Chapter 1 Security Architecture (Sybex)

Question 1

Your organization experienced a security event that led to the loss and disruption of services. You were chosen to investigate the disruption to prevent the risk of it happening again. What is this process called?

A. Incident management
B. Forensic tasks
C. Mandatory vacation
D. Job rotation

Answer 1

A. Incident management

Explanation:
An incident is an event that could lead to loss of, or disruption, an organizations operation, services or functions. Incident management is a term describing the activities of an organization to identify, correct and analyze to prevent a future occurrence. Forensics are performed to find artifacts in an environment. Mandatory vacations and Job Rotations are administrative controls

Question 2

Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose?

A. RAID 1, Classification of data and load balancing
B. Digital signatures, encryption and hashes
C. Steganography, ACLs and vulnerability management
D. Checksums, DOS attacks and RAID 0

Answer 2

A. RAID 1, Classification of data and load balancing

Explanation:
RAID 1 is for redundancy, the data’s level of sensitivity is classified based on importance, which is correlated to security measures and who has access, and load balancers determine which server in a pool is available and route requests to that server. The other answers do not pertain

Question 3

Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose?

A. RAS
B. PBX
C. IDS
D. DDT

Answer 3

C. IDS

Explanation:
An IDS is used to detect against intrusion from the outside untrusted network into an internal trusted network. It can be deployed to watch behind the firewall for traffic that was successful in circumventing the firewall, as well as for activity originating from inside the trusted network. A RAS (remote access service) is a combination of hardware and software to enable remote access tools connecting a client to a host computer. A private branch exchange (PBX) is a private telephone network used in a company

Question 4

Nicole is the security administrator for a large governmental agency. She has implemented port security, restricted network traffic and installed NIDS, firewalls and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow?

A. Antimalware/virus/spyware, host based firewall and MFA
B. Antivirus/spam, host based IDS and TFA
C. Antimalware/virus, host based IDS and biometrics
D. Antivirus/spam, host based IDS and SSO

Answer 4

A. Antimalware/virus/spyware, host based firewall and MFA

Explanation:
You want to protect your endpoints from malware, viruses and spyware. A host based firewall will prevent malicious traffic, where the IDS will only report there is an intrusion. All two factor authentication (TFA) is a MFA but not all MFA is TFA

Question 5

Sally’s CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want?

A. HIDS
B. NIDS
C. HIPS
D. NIPS

Answer 5

B. NIDS

Explanation:
A network based intrusion detection system (NIDS) monitors traffic traversing the network and can alert based on observing attacks and intrusions. The alerts can come in various forms, including email and text messages

Question 6

Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business critical servers to detect and stop intrusions. Which of the following will meet the CISOs requirements?

A. HIPS
B. NIDS
C. HIDS
D. NIPS

Answer 6

A. HIPS

Explanation:
A host based intrusion prevention system (HIPS) is an intrusion prevention system used to detect intrusions on a host system like a server and stop those intrusions from compromising a system

Question 7

Paul’s company has discovered that some of his organizations employees are using personal devices, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy?

A. DLP
B. WIDS
C. NIPS
D. Firewall

Answer 7

B. WIDS

Explanation:
Wireless intrusion detection system (WIDS) solutions can locate and identify WiFi devices as well as Bluetooth, Bluetooth Lower Energy and devices emitting cellular signals. This means a WIDS can discover a cell phone even when the WiFi and Bluetooth are not active. Network IDSs and IPSs are looking for malicious network based activity

Question 8

Tom’s company discovered that some of her organizations employees are copying corporate documents to Microsoft blob cloud drives outside the control of the company. She has been instructed to stop this practice from occurring. Which of the following can stop this practice from happening?

A. DLP
B. NIDS
C. NIPS
D. Firewall

Answer 8

A. DLP

Explanation:
DLP systems are designed to examine data as it moves off the host system looking for unauthorized transfers.

Question 9

Troy must decide about his organizations file integrity monitoring (FIM). Standalone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such as memory or an I/O. For the integration, which of the following does Troy need to use?

A. HIDS
B. ADVFIM
C. NIDS
D. Change management

Answer 9

A. HIDS

Explanation:
Some more advanced FIM solutions are part of a host based intrusion detection system (HIDS). As a general rule, they can detect threats in other areas, not just files

Question 10

Lisa is building a network intrusion detection system (NIDS). What can NIDS do with encrypted network traffic?

A. Look for viruses
B. Examine contents of email
C. Bypass VPN
D. Nothing

Answer 10

D. Nothing

Explanation:
Encrypted packets are not processed by most intrusion detection devices. Other potential issues with NIDSs are high speed network data overload, tuning difficulties and signature deployment lag time

Question 11

What system is used to collect and analyze data logs from various network devices and to report detected security events?

A. Syslog server
B. NIPS
C. WIPS
D. SIEM Systems

Answer 11

D. SIEM Systems

Explanation:
A SIEM system is used to collect logs from various devices on a network and to analyze those logs, looking for security issues. Because a SIEM can review logs from various devices, it gets a holistic view of actions going on over the network, as opposed to a single appliance analyzing only traffic flowing through it.

Question 12

The IT department decided to implement a security appliance in front of their web servers to inspect HTTP/HTTPS/SOAP traffic for malicious activity. Which of the following is the best solution to use?

A. Screened host firewall
B. Packet filter firewall
C. DMZ
D. WAF

Answer 12

D. WAF

Explanation:
A WAF is used to inspect OSI Layer 7 data for malicious activity. HTTP/HTTPS/SOAP are all web application protocols that operate at OSI Layer 7.

Question 13

A security audit was conducted for your organization. It found that a computer plugged into any Ethernet port in its shipping facility was able to access network resources without authentication. You are directed to fix this security issue. Which standard, if implemented, could resolve this issue?

A. 802.1x
B. 802.3
C. 802.1q
D. 802.11

Answer 13

A. 802.1x

Explanation:
The 802.1x standard from IEEE provides for port-based network access control. It provides a means of authenticating devices that attempt to connect to the network. Based on authentication, the Ethernet port can be placed in the appropriate VLAN for that device. If a device does not authenticate, the port could be placed into a quarantined VLAN or configure for Internet access only

Question 14

Your CISO is concerned with unauthorized network access to the corporate wireless network. You want to set a mechanism in place that not only authenticates the wireless devices but also requires them to meet a predefined corporate policy before allowing them on the network. What technology best performs this function?

