Domain 4 Security Operations

Question 1

Why is it important to regularly review and update secure baselines in response to evolving cybersecurity threats?

Answer 1

To adapt to changing threat landscapes

Question 2

How can secure baselines facilitate a rapid and consistent response across multiple systems?

Answer 2

By providing a predefined security configuration

Question 3

In a cloud environment where multiple virtual machines (VMs) are deployed, what is a recommended security measure as part of hardening the virtualized infrastructure?

Answer 3

Implementing network security groups and access controls

Question 4

How can heat maps be applied to identify potential areas of vulnerability in a network infrastructure?

Answer 4

By visualizing patterns of user authentication

Question 5

A company is implementing a guest Wi-Fi network to provide internet access to visitors. What wireless security setting should be configured to isolate guest devices from the internal corporate network?

Answer 5

VLAN segregation

Question 6

A company wants to enhance the security of its Wi-Fi network by preventing unauthorized access. What wireless security setting should be configured to achieve this goal without relying solely on passwords?

Answer 6

Enable MAC address filtering

Question 7

Network administrators are concerned about Wi-Fi eavesdropping and unauthorized access. What wireless security setting should be configured to encrypt wireless traffic and protect against such threats?

Answer 7

Implement WPA2-Enterprise

Question 8

A financial institution is implementing a secure online banking platform. What cryptographic protocol should be used to ensure secure and private communication between the customer’s web browser and the banking server?

Answer 8

TLS

Question 9

A company is developing a secure file transfer system and is concerned about the risk of data interception during transit. What is the greatest risk associated with data interception, and how can it be mitigated?

Answer 9

Risk: Unauthorized access, Mitigation: Implementing end-to-end encryption

Question 10

A company is implementing secure remote access for its employees and needs a centralized authentication and authorization solution. What is the best use case for implementing RADIUS in this scenario?

Answer 10

Authenticating users for remote access

Question 11

How can input validation contribute to preventing brute-force attacks?

Answer 11

Implementing account lockout mechanisms

Question 12

In a software development project, why is code signing used, and what security benefits does it provide?

Answer 12

Code signing verifies the integrity and authenticity of software binaries.

Question 13

Which of the following methods is considered a secure way to destroy data on a hard drive?

Answer 13

Overwriting the data with random patterns

Question 14

Which of the following methods is commonly used for the secure destruction of solid-state drives (SSDs) to prevent data recovery?

Answer 14

Physical shredding

Question 15

A security administrator is implementing a network access control (NAC) solution. What is the primary purpose of NAC in a network security context?

Answer 15

Authenticating and authorizing devices

Question 16

An organization is implementing a data backup strategy to ensure data availability and recoverability. What is a key consideration when defining backup retention policies?

Answer 16

Establishing a balance between retention period and storage costs

Question 17

A Security Analyst at a Security Operations Center (SOC), noticed an intrusion detection system has flagged a user’s repeated failed login attempts as a potential security threat. After investigation, the analyst find that the user was attempting to log in with an expired password. What type of situation is this?

Answer 17

False Positive

Question 18

A system administrator receives a report from an antivirus program indicating that it successfully scanned and approved a file. However, the file later turns out to be a new strain of malware that the antivirus software did not recognize. What type of situation is this?

Answer 18

False Negative

Question 19

During a penetration test, the testing team identifies a critical security flaw in the web application that allows them to execute arbitrary code on the server. What is the most appropriate next step for the penetration testers?

Answer 19

Immediately reporting the vulnerability to the organization’s security team

Question 20

A security assessment reveals that an application does not properly validate and sanitize user input, allowing an attacker to manipulate database queries. What type of vulnerability is most likely present in the application?

Answer 20

SQL Injection

Question 21

A security administrator is configuring a firewall to control incoming and outgoing network traffic. What type of firewall rule should be implemented to allow only specific IP addresses to access a particular server?

Answer 21

Explicit allow rule

Question 22

During a routine vulnerability scan, your team discovers a web server with an open port that is not essential for its operation. What is the most appropriate action in response to this finding?

Answer 22

Conduct further analysis to determine the port’s purpose.

Question 23

An organization uses an automated vulnerability scanning tool to assess the security of network devices. What is a potential limitation of relying solely on automated scanning?

Answer 23

Inability to identify false positives.

