently encountered a major data breach that led to the exposure of customer payment details. The team has now contained the breach and is moving toward the final phase of the incident response cycle. After completing all previous steps, what is the team's primary objective in the final phase? A.Identifying stakeholders and reporting it to relevant parties B.Determining the root cause of the incident to eradicate it C.Restoring the affected system to a secure state to reintegrate it D.Analyzing the incident to improve procedures or systems

Analyzing the incident to improve procedures or systems

What kind of metadata is usually linked with files and includes information like creation date, access history, and security permissions? A.Web metadata B.Email header metadata C.Social media metadata D.File metadata

File metadata

A cybersecurity analyst in a multinational corporation is responsible for sensitive customer data and proprietary information and is now dealing with a security breach. The team is managing the incident response process using the CompTIA incident response lifecycle. The team has just completed the third step in the process. What must the team do next? A.Preparation B.Detection C.Analysis D.Containment

Containment

Which tool assesses different facets of cloud services, such as network bandwidth, virtual machine status, and program health in a network environment? A.Vulnerability scanner B.System monitor C.Application monitor D.Data loss prevention (DLP) tool

Application monitor

A cyber security analyst at a multinational corporation detects abnormal network activities that indicate a possible security breach. The analyst investigates and confirms that an unauthorized person has accessed sensitive customer information. The incident response team must act fast to contain the breach and stop further data loss. What should the initial responder do first? A.Disconnect affected server from the network, isolating it from the production environment B.Notify law enforcement authorities about the incident to initiate immediate action C.Restore affected systems from secure backups to recover and eliminate the threat D.Initiate threat hunting to find evidence of tactics, techniques, and procedures proactively

Disconnect affected server from the network, isolating it from the production environment

In digital forensics, why is de-duplication important in e-discovery software tools? A.De-duplication helps investigators locate files of interest. B.De-duplication ensures evidence remains confidential. C.De-duplication reduces the volume of data for analysis. D.De-duplication prevents tampering of stored evidence.

De-duplication reduces the volume of data for analysis.

A major financial institution's computer incident response team (CIRT) is dealing with a complex cyber attack. The attack started with several spear phishing emails sent to crucial employees in different departments. These emails had skillfully crafted messages and appeared to have legitimate attachments. However, upon opening them, the initiation of a highly evasive and previously unknown malware launched. What steps should the CIRT take in the containment phase of the incident response process to address this advanced attack? A.Disconnect all affected hosts from the network and shut down all communication channels. B.Use network segmentation to isolate and monitor infected systems. C.Immediately restore affected systems from backups and apply patches to prevent further attacks. D.Temporarily disable all user accounts and applications to prevent further spread of malware.

Use network segmentation to isolate and monitor infected systems.

Which type of analysis involves deep-down, frame-by-frame scrutiny of captured network traffic to decode packet header fields and payload contents, aiding in identifying attack tools, data exfiltration attempts, and suspicious domains? A.Retrospective network analysis B.Protocol-level summarization C.Security information and event management packet aggregation D.Sensor-based traffic recording

Retrospective network analysis

A large financial institution has discovered unusual network activity indicating a potential breach of sensitive data. The attacker is extracting large amounts of data over an extended period. The security team suspects the adversary may be an insider with advanced knowledge of the system's weaknesses. What incident response steps are MOST relevant for addressing the targeted data exfiltration incident? (Select the two best options.) A.Containment and eradication B.Detection and recovery C.Analysis and lessons learned D.Preparation and response

Containment and eradication Analysis and lessons learned

A cybersecurity analyst is implementing security measures for Near Field Communication (NFC) usage in the organization's mobile devices. Which technique should the analyst consider applying to mitigate potential risks associated with NFC technology? A.Enable NFC chip reading for all devices to enhance connectivity options. B.Use NFC for direct payment transactions without the need for mobile wallet apps. C.Apply encryption to NFC data to prevent eavesdropping and on-path attacks. D.Increase the NFC signal range to improve communication.

Apply encryption to NFC data to prevent eavesdropping and on-path attacks.