A. HIDS
B. NAC
C. Software agent
D. NIPS

Answer 14

B. NAC

Explanation:
Not only can NAC authenticate network devices, but it can also ensure the enforcement of corporate policies governing these devices. If a system is not in compliance with the corporate policy, the device can be quarantined until such time when the policy failures are remediated

Question 15

David’s security team is implementing NAC for authentication as well as corporate policy enforcement. The team wants to install software on the devices to perform these tasks. In the context of NAC, what is this software called?

A. Program
B. Process
C. Agent
D. Thread

Answer 15

C. Agent

Explanation:
The software installed on dev ices tha t will connect to the network using NAC is called an agent. A program is a set of instructions that allow for a certain kind of digital operation

Question 16

Grace is investigating the encryption of data at rest and data in transit and trying to determine which algorithm is best in each situation. Which of the following does not contain data at rest?

A. SAN
B. NAS
C. SSD
D. VPN

Answer 16

D. VPN

Explanation:
Data at rest is stored on a device. A VPN contains data moving, which means in transit

Question 17

Your employees need internal access while traveling to remote locations. You need a service that enables them to securely connect back to a private corporate network from a public network to log into a centralized portal. You want the traffic to be encrypted. Which of the following is the best tool?

A. WiFi
B. VPN
C. RDP
D. NIC

Answer 17

B. VPN

Explanation:
A virtual private network (VPN) enables employees to access sensitive data and systems on mobile devices while away from the secure corporate network.

Question 18

Roberts employees complain that when they connect to the network through the VPN, they cannot view their social media posts and pictures. What most likely has been implemented?

A. Split tunnels
B. DNS tunneling
C. ARP cache
D. Full tunnels

Answer 18

D. Full tunnels

Explanation:
In a full tunnel, all network traffic is forced to go through the VPN. Depending on how its configured, you may only have access to the internal network while the VPN is active. Split VPN tunnels only partially encrypt traffic

Question 19

Robin’s company is merging with another healthcare organization. The stakeholders are discussing the security aspects of combining digital communications. The main agreed upon criterion for compliance and security is protecting the sharing of the business’s domains. What is the best option for this organization?

A. DNSSEC
B. TLS
C. SSL 2.0
D. Keeping both entities separate

Answer 19

A. DNSSEC

Explanation:
DNSSEC strengthens authentication using digital signatures based on public/private key cryptography. With DNSSEC, you have data origin authentication as well as data integrity

Question 20

You are a network security administrator for a SOHO. Your staff tends to work from coffee shops without understanding the need for a VPN. You must show them why this can be dangerous. What network traffic packets are commonly captured and used in a replay attack?

A. Packet headers
B. Authentication
C. FTP
D. DNS

Answer 20

B. Authentication

Explanation:
Authentication traffic is the most commonly captured and reused network traffic used in a replay attack. If an attacker is able to replay the stream of authentication packets correctly, they gain access to the same systems as the original user

Question 21

Sally needs to implement a network security device at the border of her corporate network and the Internet. This device filters network traffic based on source and destination IP addresses, source and destination port numbers and protocols. Which network security device best suits her needs?

A. Packet filter firewall
B. Proxy server
C. HSM
D. DMZ

Answer 21

A. Packet filter firewall

Explanation:
A packet filter firewall inspects packets traversing the network and allows you to control the traffic based on source and destination IP, source and destination port and the protocol utilized for communication. A proxy server is a server application or appliance that acts as an intermediary for requests from client machines looking for resources.

Question 22

The IT security department was tasked with recommending a single security device that can perform various security functions. The security functions include antivirus protection, antispyware, a firewall and an IDP. What device should the IT security department recommend?

A. Next generation firewall
B. Unified threat management system
C. Quantum proxy
D. Next generation IDP

Answer 22

B. Unified threat management system

Explanation:
A unified threat management (UTM) system is a single device that provides multiple security functions, including antivirus protection, antispyware, a firewall and an IDP. A concern with using a UTM is that it could become a single point of failure.

Question 23

One of your network administrators reports that they cannot connect to a device on the local network using its IP address. The device is up and running with an IP address of 10.0.0.5. Other hots can communicate with the device. The default gateway is 10.0.0.1 and your local IP address is 10.0.0.3. What is the best type of scan to run to find the MAC of the offending machine?

A. ARP
B. NAT Gateway
C. IPConfig
D. IFConfig

Answer 23

A. ARP

Explanation:
An Address Resolution Protocol (ARP) scan is performed to learn MAC addresses. You run an ARP request to query the MAC address of a device with a known IP Address. When the ARP reply is received, you populate the ARP table, which maps the IP to a MAC.

Question 24

Ronald has architected his network to hide the source of a network connection. What device has he most probably used?

A. Proxy firewall
B. Internet gateway
C. Layer 3 switch
D. Bastion host

Answer 24

A. Proxy firewall

Explanation:
A proxy firewall is also known as an application level gateway firewall. It is used primarily to hide the source off a network connection. This allows you to hide the true source of the traffic.

Question 25

The IT group within your organization wants to filter requests between clients and their servers. They want to place a device in front of the servers’ that act as a go between for the clients and the servers. This device receives the request from clients and forwards the request to the servers. The server will reply to the request by sending the reply to the device, then the device will forward the reply to the clients. What device best meets this description?

A. Firewall
B. NIDS
C. Reverse proxy
D. Proxy

Answer 25

C. Reverse proxy

Explanation:
A reverse proxy performs the function mentioned in the question. As traffic intended for the servers goes through the reverse proxy, it can provide filtering of malicious traffic destined for the servers. A proxy sits in front of clients, receiving their requests and forwarding them on to the destination.

Question 26

Many users within your organization clicked on emails that, while looking legitimate, are malicious. Malicious code executes once the email is opened, infecting the users system with malware. What could be implementing on the email server to help prevent such emails from reaching the end user?

A. Firewall
B. Spam filters
C. WAF
D. Forward proxy

Answer 26

B. Spam filters

Explanation:
Spam filters inspect and filter malicious emails before they reach the end user. A basic firewall does not examine emails for malicious content.

Question 27

Your network administrator, George, reaches out to you to investigate why your ecommerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP. You suspect an attacker set up botnets that flood your DNS server with invalid requests. You find this out by examining your external logging service. What is this type of attack called?

A. DDoS
B. Spamming
C. IP Spoofing
D. Containerization

Answer 27

A. DDoS

Explanation:
A DoS attack is a single source computer system initiating the attack. A DDoS attack is much more orchestrated enlisting the help of hundreds/thousands of other source computers to completely overload the system

Question 28

Aarons end users are having difficulty signing into the network. The investigation of the situation leads him to believe it is which type of attack?

