exam 3

Question 1

What is the difference between Mean Time To Restore and Mean Time Between Failures?

Answer 1

MTTR (Mean Time To Restore) is the amount of time required to get back up and running. This is sometimes called Mean Time To Repair.

MTBF (Mean Time Between Failures) is a prediction of how long the system will be operational before a failure occurs

Question 2

What is the difference between Recovery Point Objective and Recovery Time Objective?

Answer 2

An RPO (Recovery Point Objective) is a qualifier that determines when the system is recovered. A recovered system may not be completely repaired, but it will be running well enough to maintain a certain level of
operation.

An RTO (Recovery Time Objective) is the service level goal to work towards when recovering a system and getting back up and running.

Question 3

What is the difference between a Processor, Owner, Controller, and Custodian?

Answer 3

A data processor performs some type of action to the data, and this is often a different group within the organization or a third-party company.
In this example, the third-party financial organization is the data processor of the employee’s financial data.
The incorrect answers:

B. Owner
The data owner is often an executive of the company and is ultimately responsible for the use and security of this data.

C. Controller
A data controller manages the data. In this example, the human resources team would control the access and use of the employee data.

D. Custodian
A data custodian is responsible for the accuracy, privacy, and security of the data. Many organizations will hire data custodians to ensure all data is properly protected and maintained.

Question 4

Sam would like to send an email to Jack and have Jack verify that Sam was the sender of the email. Which of these should Sam use to provide this verification?

Answer 4

Digitally sign with Sam’s private key The sender of a message digitally signs with their own private key to
ensure integrity, authentication, and non-repudiation of the signed contents. The digital signature is validated with the sender’s public key.

Question 5

Data hashing

Answer 5

Data hashing creates a unique message digest based on stored data. If the data is tampered with, a hash taken after the change will differ from the original value. This allows the forensic engineer to identify if information
has been changed. would allow a future analyst
to verify the data as original and unaltered?

Question 6

Web filters

Answer 6

Web filters contain a large database of categorized website addresses, and this allows an administrator to create rules to block browsing attempts to specific content. For example, a content filter may allow browsing to news and business sites, but block browsing attempts to gaming and shopping sites.

Question 7

❍ A. Service level agreement
❍ B. Memorandum of understanding
❍ C. Non-disclosure agreement
❍ D. Acceptable use policy

Answer 7

A service level agreement (SLA) is used to contractually define the minimum terms for services. In this example, the medical imaging company would require an SLA from the network provider for the necessary throughput and uptime metrics.
The incorrect answers:

B. Memorandum of understanding
A memorandum of understanding (MOU) is an informal letter of intent. The MOU is not a signed contract, and there are no contractual obligations associated with the content of an MOU.

C. Non-disclosure agreement
A non-disclosure agreement (NDA) is used between entities to prevent the use and dissemination of confidential information.

D. Acceptable use policy
An acceptable use policy (AUP) commonly details the rules of behavior for employees using an organization’s network and computing resources.

Question 8

A. SLA
❍ B. SOW
❍ C. NDA
❍ D. BPA

Answer 8

A SOW (Statement of Work) is a detailed list of tasks, items, or processes to be completed by a third-party. The SOW lists the job scope, location, deliverables, and any other specifics associated with the agreement. The
SOW is also used as a checklist to verify the job was completed properly by the service provider.
The incorrect answers:

An SLA (Service Level Agreement) sets the minimum terms of service between a customer and a service provider. This agreement often contains
terms for expected uptime, response time requirements, and other minimum service levels required by the customer.

An NDA (Non-Disclosure Agreement) is a confidentiality agreement between parties. The agreement is designed to protect information such as trade secrets, business activities, or anything else included in the NDA. An
NDA does not generally contain an itemized list of service requests.

A BPA (Business Partners Agreement) is used between entities going into business together. A list of itemized service requests would not be part of a BPA.

Question 9

SD-WAN

Answer 9

An SD-WAN (Software Defined Networking in a Wide Area Network) network allows users to efficiently communicate directly to cloud-based applications.

Question 10

Diffie-Hellman

Answer 10

The Diffie-Hellman algorithm can combine public and private keys to derive the same session key. This allows two devices to create and use this shared session key without sending the key across the network.

Question 11

When verifying the legitimacy of a website, you check its digital certificate to ensure a secure connection. Which cryptographic method is used to bind the certificate to a trusted issuer, like a certificate authority?

Answer 11

Digital signatures are essential for digital certificates. A certificate authority (CA) acts like a trusted third party, cryptographically signing the certificate using their own digital signature. This signature verifies the certificate’s authenticity and allows you to confirm it originates from a legitimate CA.

Question 12

Data custodian

Answer 12

Data custodian is the most fitting choice. They are responsible for the day-to-day care, control, access, and security of the customer data within the database. This includes managing access rights to ensure only authorized personnel can view or modify the data.

Question 13

data processor

Answer 13

Data processor performs specific tasks on the data as instructed by the data owner. They wouldn’t typically manage access rights themselves.

