Exam Sim - 701

Question 1

You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would not be best placed in the new network perimiter?
DDoS mitigation
Aggregation switches
VPN concentrators
Proxies

Answer 1

Aggregation switches are not best placed in the perimeter network because they are best used to connect other switches together. They can be placed anywhere they are needed. Aggregation switches create a single bandwidth stream from multiple sources. A DDoS mitigator should be placed in the perimeter network so that it can detect and mitigate a DDoS attack.

Question 2

In security operations, which of the following would provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management, and security awareness?
Windows registry
System Hardening
System Processes
Logging Levels

Answer 2

System processes provide well-defined operational guidelines for processes such as incident response, security policy, vulnerability management and security awareness to name a few. A security operations center (SOC) operates 23x7 to maintain the organisations security posture.

Question 3

What vendor assessment evaluates the security controls and practices of third-party vendors through a external evaluation process?

Answer 3

In an independent assessment, third-party auditors or assessors are engaged to evaluate the security posture of a vendor independently. These assessments are conducted by impartial and qualified professionals who review the vendor’s security controls, policies and procedures against industry standards, best practices and regulatory requirements. Independent assessment provide an objective evaluation of the vendors security practices and help validate their compliance with security standards and contractual obligations.

Question 4

In security awareness training session, employees are taught to recognise various types of behaviour that may indicate a security threat. Which type of behaviour involves actions that are not in line with established security policies or procedures, potentially putting sensitive information at risk?

Answer 4

Unexplained behaviour involves actions that are not in line with established security policies or procedures. This type of behaviour lacks a clear justification or explanation within the context of an individuals job responsibilities or typical behaviour patterns. As an example, accessing files or systems that are unrelated to one’s role, attempting to modify critical settings without proper authorisation, or logging into the network at odd hours without a valid reason could all be considered unexplained behaviour. Behaviour such as this may indicate a potential security threat or unauthorised access attempt.

Question 5

You are the security administrator for your company. you identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan to implement if the security risk occurs. which type of risk response strategy are you demonstrating?

Answer 5

You are demonstrating a risk response strategy of acceptance. Acceptance involves accepting the risk and leaving the security plan unchanged. examples of acceptance would include taking no action at all or leaving the plan unchanged and developing a contingency or fallback plan. It is recommended that you accept a risk when the cost of the safeguard exceeds the amount of the potential loss.

Question 6

You need to incorporate SAML and SSO into a web application. What would you use?

Answer 6

Shibboleth use Security Assertion Markup Language (SAML), which defines security authorisations on web pages as opposed to web page elements in HTML. Shibboleth is a single sign-on (SSO) system that uses an identity provider and a hardwareAuth is Open Authorisation.

Question 7

Which of these requirements would indicate that you needed to install a router as opposed to a NIPS/NIDS?
in-band vs out-of-band
Rules
Inline vs passive
Anti-spoofing

Answer 7

Antispoofing is a router function, where an application campares the incoming or outgoing IP address to an ACL. Other types of antispoofing perform similar functions on MAC addresses or switch ports. A NIDS or NIPS would not check IP address traffic for spoofing.

Question 8

An attacker carried out an IP spoofing that included saturating your network with ICMP messages. Which attack occurred?

Answer 8

A smurf attack is a combination of Internet Protocol (IP) spoofing and the saturation of a network with Internet Control Message Protocol (ICMP) messages. To initiate a smurf attack a hacker sends ICMP messages from a computer outside a network with a spoofed IP address of a computer inside the network. The ICMP message is broadcast on the network and the hosts on the network attempt to reply to the spurious ICMP message. A smurf attack causes a denial-of-service (DoS) on a network because computers are busy responding to the ICMP messages. The IP spoofing part of a smurf attack can be countered by configuring a router to ensure that messages with IP addresses inside the network originate on the private network side of the router.

Question 9

Why is it important to report the potential losses arising from a risk when reporting risk assessment results?

Answer 9

To enable risk-based decision making - When reporting risk assessment results to senior management it is important to include potential losses compared to treatment cost. This helps to frame the risk in terms of its impact on business objectives and leads to decision-making at high levels that is risk based and not performance based.

Question 10

You are considering cloud services and you are concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?

Answer 10

Cloud access security broker would alleviate your concern because they enforce security policies, whether on-premises or cloud-based. They often sit between the cloud service users and providers, merging the security policies of the user and the provider.