An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access while minimizing opening extra ports on the firewall? A.It requires no authentication method B.Simple Bind authentication method C.Simple Authentication and Security Layer D.Lightweight Directory Access Protocol Secure

Simple Authentication and Security Layer SASL allows the client and server to negotiate a supported authentication mechanism and provides the option to use the command STARTTLS for encryption and message integrity. This feature is a secure way to access the Lightweight Directory Access Protocol (LDAP) directory.

A large multinational company wants to enhance the security of its computing resources. It considers applying common security techniques to protect sensitive data and prevent unauthorized access. Which security technique would be MOST suitable for securing computing resources? A.GPS tagging to add geographical identification metadata to a company’s sensitive files B.Add geofencing to create a virtual boundary around the company's office premises C.Indoor Positioning System to determine the physical position of employees' devices D.Applying context-aware authentication to restrict resource access based on user location

Applying context-aware authentication to restrict resource access based on user location

A large hospital uses email for communication. However, to ensure security, they want to ensure that sensitive information is not transmitted out. What security function would accomplish this need? A.Simple Network Management Protocol B.File Transfer Protocol C.Secure File Transfer Protocol D.Data loss prevention

Data loss prevention

4 of 12 Question The IT administrator of a global banking organization is responsible for configuring email services. The administrator must ensure secure communication between servers and servers, as well as servers and clients. Which of the following statements about securing email protocols is true? (Select the two best options.) A.Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. B.Port 465 is the recommended port for secure message submission over implicit transport layer security using STARTTLS command. C.Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access. D.Internet Message Access Protocol Secure allows multiple clients to connect to the same mailbox on port 143 simultaneously

Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access.

Which of the following statements about applying common security techniques to computing resources is correct? A. Secure Sockets Layer (SSL) primarily secures File Transfer Protocol (FTP) communications. B. Hypertext Transfer Protocol Secure (HTTPS) operates over port 80 by default. C. Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages. D. TLS 1.3 cipher suites include Rivest, Shamir, and Adelman for bulk encryption.

Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages.

A large finance company's software developers are working on a new web application for their customers. The team has concerns about potential security vulnerabilities. Which security techniques should they consider implementing to enhance the security of their application from web-based attack techniques? (Select the two best options.) A.Static code analysis B.Code signing C.Input validation D.Secure cookies

Input validation Secure cookies

Which intrusion detection method involves the analysis engine trained to recognize baseline "normal" traffic and generates an incident when it detects deviations from this baseline? A.Signature-based detection B.Behavioral- and anomaly-based detection C.Trend analysis D.Network traffic analysis (NTA)

Behavioral- and anomaly-based detection

What is the purpose of implementing the principle of least privilege in endpoint protection? A.To restrict user access to specific network resources B.To enforce mandatory security configurations on devices C.To manage firewall rules across an organization's network D.To grant minimum permissions needed to perform tasks

To grant minimum permissions needed to perform tasks

An organization has a significant amount of mobile devices that it manages. Which mobile device deployment model gives the organization the MOST control over the device, thereby improving security? A.BYOD B.CYOD C.COBO D.COPE

COBO

A cybersecurity team for a technology company specializes in developing mobile applications for various industries. The team is working on a new app that utilizes location services to provide users with real-time updates on nearby events and activities. The app's success depends on its ability to provide accurate and relevant information based on the user's current location. However, the project stakeholders have expressed concerns about certain aspects of location services. What is the primary concern surrounding location services in mobile devices? A.Battery consumption B.Lack of accuracy C.Privacy D.Limited availability

Privacy

A critical infrastructure organization responsible for managing energy distribution across a large region relies heavily on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems to monitor and control the power grid. Given the critical nature of the operations, the IT team has implemented a control to safeguard these systems. Which control did the IT team use to protect ICS and SCADA systems? A.Regular system updates B.Network segmentation C.Secure boot mechanisms D.Transport encryption protocols

Network segmentation

Which of the following practices is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely? A.Regular maintenance cycle B.User awareness training C.Least functionality principle D.Monitoring and encryption

Least functionality principle

A healthcare organization has tasked a new security lead to improve its data protection strategy. The organization is heavily dependent on medical devices, electronic health records, and communication systems that are all interconnected. How can the security lead reason with the executive leadership team to implement secure baselines for network devices, software, and other components to the executive leadership team? A.It enhances IT security and operational efficiencies. B.It reduces the need for logging and monitoring. C.It simplifies the process of patching and updates. D.It promotes the use of default configurations.