Question 14

Logic Bombs

Answer 14

Logic bomb is malware programmed to detonate and cause damage upon meeting a specific trigger condition. It might explain sudden system issues, but the description doesn’t indicate a specific trigger being met (e.g., date or event).

Question 15

Worm

Answer 15

Worm is a self-replicating malicious program that spreads across networks. While it could cause performance issues, it wouldn’t necessarily explain the pop-up messages or cursor movement.

Question 16

Residual risk

Answer 16

This is the correct term for risks that remain after implementing control measures.

Question 17

Transferred risk

Answer 17

This refers to risks that have been shifted to a third party, such as through insurance.

Question 18

Penetration test

Answer 18

A pen test simulates a real-world attack by ethical hackers who attempt to exploit vulnerabilities in the system. This proactive approach helps identify security weaknesses before attackers can discover them. In this scenario, the isolated test environment provides a safe space for pen testers to probe the system for vulnerabilities without impacting production systems.

Question 19

Vulnerability scanner

Answer 19

Vulnerability scanners are automated tools that can identify known vulnerabilities in systems. They’re a good starting point, but they might miss zero-day vulnerabilities or those requiring human expertise to exploit.

Question 20

Risk tolerance

Answer 20

This represents the level of risk an organization is willing to accept. By understanding the organization’s risk tolerance, the manager can determine the appropriate level of resources to allocate for risk mitigation.

Question 21

SED

Answer 21

Self encrypting drives: Encrypts data directly on the laptop’s hard drive, making it unreadable even if the device is lost or stolen. This is critical for field laptops where physical security might be a challenge.

Question 22

A security team discovered a previously patched vulnerability reappearing on servers after a recent update. What security practice can help prevent similar issues in the future?

Answer 22

Master image is a reference image used to deploy consistent server configurations. While helpful for maintaining consistency, it wouldn’t necessarily prevent a patch from reintroducing a vulnerability unless the master image itself is updated with the latest secure patches.

Question 23

Continuous monitoring

Answer 23

Continuous monitoring involves ongoing security checks and scans to identify potential vulnerabilities and threats in systems. By continuously monitoring for vulnerabilities, the security team could have detected the reintroduced issue before it caused problems. This allows for quicker response and patching to prevent exploitation.

Question 24

EPP

Answer 24

Endpoint Protection Platform (EPP): EPP focuses on protecting individual devices rather than the overall data flow between on-premises and cloud environments.

Question 25

Cloud Access Security Broker (CASB)

Answer 25

A CASB is specifically designed to secure cloud applications by acting as a gatekeeper between the on-premises environment and the cloud. It provides visibility and control over data flow, enabling organizations to enforce security policies and protect sensitive information.

Question 26

Maintaining the baseline

Answer 26

This involves making ongoing adjustments and updates to the baseline to ensure it remains effective and up-to-date.

Question 27

Establishing the baseline

Answer 27

This is the initial creation of the baseline.

Question 28

DLP

Answer 28

Data loss prevention (DLP): This technology monitors and controls data movement across network boundaries, preventing sensitive information from being copied to unauthorized devices like USB drives.

Question 29

EDR

Answer 29

Endpoint detection and response (EDR): Focuses on detecting and responding to threats on endpoint devices, not preventing data leakage.

Question 30

TLS

Answer 30

TLS (Transport Layer Security): When configured with appropriate cipher suites, TLS can provide perfect forward secrecy, meaning that the compromise of long-term keys does not compromise the security of past communication sessions.

Question 31

Quantitative risk assessment

Answer 31

his method uses numerical data and statistical analysis to assign monetary values to risks.

Question 32

Qualitative risk assessment

Answer 32

This type of assessment relies on subjective judgments and expert opinions to prioritize risks based on their potential impact and likelihood, without assigning specific monetary values.

Question 33

AUP

Answer 33

Acceptable Use Policy (AUP): An AUP specifically outlines the rules and expectations for using company IT resources, ensuring employees understand what is permitted and prohibited.

Question 34

cipher

Answer 34

This is a cryptographic algorithm used to encrypt data, making it unreadable to anyone without the correct decryption key. This ensures that only the intended recipient can access the sensitive information.

Question 35

Elliptic curve cryptography

Answer 35

This is a modern and efficient asymmetric encryption algorithm well-suited for mobile devices due to its performance advantages and strong security properties.

Question 36

Hashing

Answer 36

Hashing is a one-way function used for data integrity verification, not encryption.

Question 37

Credential replay

Answer 37

This attack involves capturing and reusing valid authentication credentials, exactly as described in the scenario. The attacker is replaying a previously captured login session to gain unauthorized access.

Question 38

DAC

Answer 38

Discretionary access control (DAC) This allows users to share access to their own data, which is less restrictive and doesn’t meet the requirement for mandatory control over data sensitivity.

Question 39

MAC

Answer 39

Mandatory access control (MAC) enforces strict access controls based on security labels assigned to both data and users. It prevents unauthorized access to sensitive information by enforcing a clear separation of duties.

Question 40

ESP

Answer 40

Encapsulating Security Payload (ESP) provides comprehensive protection for IPsec tunnels, including data encryption, authentication, and integrity checks. It ensures confidentiality, preventing unauthorized access to the data, and protects against data tampering.