A. Port scanning
B. DDoS
C. Pass the hash
D. Trojan

Answer 28

B. DDoS

Explanation:
DoS and DDoS are attacks that do not give unauthorized access but rather block legitimate users from access. Typically attackers generate large volumes of packets or requests, overwhelming a target system

Question 29

A network engineer must configure a router on the network remotely. What protocol should be used to ensure a secure connection?

A. Telnet
B. FTP
C. HTTP
D. SSH

Answer 29

D. SSH

Explanation:
SSH encrypts the data being to and from the router, ensuring that if an attacker captures the traffic, the attacker cannot read it. The other protocols send traffic in clear text that can be read, if captured

Question 30

Ian has joined a company that licenses a third party’s software and email service that is delivered to end users through a browser. What type of organization does Ian work for?

A. IaaS
B. SaaS
C. PaaS
D. BaaS

Answer 30

B. SaaS

Explanation:
SaaS providers use an Internet enabled streaming service or web application to give end users access to software that would have to be installed locally or on a server.

Question 31

You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the phishing@mycompany.com address. You want to rip open the ransomware to see what it does and what asset it touches. What do you build?

A. Cloud sandbox
B. A container
C. SLA
D. A hypervisor

Answer 31

A. Cloud sandbox

Explanation:
A sandbox is an environment that is used for opening files or running programs without interfering with production environments. It is used to test software as safe or unsafe. A cloud sandbox adds another layer of security than an on premises sandbox as it is completely separate from your corporate network

Question 32

Cody configured the application programming interface (API) connection between your web application that manages retail transactions and your bank. This connection must be as secure as possible. Because the API connection will handle financial transactions, what is the best choice for securing the API if it is well designed?

A. SOAP
B. HTTPS
C. REST
D. XML

Answer 32

A. SOAP

Explanation:
There are two web service formats: SOAP and RREST. Simple Object Access protocol (SOAP) is used for interchanging data in a distributed environment. Representational State Transfer (REST) is an architectural style for hypermedia systems. Of the two, SOAP has extensions for specific security concerns, where as REST focuses on how to deliver and consume.

Question 33

Aniket is looking for a web server to process requests sent by XML. What is the best technology to use for this?

A. REST
B. SOAP
C. Ajax
D. XSS

Answer 33

C. Ajax

Explanation:
Asynchronous JavaScript and XML is a pattern where web pages use web services using JavaScript and XML. It is used to create fast dynamic web pages, enabling parts of a web page to update, rather than reloading the entire page

Question 34

The Cisco switch port you are using for traffic analysis and troubleshooting has a dedicated SPAN port that is an error disabled state; what is the procedure to re enable it after you enter priv exec mode?

A. Issue the no shutdown command on the error disabled interface
B. Issue the shutdown and then the no shutdown command on the error-disabled interface
C. Issue the no error command on the error disabled interface
D. Issue the no error disable command on the error-disabled interface

Answer 34

B. Issue the shutdown and then the no shutdown command on the error-disabled interface

Explanation:
A switched port analyzer (SPAN) port is a dedicated port on a switch that takes a mirrored copy of a network from within the switch to be sent to a destination. That destination is typically a monitoring device. The proper way to bring a switch port out of the error disabled state is to go to the interface and issue the shutdown and then the no shutdown commands.

Question 35

You were asked to recommend a solution to intercept and mirror network traffic and analyze its content for malicious activity while not interacting with the host computer. Of the following, which is the best solution?

A. System scanner
B. Application scanner
C. Active vulnerability scanner
D. Passive vulnerability scanner

Answer 35

D. Passive vulnerability scanner

Explanation:
A passive vulnerability scanner can intercept network traffic and analyze its content for malicious activity while not interfering with the host computer. A system scanner and application scanner are both active that do interact with a host computer and because they do so, could cause a host computer to crash

Question 36

One of Robert’s objectives and key results (OKRs) for the upcoming year is to modernize the IT strategy by adopting a virtual cloud and taking advantage of new features and storage. He understands that once intellectual property is in the cloud, he could have less visibility and control as a consumer. What else is a major security concern for important data stored in the public cloud versus a private cloud?

A. Cost effectiveness
B. Elastic use
C. Being on demand
D. Data remnants

Answer 36

D. Data remnants

Explanation:
Not only do you have the business issue of lost data by attacks or by accident, you also must consider whether the vendor van verify that your data was securely deleted on demand and that remnants of the data are not still in the cloud for others to see. The public cloud is more cost effective and utilizes elasticity to scale machines. Both public and private can deploy assets on demand, so the biggest security concern would be public data remnants.

Question 37

Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three day holiday weekend while most of the IT staff was not at work. The network diagram, in the order from the outside in, consists of the Internet, IDS, SSL accelerator, web server farm, internal firewall and internal network. You attempt a forensic analysis, but all the web server logs have been deleted and the internal firewall logs shows no activity. As the security administrator, what do you do?

A. Review sensor placement and examine the external firewall logs to find the attack
B. Review the IDS logs to determine the source of the attack
C. Correlate all the logs from all the devices to find where the organization was compromised
D. Reconfigure the network and put the IDs between the SSL accelerator and server farm to better determine the cause of future attacks

Answer 37

A. Review sensor placement and examine the external firewall logs to find the attack

Explanation:
If you place an IDS sensor somewhere in your network for intrusion detection, your end goal is important. If you want to see what threats are being aimed at your organization from the Internet, you place the IDS outside the firewall. If you want to see potentially malicious internal traffic that you have inside tthe perimeter of your network, you place the monitor between the firewall and internal LAN.

Question 38

After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator do to immediately minimize the attack?

A.

Question 39

Jonathan is a senior architect who has submitted the budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a SIEM. What is the primary function of a SIEM tool?

A. Blocking malicious users and traffic
B. Monitoring the network
C. Automating DNS servers
D. Monitoring servers

Answer 39

D. Monitoring servers

Explanation:
A SIEM monitors servers on your network, ideally providing a real time analysis of security incidents and events

Question 40

Janet has critical files and intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement?

A. FIM
B. PCI
C. DNS
D. TCP

Answer 40

A. FIM

Explanation:
File integrity monitoring is a security technique used to secure IT infrastructure and business data. If an attacker or malicious insider generates changes to application files, operating system files and log files, FIM can detect these changes.

Question 41

You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3?

A. Cryptographic security system
B. Party based security system
C. Easier to set up
D. Support UDP

Answer 41

A. Cryptographic security system

Explanation:
SNMP v3 adds encryption and authentication, which can be used together or separately

Question 42

Victor is employed in a high risk geographically diverse environment heavily using Cisco IOS. Which of these are not key service advantages of NetFlow?

