Pg 27 Flashcards by Thomas Davis

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

A. To defend against insider threats altering banking details
B. To ensure that errors are not passed to other systems
C. To allow for business insurance to be purchased
D. To prevent unauthorized changes to financial data

To ensure that errors are not passed to other systems

How well did you know this?

Not at all

Perfectly

Which of the following is the stage in an investigating when forensic images are obtained?

A. Acquisition
B. Preservation
C. Reporting
D. E-discovery

. Acquisition

How well did you know this?

Not at all

Perfectly

Which of the following describes the difference between encryption and hashing?

A. Encryption protects data in transit, while hashing protects data at rest.
B. Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.
C. Encryption ensures data integrity, while hashing ensures data confidentiality.
D. Encryption uses a public-key exchange, while hashing uses a private key.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

How well did you know this?

Not at all

Perfectly

A security report shows that during a two-week test period, 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposely created the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?

A. Block all outbound traffic from the intranet.
B. Introduce a campaign to recognize phishing attempts.
C. Restrict internet access for the employees who disclosed credentials.
D. Implement a deny list of websites.

Introduce a campaign to recognize phishing attempts.

How well did you know this?

Not at all

Perfectly

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization’s documentation?

A. Peer review requirements
B. Multifactor authentication
C. Branch protection tests
D. Secrets management configurations

Peer review requirements

How well did you know this?

Not at all

Perfectly

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

A. Business continuity plan
B. Change management procedure
C. Acceptable use policy
D. Software development life cycle policy

Acceptable use policy

How well did you know this?

Not at all

Perfectly

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?

A. Honeypot
B. Honeyfile
C. Honeytoken
D. Honeynet

Honeyfile

How well did you know this?

Not at all

Perfectly

Which of the following is the best way to provide secure, remote access for employees while minimizing the exposure of a company’s internal network?

A. VPN
B. LDAP
C. FTP
D. RADIUS

VPN

How well did you know this?

Not at all

Perfectly

A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?

A. Change management ticketing system
B. Behavioral analyzer
C. Collaboration platform
D. Version control tool

Version control tool

How well did you know this?

Not at all

Perfectly

Which of the following documents details how to accomplish a technical security task?

A. Standard
B. Policy
C. Guideline
D. Procedure

Procedure

How well did you know this?

Not at all

Perfectly

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impact if a generator was to develop a fault during failover. Which of the following is the team most likely to consider in regard to risk management activities?

A. RPO
B. ARO
C. BIA
D. MTTR

BIA

How well did you know this?

Not at all

Perfectly

Topic 1
Which of the following is prevented by proper data sanitization?

A. Hackers’ ability to obtain data from used hard drives
B. Devices reaching end-of-life and losing support
C. Disclosure of sensitive data through incorrect classification
D. Incorrect inventory data leading to a laptop shortage

Hackers’ ability to obtain data from used hard drives

How well did you know this?

Not at all

Perfectly

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

A. TPM
B. CRL
C. PKI
D. CSR

CRL

How well did you know this?

Not at all

Perfectly

Which of the following can best contribute to prioritizing patch applications?

A. CVSS
B. SCAP
C. OSINT
D. CVE

CVSS

How well did you know this?

Not at all

Perfectly

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

A. Resource scaling
B. Policy enumeration
C. Baseline enforcement
D. Guard rails implementation

Baseline enforcement

How well did you know this?

Not at all

Perfectly

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

A. Endpoint
B. Application
C. Firewall
D. NAC

Firewall

How well did you know this?

Not at all

Perfectly

A company’s gate access logs show multiple entries from an employee’s ID badge within a two-minute period. Which of the following is this an example of?

A. RFID cloning
B. Side-channel attack
C. Shoulder surfing
D. Tailgating

RFID cloning

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

A. Deploy, maintain, establish
B. Establish, maintain, deploy
C. Establish, deploy, maintain
D. Deploy, establish, maintain

Establish, deploy, maintain

. Advise the user to change passwordsA SOC analyst establishes a remote control session on an end user’s machine and discovers the following in a file:

gmail.com[ENT]my.name@gmail.com[ENT]NoOneCanGuessThis123! [ENT]Hello Susan, it was great to see you the other day! Let’s plan a followup[BACKSPACE]follow-up meeting soon. Here is the link to register. [RTN][CTRL]c [CTRL]v [RTN]after[BACKSPACE]After you register give me a call on my cellphone.

