Exam Practice Question Flashcards
(28 cards)
An organization changes its security posture after a breach and wants to enhance encryption by putting meaures in place to mitigate risk exposures that cannot be directly eliminated by the cyber security team. What type of control is being observed in this situation?
a. compensating
b. technical
c. administrative
d. detective
a. Compensating controls refer to measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible, such as additional monitoring or enhanced encryption.
As part of enhancing its data protection strategy, a corporation’s IT manager aims to ensure defense-in-depth by integrating a technical control alongside existing managerial and operational controls. Which measure BEST exemplifies a technical security control according to the classification scheme?
a. setting up a network IDS
b. implementing a risk identification tool
c. conducting employee cybersecurity training
d. installing a building access control system
a. Intrusion detection systems represent a technical control involving hardware and software systems specifically designed to monitor and control the network’s security. Network intrusion detection systems are naturally automated and technical, making this the best example of a technical control in the options given.
The security manager at a financial technology company seeks to enforce a control that enhances user behavior to mitigate cybersecurity risks. What type of control should an analyst recommend the security manager put in place?
a. the analyst should recommend the enforcement of a strict password policy
b. the analyst should recommended a tool that assesses potential security risks
c. the analyst should recommend installing biometric security devices
d. the analyst should recommend the placement of security cameras around the premises
a. The enforcement of a strict password policy is an example of an operational control. People primarily implement operational controls and involve actions, such as adhering to security policies and procedures.
When sending confidential data over a network, a company wants to ensure both parties involved cannot deny the validity of the transmitted data. Which security principle should they prioritize?
a. non-repudiation
b. adaptive identify
c. AAA
d. zero trust
a. non-repudation is crucial for verifying that transmitted data originated from a verified sender and reached the intended recipient, and neither party can deny the authenticity of the data
A malicious actor initiates an attack on a software organization, believing it to have successfully acquired sensitive data. Unbeknownst to the attacker, the organization has deceived the attacker by intentionally providing fake sensitive information and has now captured the attacker’s tactics and tools. What deception technology did the organization deploy to capture the attacker’s techniques and tools?
a. honeypot
b. honeytoken
c. honeyfile
d. honey net
c. honey file
A security team is leveraging an adaptive identity system to adjust user access rights. However, they also want to confirm the identity of a system to ensure it is trustworthy. What concept should they look to implement next?
a. RBAC
b. single factor authentication
c. authenticating systems
d. non-reputation
c. Authenticating systems focus on verifying the identity of a system or a user, ensuring it is trustworthy. This process complements the dynamic adjustment of access rights based on behavior or context, as is done in an adaptive identity system.
A high-tech corporation has been experiencing numerous security breaches. It has concerns about the constant attacks attempting to steal sensitive data. Which strategies would be the MOST appropriate for the corporation to handle these threats effectively?
a. Purchasing cutting-edge security technology
b. Engaging an external auditing agency
c. Implementing a reactive defensive strategy
d. Adopting an offensive security approach
d. An offensive approach, or “active defense,” involves actively searching for threats to prevent an attack before it happens.
An enterprise seeks to optimize its backup storage space due to the increasing amounts of data it handles daily. The company wants to ensure it is not storing redundant copies of the same data, which consumes valuable storage resources. Which technique should the company implement to solve this issue?
a. Data deduplication
b. Data journaling
c. Data encryption
d. Data replication
a. Data deduplication is a data compression technique that reduces storage requirements by eliminating redundant copies of the same data. Instead of storing multiple copies of the same data, deduplication stores a single copy and creates references to that copy for all other instances.
The security manager of a highly sensitive facility is evaluating options for intrusion detection systems to detect physical movement in its secured zones. The ideal technology the facility needs should be less prone to environmental interferences and preferably not depend on physical contact. Which technology should the security manager implement?
a. Infrared sensors
b. Ultrasonic sensors
c. Pressure sensors
d. Microwave sensors
b. Ultrasonic sensors emit sound waves at a frequency that is not audible to humans. If an object or person moves within the sensor’s range, it disrupts the sound waves, and the sensor detects this change, triggering an alarm.
