General Security Concepts

Question 1

What threat actor is most likely to be hired by a foreign government to attack critical systems in other countries?

Answer 1

Organized crime

Question 2

What security control type does an acceptable use policy best represent?

Answer 2

Preventative

Question 3

What is a risk register?

Answer 3

A tool used in risk management that records details of all identified risks, making it easier to manage and track them

Question 4

What is a group or individual that is sponsored by a government to conduct cyber operations against other nations/organizations/individuals called?

Answer 4

Nation-state actor

Question 5

According to the shared responsibility model, which role is responsible for securing the company’s database in an IaaS model for a cloud environment?

Answer 5

Client

Question 6

What allows for the attribution of messages to individuals?

Answer 6

Non-repudiation

Question 7

In the CIA triad, what is Availability?

Answer 7

Information is able to be stored, accessed, or protected at all times

Question 8

In the CIA triad, what is Integrity?

Answer 8

• Information has not been modified or altered without proper authorization
• Hashes

Question 9

In the CIA triad, what is Confidentiality?

Answer 9

• The information has not been disclosed to unauthorized people
• Encryption

Question 10

When does non-repudiation occur?

Answer 10

When you have proof that someone has taken an action

Question 11

What are some examples of non-repudiation?

Answer 11

• Digital signatures
• Message authentication code (MAC)

Question 12

What are examples of administrative controls?

Answer 12

• Policies
• Procedures
• Security awareness training
• Contingency planning
• Disaster recovery plans

Question 13

What is an example of regulatory controls?

Answer 13

HIIPA

Question 14

Whare are examples of technical controls?

Answer 14

• Smart cards
• Encryption
• ACLs
• IDS
• Network authentication

Question 15

What threat actor is described as having limited skill and only running other people’s exploits and tools?

Answer 15

Script kiddies

Question 16

What threat actor is motivated by social change, political agendas, or terrorism?

Answer 16

Hacktivists

Question 17

What threat actors are part of a crime group that is well-funded and highly sophisticated?

Answer 17

Organized crime/Crime syndicates

Question 18

What threat actor is described by the use of IT systems, devices, software, applications, and services without explicit approval?

Answer 18

Shadow IT

Question 19

What threat actors are groups of highly trained and funded hackers (often by nation states) with covert and open source intelligence at their disposal?

Answer 19

Advanced persistent threats (APTs)

Question 20

According to the shared responsibility model, who is responsible for securing the company’s database in an IaaS model for a cloud envrionment?

Answer 20

Client

Question 21

Which data policy controls how data is saved
for compliance or regulatory reasons?

Answer 21

Retention

Question 22

Which threat actor would use ransomware-as-a-service?

Answer 22

Organized crime

Question 23

What is peer review and approval?

Answer 23

A practice that involves having other developers or experts review the code before it is deployed or released

Question 24

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. What tool is being used?

Answer 24

DLP

Question 25

An organization wants to limit potential impact to its log-in database in the event of a breach, what should they implement?

Answer 25

• Hashing
• Database stores only the hash values instead of the actual passwords

Question 26

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. What types of infection is present on the systems?

Answer 26

Ransomware

Question 27

What type of file is a .ryk?

Answer 27

Ransomeware Ryuk

Question 28

What attack has a typical pattern where there is a SYN flood from different IP addresses to the same server in a short time?

Answer 28

DDoS

Question 29

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which risk management process describes this example?

Answer 29

Mean time to repair

Question 30

What is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Answer 30

• EDR
• Endpoint Detection and Response

Question 31

Client files can only be accessed by employees who need to know the information and have specified roles in the company. What best describes this security concept?

Answer 31

Confidentiality

Question 32

What consideration is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Answer 32

Request process for data subject access

Question 33

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. What plan is the IT manager creating?

Answer 33

Business continuity