PM SG 11-12

Question 1

A security researcher has located an unprotected spreadsheet with a column of serial numbers, but the column contains asterisks instead of actual values. Which of the following would best describe this data protection?

1.Encryption
2.Tokenization
3.Masking
4.Steganography
5.Hashing

Answer 1

Correct Answer: 3.Masking

Masking: Hides sensitive data by replacing it with placeholders (e.g., asterisks).

Incorrect options:
1.Encryption: Protects data with a reversible cipher, not placeholders.
2.Tokenization: Replaces data with a random token but keeps retrievability.

Question 2

A security administrator has found a third-party certificate that has the same name and matches the same hash of their internal CA. Which of the following would best describe this attack?

1.DDOS
2.Downgrade
3.Collision
4.On-path
5.Brute force

Answer 2

Correct Answer: 3.Collision

Collision: Occurs when two different inputs produce the same hash, undermining integrity.

Incorrect options:
4.On-path attack: Involves intercepting communications, not duplicate certificates.

Question 3

A company has configured URL filtering on their firewall, but some users have been able to circumvent this security control. Which of the following would be the most likely method of avoiding the URL filtering?

1.HTTPS
2.Port security
3.Jump server
4.802.1X
5.Open proxy

Answer 3

Correct Answer: 5.Open proxy

Open proxy: Reroutes requests to avoid filtering restrictions.

Incorrect options:
1.HTTPS: Encrypts traffic but doesn’t bypass URL filtering.

Question 4

An attacker has attempted to use the well-known log4j vulnerability against a company’s public web server, but the attack was blocked before it accessed the server. Which of the following logs would show this blocked data?

1.Web server
2.IPS
3.Load balancer
4.Device endpoints
5.DNS

Answer 4

Correct Answer: 2.IPS (Intrusion Prevention System)

IPS logs: Detect and block malicious traffic before it reaches the target.

Incorrect options:
1.Web server logs: Only track traffic that reaches the server.

Question 5

A company has signed an MSA. Which of the following would be the most likely next step?

1.Perform a tabletop exercise
2.Hire a third-party for professional services
3.Move the data center to a disaster recovery site
4.Increase the throughput of the company’s primary Internet link
5.No public comments about the contents of the document

Answer 5

Correct Answer: 2.Hire a third-party for professional services

MSA (Master Service Agreement): A framework for ongoing professional services.

Incorrect options:
1.Tabletop exercise: More relevant for security incident planning.

Question 6

Match the best technology to each description:
1) DLP server
2) Jump server
3) VPN concentrator
4) UPS
5) Load balancer
6) NGFW
7) Proxy server
A) A lightning storm has disrupted the local power grid
B) A company blocks any applications using Microsoft SQL protocols
C) Make a configuration change to a Linux service from a remote site
D) Maintain uptime if a web server power supply fails

Answer 6

A) A lightning storm has disrupted the local power grid –> UPS (4)

B) A company blocks any applications using Microsoft SQL protocols —->. NGFW (6)

C) Make a configuration change to a Linux service from a remote site —> Jump server (2)

D) Maintain uptime if a web server power supply fails —> Load balancer (5)

Question 7

A company stores all of the cryptographic keys for their data center in a centralized and hardened system. Which of the following would best describe this system?

1.TPM
2.Proxy
3.IPS
4.HSM
5.Secure enclave

Answer 7

Correct Answer: 4.HSM (Hardware Security Module)

HSM: A dedicated hardware device for secure key storage.

Incorrect options:
5.Secure enclave: Typically embedded within CPUs for secure execution.

Question 8

The security administrator for a power company has identified a series of sophisticated exploits to their Internet firewall, all originating from another country. Which of the following would best describe source of this threat?

1.Insider threat
2.Shadow IT
3.Nation state
4.False positive
5.Unskilled

Answer 8

Correct Answer: 3.Nation state

Nation state: Highly skilled attackers with government support.

Incorrect options:
1.Insider threat: Attacks from employees, not foreign entities.

Question 9

A security administrator would like to segment two application services into separate broadcast domains. Which of the following would best provide this functionality?

1.VLANS
2.802.1Q
3.Containerization
4.SDN
5.Virtualization

Answer 9

Correct Answer: 1.VLANs

VLANs: Logically separate networks within the same physical infrastructure.

Incorrect options:
2.802.1Q: A VLAN tagging protocol but not a segmentation method itself.

Question 10

Which of the following security methods could an application developer use to prevent changes to the software they distribute?

1.Full disk encryption
2.Static code analysis
3.Secure cookies
4.Code signing
5.Input validation

Answer 10

Correct Answer: 4.Code signing

Code signing: Uses digital signatures to verify software integrity.

Incorrect options:
2.Static code analysis: Finds vulnerabilities but doesn’t prevent modifications.

Question 11

Which of the following describes a monetary loss if one event occurs?

1.ALE
2.SLE
3.RTO
4.ARO

Answer 11

Correct Answer: 2.SLE (Single Loss Expectancy)

SLE: Represents financial impact per incident.

Incorrect options:
1.ALE (Annualized Loss Expectancy): Predicts losses over a year.