Domain 4 Security Operations Flashcards

1
Q

Why is it important to regularly review and update secure baselines in response to evolving cybersecurity threats?

A

To adapt to changing threat landscapes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can secure baselines facilitate a rapid and consistent response across multiple systems?

A

By providing a predefined security configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a cloud environment where multiple virtual machines (VMs) are deployed, what is a recommended security measure as part of hardening the virtualized infrastructure?

A

Implementing network security groups and access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can heat maps be applied to identify potential areas of vulnerability in a network infrastructure?

A

By visualizing patterns of user authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company is implementing a guest Wi-Fi network to provide internet access to visitors. What wireless security setting should be configured to isolate guest devices from the internal corporate network?

A

VLAN segregation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company wants to enhance the security of its Wi-Fi network by preventing unauthorized access. What wireless security setting should be configured to achieve this goal without relying solely on passwords?

A

Enable MAC address filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network administrators are concerned about Wi-Fi eavesdropping and unauthorized access. What wireless security setting should be configured to encrypt wireless traffic and protect against such threats?

A

Implement WPA2-Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A financial institution is implementing a secure online banking platform. What cryptographic protocol should be used to ensure secure and private communication between the customer’s web browser and the banking server?

A

TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company is developing a secure file transfer system and is concerned about the risk of data interception during transit. What is the greatest risk associated with data interception, and how can it be mitigated?

A

Risk: Unauthorized access, Mitigation: Implementing end-to-end encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company is implementing secure remote access for its employees and needs a centralized authentication and authorization solution. What is the best use case for implementing RADIUS in this scenario?

A

Authenticating users for remote access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can input validation contribute to preventing brute-force attacks?

A

Implementing account lockout mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a software development project, why is code signing used, and what security benefits does it provide?

A

Code signing verifies the integrity and authenticity of software binaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following methods is considered a secure way to destroy data on a hard drive?

A

Overwriting the data with random patterns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following methods is commonly used for the secure destruction of solid-state drives (SSDs) to prevent data recovery?

A

Physical shredding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security administrator is implementing a network access control (NAC) solution. What is the primary purpose of NAC in a network security context?

A

Authenticating and authorizing devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An organization is implementing a data backup strategy to ensure data availability and recoverability. What is a key consideration when defining backup retention policies?

A

Establishing a balance between retention period and storage costs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A Security Analyst at a Security Operations Center (SOC), noticed an intrusion detection system has flagged a user’s repeated failed login attempts as a potential security threat. After investigation, the analyst find that the user was attempting to log in with an expired password. What type of situation is this?

A

False Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A system administrator receives a report from an antivirus program indicating that it successfully scanned and approved a file. However, the file later turns out to be a new strain of malware that the antivirus software did not recognize. What type of situation is this?

A

False Negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

During a penetration test, the testing team identifies a critical security flaw in the web application that allows them to execute arbitrary code on the server. What is the most appropriate next step for the penetration testers?

A

Immediately reporting the vulnerability to the organization’s security team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A security assessment reveals that an application does not properly validate and sanitize user input, allowing an attacker to manipulate database queries. What type of vulnerability is most likely present in the application?

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A security administrator is configuring a firewall to control incoming and outgoing network traffic. What type of firewall rule should be implemented to allow only specific IP addresses to access a particular server?

A

Explicit allow rule

22
Q

During a routine vulnerability scan, your team discovers a web server with an open port that is not essential for its operation. What is the most appropriate action in response to this finding?

A

Conduct further analysis to determine the port’s purpose.

23
Q

An organization uses an automated vulnerability scanning tool to assess the security of network devices. What is a potential limitation of relying solely on automated scanning?

A

Inability to identify false positives.

24
Q

After implementing a patch to address a critical security vulnerability, what is a crucial step in the validation of remediation?

A

Verifying that the patch is applied to all affected systems.