It enhances IT security and operational efficiencies.

Which of the following methods is a replacement for Wi-Fi Protected Setup (WPS) as a more secure means of configuring client devices with the necessary information to access a Wi-Fi network? A.Device Provisioning Protocol (DPP) B.Wi-Fi Protected Access 3 (WPA3) C.Enhanced Open D.Simultaneous Authentication of Equals (SAE)

Device Provisioning Protocol (DPP)

The network administrator for a large corporation recently detected multiple unauthorized intrusion attempts on the network. As a result, the team deployed an intrusion detection system (IDS) and an intrusion prevention system (IPS). The team aims to block malicious traffic and automatically receive alerts on suspicious activities. The administrator needs to choose an approach that offers real-time protection against active threats and can modify or reject traffic in the network. Based on the desired outcomes and functionality the network administrator requires, which system should the team primarily focus on for real-time traffic modification and blocking active threats? A.Intrusion Detection System (IDS) B.Intrusion Prevention System (IPS) C.Network-based Intrusion Detection System (NIDS) D.Host-based Intrusion Detection System (HIDS)

Intrusion Prevention System (IPS)

A multinational corporation has hired a lead IT consultant to assess the security of its various systems, including Windows and Linux servers, desktops, and mobile devices in different countries. To ensure consistent security across all these systems, which of the following tools would the consultant recommend the organization use to automate the deployment of secure baseline configurations? A.Center for Internet Security Configuration Assessment Tool (CIS-CAT) Pro B.Security Content Automation Protocol (SCAP) C.Puppet D.Security Technical Implementation Guides (STIGs)

Puppet

A software development company has recently integrated new tools for dependency analysis and Software Bill of Materials (SBOM) into its development pipeline. The security team ensures that these tools effectively identify and manage vulnerabilities. When leveraging dependency analysis and SBOM tools in a software development environment, which key factors should the security team prioritize to address potential vulnerabilities more efficiently? (Select the two best options.) A.Recognizing outdated software dependencies B.Tracking the frequency of software updates C.Identifying undisclosed open-source components D.Calculating the software's runtime speed

Recognizing outdated software dependencies Identifying undisclosed open-source components

An organization's security team has hired a penetration tester to assess the vulnerabilities in its digital infrastructure. The penetration tester has a clear set of guidelines and is about to start the test. When engaging in vulnerability management within an organization, which activities will the penetration tester MOST likely undertake to ensure a comprehensive assessment? (Select the two best options.) A.Deleting data found in critical servers B.Running exploitation tools against known vulnerabilities C.Installing new software without prior permission D.Assessing the environment for potential weak points

Running exploitation tools against known vulnerabilities Assessing the environment for potential weak points

A medium-sized software development company recently introduced a bug bounty program to identify and mitigate vulnerabilities in their flagship application. The security manager plans to coordinate the program's rules and engagement policies. When setting up a bug bounty program for vulnerability management, which activities should the security manager prioritize to ensure the program's effectiveness and ethical participation? (Select the two best options.) A.Establishing a clear scope of which assets researchers can test B.Offering substantial rewards regardless of the severity of the bug found C.Providing a secure platform for researchers to report findings D.Allowing researchers to disclose findings publicly immediately after discovery

Establishing a clear scope of which assets researchers can test Providing a secure platform for researchers to report findings

A software development company pushes a critical update for its operating system, addressing security vulnerabilities. The chief information security officer (CISO) schedules a meeting with the security team to discuss the specifics of one of these vulnerabilities exploited in recent cyberattacks. Based on common operating system vulnerabilities, which of the following has insufficient or missing data validation mechanisms that lead to the system interpreting unintended command execution? A.Buffer overflow B.Privilege escalation C.Side-channel attack D.Fingerprinting