Question 41

IaC

Answer 41

Infrastructure as Code (IaC): This approach treats infrastructure resources like servers, networks, and storage as code, allowing them to be managed and provisioned using scripts and automation tools. This improves efficiency, reduces errors, and enables consistent configurations.

Question 42

IaaS

Answer 42

Provides computing resources like servers and storage, but doesn’t address automation of infrastructure provisioning.

Question 43

EKU

Answer 43

Extended Key Usage (EKU) specifies the intended purpose of the certificate, such as client authentication, email protection, or code signing. It does not relate to multiple domain coverage. EKU is also not within the scope of the Security+ exam and not covered in the objectives. This type of question requires you to know what is and isn’t within the exam objectives.

Question 44

AAA

Answer 44

Authentication, authorization, and accounting

Question 45

Failover clustering

Answer 45

This solution involves multiple servers working together, with one acting as the primary server and the other as a standby. If the primary server fails, the standby server automatically takes over, ensuring uninterrupted service.

Question 46

CASB

Answer 46

Cloud Access Security Broker (CASB) provides visibility and control over cloud services and data, including the ability to monitor data transfers, detect threats, and enforce data encryption policies. It acts as a gatekeeper between the on-premises environment and the cloud, ensuring data security.

Question 47

XSS

Answer 47

Cross-site scripting (XSS) this is the correct answer as it involves the injection of malicious script into a trusted website, which is then executed by the user’s browser. This is exactly the scenario described in the prompt.

Question 49

Cloud Access Security Broker (CASB)

Answer 49

A CASB is specifically designed to secure cloud applications by acting as a gatekeeper between the on-premises environment and the cloud. It provides visibility and control over data flow, enabling organizations to enforce security policies and protect sensitive information.

Question 50

Right to be forgotten

Answer 50

This is the correct term for an individual’s right to request the deletion of their personal data.

Question 51

Right to data access

Answer 51

Grants individuals the right to access their personal data held by an organization.

Question 52

Right to data portability

Answer 52

Allows individuals to transfer their personal data between different organizations.

Question 53

PDU

Answer 53

Power distribution unit (PDU): This device provides power outlets and often includes monitoring capabilities for power consumption, enabling remote management and control.

Question 54

Sensitive

Answer 54

Employee salary information is typically considered sensitive and should be protected from unauthorized disclosure.

Question 55

Public

Answer 55

This classification is for information that can be freely shared without restrictions.

Question 56

Playbook

Answer 56

This is a step-by-step guide for handling specific incidents, providing clear procedures for security teams to follow.

Question 57

Automation

Answer 57

Automating compliance processes can help streamline tasks, reduce human error, and ensure that tasks are completed consistently. This is especially beneficial for large companies with extensive obligations, as it improves both accuracy and efficiency.

Question 58

Corrective control

Answer 58

This type of control helps mitigate the impact of a security incident after it has occurred.

Question 59

Compensating control

Answer 59

This type of control is implemented when a primary control (like the existing security measures) might not be fully effective. The backup and restore process acts as a secondary layer of protection to mitigate the impact of a successful attack.

Question 60

A company is considering implementing asymmetric encryption to protect sensitive data. Which use case would best leverage the strengths of asymmetric encryption?

Answer 60

Authenticating users

Question 61

PFS

Answer 61

Perfect forward secrecy: This cryptographic mechanism ensures that the compromise of a session key does not compromise the security of previous or future communications.

Question 62

Preventive

Answer 62

A locked door prevents unauthorized access to the server room, acting as a proactive security measure.

Question 63

S/MIME

Answer 63

S/MIME is a standard used for encrypting and signing emails, providing confidentiality, integrity, authentication, and non-repudiation. It’s commonly used in legal and business communications to securely exchange sensitive information, ensuring the recipient is authenticated, and the contents remain confidential and unaltered.

Question 64

SCAP

Answer 64

Security Content Automation Protocol (SCAP): A framework for specifying and communicating security data, but doesn’t provide a standardized scoring system for vulnerabilities.

Question 65

Perfect forward secrecy

Answer 65

This cryptographic concept involves generating unique session keys for each communication session, ensuring that the compromise of long-term keys does not compromise the security of past communications.

Question 66

MTTR

Answer 66

Mean time to repair (MTTR): This metric measures the average time it takes to restore a system to full operation after a failure. In this case, the MTTR is 20 minutes.

Question 67

A company is developing a new e-commerce platform to process credit card payments securely. Which cryptographic algorithm is commonly used for encrypting data in transit and for digital signatures in this context?

Answer 67

RSA – This is an asymmetric encryption algorithm that uses a pair of keys, a public key and a private key. It’s widely used in e-commerce for secure data transmission (SSL/TLS) and digital signatures, providing authentication and data integrity.

Question 68

Risk mitigation

Answer 68

This is the correct answer. It involves taking proactive steps to reduce the impact or probability of a risk occurring. This might include implementing security controls, such as firewalls, intrusion detection systems, or employee training.