25
Q

An organization has implemented a Security Information and Event Management (SIEM) system to centralize and analyze security logs. What is a key benefit of using a SIEM system for security alerting and monitoring?

A

Real-time correlation and analysis of security events.

26
Q

26) In a firewall access control list (ACL), what is the purpose of the “implicit deny any” rule?

A

To block all traffic by default.

27
Q

Your organization wants to allow only email traffic through the firewall. What port is commonly associated with email communication?

A

Port 25

28
Q

Your organization’s firewall is configured to allow traffic on port 21. What type of traffic is most likely being permitted through this port?

A

FTP traffic

29
Q

An organization wants to allow only secure web traffic through the firewall. What port is commonly associated with secure web communication?

A

Port 443

30
Q

What is the primary benefit of implementing DNS filtering in a cybersecurity strategy?

A

Blocking access to known malicious websites and domains.

31
Q

What is the primary purpose of Sender Policy Framework (SPF) in email security?

A

To authenticate the source of email messages.

32
Q

32) An employee changes roles within an organization, what is a critical consideration in user account provisioning to maintain security?

A

Collaborating with the employee and the IT team to adjust access appropriately

33
Q

A company frequently collaborates with external vendors, what security measure should be emphasized during user account provisioning for these external entities?

A

Implementing least privilege access for external vendor accounts

34
Q

During a penetration test, the testing team discovers that an organization’s wireless network is using outdated encryption protocols, making it susceptible to attacks. What type of vulnerability is present in the wireless network?

A

Man-in-the-Middle (MitM) vulnerability

35
Q

Where employees have access to sensitive customer data, what measure should be implemented to minimize the risk of data breaches resulting from permission assignments?

A

Implementing the principle of least privilege for access

36
Q

In a large organization with diverse departments and job roles, which access control model is most effective for simplifying administration while ensuring that employees have the necessary permissions for their roles?

A

Role-Based Access Control (RBAC)

37
Q

In a high-compliance environment where multi-factor authentication is mandated, which combination of authentication implementations is recommended for enhanced security?

A

Biometrics and Security Keys

38
Q

In an online banking application, entering a username and password is an example of which authentication factor?

A

Something you know

39
Q

Using a smart card or a physical security token to gain access to a secure building is an example of which authentication factor?

A

Something you have

40
Q

What is the primary advantage of using a password manager for secure password management in an organization

A

Centralized and secure storage of complex passwords

40
Q

What is the primary purpose of setting a minimum password length requirement in a security policy?

A

To enhance resistance against brute-force attacks

41
Q

What is the primary purpose of implementing password vaulting in an organization’s security infrastructure?

A

To securely manage and control access to sensitive passwords

42
Q

During an incident response, which data source is essential for understanding user activities and authentication events on a system?

A

Windows event logs

43
Q

Which data source is crucial for analyzing user activity and authentication on a Unix/Linux system during an investigation?

A

Syslog data

44
Q

In a large enterprise environment, how does automation contribute to vulnerability management?

A

By prioritizing vulnerabilities based on risk

45
Q

How can Data Loss Prevention (DLP) help protect intellectual property and sensitive research findings

A

By monitoring and preventing the unauthorized sharing of research data

46
Q

A critical server must remain operational even during scheduled maintenance, which compensating control can be implemented to minimize downtime?

A

Utilizing hot-standby servers

47
Q

Firewall logs reveal multiple unsuccessful login attempts originating from various external IP addresses. How can the analysis of firewall logs enhance the security posture of the network in response to this situation?

A

Blocking the external IP addresses with unsuccessful login attempts

48
Q

Employees need seamless access to various systems and applications across different geographical locations. How can federation enhance user access while maintaining security

A

Utilizing a single sign-on (SSO) federation for centralized authentication

49
Q

How can the use of IDS/IPS signatures aid in detecting and preventing the spread of this specific ransomware variant?

A

Configuring IDS/IPS devices to detect the specific ransomware signatures