Buffer overflow

A system administrator at a software development company is working on integrating package monitoring into the organization's vulnerability management strategy. The administrator aims to track software packages and applications to ensure they remain free from vulnerabilities and continue to support the firm's security framework. As the system administrator incorporates package monitoring into the vulnerability management process, which actions will MOST likely get prioritized to enhance the effectiveness of this approach? (Select the two best options.) A.Tracking outdated software packages B.Manually updating software every day C.Monitoring software repositories for new updates D.Buying the latest antivirus software every month

Tracking outdated software packages Monitoring software repositories for new updates

A security analyst evaluates a software application's codebase to detect potential security vulnerabilities. The analyst performs dynamic security testing and static source code analysis to understand potential threats comprehensively. When conducting dynamic security testing and static source code analysis, the analyst typically performs which activities? (Select the two best options.) A.Reviewing code for hard-coded credentials B.Analyzing run-time behavior of applications C.Installing updates on network routers D.Configuring firewall rules

Reviewing code for hard-coded credentials Analyzing run-time behavior of applications

A global finance company faced a massive cyberattack. The attacker successfully bypassed perimeter defenses and encrypted a significant portion of the company's stored financial records. The company's incident response team quickly intervened, neutralizing the threat. Now, the chief information security officer (CISO) focuses on implementing strategies to enhance resilience and ensure a rapid recovery should a similar event occur. Considering the company's recent incident and its determination to bolster resilience and advanced data protection, which of the following actions should the CISO prioritize to MOST directly ensure the organization can efficiently recover from similar cybersecurity events in the future? A.Implementing an advanced intrusion detection system (IDS) B.Regularly testing and updating data backup and recovery solutions C.Introducing more comprehensive employee cybersecurity training programs D.Increasing the frequency of penetration testing exercises

Regularly testing and updating data backup and recovery solutions

A leading financial institution is enhancing its security infrastructure by revising user access controls. The IT department, in collaboration with the security team, deliberates on the essential principles to guide their implementation efforts. A primary focus is on ensuring proper authentication and authorization mechanisms are in place. Which of the following measures should the IT department integrate to ensure users are both authenticated and authorized before gaining access to sensitive resources? (Select the two best options.) A.Implementing multifactor authentication (MFA) B.Assigning role-based access controls (RBAC) C.Using a single shared password for all users D.Relying on facial recognition for guest users

Implementing multifactor authentication (MFA) Assigning role-based access controls (RBAC)

An organization's security team is in the process of implementing new security measures for managing its hardware, software, and data assets, increasing its overall protection. The team plans to implement network segmentation, store passwords in plaintext in a secure server, establish a policy for outdated software disposal, and perform regular asset inventory audits. Considering the initiatives the security team proposes, what relevant and secure practices directly relate to managing hardware, software, and data assets effectively and efficiently while ensuring data protection? (Select the two best options.) A.Network segmentation B.Storing passwords in plaintext on a secure server C.Establishing a policy disposing of outdated software D.Performing regular audits of asset inventory

Establishing a policy disposing of outdated software Performing regular audits of asset inventory

A security consultant is evaluating the resilience of a company's server room during power interruptions, focusing on the integration of Power Distribution Units (PDUs) and backup power solutions. Given the critical need for continuous operation, how do backup power generators complement the use of PDUs and UPS systems to ensure server room operations are maintained without interruption? A.It ensures power load balancing occurs across multiple servers. B.It supplies power to PDUs, preventing lapses during an outage. C.It provides prolonged power to PDUs to prevent exhausting the UPS power. D.It filters and stabilizes power before the PDU distributes it.

It provides prolonged power to PDUs to prevent exhausting the UPS power.