Question 11

When calculating risks by using the quantitative method, what is the result of multiplying the asset values by the exposure factor (EF)?

Answer 11

The result of multiplying the asset values by the exposure factor (EF) is the single loss expectancy (SLE) value. SLE refers to the quantitative amount of loss incurred by a single event when a threat takes place. the formula for calculating SLE is:
SLE = assett value x EF

EF is defined as the percentage of the expected loss when an event occurs.

Question 12

Your company decides to implement a RADI-5 array on several file servers. Which feature is provided by this deployment?

Answer 12

A RAID-5 array provides high availability. Redundant Array of Independent Disks (RAID) combines multiple hard drives for redundancy, performance and fault tolerance. There are several levels of RAID varying in configuration based on need.

Question 13

When connecting to a website using SSL/TLS, the client browser uses the root CA’s public key to decrypt the digital signature of each certificate until finally verifying the identity associated with the websites certificate. Which term or phrase describes this public key infrastructure (PKI) concept?

Answer 13

Certificate chaining refers to the trust relationships between CAs and helps determine which certificate has the highest-level trust. For example, if you get a certificate from “A”, and “A” trusts the root certificate, the highest-level trust is the root certificate.

Question 14

A large financial institution needs to securely manage and grant temporary access to privileged accounts for third-party contractors performing system maintenance. Of the choices given, which solution would be most appropriate for privileged access management?
Time-limited Authorisation
Just-in-time permissions
Ephemeral credentials
Password vaulting

Answer 14

Ephemeral credentials would be the most appropriate solution for privileged access management. Ephemeral credentials refer to temporary, short-lived credentials generated dynamically for accessing privileged accounts or resources. Ephemeral credentials can be generated on-demand and automatically revoked after a predefined period reducing the risk of credential theft, misuse or exposure. this ensures that third-party contractors have access only for the duration required to perform system maintenance tasks, enhancing security and compliance.

Question 15

What asset management activity typically involves scanning to locate assests?

Answer 15

Enumeration is the asset management activity that typically involves scanning to locate assets. Unlike inventory management, which relies on existing records or information, enumeration actively scans systems and networks to identify and list all of the technology resources and devices within the organisation. This process helps ensure that all assets are discovered and accounted for, even when they were not previously documented in the inventory.

Question 16

when planning physical security, which type of sensor would be appropriate to detect a person’s body heat when the person enters a controlled space such as a server room?

Answer 16

Infrared sensor - looks for changes in infrared or heat radiation

Question 17

Which type of controls are an example of a detective control?
log files
firewalls
lighting
IR sensors
fences
closed-circuit television (CCTV)

Answer 17

Closed-circuit television (CCTV), log files and infrared (IR) sensors are detective controls.

Question 18

A large corporation wants to implement a solution to block access to malicious websites and prevent employees from accessing inappropriate content while browsing the internet. Which capability of agent-based web filters would be most appropriate?

Answer 18

Content categorisation would be the most appropriate capability of agent-based web filters. Content categorisation involves classifying web content into predefined categories based on its content and context. Content categorisation allows organisations to define policies to block access to specific categories of content, such as adult content, gambling sites, or social media platforms, helping enforce acceptable use policies and maintain a secure and productive work environment.

Question 19

Which of the following network architecture concepts consists of a policy engine, a policy administrator and a policy enforcement point?
Zero-trust
Cloud
Hybrid
Secure Access Service Edge

Answer 19

Zero-trust architecture consists of a policy engine, a policy administrator, and a policy enforcement point. The goal of zero-trust is to continuously monitor the authentication and authorisation of devices, users and processes. The policy engine is responsible for granting or denying access based primarily on policy, but other factors can be taken into consideration. The policy administrator decides to open or close the communication path from the requestor to the resource, based on the decision of the policy engine. The policy enforcement point establishes and terminates the connections.

Question 20

You are currently comparing stream ciphers and block ciphers. you have decided to use only block ciphers and hash algorithms on your organisations network. Which cryptographic algorithm is a stream cipher?
RC5
RC6
RC4
MD5

Answer 20

RC4 is a stream cipher. Wired Equivalent Privacy (WEP) is considered unsecure because of its improper use of RC4. RC4 would be a great algorithm to use for encrypting streaming video because it is a stream-based cipher. RC4 provides 56-bit encryption

Question 21

In cloud architecture models, which considerations are crucial for understanding the security implications of different deployment models and ensuring a comprehensive security posture?

