PM SG 1-2 Flashcards
A company would like to prevent the transfer of non-encrypted credit card numbers over the network. Which of the following would be the BEST choice for this requirement?
1.Data loss prevention
2.Digital signatures
3.SSL inspection
4.Certificate authority
5.Self-encrypting drives
1.Data Loss Prevention (DLP) is the best choice because it monitors and restricts sensitive data (like credit card numbers) from being transmitted over the network in an insecure manner.
-Digital signatures: Used for verifying the authenticity of data or documents, not for preventing data transfer.
-SSL inspection: Focuses on examining encrypted traffic, not preventing unencrypted data from leaving the network.
-Certificate authority: Manages digital certificates, but doesn’t prevent sensitive data transfer.
-Self-encrypting drives: Secures data on storage devices, not in transit over the network.
Match the technology:
1.A known vulnerability passes through an IPS without an alert
2.A client uses an API to access an application function
3.All data on a mobile device is encrypted
4.Application transactions are logged in a public ledger
A.Obfuscation
B.Blockchain
C.Microservices
D.False negative
E.Hashing
F.Federation
G.Secure enclave
1.A known vulnerability passes through an IPS without an alert → D. False negative
2.A client uses an API to access an application function → C. Microservices
3.All data on a mobile device is encrypted → G. Secure enclave
4.Application transactions are logged in a public ledger → B. Blockchain
1.False negative: Describes a scenario where an IPS fails to detect a threat, incorrectly marking it as safe.
2.Microservices: Allow applications to expose functions via APIs.
3.Secure enclave: Provides secure encryption for mobile devices.
4.Blockchain: Used for logging transactions in an immutable, distributed ledger.
An MSP needs a secure method of connecting to the web servers of a remote client. Which of the following would be the BEST choice for this task?
1.Proxy server
2.SIEM
3.Jump server
4.IPS
5.HSM
Correct Answer: 3.Jump server
A: Jump server is the best choice as it acts as a hardened, single point of access to remote systems.
1.Proxy server: Provides anonymity but not secure, direct administrative access.
2.SIEM: Focuses on log management and analysis, not connecting to servers.
3.IPS: Prevents intrusion, not used for remote connections.
4.HSM: Manages cryptographic keys, unrelated to server access.
A DDoS has caused a critical service to be unavailable for 90% of the business day. Which of the following would describe this loss of value?
1.Asset value
2.Single loss expectancy
3.Risk appetite
4.Exposure factor
5.Key risk indicator
Correct Answer: 4.Exposure factor
A: Exposure factor (EF) represents the percentage of an asset’s value lost due to an incident (e.g., downtime).
1.Asset value: Refers to the total worth of the resource, not the impact of the event.
2.Single loss expectancy (SLE): Includes both EF and asset value; it’s not the best standalone match.
3.Risk appetite: The level of risk the organization is willing to accept.
5.Key risk indicator: Measures potential risks, not actual loss.
A company is protecting user passwords by hashing the password values multiple times. Which of the following would describe this process?
1.Salting
2.Steganography
3.Symmetric encryption
4.Digital signature
5.Key stretching
Correct Answer: 5.Key stretching
A: Key stretching strengthens weak passwords by applying multiple hashing iterations, making brute-force attacks more difficult.
1.Salting: Adds random data to passwords before hashing but doesn’t involve multiple iterations.
2.Steganography: Hides data in images or files, unrelated to password security.
3.Symmetric encryption: Encrypts and decrypts data with the same key, not relevant here.
4.Digital signature: Ensures authenticity, not password security
An organization has discovered an attacker entering the building using an employee access card, but the employee still has their original card. Which of the following is the most likely explanation?
1.Privilege escalation
2.RFID cloning
3.Brute force
4.Spraying
5.Injection
Correct Answer: 2.RFID cloning
A: RFID cloning is the process of duplicating an access card’s signal to create a fraudulent card.
1.Privilege escalation: Happens digitally when attackers gain higher-level permissions.
3.Brute force: Refers to systematically guessing passwords, irrelevant to physical entry.
4.Spraying: Attempts a few passwords across many accounts, unrelated to access cards.
