Domain 4 Security Operations Flashcards
Why is it important to regularly review and update secure baselines in response to evolving cybersecurity threats?
To adapt to changing threat landscapes
How can secure baselines facilitate a rapid and consistent response across multiple systems?
By providing a predefined security configuration
In a cloud environment where multiple virtual machines (VMs) are deployed, what is a recommended security measure as part of hardening the virtualized infrastructure?
Implementing network security groups and access controls
How can heat maps be applied to identify potential areas of vulnerability in a network infrastructure?
By visualizing patterns of user authentication
A company is implementing a guest Wi-Fi network to provide internet access to visitors. What wireless security setting should be configured to isolate guest devices from the internal corporate network?
VLAN segregation
A company wants to enhance the security of its Wi-Fi network by preventing unauthorized access. What wireless security setting should be configured to achieve this goal without relying solely on passwords?
Enable MAC address filtering
Network administrators are concerned about Wi-Fi eavesdropping and unauthorized access. What wireless security setting should be configured to encrypt wireless traffic and protect against such threats?
Implement WPA2-Enterprise
A financial institution is implementing a secure online banking platform. What cryptographic protocol should be used to ensure secure and private communication between the customer’s web browser and the banking server?
TLS
A company is developing a secure file transfer system and is concerned about the risk of data interception during transit. What is the greatest risk associated with data interception, and how can it be mitigated?
Risk: Unauthorized access, Mitigation: Implementing end-to-end encryption
A company is implementing secure remote access for its employees and needs a centralized authentication and authorization solution. What is the best use case for implementing RADIUS in this scenario?
Authenticating users for remote access
How can input validation contribute to preventing brute-force attacks?
Implementing account lockout mechanisms
In a software development project, why is code signing used, and what security benefits does it provide?
Code signing verifies the integrity and authenticity of software binaries.
Which of the following methods is considered a secure way to destroy data on a hard drive?
Overwriting the data with random patterns
Which of the following methods is commonly used for the secure destruction of solid-state drives (SSDs) to prevent data recovery?
Physical shredding
A security administrator is implementing a network access control (NAC) solution. What is the primary purpose of NAC in a network security context?
Authenticating and authorizing devices
An organization is implementing a data backup strategy to ensure data availability and recoverability. What is a key consideration when defining backup retention policies?
Establishing a balance between retention period and storage costs
A Security Analyst at a Security Operations Center (SOC), noticed an intrusion detection system has flagged a user’s repeated failed login attempts as a potential security threat. After investigation, the analyst find that the user was attempting to log in with an expired password. What type of situation is this?
False Positive
A system administrator receives a report from an antivirus program indicating that it successfully scanned and approved a file. However, the file later turns out to be a new strain of malware that the antivirus software did not recognize. What type of situation is this?
False Negative
During a penetration test, the testing team identifies a critical security flaw in the web application that allows them to execute arbitrary code on the server. What is the most appropriate next step for the penetration testers?
Immediately reporting the vulnerability to the organization’s security team
A security assessment reveals that an application does not properly validate and sanitize user input, allowing an attacker to manipulate database queries. What type of vulnerability is most likely present in the application?
SQL Injection