Incorrect Answers

Question 1

What term refers to an organization’s predetermined level of acceptable risk exposure?

Answer 1

Risk tolerance

Risk tolerance refers to an organization’s predetermined level of acceptable risk exposure. It represents the extent to which an organization is willing to tolerate potential risks before taking action to mitigate or avoid them.

Question 2

Reginald, an IT Manager, is the owner of a file on a server and wants to grant his colleagues access to the file. He is the only one who can decide who is allowed access to the file and what actions they can perform on it. Which authorization model is being used in this scenario?

Answer 2

DAC

Discretionary Access Control (DAC) is an authorization model where the owner of the resource decides who is allowed to access it.

Question 3

Which of the following terms refer to the specific laws and regulations set by a country’s government that dictate how the personal data of its citizens should be collected, stored, and processed?

Answer 3

National legal implications

National legal implications are laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy.

Question 4

At Kelly Innovations Corp., Sarah noticed that their core business application, which tracks customer orders, was not updating inventory levels accurately. A recent update seemed to have introduced a bug. Which of the following would offer the BEST solution?

Answer 4

Application rollback

Reverting an application to a previous state or version from a backup to correct issues caused by updates or changes. In this scenario, restoring the application from a backup taken two days earlier is an example of an application rollback and would be the most effective solution.

Question 5

Which of the following statements BEST explains the importance of environmental variables in regard to vulnerability management?

Answer 5

Environmental variables refer to the unique characteristics of an organization’s infrastructure that can affect vulnerability assessments and risk analysis

Environmental variables refer to the unique characteristics of an organization’s infrastructure, business environment, and operational context that can impact vulnerability assessments and risk analysis. Understanding these variables is crucial to conducting effective vulnerability management and developing appropriate risk mitigation strategies.

Question 6

Dion Training Solutions is aiming to optimize their wide-area network (WAN) while ensuring advanced network management and performance optimization. They are considering a solution that can be deployed both on-premises and in the cloud. Which of the following technologies would BEST match their requirements?

Answer 6

SD-WAN

SD-WAN (Software-defined wide area network) provides centralized network management, flexible routing, and traffic management capabilities. It can be hosted both on-premises and in the cloud, giving it an edge for comprehensive WAN optimization.

Question 7

What element of backup strategy involves making data copies regularly at set intervals?

Answer 7

Frequency

Frequency refers to how often data backups are carried out. Regular backups at set intervals are crucial to minimize the potential loss of data.

Question 8

When evaluating the introduction of automated systems in a security operations center (SOC), which of the following is a prominent time-related benefit that security professionals might expect?

Answer 8

Reduced response time to security incidents.

Automated systems can instantly detect and respond to threats, ensuring faster mitigation compared to manual responses. Automation can speed up patching, but it doesn’t necessarily extend the time patching takes.

Question 9

Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?

Answer 9

IaC

Infrastructure as code (IaC) allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale.

Question 10

Kelly Innovations Corp, an IT company, is implementing a process of encryption where two parties establish a shared secret for communication purposes. Which of the following MOST accurately describes this process?

Answer 10

Key exchange

Key exchange is a process in which two communicating parties establish a shared secret key, typically used for symmetric encryption. This key is established in a manner so that eavesdroppers, even if they intercept the key exchange messages, cannot determine the shared key.

Question 11

When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message?

Answer 11

Public key

The client would use the company’s public key to encrypt the message. Only Dion Training, with the corresponding private key, can decrypt and read the message, ensuring confidentiality and demonstrating the importance of public-key cryptography.

Question 12

Which of the following is an aspect of asset management that ensures that each IT asset is clearly associated with a specific individual or department, providing clarity on responsibilities and access rights?

Answer 12

Ownership

Ownership helps in determining who is responsible for the asset, ensuring clear lines of accountability and often helping in deciding the access rights.

Question 13

Reed, a cybersecurity specialist at Dion Training Solutions, is optimizing the company’s IPS. He notes that while signature-based detection is highly effective against known threats, it has some limitations. Which of the following BEST describes a limitation of signature-based detection in an IPS?

Answer 13

It might not detect zero-day exploits.

Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop new threats or zero-day exploits because their signatures aren’t in the database yet.

Question 14

Which mitigation technique involves the use of tools like Nagios or Splunk to continuously observe and check the operation of a system or network?

Answer 14

Monitoring

Monitoring, the continuous observation and checking of system or network operations, often involves tools like Nagios or Splunk to ensure its functionality and security.

Question 15

Susan, a security analyst at Kelly Innovations LLC, is reviewing alerts from the IPS. She recognizes a pattern of false positives from signature-based detections. Which of the following is the MOST likely cause for false positives in signature-based detection systems?