Question 24

After implementing a patch to address a critical security vulnerability, what is a crucial step in the validation of remediation?

Answer 24

Verifying that the patch is applied to all affected systems.

Question 25

An organization has implemented a Security Information and Event Management (SIEM) system to centralize and analyze security logs. What is a key benefit of using a SIEM system for security alerting and monitoring?

Answer 25

Real-time correlation and analysis of security events.

Question 26

26) In a firewall access control list (ACL), what is the purpose of the “implicit deny any” rule?

Answer 26

To block all traffic by default.

Question 27

Your organization wants to allow only email traffic through the firewall. What port is commonly associated with email communication?

Answer 27

Port 25

Question 28

Your organization’s firewall is configured to allow traffic on port 21. What type of traffic is most likely being permitted through this port?

Answer 28

FTP traffic

Question 29

An organization wants to allow only secure web traffic through the firewall. What port is commonly associated with secure web communication?

Answer 29

Port 443

Question 30

What is the primary benefit of implementing DNS filtering in a cybersecurity strategy?

Answer 30

Blocking access to known malicious websites and domains.

Question 31

What is the primary purpose of Sender Policy Framework (SPF) in email security?

Answer 31

To authenticate the source of email messages.

Question 32

32) An employee changes roles within an organization, what is a critical consideration in user account provisioning to maintain security?

Answer 32

Collaborating with the employee and the IT team to adjust access appropriately

Question 33

A company frequently collaborates with external vendors, what security measure should be emphasized during user account provisioning for these external entities?

Answer 33

Implementing least privilege access for external vendor accounts

Question 34

During a penetration test, the testing team discovers that an organization’s wireless network is using outdated encryption protocols, making it susceptible to attacks. What type of vulnerability is present in the wireless network?

Answer 34

Man-in-the-Middle (MitM) vulnerability

Question 35

Where employees have access to sensitive customer data, what measure should be implemented to minimize the risk of data breaches resulting from permission assignments?

Answer 35

Implementing the principle of least privilege for access

Question 36

In a large organization with diverse departments and job roles, which access control model is most effective for simplifying administration while ensuring that employees have the necessary permissions for their roles?

Answer 36

Role-Based Access Control (RBAC)

Question 37

In a high-compliance environment where multi-factor authentication is mandated, which combination of authentication implementations is recommended for enhanced security?

Answer 37

Biometrics and Security Keys

Question 38

In an online banking application, entering a username and password is an example of which authentication factor?

Answer 38

Something you know

Question 39

Using a smart card or a physical security token to gain access to a secure building is an example of which authentication factor?

Answer 39

Something you have

Question 40

What is the primary advantage of using a password manager for secure password management in an organization

Answer 40

Centralized and secure storage of complex passwords

Question 40

What is the primary purpose of setting a minimum password length requirement in a security policy?

Answer 40

To enhance resistance against brute-force attacks

Question 41

What is the primary purpose of implementing password vaulting in an organization’s security infrastructure?

Answer 41

To securely manage and control access to sensitive passwords

Question 42

During an incident response, which data source is essential for understanding user activities and authentication events on a system?

Answer 42

Windows event logs

Question 43

Which data source is crucial for analyzing user activity and authentication on a Unix/Linux system during an investigation?

Answer 43

Syslog data

Question 44

In a large enterprise environment, how does automation contribute to vulnerability management?

Answer 44

By prioritizing vulnerabilities based on risk

Question 45

How can Data Loss Prevention (DLP) help protect intellectual property and sensitive research findings

Answer 45

By monitoring and preventing the unauthorized sharing of research data

Question 46

A critical server must remain operational even during scheduled maintenance, which compensating control can be implemented to minimize downtime?

Answer 46

Utilizing hot-standby servers

Question 47

Firewall logs reveal multiple unsuccessful login attempts originating from various external IP addresses. How can the analysis of firewall logs enhance the security posture of the network in response to this situation?

Answer 47

Blocking the external IP addresses with unsuccessful login attempts

Question 48

Employees need seamless access to various systems and applications across different geographical locations. How can federation enhance user access while maintaining security

Answer 48

Utilizing a single sign-on (SSO) federation for centralized authentication

Question 49

How can the use of IDS/IPS signatures aid in detecting and preventing the spread of this specific ransomware variant?

Answer 49

Configuring IDS/IPS devices to detect the specific ransomware signatures