Which of the following actions should the SOC analyst perform first?

A. Advise the user to change passwords.
B. Reimage the end user’s machine.
C. Check the policy on personal email at work.
D. Check host firewall logs.

. Advise the user to change passwords

Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

A. The contents of environmental variables could affect the scope and impact of an exploited vulnerability.
B. In-memory environmental variable values can be overwritten and used by attackers to insert malicious code.
C. Environmental variables define cryptographic standards for the system and could create vulnerabilities if deprecated algorithms are used.
D. Environmental variables will determine when updates are run and could mitigate the likelihood of vulnerability exploitation.

The contents of environmental variables could affect the scope and impact of an exploited vulnerability.

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

A. IPSec with RADIUS
B. RDP connection with LDAPS
C. Web proxy for all remote traffic
D. Jump server with 802.1X

IPSec with RADIUS

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

A. CSR
B. OCSP
C. Key
D. CRL

CSR

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

A. Typosquatting
B. Smishing
C. Pretexting
D. Impersonation

Smishing

A Chief Information Security Officer (CISO) wants to:

Prevent employees from downloading malicious content.
Establish controls based on departments and users.
Map internet access for business applications to specific service accounts.
Restrict content based on categorization.

Which of the following should the CSO implement?

A. Web application firewall
B. Secure DNS server
C. Jump server
D. Next-generation firewall

Next-generation firewall

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy? A. Exemption B. Exception C. Avoid D. Transfer

Avoid

A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Choose two.) A. Length B. Complexity C. Least privilege D. Something you have E. Security keys F. Biometrics

Length

Which of the following is an example of a treatment strategy for a continuous risk? A. Email gateway to block phishing attempts B. Background checks for new employees C. Dual control requirements for wire transfers D. Branch protection as part of the CI/CD pipeline

Branch protection as part of the CI/CD pipeline

An organization wants to deploy software in a container environment to increase security. Which of the following would limit the organization's ability to achieve this goal? A. Regulatory compliance B. Patch availability C. Kernel version D. Monolithic code

Monolithic code

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps? A. Board review B. Service restart C. Backout planning D. Maintenance

Backout planning

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm that the application is no longer applicable? A. Data inventory and retention B. Right to be forgotten C. Due care and due diligence D. Acknowledgement and attestation

Data inventory and retention

Which of the following are the first steps an analyst should perform when developing a heat map? (Choose two.) A. Methodically walk around the office noting Wi-Fi signal strength. B. Log in to each access point and check the settings. C. Create or obtain a layout of the office. D. Measure cable lengths between access points. E. Review access logs to determine the most active devices. F. Remove possible impediments to radio transmissions.

Methodically walk around the office noting Wi-Fi signal strength. Create or obtain a layout of the office

Which of the following is used to improve security and overall functionality without losing critical application data? A. Reformatting B. Decommissioning C. Patching D. Encryption

Patching

An organization is preparing to export proprietary software to a customer. Which of the following would be the best way to prevent the loss of intellectual property? A. Code signing B. Obfuscation C. Tokenization D. Blockchain

Obfuscation

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness? A. Evaluate tools that identify risky behavior and distribute reports on the findings. B. Send quarterly newsletters that explain the importance of password management. C. Develop phishing campaigns and notify the management team of any successes. D. Update policies and handbooks to ensure all employees are informed of the new procedures.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Which of the following should be used to ensure a device is inaccessible to a network-connected resource? A. Disablement of unused services B. Web application firewall C. Host isolation D. Network-based IDS

Host isolation

In which of the following will unencrypted network traffic most likely be found? A. SDN B. IoT C. VPN D. SCADA

IoT

Which of the following is the best reason to perform a tabletop exercise? A. To address audit findings B. To collect remediation response times C. To update the IRP D. To calculate the ROI

To update the IRP

Which of the following is a use of CVSS? A. To determine the cost associated with patching systems B. To identify unused ports and services that should be closed C. To analyze code for defects that could be exploited D. To prioritize the remediation of vulnerabilities

To prioritize the remediation of vulnerabilities

For an upcoming product launch, a company hires a marketing agency whose owner is a close relative of the Chief Executive Officer. Which of the following did the company violate? A. Independent assessments B. Supply chain analysis C. Right-to-audit clause D. Conflict of interest policy

Conflict of interest policy

An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following would the organization consider to be the highest priority? A. Confidentiality B. Non-repudiation C. Availability D. Integrity

Availability