Part One: 25 Questions Flashcards
An organization disabled unneeded services and placed a firewall in front of a business- critical legacy system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Answer: D
Explanation: Compensating controls are alternative security measures that are implemented when the primary controls are not feasible, cost-effective, or sufficient to mitigate the risk.
A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?
A. Memory injection
B. Race condition
C. Side loading
D. SQL injection
Answer: A
Explanation:
Memory injection vulnerabilities allow unauthorized code or commands to be executed within a software program, leading to abnormal behavior such as generating outbound traffic over random high ports. This issue often arises from software not properly validating or encoding input, which can be exploited by
attackers to inject malicious code.
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
Answer: D
Explanation: DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data, such as a customer’s PII (Personally) Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and data in use (such as applications).
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?
A. Impact analysis
B. Scheduled downtime
C. Backout plan
D. Change management boards
Answer: B
Explanation: Scheduled downtime is a planned period of time when a system or service is unavailable for
maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.
A company is developing a critical system for the government and storing project information on a file share. Which of the following describes how this data will most likely be classified? (Select two).
A. Private
B. Confidential
C. Public
D. Operational
E. Urgent
F. Restricted
Answer: B,F
Explanation:
Confidential: Data that is intended for authorized use only and may cause significant harm or risk if
disclosed.
Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.
A network administrator is working on a project to deploy a load balancer in the company’s cloud environment. Which of the following fundamental security requirements does this project fulfill?
A. Privacy
B. Integrity
C. Confidentiality
D. Availability
Answer: D
Explanation: Deploying a load balancer in the company’s cloud environment primarily fulfills the fundamental security requirement of availability. A load balancer distributes incoming network traffic across multiple servers, ensuring that no single server becomes overwhelmed and that the service remains available even if some servers fail.
What type of brute force attack tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords.
A. Password spraying
B. Account forgery
C. Pass-t he-hash
D. Brute-force
Answer: A
Password Spraying
Which of the following tasks is typically included in the BIA (Business Impact Analysis) process?
A. Estimating the recovery time of systems
B. Identifying the communication strategy
C. Evaluating the risk management plan
D. Establishing the backup and recovery procedures
E. Developing the incident response plan
Answer: A
Explanation: Estimating the recovery time of systems is a task typically included in the Business Impact Analysis (BIA) process. BIA involves identifying the critical functions of a business and determining the impact of a disruption. This includes estimating how long it will take to recover systems and resume normal operations.
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Answer: A
Explanation: SSO stands for single sign-on, which is a method of authentication that allows users to access multiple applications or services with one set of credentials. SSO reduces the number of credentials
employees need to maintain and simplifies the login process. SSO can also improve security by reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of authentication information between different domains or systems. SSO is commonly used for accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using domain credentials.
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted
websites?
A. encryption=off\
B. http://
C. www.*.com
D. :443
Answer: B
Explanation: A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found.
What type of an attack involves systematically trying all possible combinations of passwords or keys until the correct one is found.
A. Brute-force attack
B. Privilege escalation
C. Failed password audit
D. Forgotten password by the user
Answer: A
Brute-Force Attack
A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?
A. IPS
B. IDS
C. WAF
D. UAT
Answer: A
Explanation: IPS stands for intrusion prevention system, which is a network security device that monitors and blocks malicious traffic in real time. IPS is different from IDS, which only detects and alerts on malicious traffic, but does not block it. IPS would have mitigated the spread of ransomware by preventing the hacker from accessing the system via the phishing link, or by stopping the ransomware from communicating with the command and control server or encrypting the files.
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
A. Client
B. Third-party vendor
C. Cloud provider
D. DBA
Answer: A
Explanation: According to the shared responsibility model, the client and the cloud provider have different roles and responsibilities for securing the cloud environment, depending on the service model. In an IaaS (Infrastructure as a Service) model, the cloud provider is responsible for securing the physical infrastructure, such as the servers, storage, and network devices, while the client is responsible for securing the operating systems, applications, and data that run on the cloud infrastructure. Therefore, the client is responsible for securing the company’s database in an IaaS model for a cloud environment, as the database is an application that stores data. The client can use various security controls, such as encryption, access control, backup, and auditing, to protect the database from unauthorized access, modification, or loss.
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators
Answer: A
Explanation: SASE stands for Secure Access Service Edge. It is a cloud-based service that combines network and security functions into a single integrated solution. SASE can help reduce traffic on the VPN and internet circuit by providing secure and optimized access to the data center and cloud applications for remote employees. SASE can also monitor and enforce security policies on the remote employee internet traffic, regardless of their location or device. SASE can offer benefits such as lower costs, improved performance, scalability, and flexibility compared to traditional VPN solutions.
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis Which of the following types of controls is the company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent
Answer: C
Explanation: A detective control is a type of security control that monitors and analyzes events to detect and report on potential or actual security incidents. A SIEM system is an example of a detective control, as it collects, correlates, and analyzes security data from various sources and generates alerts for security teams. Corrective, preventive, and deterrent controls are different types of security controls that aim to restore, protect, or discourage security breaches, respectively.
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid
Answer: A
Explanation: Mitigate is the risk management strategy that involves reducing the likelihood or impact of a risk. If a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the enterprise should adopt the mitigate strategy first to address the existing vulnerabilities and gaps in the application. This could involve applying patches, updates, or configuration changes to the application, or adding additional layers of security controls around the application. Accept, transfer, and avoid are other risk management strategies, but they are not the best options for this scenario.
A systems administrator is looking for a low-cost application-hosting solution that is cloud- based. Which of the following meets these requirements?
A. Serverless framework
B. Type 1 hypervisor
C. SD-WAN
D. SDN
Answer: A
Explanation: A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud-based. A serverless framework is a type of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A serverless framework enables developers to focus on the application logic and functionality and reduces the operational costs and complexity of hosting applications. Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions.
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
Answer: B
Explanation: Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection into the code, and it can also assure the users that the code is from a legitimate source.
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
Answer: A
Explanation: The company should request a certification from the vendor that confirms the storage array has been disposed of securely and in compliance with the company’s policies and standards. A certification provides evidence that the vendor has followed the proper procedures and methods to destroy the classified data and prevent unauthorized access or recovery. A certification may also include details such as the date, time, location, and method of disposal, as well as the names and signatures of the personnel involved.
Malware spread across a company’s network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing
Answer: C
Explanation: A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to deliver a malicious payload to the organization’s network. The attack aims to infect users’ computers and gain access to a connected corporate network. The attackers target websites known to be popular among members of a particular organization or demographic.
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?
A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory
Answer: B
Explanation: A data retention policy is a set of rules that defines how long data should be stored and when it should be deleted or archived. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period by following the data retention policy of the organization. This policy helps the organization to comply with legal and regulatory requirements, optimize storage space, and protect data privacy and security.
Which of the following incident response activities ensures evidence is properly handled?
A. E-discovery
B. Chain of custody
C. Legal hold
D. Preservation
Answer: B
Explanation: Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response. It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored. Chain of custody ensures that the evidence is admissible in legal proceedings and can be traced back to its source.
Which of the following security concepts is the best reason for permissions on a human resources file share to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
Answer: C
Explanation: Confidentiality is the security concept that ensures data is protected from unauthorized access or disclosure. The principle of least privilege is a technique that grants users or systems the minimum level of access or permissions that they need to perform their tasks, and nothing more.
Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?
A. Deterrent
B. Corrective
C. Compensating
D. Preventive
Answer: C
Explanation: When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical.