A. Peer to peer tunneling encryption
B. Network traffic accounting and usage based billing
C. Network planning and security
D. DoS monitoring capabilities

Question 43

Eddie is looking for an antivirus detection tool that uses a rule or weight based system to determine how much danger a program function could be. What type of antivirus does he need?

A. Behavioral
B. Signature based
C. Heuristic
D. Automated

Answer 43

C. Heuristic

Explanation:
A heuristic antivirus application examines the code and searches for specific commands or instructions that would not normally be found in an application. A behavioral detection antivirus program watches the operating system looking for anything suspicious or out of the normal range of behavior

Question 44

Simon’s organization has endpoints that are considered low priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code?

A. Antimalware
B. Antispyware
C. Antivirus
D. Anti-adware

Answer 44

C. Antivirus

Explanation:
A virus is malicious code capable of destroying data and corrupting systems. It generally needs help moving from one system to another. Antivirus products are designed to recognize and remove viruses from a system. Antimalware products are able to detect various types of malware, including viruses. Anti adware products detect and remove programs designed to display advertisements on an infected users screen

Question 45

An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing that type of data on your business network?

A. Implement a security policy and awareness
B. Performing audits
C. Monitoring networks for certain file types
D. Using third party threat intelligence reports

Answer 45

A. Implement a security policy and awareness

Explanation:
Updating the corporate security policy for IoT and conducting a security awareness campaign are effective mitigation tools. After you perform the proper technical risk analysis, compensating controls, segmentation, and stringent network access controls can be put into place

Question 46

Your CISO asked you to implement a solution on the jump servers in your DMZ that can detect and stop malicious activity. Which solution accomplishes this task?

A. HIDS
B. NIDS
C. HIPS
D. NIPS

Answer 46

C. HIPS

Explanation:
HIPS is an intrusion prevention system is used to stop intrusion on a host and stop the activity. Jump servers, sometimes called jump boxes are typically placed between a secure zone and a DMZ to provide management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic.

Question 47

Peyton is an IT administrator needing visibility into his staging network. He believes he has all the tools and controls in place, but has no way to look for attackers who are currently exploiting the network. What tool can Peyton choose to help with seeing the dark spots in his environment?

A. Fuzzer
B. HTTP interceptor
C. Port scanner
D. SIEM

Answer 47

D. SIEM

Explanation:
SIEM collects data from various assets, servers, domain controllers, hosts and more.
The SIEM will normalize the data, which is analyzed to discover and detect threats

Question 48

You want to replace an access points removable antenna with a better one based on the results gathered by a wireless site survey. You want to be able to focus more energy in one direction and less in another to better distinguish between networks. What type of antenna should you purchase?

A. Directional
B. Omnidirectional
C. Parabolic dish
D. Radio

Answer 48

A. Directional

Explanation:
A directional WiFi antenna is not going to boost any signal - directs the energy from the transmitter. You can adjust a directional antennas signal gain and angle to provide the specific range you need.

Question 49

Bobby is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determine that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed?

A. Risk mitigation
B. Risk acceptance
C. Risk avoidance
D. Risk transference

Answer 49

B. Risk acceptance

Explanation:
When the cost of controls is more than the benefits gained by implementing a response, then the best course of action is risk acceptance for a certain period, then the risk is reevaluated

Question 50

Randolf is a newly hired CISO and he is evaluating controls for the confidentiality portion of the CIA triad. Which set of controls should he choose to concentrate on for confidentiality?

A. RAID 1, classification of data, and load balancing
B. Digital signatures, encryption and hashes
C. Steganography, ACL and vulnerability management
D. Checksums, DOS attacks and RAID 0

Answer 50

C. Steganography, ACL and vulnerability management

Explanation:
Implementing controls for confidentiality ensures that data remains private. Steganography can hide messages in pictures, music or videos. Access control lists (ACLs) are tables that tell who has permission to see an object or directory and vulnerability management refers to finding weaknesses in software to deal with any associated confidentiality risks

Question 51

A hospital database is hosting PHI data with high volatility. Data changes constantly and is used by doctors, nurses and surgeons, as well as the finance department for billing. The database is located in a secure air gapped network where there is limited access. What is the most likely threat?

A. Internal user fraud
B. Manipulated key value pairs
C. Compliance
D. Inappropriate admin access

Answer 51

D. Inappropriate admin access

Explanation:
The database is in a secure air gapped network with limited access. It is probably compliant and inaccessible to most attackers. A key value pair is a set of two linked data items; a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointed to the location of that data. Key value pairs are frequently used in lookup tables, hash tables and configuration files. The best answer is inappropriate administrator access

Question 52

Jeremiah works for a global construction company and has found cloud computing meets 90% of his IT needs. Which of these is of least importance when considering cloud computing?

A. Data classification
B. Encryption methodology
C. Incident response and disaster recovery
D. Physical location of data center

Answer 52

D. Physical location of data center

Explanation:
When using the cloud, it is difficult to know where your data is stored. The company you are using may be incorporated in the United States with server farms in Brazil. Many companies outsource to reduce costs. The other three are of more importance when considering cloud computing

Question 53

Your CEO purchased the latest and greatest mobile device (BYOD) and now wants you to connect it to the company’s intranet. You have been told to research this process according to change management and security policy. What best security recommendation do you recommend making the biggest impact on risk?

A. Making this a new corporate policy available for everyone
B. Adding a PIN to access the device
C. Encrypting nonvolatile memory
D. Auditing requirements

Answer 53

C. Encrypting nonvolatile memory

Explanation:
The act of encrypting nonvolatile memory will make the biggest impact and increase the work factor of anyone who attempts to break into the phone. A PIN would not be a strong enough deterrent, not when this phone has apps that connect to the corporate intranet. A complex password is better than a PIN

Question 54

For security reasons, Ted is moving from LDAP to LDAPS for standards based specification for interacting with directory data. LDAPS provides security by using which of the following?

A. SSL
B. SSH
C. PGP
D. AES

Answer 54

A. SSL

Explanation:
By default, LDAP communication between client and server is not encrypted. This means it would be possible to capture traffic and view the information between client and server, which can be dangerous when transmitting usernames and passwords. LDAPS adds SSL encryption

Question 55

Your CISO watched the news about the latest supply chain breach and is genuinely concerned about this type of attacks affecting major organizations. He asks you, as a security analyst, to gather information about controls to put into place on your SDN network to stop these attacks from affecting your organization. How do you begin this process?