The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the best strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer? A.Establishing a security perimeter with layered access controls B.Implementing a single, fortified main entrance C.Placing all servers near windows for easy maintenance D.Distributing security personnel evenly throughout the premises

Establishing a security perimeter with layered access controls

An IT security consultant is reviewing the advanced data protection strategies of a multinational corporation. The corporation recently experienced a significant data breach that affected one of its primary databases, leading to significant downtime and a loss of trust among its stakeholders. The consultant notes that while the company has robust preventive measures, its resilience and recovery procedures need enhancement. Based on the importance of resilience and recovery in security architecture, which of the following strategies would the consultant MOST likely recommend to prevent excessive downtime and loss of stakeholder trust? A.Implement a redundant data storage solution with automated failover capabilities B.Increase the frequency of employee cybersecurity training sessions C.Deploy additional intrusion prevention systems at all network entry points D.Purchase and install the latest antivirus software for all end-user devices

Implement a redundant data storage solution with automated failover capabilities

A network engineer reviews the security implications tied to cloud architecture models as the company plans to move data off-premises at the end of the year. What model provides flexibility by allowing the company to store sensitive data to a private cloud infrastructure and non-sensitive information on a public cloud infrastructure? A.Multi-tenant architecture B.Serverless architecture C.Single-tenant architecture D.Hybrid architecture

Hybrid architecture

Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA? A.Greater security B.Better access controls C.Decreased granularity D.Improved governance and compliance

Decreased granularity

A software engineer reviews the use of SCADA applications associated with various industries. What sector of industry refers specifically to mining and refining raw materials, involving hazardous high heat and pressure furnaces? A.Energy B.Fabrication C.Facilities D.Industrial

Industrial

A network architect at a global financial institution overhauls the company’s on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network’s security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface? A.Centralized architecture B.Peer-to-peer network C.Content delivery networks D.Hybrid cloud

Centralized architecture

The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company's objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security? A.Peer-to-peer model B.Client-server model C.Hybrid model D.Three-tier model

Client-server model

Following a recent insider threat breach, a network engineer reviews the company’s Zero Trust architecture policy to ensure all aspects are accurate and aspects of the control and data planes are implemented correctly. What statements are TRUE regarding the control plane of the Zero Trust architecture? (Select the two best options.) A.It establishes sessions for secure information transfers. B.In this plane, a subject uses a system to make requests for a given resource. C.It manages policies that dictate how users and devices are authorized to access network resources. D.It is implemented through a centralized policy decision point.

It manages policies that dictate how users and devices are authorized to access network resources. It is implemented through a centralized policy decision point.

In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.) A.Better access controls B.Cloud security C.Improved governance and compliance D.Data protection

Cloud security Data protection

A cybersecurity analyst at a large corporation is assessing the security implications of transitioning to a hybrid model that incorporates both traditional network and cloud architectures. The corporation aims to leverage the advantages of both architectures while minimizing potential vulnerabilities. The analyst needs to understand the distinctive characteristics of each model to manage risks effectively. Given the differences in the architecture models, which statements correctly describe unique features related to the security implications of each model? (Select the two best options.) A.Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model. B.Traditional network architectures inherently prioritize data encryption during transit more than cloud architectures. C.Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices. D.Cloud architectures solely depend on customers to manage the physical hardware and its security.

Cloud architectures actively delegate security tasks between cloud service providers and customers, creating a shared responsibility model. Physical device security and controlled access gain heightened importance in traditional network architectures due to onsite storage of devices.

A research team of an aerospace organization wants to purchase an operating system (OS), that is commonly used in the aerospace industry and can assist in prioritizing deterministic execution of operations to ensure consistent responses are received for time-critical tasks. What type of OS should the research team purchase? A.SCADA B.ICS C.ZTA D.RTOS

RTOS

To meet growing concerns of unauthorized access to the company network, a software engineer reviews protocols used in the 802.1X Standard that will assist in forcing computers to fully authenticate before being granted full access. What statements are true regarding the Extensible Authentication Protocol (EAP)? (Select the two best options.) A.It provides a framework for deploying multiple types of authentication methods. B.It is used to establish a trust relationship and create an unsecure tunnel to transmit the user credential. C.It allows for smart-card authentication without a password. D.It allows the authenticator and authentication server to communicate authentication/authorization decisions.

It provides a framework for deploying multiple types of authentication methods. It allows for smart-card authentication without a password.