Answer 21

Public-private cloud configurations, responsibility matrix, third-party vendors

Question 22

Which of the following is based on impersonating an executive in an organisation, with the intent of convincing an employee to do something they shouldn’t?
Business email compromise
Brand impersonation
Misinformation
Typo-squatting

Answer 22

Business email compromise is an attack that exploits the name and/or position of a high ranking executive within the organisation. The attacker will impersonate the executive in an email to the victim, typically an employee in the organisation, asking them to perform tasks

Question 23

Which type of deception and disruption technology contains decoy data that the attacker exfiltrates from the system?
Honeyfile
Honeynet
Honeytoken
Honeypot

Answer 23

A honeytoken contains specific data that the attacker exfiltrates from the system. Decoy data, such as a bogus email address, bad database data, fake passwords and other types of planted information make it easier to spot an attack when the data is carried back to the attacker’s system. the purpose of a honeytoken is to alert the IT security team that an attacker has made their way inside the network and removed data, even if the data is valueless to the organisation.

Question 24

You are your organisations security analyst. Recently you discovered that an attacker injected malicious code into a web application on your organisations website. You discovered this attack by reviewing the log data on the web servers. Which type of attack did your organisation experience?
Path traversal
cross-site scripting
SQL injection
buffer overflow

Answer 24

Your organisation experienced a cross-site scripting (XSS) attack. An XSS attack occurs when an attacker locates a vulnerability on a website that allows the attacker to inject malicious code into a web application. A persistent XSS attack occurs when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the web client. A non-persistent XSS attack occurs when the data provided by a web client is used immediately by server-side scripts to generate results for that user. XSS flaws occur every time an application takes user-supplied data and sends it to a web browser without first confirming or encoding the data.

Question 25

You want to implement additional protection for your e-commerce server by installing a specific type of firewall. This firewall will sit between the web server and clients and will be placed in a screened subnet or perimeter network. Its primary purpose will be to protect the e-commerce apps running on the server. Which type of firewall should you choose?

Answer 25

Layer 7 Firewall - also known as a Web Application Firewall (WAF). A WAF operates at the application layer which is layer 7 of the OSI model. It sits in the screened subnet providing an additional layer of protection for the internal LAN by inspecting a filtering traffic before it hits the LAN

Question 26

Which of the following activities are associated with application security in vulnerability management?
Package monitoring
Dynamic analysis
Responsible disclosure program
Information sharing organisation
System/process audit

Answer 26

Dynamic analysis and package monitoring are associated with application security in vulnerability.

Question 27

As part of your monthly report, you must classify specific vulnerabilities into a broad range of vulnerability types. Which type of vulnerability is demonstrated by an SQL injection?
Misconfiguration/weak configuration
Improper error handling
Improper input handling
Default configuration

Answer 27

An SQL injection is an example of improper input handling and the impact can include data destruction or unfettered access to the database. Inputs should be checked for common SQL injection symbols. Others examples of improper input handling include failure to validate the type of data in an inout field, the length of the data and proper data ranges.

Question 28

You need to install a network device or component that ensures the computers on the network meet an organisations security policies. Which device or component should you install?
IPSec
DMZ
NAT
NAC

Answer 28

Network Access Control (NAC) ensures the computers on the network meet an organisations security policies. NAC user policies can be enforced based on the location of the network user, group membership or some other criteria. Media Access Control (MAC) filtering is a form of NAC. NAC provides host health checks for any devices connecting to the network. Hosts may be allowed or denied access or placed into a quarantined state based on this health check.

Question 29

What is Vishing?

Answer 29

Vishing is a special type of phising that uses VoIP. Often these types of attacks involve receiving telephone calls that appear to come from a trusted source, such as your financial institution. The telephone call asks you to disclose confidential information that can be used to access your account.

Question 30

What is the responsibility of the data controller?

Answer 30

The data controller is the entity that determines the purposes for which and the manner in which any personal data is processed. The entity determines the why and how personal data is processed. The data controller ensures that the data subject consents and makes sure to safeguard that data.

Question 31

What infrastructure concept provides developers with the opportunity to build and run applications in the cloud, without the extra responsibility of having to maintain servers?