5.Injection: A web app attack technique, not applicable to physical security
A security administrator has identified all possible points of unauthorized entry on a newly built web server. Which of the following would describe this list?
1.Responsibility matrix
2.Platform diversity
3.Journaling
4.Input validation
5.Attack surface
Correct Answer: 5.Attack surface
A: Attack surface refers to all the potential vulnerabilities or entry points in a system.
1.Responsibility matrix: Defines roles and tasks, not vulnerabilities.
2.Platform diversity: Refers to using multiple technologies, not vulnerabilities.
3.Journaling: Logs transactions, unrelated to attack points.
4.Input validation: Mitigates vulnerabilities but isn’t a list of entry points.
A company is assigning administrator rights to IT technicians on a temporary basis. Which of the following would describe this system?
1.Just-in-time permissions
2.Password vaulting
3.Salting
4.Hashing
5.Passwordless access
Correct Answer: 1.Just-in-time permissions
A: Just-in-time permissions grant temporary elevated access, improving security by limiting the time attackers can exploit accounts.
2.Password vaulting: Safeguards credentials but doesn’t provide temporary rights.
3/4.Salting/Hashing: Relate to password security, not access control.
5.Passwordless access: Refers to authentication without passwords, unrelated to temporary rights.
A company performs a risk assessment each time the hardware or software is updated for an application instance. Which of the following would describe this assessment process?
1.One-time
2.Ad hoc
3.Recurring
4.Mandated
5.Third-party
Correct Answer: 2.Ad hoc
A: Ad hoc refers to assessments performed as needed, like during software updates.
1.One-time: Happens once, not recurring with updates.
3.Recurring: Regularly scheduled, not dependent on updates.
4.Mandated: Required by regulation, not necessarily update-driven.
5.Third-party: Implies an external assessor, not part of the context.
Which of the following would BEST describe a honeytoken?
1.A publicly accessible password.txt file
2.Intentionally incorrect API credentials
3.A virtual machine with a known vulnerability
4.A workstation without a locking screen saver
5.A random access code used during login
Correct Answer: 2.Intentionally incorrect API credentials
A: Honeytokens are fake data or credentials designed to lure attackers and detect unauthorized access.
1.Password.txt file: Could inadvertently expose real credentials, not intentional bait.
3.Vulnerable VM: A honeypot, not a honeytoken.
4.Workstation without a screen saver: Security misconfiguration, not a honeytoken.
5.Access code: Used for real access, not bait.
When power is removed from an inline IPS, all network traffic stops. Which of the following would describe this functionality?
1.High availability
2.Parallel processing
3.Load balancing
4.Cold site
5.Fail closed
Correct Answer: 5.Fail closed
A: Fail closed means that when a system fails, it blocks all traffic to prevent compromise.
1.High availability: Focuses on uptime, not behavior during failure.
2.Parallel processing: Refers to processing performance, unrelated to failures.
3.Load balancing: Distributes traffic, doesn’t address failure modes.
4.Cold site: Refers to a backup location, unrelated to IPS functionality.
A server was previously infected with malware, and a technician is reimaging the system and updating the application software. Which of the following best describes this incident response step?
1.Preparation
2.Analysis
3.Recovery
4.Lessons learned
5.Detection
Correct Answer: 3.Recovery
A: Recovery involves restoring the affected system to its operational state after an incident.
1.Preparation: Involves readiness before incidents occur.
2.Analysis: Focuses on understanding the incident, not recovery.
4.Lessons learned: Happens after recovery to improve future responses.
5.Detection: Identifies incidents, not recovery.
A security engineer is following a checklist to recover a system containing a malware infection. Which of the following would describe this process list?
1.Change management
2.Playbook
3.Disaster recovery
4.Business continuity
5.Centralized governance
Correct Answer: 2.Playbook
A: A playbook is a predefined checklist or procedure for specific security tasks, like system recovery.
1.Change management: Focuses on managing system changes, not specific incident tasks.
3.Disaster recovery: Broadly addresses recovering from major events, not specific tasks.
4.Business continuity: Ensures ongoing operations, not incident-specific tasks.
5.Centralized governance: Focuses on oversight, not task execution.