The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication. Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure? A. Implement transport layer security for all remote desktop connections B. Disable all firewall rules for remote desktop connections C. Establish virtual private network tunnels without encryption protocols D. Enable open access to remote desktop connections for manageability

Implement transport layer security for all remote desktop connections

A company has expanded its operations to a new location and is setting up its network infrastructure. A significant part of this setup includes strategically placing devices for optimal security and efficiency. How should the network security manager decide the optimal placement of the intrusion detection system (IDS) in the new network topology to ensure maximum visibility and efficiency without impacting overall network performance? A.Place the IDS outside the firewall B.Place the IDS at the end of the network C.Place the IDS directly behind the router D.Place the IDS near the servers

Place the IDS directly behind the router

A network engineer is formulating an architectural plan. When evaluating the use of a particular architecture and selection of controls, what is NOT an architectural consideration? A.Port security B.Costs C.Availability D.Risk Transference

Port security

A growing company's IT department is weighing the pros and cons of different architectural models for its next project. The debate narrows down to cloud architecture versus traditional network architecture. During a team meeting, the head of IT security asks a newly hired network specialist to identify the primary security consideration when comparing cloud architecture to traditional network architecture. Based on the conversation in the IT department, which security consideration is MOST directly associated with cloud architecture compared to traditional network architecture? A.A need for regular network hardware/firmware updates B.Shared responsibility model with service providers C.Encryption of data transmitted over local networks D.Requirement for secure physical access to network devices

Shared responsibility model with service providers

o improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy? A.Client-server model B.Peer-to-peer model C.Hybrid model D.Monolithic model

Client-server model

A software company implements Secure Shell (SSH) to manage remote servers securely within its enterprise infrastructure. The IT department is aware of the risks associated with improper SSH configurations and wants to optimize the settings to minimize those risks. To improve security and protect against potential vulnerabilities, what configuration should the IT department implement for the SSH protocol to enhance the secure management of remote servers in the enterprise infrastructure? A.Disable SSH version 2 and use only SSH version 1 B.Implement public key authentication for SSH C.Enable root logins for SSH D.Use weak encryption algorithms for SSH

Implement public key authentication for SSH

A newly established e-commerce company experienced increased web-based attacks on its online shopping platform. As a result, the company installed a Web Application Firewall (WAF) to enhance its security infrastructure. What primary function should the network security manager ensure the WAF is performing to protect the online platform from the most common types of web-based threats, such as Cross-site Scripting (XSS), Structured Query Language (SQL) Injection, and Cross-site Request Forgery? A.Monitor traffic and block DDoS attacks B.Inspect HTTPS traffic C.Validate input and output D.Encrypt data in transit

Validate input and output

A company using Windows Server technology needs to link its Active Directory to a third-party service to allow single sign-on. Which service that uses the standard X.500 would work for the company? A.Virtual Private Network B.Lightweight Directory Access Protocol C.Application Programming Interface D.Local Security Authority Subsystem Service

Lightweight Directory Access Protocol

A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement? A.Kerberos B.Fast IDentity Online C.Virtual Private Network D.Open Authorization

Open Authorization

A manufacturing company has recently acquired another, similar company. They need to link each company's directory systems together to access their resources using a single account. How can they link the two directory systems together? A.Site-to-site VPN B.Migration C.Federation D.Location-based restrictions

Federation

A small defense contractor is setting up a new shared drive system and needs the proper controls to ensure that only those with the correct classification can access any given folder or file. Which control type would meet these requirements? A.Multifactor authentication B.Role-based access control C.Mandatory access control D.Discretionary access control

Mandatory access control

Why might it be a bad policy to set up permissions individually instead of using an access control methodology? A.It is harder to manage. B.It allows for more control. C.It allows for less control. D.It is easier to manage.

It is harder to manage.

An engineering firm wants to implement an authentication design that uses a framework for passwordless authentication. What statement is not accurate regarding passwordless authentication? A.The user chooses either a roaming authenticator, such as a security key, or a platform authenticator implemented by the device OS. B.The relying party uses a private key to verify the signature and authenticate the account session. C.The user registers with a web application or service, referred to as a relying party. D.When presented with an authentication challenge, the user performs the local gesture to unlock the private key.

The relying party uses a private key to verify the signature and authenticate the account session.