A. Get the latest IOCs from OSINT sources
B. Research best practices
C. Use AI and SIEM
D. Perform a sweep of your network using threat modeling

Answer 55

A. Get the latest IOCs from OSINT sources

Explanation:
A vast amount of OSINT can help organizations stay safer. Overlay networking (aka SDN) is a method of using software to create layers of network abstraction that can be used to run multiple, separate, discrete virtualized network layers on top of the physical network, often providing new applications or security benefits. Using IOCs to aid information security processes on your specific network design helps detect data breaches and malware/ransomware infection. With this information, you can sweep your network to identify matches, sandbox anything suspicious and contact the authorities

Question 56

While performing unit testing on software requested by your department, you found that privilege escalation is possible. Privilege escalation means that an attacker can elevate their privilege on a system from a lower level to an administrator level. What two performance unit testing techniques do you need to use?

A. Vertical and horizontal
B. Left and right
C. North to south
D. Ring 1 to 3

Answer 56

A. Vertical and horizontal

Explanation:
Most attackers are going after vertical privilege escalation where a lower privilege user or application accesses functions reserved for a higher privileged one. Some attackers also use horizontal privilege escalation where you have a normal user who accesses certain functions from another normal user

Question 57

Phillips financial company experienced a natural disaster, used for a hot site for three months and is now returning to the primary site. What processes should be restored first at the primary site?

A. Finance department
B. External communication
C. Mission critical
D. Least business critical

Answer 57

D. Least business critical

Explanation:
You need to test for resilience and reliability of the rebuilt site before you restore any mission critical function. The financial department and communication would be restored only after you know the foundation is good

Question 58

You work in law enforcement supporting a network with HA. High availability is mandatory as you also support 911 services. Which of the following would hinder your HA ecosystem?

A. Clustered servers
B. Primary firewall
C. Switched networks
D. Redundant communication links

Answer 58

B. Primary firewall

Explanation:
If you have only a single primary firewall, you have a single point of failure, which could be catastrophic to

Question 59

Mark has been tasked with building a computer system that can scale well and that includes built in logic for interfacing with many types of devices, including SATA, PCI and USB as well as GPU, network processes and AV encoders/decoders. What type of system should he build?

A. Matrix
B. Heterogenous
C. LLC
D. Meshed networks

Answer 59

B. Heterogenous

Explanation:
Heterogenous computing refers to systems that use more than one kind of processor or core. These types of systems gain performance and/or efficiency by adding different coprocessors, usually incorporating specialized processing capabilities to handle specific tasks. A system of this type has also been referred to as a diverse chipset

Question 60

Not having complete control over networks and servers is a real concern in your organization, and upper management asks you if the company’s data is secure now that you have migrated to the cloud. They have asked you to present industry research at the next board of directors meeting to answer questions regarding cloud security and your company’s cyber resilience. What research would be of the most interest to the board of directors?

A. Processor power consumption
B. Encryption models
C. COCOA
D. CACAO

Answer 60

D. CACAO

Explanation:
You may not have heard of Collaborative Automated Course of Action Operations (CACAO), but you are probably familiar with a playbook. Research from the Ponemom Institute in summer 2020 states that the volume and severity of cyberattacks continues to rise and to create resilience and that the adoption of a companywide incident response playbook will help guide a business through its response to an attack

Question 61

Greg is a security researcher for a cybersecurity company. He is currently examining a third party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company’s web application. What is the threat of doing business with this organization?

A. Web defacement
B. Unpatched applications
C. Attackers
D. Education awareness

Answer 61

C. Attackers

Explanation:
The threat in this scenario is the hacker or nation state who wants to use this third party vendor as a gateway into your organization

Question 62

Your CISO decided to implement an overarching enterprise mobility management (EMM) strategy. She wants to ensure that sensitive corporate data is not compromised by the employees apps on their mobile devices. Which of these will implement that best?

A. App config through IDC
B. App wrapping through SDK
C. Open source through API
D. Platform DevOps

Answer 62

B. App wrapping through SDK

Explanation:
App wrapping is performed through the use of a software development kit (SDK) that enables a developer to administer management policies. This includes controlling who can download a mobile app whether data accessed by that app can be copied and pasted

Question 63

You are a web dev who needs to secure API keys in a client side JavaScript application created for your hospital. What is the best way to accomplish this task quickly ansd efficiently?

A. Disable API access and use a hash of the key
B. Set API access and a secret key pair
C. Curl a request with an -H -o option
D. Set a RESTful request with access pairs

Answer 63

B. Set API access and a secret key pair

Explanation:
Setting API access and a secret key pair is the most commonly used option. Key pairs provide access to the API and give each individual a secret token. If the access and secret key pairs do not match, you will not have access.

Question 64

Trent is a security analyst for a financial organization and conducting a review of data management policies. After a complete review, he found settings disabling permitting developers to download supporting but trusted software. You submitted the recommendation that developers have a separate process to manually download software that should be vetted before its use. What process will support this recommendation?

A. NIPS
B. Digitally signed applications
C. Sandboxing
D. PCI compliance

A. NIPS
B.

Answer 64

C. Sandboxing

Explanation:
A sandbox enables developers to download, install and manipulate software in a quarantined location to test before putting it into production. Sandboxes are incredibly important to patch management and upgrading software

Question 65

123
In the last 5 years, your manufacturing group merged twice with competitors and acquired three startups, which led to more than 60 unique customer web applications. To reduce cost and improve workflows, you are put in charge of a project to implement centralized security. You need to ensure a model to enable integration and accurate identity information and authentication as well as repeatability. Which is the best solution?

A. Implementation of web access control and relay proxies
B. Automated provisioning of identity management
C. Self service single sign on using Kerberos
D. Building an organizational wide granular access control model in a centralized location

Answer 65

D. Building an organizational wide granular access control model in a centralized location

Explanation:
You will want to build a centralized organization wide access control system, bringing together multiple organizations for standardization, identity management and authentication with the ability to repeat this with the next iteration of mergers and acquisitions

Question 66

You are tasked with creating a single sign on solution for your security organization. Which of these would you not deploy in an enterprise environment?

A. Directory services
B. Kerberos
C. SAML 2.0
D. Workgroup

Answer 66

D. Workgroup

Explanation:
Kerberos, directory services and SAML 2.0 are all examples of single sign on solutions. You provide your logon credentials and do not have to provide them again while in a specific environment. A work group is not a form of single sign on. You have to authenticate each time to access a system

Question 67

DNS maintains an index of every domain name and corresponding IP address. Before someone visits a website on your corporate network, DNS will resolve your domain name to its IP address. Which of the following is a weakness of DNS?