Answer 15

The signatures require tuning.

When signatures are overly broad or not precisely defined, they might incorrectly match legitimate network traffic, leading to false positives. Signature-based detection works by inspecting traffic patterns, whether encrypted or not.

Question 16

Which of the following characteristics of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?
Ease of Deployment

Answer 16

Resilience

Resilience in cloud architecture refers to the ability of the system to quickly recover from failures and maintain operational performance, crucial for ensuring availability during adverse conditions.

Question 17

Clumsy Contraptions Engineering is seeking to change its security footing. In the past, they have found that too many pieces of malicious software have gotten past the system. Their Chief Security Officer believes they need a device which will actively evaluate traffic and reject or modify packets according to policies the company sets. What type of device is the CSO suggesting?

Answer 17

Inline

Inline devices are designed to interact with network traffic actively and can take actions such as accepting, rejecting, or modifying packets, making them the optimal choice for this scenario.

Question 18

Florence is the CEO of a company. She has the final say over all decisions made regarding the business, IT, accounting, and other departments. What type of governance does Florence’s company have?

Answer 18

Centralized governance

Centralized governance involves decision-making authority concentrated in a single authority or department within an organization. In this structure, key decisions are made at the top level and are then disseminated throughout the organization.

Question 19

Which of the following ports, if left open and unmonitored, might allow database queries from unauthorized external sources?

Answer 19

Port 1433

Port 1433 is the default for Microsoft SQL Server. Organizations typically restrict or monitor access to this port to prevent unauthorized database operations. Domain Name System (DNS) uses port 53 for resolving domain names into IP addresses. It isn’t associated with database operations. Port 443 is used for secure web traffic through SSL/TLS. It’s not directly related to database queries. File Transfer Protocol (FTP) uses port 21 for unencrypted data transfers, not for database operations.

Question 20

Reed & Jamario Security Services has recommended your company use a port based system to prevent unauthorized users and devices. Which of the following are they recommending?

Answer 20

802.1X

802.1x is a standard developed by the IEEE to govern port-based network access. When used with a RADIUS based authentication server it provides authentication services, checking user credentials to ensure that the user is a legitimate part of the organization and granting access to only those areas of the system that the user is allowed to access.

Question 21

Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?

Answer 21

ECC

ECC (Elliptic curve cryptography) is a type of trapdoor function that is efficient with shorter key lengths. For instance, ECC with a 256-bit key provides roughly the same security as RSA with a 2048-bit key. The primary advantage is that ECC has no known shortcuts to cracking it, making it particularly robust.

Question 22

Dion Training has recently implemented a new web portal for their customers. During a routine security review, the IT team notices that some suspicious activities have been logged. An unknown user attempted to access the system with a strange pattern: when requesting a particular user file, instead of the usual URL structure ( /users/[username]/profile ) the system registered requests like ( /users/../admin/config ). Within a short span of time, several such patterns were identified, each trying to reach different sensitive files and directories. Given this information, which of the following types of attack is the user MOST likely attempting?

Answer 22

Attempting to access files outside of intended directories.

This scenario is a classic example of directory traversal. The described activities are consistent with an attacker trying to move up the directory structure and access files or directories they shouldn’t. This often involves navigating directories in ways the system didn’t intend.

Question 23

Horizon Security, a cybersecurity training company, experienced a data breach due to a vendor’s negligence. This breach led to a significant loss of sensitive customer information. What type of consequence is Horizon MOST likely to face?

Answer 23

Reputational damage

Reputational damage refers to the potential harm or negative impact on Horizon’s reputation due to its failure to comply with data protection regulations. As a result of the data breach, customers may come to believe that Horizon doesn’t know enough about cybersecurity to prevent the breach and/or properly protect its customer data. Its reputation in the cybersecurity training industry may be tarnished.

Question 24

The executive team at a software development firm decides that any project with a potential financial impact greater than $500,000 due to a security incident will require an immediate review and intervention. This financial impact figure represents which of the following in risk management

Answer 24

Risk threshold

The $500,000 financial impact figure is an example of a risk threshold, as it is the specific point at which the company must act to mitigate risk.

Question 25

When considering user interactions with a web service, which of the following are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?

Answer 25

Session management

These refer to the protocols that maintain the security of user interactions on the web, including the secure creation and transfer of unique identifiers or “cookies,” and setting inactivity limits to automatically terminate the session if the user is inactive for a certain period.

Question 26

Why might an organization be particularly concerned about introducing automation tools that become single points of failure during secure operations?

Answer 26

Compromised availability leading to operational disruptions.

A single point of failure can jeopardize the entire system’s uptime, introducing potential security risks and halting processes. Upholding data confidentiality is a primary security concern, but it isn’t directly related to the risks of single points of failure.