A nationwide company is upgrading all of its existing hardware. There is no proprietary hardware, so it is all commercial off-the-shelf hardware. What steps should the company take to increase security? (Select the two best options.)
a. Assign the hardware to a group
b. Inventory the hardware
c. Change default passwords
d. Remove unneeded software
c & d. Changing default passwords is vital as attackers can guess default passwords or find them published online. Keeping default passwords increases the chance of an attack. Removing unneeded software helps reduce the attack surface for a hacker to use to compromise a system or mobile device.
A hacker targets CloudSecure’s network devices, including routers and switches. The hacker knows that companies often neglect changing vendor default login credentials for these devices. Using this knowledge, the hacker gains unauthorized access to the network by simply entering the default vendor username and password. Which of the following describes the type of attack in this scenario?
a. Default credentials
b. Vishing
c. Man-in-the-middle
d. Phishing
a. This scenario illustrates a default credentials attack, where the threat actor exploits the fact that the company did not change the default login credentials for its network devices, allowing unauthorized access.
The network security team at a medium-sized company plans to improve its security infrastructure by securing its enterprise network with a solution that provides intrusion prevention, deep packet inspection, application awareness, and integration with cloud networking. The team needs a solution that does not serve as a single point of failure and potentially jeopardizes the entire network. Additionally, they want to establish a secure communication channel for their remote workers using a protocol that operates at the network layer of the Open Systems Interconnection (OSI) model and encrypts the entire IP packet when communicating over an insecure network. What combination of security measures should the network security team consider implementing?
a. Unified Threat Management (UTM) and Transport Layer Security (TLS)
b. Next Generation Firewall (NGFW) and Internet Protocol Security (IPSec) in Tunnel Mode
c. Unified Threat Management (UTM) and Internet Protocol Security (IPSec) in Transport Mode
d. Next-Generation Firewall and Transport Layer Security (TLS)
b. The NGFW provides necessary features without being a single point of failure like UTM. IPSec in Tunnel Mode encrypts the whole Internet Protocol (IP) packet, securing communication for remote workers over insecure networks.
After reading an article online, a concerned business stakeholder wishes to discuss the risk associated with denial of service (DoS) attacks. The stakeholder requests information about the possibilities of an attacker learning about the countermeasures in place. Where would the security analyst look to find this information?
a. Risk register
b. Risk regulations
c. Risk and Control Assessment (RCA)
d. Risk heat map
a. The risk register shows risk assessment results in a comprehensible format. Information in the register includes impact, likelihood ratings, date of identification, description, countermeasures, owner/route for escalation, and status.
A cyber consultant is weighing the various challenges to automation as an organization has tasked the consultant with implementing it in an upcoming project. What is a challenge associated with technical debt?
a. It can impact multiple areas of the organization, causing widespread problems.
b. It can quickly erode if the organization does not continue needed patches and updates.
c. It can result in poorly documented code, leading to instability and increased costs.
d. Poorly planned strategies can make systems difficult to maintain.
c. When organizations make haste decisions in technology, technical debt can result in poorly documented code or maintenance. Over time, technical debt can lead to system instability and increased costs.
A small engineering company wants to run a business analysis. It hired a consulting firm to better understand the underlying components, including the result of quantitative or qualitative risk analysis. Which of the following values is MOST beneficial to the company in this situation?
a. Risk factors
b. Single Loss Expentency (SLE)
c. Inherent risk
d. Annualized Loss Expentancy (ALE)
c. The result of quantitative or qualitative analysis is a measure of inherent risk. Inherent risk is the level of risk before implementing mitigation.
A tech consultant enhances automation and scripting with continuous integration and testing capabilities. What are some characteristics associated with this capability? (Select the three best options.)
a. Developers regularly merge their changes back to the main code branch.
b. The system automatically evaluates merges to help detect and fix integration issues
c. The technician makes improvements to code quality and accelerates development cycles.
d. Different software systems are enabled to communicate and interact, creating seamless workflows.
a, b & c. The principles of continuous integration and testing hinge heavily on automation. In this approach, developers regularly merge their changes back to the main code branch. Additionally, continuous integration and testing principles automatically evaluate each merge to help detect and fix integration problems. Finally, continuous integration and testing principles improve code quality, accelerate development cycles, and reduce the risk of integration issues.