A. Spoofing
B. Latency
C. Authentication
D. Inconsistency

Answer 67

C. Authentication

Explanation:
DNS suffers from lack of authentication of servers and therefore an authenticity of records. During DNS hijacking, the clients configuration is changed so that DNS traffic is redirected to a rogue server that sends the client wherever the attacker wants them to go

Question 68

A large enterprise social media organization underwent several mergers, divestitures, and acquisitions over the past three years. Because of this, the internal networks and software have extremely complex dependencies. Better integration is mandatory. Which of the following integration platforms is best for security and standards based software architecture?

A. IDE
B. DNS
C. SOA
D. ESB

Answer 68

D. ESB

Explanation:
Enterprise service bus (ESB) is a communication system for software inside service oriented architecture (SOA). it is a special type of client server model focused on agility and flexibility. ESBs are built into the SOA middleware to overcome integration problems between incompatible systems. One of the systems may be a slow receiver; another may need messages in binary format

Question 69

You are selected to manage a software development and implementation project. Your manager suggests that you follow the phases in the SDLC. In which of these phases do you determine the controls needed to ensure that the system compiles with standards?

A. Testing
B. Initiation
C. Accreditation
D. Acceptance

Answer 69

A. Testing

Explanation:
The need for usability and productivity sometimes get prioritized over security. Problems with many organizations are the silos of people, the processes and a lack of communication. This is an instance where risk management and strategies must communicate with those users and decision makers and influence their behaviors. Not many outside of IT will know what the SDLC is.

Question 70

Simon is a security engineer. While testing an application during a regular assessment to make sure it is configured securely, he sees a REQUEST containing method, resources, and headers, and a RESPONSE containing status code and headers. What technique did he most likely use to generate that type of output?

A. Fingerprinting
B. Fuzzing
C. Vulnerability scanning
D. HTTP intercepting

Answer 70

D. HTTP intercepting

Explanation:
An HTTP interceptor is used to inspect requests before they are handed to a server and responses before they are handed over to an application. HTTP interceptors are used for error handling and authentication for requests and responses. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid or random input.

Question 71

You are working on a high risk software development project that is large, the released are to be frequent and the requirements are complex. The waterfall and agile models are too simple. What software development model would you opt for?

A. Functional
B. Cost estimation
C. Continuous delivery
D. Spiral

Answer 71

D. Spiral

Explanation:
Spiral software development process is beneficial because of risk management; development is fast, and there is always room for feedback. It is not advisable if it is a small project because it is known to be expensive. There is more documentation with the spiral model because it has intermediate phases that require it. To be effective, the model has to be followed precisely.

Question 71

The SDLC phases are part of a bigger process known as the system life cycle (SLC). The SLC has two phases after the implementation phase of the SDLC that addresses postinstallation and future changes. What are they called?

A. Operations, maintenance, revisions and replacement
B. Replacement, crepitation, evaluation and versioning
C. Validation, verification, authentication and monitoring
D. Revisions, discovery, compliance and functionality

Answer 71

A. Operations, maintenance, revisions and replacement

Explanation:
Once a system is in production, the postinstallation phase in which the system is used in production is called operations and maintenance support. The system is monitored for weaknesses and vulnerabilities that did not appear during development. The systems data backup and restore procedures are also tested. If changes need to be made, it enters the phase of revision and system replacement

Question 72

Your organization is pressured by both the company board and employees to allow personal devices on the network. They asked for email and calendar items to be synced between the company ecosystem and their BYOD. Which of the following best balances security and usability?

A. Allowing access for the management team only because they have a need for convenient access
B. Not allowing any access between a BYOD device and the corporate network, only cloud applications
C. Only allowing certain types of devices that can be centrally managed
D. Reviewing security policy and performing a risk evaluation focuses on central management, including the remote wipe and encryption of sensitive data and training users on privacy

Answer 72

D. Reviewing security policy and performing a risk evaluation focuses on central management, including the remote wipe and encryption of sensitive data and training users on privacy

Explanation:
Organizations have evolved, and people are doping more work remotely while traveling. The need for constant access and connection is real in a fast moving organization. Security policies must evolve to enable usability, risk evaluations must be done and all mobile devices must be encrypted. One such risk evaluation must be clipboard privacy on mobile devices. The collection of clipboard data is not a practice that the average user reasonably expects. The data we copy and paste on our phones using the clipboard feature can reveal sensitive information about us; our passwords, credit card numbers, notes, conversations, website URLs, as well as any corporate data. The average end user believes that the data is secure and shared with apps only when we post the data into them and sometimes that is not the case

Question 73

Nathan is tasked with writing the security viewpoint of a new program that his organization is starting. Which of the following techniques makes this a repeatable process and can be used for creating the best security architecture?

A. Data classification, CIA triad, minimum security required, and risk analysis
B. Historical documentation, continuous monitoring and mitigation of high risks
C. Implementation of proper controls, performance of qualitative analysis and continuous monitoring
D. Risk analysis; avoidance of critical risks, threats and vulnerabilities; and the transference of medium risks.

Answer 73

A. Data classification, CIA triad, minimum security required, and risk analysis

Explanation:
The process of data classification is extremely important to making processes repeatable. Once you have a document classified as Secret or Classified, you know exactly how to treat it according to the CIA triad. Each organization is unique, so you must develop the right security controls based on risk analysis and decide which security controls to implement. The purpose of data classification is to ensure that we know exactly what data we have, where it is located, and how sensitive the data is. Yet, despite how crucial it is to have this knowledge, it is an area of data security that is often overlooked

Question 74

As a security analyst, Ben is searching for a method that can examine network traffic and filter its payload based on rules. What is this method called?

A. Network flow
B. DLP
C. Data flow enforcement
D. Deep packet inspection

Answer 74

D. Deep packet inspection

Explanation:
Deep packet inspection is the process of inspecting the payload of a packet for malicious content. Other packet inspection technique only check the header information for signs of malicious activity. The main techniques used for deep packet inspection include either pattern or signature matching. The data evaluated by the deep packet inspection provides a more robust mechanism for enforcing network packet filtering, as DPI can be used to identify and block a range of complex threats hiding in network data streams, including malware or data exfiltration, more accurately

Question 75

Your CTO believes in the adage “Security through obscurity”. Which of the following types of obfuscation makes a program obscure to other computers?

A. Prevention
B. Saturation
C. Control Flow
D. Data

Answer 75

A. Prevention

Explanation:
Prevention obfuscation makes it difficult for computer to de-compile code to reverse engineer or copy the code. An example includes remaining metadata to gibberish. Data obfuscation is aimed at obscuring data and data structures. Control flow of obfuscation uses false conditional statements to configure de-compilers while keeping code intact

Question 76

Lynn uses a process that substitutes a sensitive data element with something that is not sensitive. She uses this process to map back to the sensitive data. What is this called?