Question 27

What is the name of a cryptographic key that can be freely distributed and used by others to encrypt messages?

Answer 27

Public key

A public key is used in asymmetric encryption. It can be freely distributed and used by others to encrypt messages, which can then only be decrypted by the corresponding private key.

Question 28

The HR department for a large corporation is looking to streamline the onboarding process for new employees. What can the use of scripting do to help attain this goal, in terms of system access?

Answer 28

Automating the provisioning of account credentials.

Using scripting, IT can automatically create user accounts, set default passwords, and assign appropriate access rights based on the role of the new employee. While scripting can perform many tasks, producing physical manuals typically isn’t within its domain of automation. Scripting aids in automation, but it doesn’t replace or facilitate human-to-human interactions such as interviews. While scripting can automate various processes, it doesn’t directly enhance the quality or content of training materials.

Question 29

Which of the following are hardware issues that result from products that are no longer being made or supported, but are still usable?

Answer 29

End-of-life vulnerability

End-of-life vulnerability can allow a hardware attack that involves exploiting vulnerabilities in devices that are no longer supported or updated by the manufacturer. It can allow an attacker to compromise the security or functionality of the device, or use it as a gateway to access other systems or networks.

Question 30

Which method accurately demonstrates the authentication process used in WPA2 Personal mode?

Answer 30

Using a passphrase to generate a pairwise master key (PMK).

WPA2-PSK leverages a passphrase to create a key, called the PMK, to encrypt communications. This is a distinguishing feature of WPA2’s personal authentication.

Question 31

For ensuring the security of an HTTP application like WordPress or Magento against threats like SQL injection or cross-site scripting, which monitoring tool or method would be MOST appropriate?

Answer 31

Web application firewall (WAF)

A WAF specifically protects web applications by filtering and monitoring HTTP traffic, providing defenses against web-specific attacks such as SQL injection.

Question 32

What is the purpose of a security analyst doing due diligence in the vendor selection process?

Answer 32

To ensure that the vendor’s practices align with the organization’s requirements

Due diligence includes assessing the vendor’s security practices and confirming that they meet the organization’s security requirements and standards. Due diligence in the vendor selection process involves evaluating the financial stability and reliability of the vendor to ensure they are capable of fulfilling their obligations. Due diligence involves examining the vendors’ security practices and ensuring that they comply with a company’s own practices. It doesn’t normally extend to evaluating a vendors’ suppliers’ supply chains. It is important to make the best choice of vendors, however that isn’t what due diligence means. Due diligence may include checking their performance history and reputation with previous clients to gauge their track record.

Question 33

Within the IT department, Sarah has been designated to oversee the security measures for the new data management platform. She is accountable for the regular review of security protocols and responding to any breaches or vulnerabilities that may arise. Sarah’s role would be BEST described by which of the following terms?

Answer 33

Risk owner

Sarah exemplifies a risk owner, as she is tasked with the ongoing management and mitigation of risks pertaining to the data management platform. A risk register would be the tool Sarah uses to track and assess the risks, not her role. A risk indicator would be a metric Sarah might monitor to assess risk levels, not her position. A risk assessor might be a role that Sarah takes on when evaluating risks, but it does not encapsulate her comprehensive management responsibilities.

Question 34

When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography?

Answer 34

Trapdoor function

The RSA algorithm uses a trapdoor function, where encryption is easy to perform using the public key, but reversing the process (decryption) without the private key is challenging. RSA’s principle is that certain mathematical operations are easy to perform, but their inverse operations are difficult without specific knowledge. Symmetric encryption is a type of encryption where the same key is used for both encryption and decryption, unlike RSA which uses a pair of public and private keys. A hash function is a process that converts an input (often a long string) into a fixed-size value, commonly used for verifying data integrity but not specifically tied to RSA’s public key cryptography. A digital signature is a means to verify the authenticity of a digital message or document, using a combination of hashing and encryption, but it isn’t the mathematical property of RSA.

Question 35

Which of the following statements is NOT true about the importance of log aggregation?

Answer 35

Log aggregation increases the complexity of managing and interpreting security logs.

The primary purpose of log aggregation is to simplify the management and interpretation of security logs. It doesn’t increase the complexity, rather it reduces it by consolidating logs from various sources, making them easier to analyze and interpret. Hence, this statement is NOT TRUE about the importance of log aggregation. Log aggregation can help in maintaining regulatory compliance by keeping a record of all system events, which might be a requirement for some regulations or standards Log aggregation enhances security by bringing together logs from different sources into a centralized location for easier analysis and monitoring. Detecting unusual activity that could indicate a security breach is one of the primary purposes of log aggregation. It helps in identifying patterns that could be missed if logs are analyzed separately.