A telecom company needs to increase the security on several local devices due to taking on additional contracts. The systems need protection against attacks that can come from the network or local software. What is the BEST solution for the company to implement?
a. Host Intrusion Detection Systems (HIDS)
b. Host Intrusion Prevention Systems (HIPS)
c. Host-Based Firewall
d. Antivirus
c. An advanced Host-Based Firewall will enable the administrators to restrict traffic based on set rules while allowing only certain applications to communicate over the network. This solution will best protect the system from network and local software attacks.
The IT department of a medium-sized company is in the process of finalizing agreements with various vendors. The legal team drafted the contracts to ensure proper arrangements. The team considers three types of agreements: an NDA, a BPA, and an MOU. The IT team wants to select the MOST appropriate agreement for each vendor to ensure smooth collaboration. Which of the following agreements protects sensitive information shared between the company and its vendors?
a. Business partnership agreement (BPA)
b. Memorandum of understanding (MOU)
c. Non-disclosure agreement (NDA)
d. Memorandum of agreement (MOA)
c. The non-disclosure agreement (NDA) is a suitable agreement for protecting sensitive information shared between parties and maintaining confidentiality.
A newly formed company wants to become part of an information-sharing organization due to the unknown threats that are out there. The company looks forward to partnering with other businesses, government entities, and academic institutions. What benefits are there for participation in an information-sharing organization? (Select the three best options.)
a. Provide valuable context with vulnerabilities
b. Increase cybersecurity resilience
c. Fortify systems against emerging threats
d. Gaining insights into vulnerabilities
By partnering with other organizations, a company gains insights into areas of partner response that it would not have otherwise. To fortify a company’s systems against ongoing exploitation significantly, an organization can draw from the experiences of the information-sharing organization partners. Being ready to respond to and patch a vulnerability before exploitation on a company system will increase cybersecurity resiliency.
A company is planning to modernize its application architecture for a new web application. The primary requirements include high scalability and seamless integration of services. What would be the MOST suitable technology for this company to consider?
a. Real-time operating systems (RTOS)
b. Microservices
c. Software-defined networking (SDN)
d. Blockchain
b. Microservices architecture breaks down a large application into smaller, independent services that communicate with each other via application programming interfaces. This results in a more scalable application and allows for seamless integration of individual components.
A technician is deploying centralized web filtering techniques across the enterprise. What stems from various factors such as the website’s Uniform Resource Locators (URL), domain, Internet Protocol (IP) address, content category, or even specific keywords within the web content?
a. Content categorization
b. Block rules
c. Reputation-based filtering
d. Uniform resource locators (URL) scanning
b. Block rules stem from various factors such as the website’s Uniform Resource Locators (URL), domain, Internet Protocol (IP) address, content category, or even specific keywords within the web content.
A company’s IT team is investigating a security incident where a hacker gained unauthorized access to its server. The team suspects the attack was a buffer overflow exploit in one of the OS-based applications. The team analyzes the server logs and discovers unusual patterns in the application’s behavior before the breach. Now, the team needs to implement measures to prevent such attacks in the future and enhance the application’s security. What security measures can the IT team implement to mitigate buffer overflow exploits in its OS-based applications?
a. Use firewall rules to restrict network traffic to and from the server.
b. Regularly update the operating system and applications with the latest security patches.
c. Enable address space layout randomization (ASLR) or data execution prevention (DEP).
d. Implement strong password policies for user accounts accessing the applications.
c. Enabling address space layout randomization (ASLR) or data execution prevention (DEP) controls are effective measures to mitigate buffer overflow exploits. ASLR randomizes memory locations, making it difficult for attackers to predict the location of their malicious code. DEP prevents the execution of code from data pages, further reducing the success of buffer overflow attacks.
After a recent breach, an organization mandates increased monitoring of corporate email accounts. What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations?
a. Antivirus (A-V)
b. Security content automation protocol (SCAP)
c. Data loss prevention (DLP)
d. Simple Network Management Protocol (SNMP) trap
c. Data loss prevention (DLP) mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations.
A company determines a certain level of risk that, once exceeded, requires immediate action or reconsideration of the initiative. The company takes pride in its cautious approach to business and generally avoids high-risk activities. Which of the following should the company employ to align with its desired risk management approach?
a. Risk threshold
b. Risk appetite
c. Risk tolerance
d. Risk mitigation
a. The risk threshold refers to a specific point at which risk becomes unacceptable, necessitates intervention, and the company requires immediate action or reconsideration of the initiative.