A. Masking
B. Encryption
C. Tokenization
D. Authorization

Answer 76

C. Tokenization

Explanation:
Security is increased, and risk is reduced when using tokens. The mapping from the original data to the token should be irreversible in the absence of the system that created it

Question 77

After meeting with the board of directors, your CEO is looking for a way to boost profits. He identified a need to implement cost savings on non core related business activities, and the suggestion was made to move the corporate email system to the cloud. You are the compliance officer tasked with making sure security and data issues are handled properly. What best describes your process?

A. End to end encryption, creation and the destruction of mail accounts
B. Vendor selection and RFP/RFQ
C. Securing all virtual environments that handle email
D. Data provisioning and processing while in transit and at rest

Answer 77

D. Data provisioning and processing while in transit and at rest

Explanation:
Data provisioning and processing and encrypting data in transit and at rest is the best description of the data life cycle and to end. The data lifecycle begins with data creation, then storage, usage, archival and eventually destruction. Having a clearly defined and documented data life cycle management process is key to ensuring data governance can be carried out effectively within your organization

Question 78

Evans company is tasked with creating a pre disaster preparation plan that will sustain the business should a disaster, natural or human made occurs

Question 79

A server holding sensitive financial records is running out of room. You are the information security manager and data storage falls under your purview. What is the best option?

A. First in, first out (FIFO)
B. Compress and archive the oldest data
C. Move the data to the cloud
D. Add disk space in a RAID configuration

Answer 79

D. Add disk space in a RAID configuration

Explanation:
The best thing to do is add more disk space and employ some type of RAID configuration for speed and redundancy. With certain compliance, you need to know how long to keep the data and if the cost is high, you must consider what type of backup medium is best for your organization

Question 80

During what phase of eDiscovery will you determine what digital data and document should be collected for possible analysis and review?

A. Processing
B. Identification
C. Collection
D. Curation

Answer 80

B. Identification

Explanation:
The identification phase identifies data custodians, as well as potential data, information, documents or records that could be relevant. To ensure that there is a complete identification of all resources, use data mapping to reduce complexity

Question 81

Jennie and her team are developing security policies, and they are currently working on a policy regarding password management. Which of these is not important?

A. Account lockout
B. Training users to create complex easy to remember passwords and not user the same password over again
C. Preventing users from using personal information in a password, such as their birthday or spouses name
D. Storing passwords securely in a password manager application

Answer 81

A. Account lockout

Explanation:
Account lockout is not password management as this is actually access management

Question 82

What is a major security concern associated with IoT?

A. Lack of encryption
B. Use of hard coded passwords
C. Lack of firmware support
D. All of the above

Answer 82

D. All of the above

Explanation:
The majority of IoT devices are not developed with security in mind. Many of these devices send data over the network in clear text, use hard coded passwords that are easily found, and have firmware that is not updated to address known vulnerabilities

Question 83

Which of the following access control principles should you implement to create a system of checks and balances on employees with heightened privilege access?

A. Rotation of duties
B. Need to known
C. Mandatory Access Control
D. Separation of duties

Answer 83

D. Separation of duties

Explanation:
Separation of duties is an access control mechanism that creates a system of checks and balances on employees with privileged access. Separation of duties requires more than one user to participate in a critical task. One person writes the check and other person signs the check

Question 84

You have an application that performs authentication, which makes checking for session management, brute forcing and password complexity appropriate. What else might you check for?

A. SQLi
B. Ransomware
C. Privilege Escalation
D. Static Analysis

Answer 84

C. Privilege Escalation

Explanation:
The application performs authentication, so you would be checking for the appropriate vulnerability for this process. Privilege escalation is the only vulnerability that has anything to do with authentication

Question 85

You just accepted a CISO position for a small customer service business, and your first priority is to increase security and accessibility for current SaaS applications. The applications are configured to use passwords. What do you implement first?

A. Deploy password managers for all employees
B. Deploy password managers for only the employees who use the SaaS tool
C. Create a VPN between your organization and the SaaS provider
D. Implement a system for time based, one time passwords

Answer 85

C. Create a VPN between your organization and the SaaS provider

Explanation:
If 2FA is not an option, then creating a VPN between your organization and the SaaS provider would be best.

Question 86

The collaboration tool that your company uses follows a username and password login model. If one of your employees credentials are compromised, it could give attackers access to financial information, intellectual property, or client information. How would you mitigate this type of risk with a collaboration tool?

A. Strict password guidelines
B. Only use HTTPS
C. Restrict usage to VPN
D. Disable SSO

Answer 86

A. Strict password guidelines

Explanation:
The best answer here is to use strict password guidelines

Question 87

You visit a website that requires credentials to log in. Besides providing the option of a username and password, you are also given the option to log in using your Facebook credentials. What type of authentication scheme is used?

A. SAML
B. OAuth
C. ClosedID
D. OpenID

Answer 87

D. OpenID

Explanation:
OpenID is a means of propagating identity information to different web services. For OpenID to work, the web services must have an existing trust relationship either among the web services or via a common third party

Question 88

You need to find a web based language that is used to exchange security information with single sign on (SSO). Which of the following is the best language to use?

A. SOAP
B. Kerberos
C. SAML/Shibboleth
D. API

Answer 88

C. SAML/Shibboleth

Explanation:
Security Assertion Markup Language (SAML) is the best one to use for a web based SSO environment. SAML is XML based, which is an open standard used for authentication and authorization. Shibboleth is an open source software product that implements SAML. It consists of three functional parts; the identity provider, the service provider and the browser. The client is usually a web browser, although SAML can support enhanced clients and proxies

Question 89

Your IT manager wants to move from a centralized access control methodology to a decentralized access control methodology. You need a router that authenticates users from a locally stored database. This requires subjects to be added individually to the local database for access, which creates a security domain, or sphere of trust. What best describes this type of administration?

A. Decentralized access control requires more administrative work
B. Decentralized access control creates a bottleneck
C. Decentralized access control requires a single authorization servicer
D. Decentralized access control stores all the users in the same administrative location using RADIUS

Answer 89

A. Decentralized access control requires more administrative work

Explanation:
Decentralized access control requires more administrative work. Centralized access control administration does not require as much, because all the accounts are centrally located.

Question 90

Your data owner must assign classifications to information assets and ensure regulation compliance. Which of these other criteria is determined by the data owner?