A recently hired information technology manager wants to implement more automation regarding the onboarding procedure. What process describes setting up accounts so a new employee can automatically access the software and file shares from the human resource platform? A.Multifactor authentication B.Following least privilege C.Enabling a password reuse policy D.Provisioning

Provisioning

One of the company’s accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software? A.Licensing B.Discretionary access control C.Mandatory access control D.Least privilege

Least privilege

Which technology replaced NT LAN Manager in Active Directory? A.Kerberos B.Virtual Private Network C.Fast IDentity Online D.Unique security identifier

Kerberos

A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up? A.Public key infrastructure B.Certificate authority C.Cryptanalysis D.Typosquatting

Public key infrastructure

What is the process used to encrypt and decrypt a message? A.Cryptanalysis B.Plaintext C.Ciphertext D.Algorithm

Algorithm An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.

A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise? A.In transit B.At rest C.In use D.Through Bluetooth

In use

A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost? A.Root Certificate Authority B.Certificate Signing Request C.Certificate Authority D.Certificate Revocation List

Certificate Authority

A news reporter received an anonymous message containing a potential Pulitzer Prize-winning story. However, the anonymous sender requested the reporter set up a communication system that enforced encryption before sending over details for the story. What is the anonymous sender trying to ensure? A.The reporter needs to show an interest in the story. B.The anonymous sender is suspicious of the reporter. C.Encryption prevents the theft of intellectual property. D.Encryption allows for confidentiality.

Encryption allows for confidentiality.

A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic’s internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic’s needs? A.Symmetric algorithm B.Asymmetric algorithm C.Plaintext D.Cryptography

Symmetric algorithm

An indie game developer created a browser based on the Chromium project. The developer must ensure that anyone using the browser is safe from invalid certificates. What should the developer use to ensure that the browser blocks revoked certificates? A.CRL B.CA C.CSR D.PKI

CRL

A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key? A.CA B.CSR C.CRL D.PKI

CSR

A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure? A.Digital certificate B.Certificate Authority C.Cryptoanalysis D.Certificate Signing Request

Digital certificate

A project manager's assistant received an email requesting information for an ongoing project. The email attempted to convince the assistant that the project would fail to complete on time if they did not receive the information. Before giving the information over, what should the assistant protect against? A.Urgency B.Typosquatting C.Consensus technique D.Brand impersonation

Urgency

A company uses a popular password manager. It noticed unusual breaches in its systems and forced a password reset on all employees' accounts. What is a primary consideration when using third-party software for any computer function? A.Costs can be cheaper than doing it all internally. B.Every vendor is at risk of threats. C.The risks outweigh the costs. D.A company cannot hire employees with specific roles.

Every vendor is at risk of threats.

Check for brand impersonation

Cybercrime

A recently terminated employee copied sensitive information from the company’s shared drive right before permanently leaving. This employee is what kind of threat to the company? A.External B.Nation-state C.Hacktivist D.Internal

Internal

A large financial firm recently brought its information technology (IT) back in-house. It made this decision after facing issues with its third-party vendor not properly securing its systems from outside threats. Which of the following was the primary consideration for the financial firm's return to in-house IT services? A.To reduce the risk of supply-chain attacks. B.To reduce the risk of insider threats C.To reduce the risk of nation-state threats D.To improve the company's security posture

To reduce the risk of supply-chain attacks.

Risk

After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control functional type BEST describes the function of these recent implementations? A.Corrective B.Preventive C.Detective D.Operational

Corrective

After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company? A.SOC B.NOC C.Help desk D.MSP

SOC A Security Operations Center (SOC) is the team responsible for security-related activities within a company. A Network Operations Center (NOC) is the team responsible for the network and server infrastructure-related activities inside the company.

An information technology manager audited the company's support tickets and decided to implement a new standard operating procedure. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? A.Compensating B.Deterrent C.Directive D.Corrective

Directive

A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company’s account creation process? A.IAM B.LDAP C.CISO D.CTO

IAM identity and access management (IAM)

A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better secure the company’s access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO? A.Monitoring audit logs B.Reviewing user permissions C.Documenting access controls D.Managing security-related incident response

Reviewing user permissions

Security + Chapter Quizzes Flashcards

(147 cards)