Answer 31

Serverless - is an application development model that provides developers the opportunity to build and run applications in the cloud, without the extra responsibility of having to maintain servers on premises.

Question 32

Which variation of the point-to-point VPN accepts secure HTTP traffic and translates the traffic into the direct access protocols needed to access cloud-based VMs?
WAP
SWG
VPC
CAB

Answer 32

A Secure Web Gateway (SWG) is a cloud based web gateway that combines features of a next generation firewall (NGFW) and a Web Application Firewall (WAF). SWG provides an ongoing update to filters and detection databases and is designed to provide filtering services between cloud-based resources and on-premises resources. SWG uses standard WAF functions, TLS decryption, CASB functions, sandboxing features and threat detection functions to protect enterprises from the ever evolving cloud-based risks and attacks

Question 33

What are the steps (in order) in the risk response process?

Answer 33

1. Establishment of risk appetite and risk tolerance - this is the foremost activity because management needs to determine what extent of risk is acceptable and tolerable to the organisation that would not have an impact on achieving its business objectives
2. Risk Identification - this is done to determine all the risks that are applicable to the organisation
3. Risk analysis - once the risks have been identified, assessment is performed for the risk impact and likelihood
4. Risk response selection and documentation - the risk response is selected based on the establishes risk appetite and risk tolerance
5. Risk response prioritisation - prioritisation is based on the risk environment and cost-benefit analysis
6. Development of risk action plan - this is created in order to be able to manage the risk responses

Question 34

A healthcare organisation wants to enhance the security of its electronic health record (EHR) system. Which solution, from the choices below, would be most appropriate for implementing multifactor authentication?

Answer 34

Security keys would be the most appropriate solution to enhance the security of the EHR system. Security keys are physical devices that users insert into their computers or mobile devices to authenticate their identities. These devices contain cryptographic keys that are used to generate unique authentication codes for each login attempt. Security keys provide a strong level of security and are easy for users to use making them suitable for protecting sensitive patient health information. Additionally, security keys can help prevent unauthorised access to EHR systems, reducing the risk of data breaches and ensuring compliance with healthcare privacy regulations such as HIPAA.

Question 35

Your client is a manufacturing company. They need to implement security measures to protect their computing resources from unauthorised access. you recommend that they use network segmentation to isolate critical systems and prevent lateral movement within the network. which of the following targets are MOST likely to benefit from this technique?
Embedded Systems
Servers
RTOS
ICS/SCADA
Cloud Infrastructure

Answer 35

Industrial Control Systems/Supervisory Control and Data Acquisition (ICS/SCADA) systems and embedded systems would benefit the most.

Question 36

When implementing a security solution for mobile devices, which two common use cases are of primary concern?
Authentication
Low Latency
Obfuscation
Lower power devices
Non-repudiation

Answer 36

Lower power devices and low latency are the primary concerns with mobile devices. Lower power devices should use cryptographic techniques that require less time to encrypt and decrypt data. As the time to encrypt and decrypt increases, the power requirements increase as well. Devices such as wireless devices, handheld computers, smart cards and cellular phones have less processing power, storage, power, memory and bandwidth than other systems and would benefit from algorithms with shorter key lengths.
Low latency is a concern with any cipher. Latency refers to the delay between the time the plain text is input and the cipher text is generated. Supporting authentication is validating that the message originator is indeed who they say they are and not an imposter.

Question 37

What are the 7 phases or steps of the Cyber Kill Chain?

Answer 37

1. reconnaissance
2. Weaponisation
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Actions and Objectives

Question 38

Which of the following security control types includes acceptable use policies, handbooks and posted warning signs?
Directive controls
Detective Controls
Compensating Controls
Preventive Controls

Answer 38

In general directive controls provide behavioural guidance, guidelines and policies to be followed. Examples of directive controls would include AUP, handbooks and standard operating procedures. However they do not do anything to prevent the behaviour from occurring.

Question 39

Which external factor influences effective security governance by dictating rules and compliance standards by which organisations must abide?

Answer 39

Regulations dictate the rules and compliance standards that organisations must obey or meet.

Question 40

A large corporation wants to implement a solution to block access to malicious websites and prevent employees dfrom accessing inappropriate content while browsing the internet. Which capability of agent-based web filters would be most appropriate?

Answer 40

Content Categorisations would be the most appropriate capability of agent-based web filters.