A. Authorization
B. Authentication
C. Verification
D. Validation

Answer 90

A. Authorization

Explanation:
The data owner is responsible for determining who has authorized access to information about certain assets in their area of control. A data owner could take this on a case by case basis, or they could define a set of rules called rule based access control. Access is granted on the security principle of separation of duties, least privilege and need to know

Question 91

Your credit card company identified that customers top transaction on the web portal is resetting passwords. Many users forget their security questions, so customers are calling to talk to tech support. You want to develop single factor authentication to cut down on the overhead of the current solution. What do you suggest?

A. Push notification
B. In band certificate or token
C. Login with third party social media accounts
D. SMS message to a customers mobile number with an expiring OTP

Answer 91

D. SMS message to a customers mobile number with an expiring OTP

Explanation:
The best solution is to have identification and authentication carried out with a message to the customers mobile number, which generates a one time password to be entered into the corporate web portal to reset passwords

Question 92

You are setting up a new virtual machine. What type of virtualization should you use to coordinate instructions directly to the CPU?

A. Type B
B. Type 1
C. Type 2
D. No VM directly sends instructions to the CPU

Answer 92

B. Type 1

Explanation:
The main difference between Type 1 and Type 2 hypervisors is that Type 1 runs on bare metal and type 2 runs in an OS

Question 93

You are exploring the best option for your team to read data that was written onto storage material by a device you do not have access to, and the backup device has been broken. Which of the following is the best option for this?

A. Type 1 hypervisor
B. Type 2 hypervisor
C. Emulation
D. PaaS

Answer 93

C. Emulation

Explanation:
Emulation is important in fighting obsolescence and keeping data available. Emulation lets you model older hardware and software and re create them using current technology. With emulation, you can use a current platform to access an older application, operating system or data while the older software still thinks it is running in its original environment

Question 94

GPS is built into cell phones and cameras, enabling coordinated longitude and latitude to be embedded in a machine readable format as part of a picture or in apps and games. Besides physical coordinates of longitude and latitude, which of these will not be embedded in the metadata of a photo taken with a cell phone?

A. Name of businesses that are near your location
B. Elevation
C. Bearing
D. Phone number

Answer 94

D. Phone number

Explanation:
While seemingly harmless, with every photo shared, a vast amount of information is attached to each one, including location with an accuracy of within 15 feet. While you are sharing posts on social media, you are also at risk from the criminal element because that photo you took can divulge where you physically are

Question 95

Your CISO asked you to help review data protection, system configurations and hardening guides that were developed for cloud deployments. He would like you to make a list of goals for security improvements based on your current deployment. What is the best source of information to help you build this list?

A. Pentesting reports
B. CVE database
C. Implementation guides
D. Security assessment reports

Answer 95

B. CVE database

Explanation:
Common vulnerabilities and exposures (CVE) list includes a number for identification, a description and a public reference for all known vulnerabilities. The CVE system provides a reference method for officially known information security vulnerabilities and exposure and would be best for this goal setting activity

Question 96

Management of your hosted application environment required end to end visibility and a high end performance connection while monitoring for security issues. What should you consider for the most control and visibility?

A. You should consider a provider with connections from your location directly into the applications cloud resources
B. You should have a private T1 line installed for this access
C. You should secure a VPN concentrator for this task
D. You should use HTTPS

Answer 96

A. You should consider a provider with connections from your location directly into the applications cloud resources

Explanation:
the management of your application requires end to end monitoring, so a connection from your location to the cloud environment is the best way to have great control over and visibility into attacks that threaten your environment

Question 97

Your objectives and key results (OKRs) being measured for this quarter include realizing the benefits of a single tenancy cloud architecture. Which one of the results is a benefit of a single tenancy cloud service?

A. Security and costs
B. Reliability and scaling
C. Ease of restoration
D. Maintenance

Answer 97

D. Maintenance

Explanation:
While single tenancy is more secure due to isolation and you control access and backups and cost with scaling, it requires more maintenance because single tenant environments need more updates and upgrades that are managed by the customer

Question 98

With 80 percent of your enterprise in a VPC model, which of the following is not a key enabling technology?

A. Fast WAN and automatic IP addressing
B. High performance hardware
C. Inexpensive servers
D. Complete control over process

Answer 98

D. Complete control over process

Explanation:
A virtual private cloud (VPC) customer has exclusive access to a segment of a public cloud. This deployment is a compromise between public and private model in terms of price and features. Access can also be restricted by the users physical location by employing firewalls and IP address whitelisting. Using the cloud is a trade - you gain speed, performance and cost, but you will lose some control over the security processes

Question 99

You have a new security policy that requires backing up critical data offsite. This data must be backed up hourly. Cost is important. What methods are you likely to deploy?

A. File storage
B. Electronic vaulting
C. Block storage
D. Object storage

Answer 99

B. Electronic vaulting

Explanation:
Electronic vaulting will enable you to transmit bulk data to an offsite backup storage facility. You can choose to backup weekly, hourly and daily. If a server fails, you can restore data quickly, but because the information is sent over the Internet, it should be encrypted. File storage organizes and represents data as a hierarchy of files in folders; block storage chunks into arbitrarily organized, evenly sized volumes; and object storage manages data and links it to associated metadata

Question 100

Your current data storage solution has too many vulnerabilities that are proprietary to the manufacturer who created your storage devices. This, combined with a lack of encryption, is leading you to choose cloud storage for your database over on premise storage. By choosing cloud storage, you will gain encryption of the data, but you will also bring in which attribute to your architecture?

A. Identity
B. Infrastructure
C. Complexity
D. Confidentiality

Answer 100

C. Complexity

Explanation:
A growing number of organizations are choosing to store some or all of their data in the cloud. Some people argue that cloud storage is more secure than on premises storage, but it adds complexity to storage environments and requires old dogs to learn new tricks. Often with movement to the cloud, IT personnel needs to learn how to implement cloud securely.

Question 101

You own a small training business with two classrooms. Your network consists of a firewall, an enterprise class router, a 48 port switch, 1 printer and 18 laptops in each classroom. The laptops are reimaged once a month with a golden patched image with up to date antivirus and antimalware. User authentication is two factor with passwords and smart cards. The network is configured to use IPv4. You also have a wireless hotspot for student to connect their personal mobile devices. What could you improve on for a more resilient technical security posture?

A. Enhanced TLS controls
B. Strong user authentication
C. Sufficient physical controls
D. IPv6

Answer 101

A. Enhanced TLS controls

Explanation:
TLS is an encryption protocol intended to keep data secure when being transferred over a network. It encrypts data to ensure that eavesdroppers or other students are unable to see what you transmit, which is useful when using passwords or credit cards.