Domain 4, Quiz 1 Flashcards
When securing a cloud infrastructure, which of the following is a common initial step?
a. Conducting a site survey.
b. Enabling Bluetooth connectivity.
c. Enabling WPA3 on all devices.
d. Establishing a secure baseline.
Establishing a secure baseline.
Establishing a secure baseline is correct because it sets a standard of security configurations for the cloud infrastructure.
Which mobile solution deployment model involves employees using their own devices for work purposes?
a. Bring your own device (BYOD).
b. Choose your own device (CYOD).
c. Mobile device management (MDM).
d. Wi-Fi connectivity model.
Bring your own device (BYOD).
BYOD is correct because it refers to employees using their personal devices for work purposes.
In the context of application security, what is the primary purpose of input validation?
a. To prevent malicious data from being processed.
b. To enhance the user interface.
c. To generate heat maps.
d. To provide code signing.
To prevent malicious data from being processed.
Preventing malicious data from being processed is correct because input validation checks data for unexpected, incorrect, or malicious values.
A company is trying to ascertain if a detected vulnerability is present in their system. Which of the following terms best describes this process?
a. Prioritization.
b. Enumeration.
c. Confirmation.
d. Decommissioning.
Confirmation.
Confirmation is correct because it involves validating if a detected vulnerability is genuinely present.
Which of the following vulnerability identification methods involves paying independent security researchers for discovering and reporting vulnerabilities?
a. Vulnerability scanning.
b. Penetration testing.
c. Threat feed.
d. Bug bounty program.
Bug bounty program.
Bug bounty program is correct because it rewards those who find and report vulnerabilities.
After patching a system to address a known vulnerability, what should be done next to ensure the vulnerability has been resolved?
a. Activate compensating controls.
b. Prioritize other vulnerabilities.
c. Enumeration.
d. Validation of remediation.
Validation of remediation.
Validation of remediation is correct because it ensures that the applied patches or fixes have effectively addressed the vulnerability.
Which factor directly measures the maximum potential loss from a vulnerability?
a. Vulnerability classification.
b. Common Vulnerability Scoring System (CVSS).
c. Exposure factor.
d. Risk tolerance.
Exposure factor.
Exposure factor is correct because it represents the percentage of loss a realized threat would have on a particular asset.
For securing wireless devices, what primary authentication protocol uses a central server to authenticate wireless users?
a. AAA/RADIUS.
b. Secure cookies.
c. WPA3.
d. Static code analysis.
AAA/RADIUS.
AAA/RADIUS is correct because RADIUS (part of AAA) is used for remote authentication and is commonly used with wireless networks.
In software asset management, what is the final stage after an application has reached the end of its lifecycle in an organization?
a. Procurement.
b. Monitoring.
c. Assignment.
d. Disposal/decommissioning.
Disposal/decommissioning.
Disposal/decommissioning is correct because it is the final stage when the software is no longer needed or used.
Why is hardening particularly crucial for devices in Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition)?
a. To allow remote access.
b. To enable Bluetooth connectivity.
c. To mitigate risks from cyber-physical attacks.
d. To enhance device performance.
To mitigate risks from cyber-physical attacks.
Mitigating risks from cyber-physical attacks is correct because ICS/SCADA systems often control physical infrastructure, making them high-value targets.
SCADA (Supervisory Control and Data Acquisition)
What is the primary reason for conducting site surveys during wireless device installations?
a. To choose suitable colors for access points.
b. To enable cellular connectivity.
c. To ensure optimal signal coverage and minimal interference.
d. To harden the wireless devices.
To ensure optimal signal coverage and minimal interference.
Ensuring optimal signal coverage and minimal interference is correct because site surveys help identify the best placements for access points.
When implementing mobile solutions in a company, which method focuses on managing the policies, apps, and data on mobile devices?
a. Mobile device management (MDM).
b. Bring your own device (BYOD).
c. Site surveys.
d. Wi-Fi Protected Access 3 (WPA3).
Mobile device management (MDM).
MDM is correct because it is a solution specifically designed to manage policies, apps, and data on mobile devices.
Which of the following is an open-source method for gathering data on potential vulnerabilities and threats?
a. Responsible disclosure program.
b. Dark web browsing.
c. Open-source intelligence (OSINT).
d. Proprietary/third-party software.
Open-source intelligence (OSINT).
OSINT is correct because it refers to the gathering of data from publicly available sources.
Which term describes a result from a vulnerability scan that incorrectly indicates a vulnerability is present when it is not?
a. CVE.
b. Risk tolerance.
c. Exposure factor.
d. False positive.
False positive.
False positive is correct because it indicates an error where a vulnerability is flagged but does not exist.
If an organization cannot immediately patch a discovered vulnerability, what might it implement as a temporary measure?
a. Vulnerability scanning.
b. Asset procurement.
c. Data enumeration.
d. Compensating controls.
Compensating controls.
Compensating controls are correct because they offer alternative security measures when direct solutions are not feasible.
