Quiz Flashcards
A company has guards at the gate, guards at the entrance to its main building, and an access control vestibule inside the building. Access to the office where the company’s data resides is controlled through two additional doors that use RFID (radio frequency identification) locks.
Which controls are being adopted by the company? (Select TWO.)
A. Preventive
B. Deterrent
C. Corrective
D. Physical
Chapter 1
The correct answers are option B and option D. All the controls described in the scenario are physical controls. They are set up as deterrent controls to prevent access of unauthorized personnel to the office.
One of the file servers of an organization has suffered an attack. The organization’s IT administrator is searching the log files to understand what happened. What type of control are they implementing when carrying out the investigation?
1. Operational
2. Technical
3. Detective
4. Operational
Chapter 1
The correct option is option C. Detective controls help in uncovering issues and anomalies that have already occurred. Therefore, log files being searched is a detective control
During a monthly team meeting, an IT manager tasks both the mail administrator and the network administrator with creating a standard operating procedure. What type of control describes the mail administrator and network administrator’s task?
A. Directive
B. Managerial
C. Operational
D. Technical
Chapter 1
The correct answer is option A. Directive controls provides specific instructions or guidelines.
Which control type focuses on eliminating or minimizing potential threats before they can cause harm?
1. Preventive
2. Compensating
3. Deterrent
4. Corrective
Chapter 1
The correct answer is option A. Preventive controls are designed to prevent problems or risks from occurring by eliminating or minimizing potential threats.
An organization has been sent information by Microsoft that a critical update for Windows 11 has just been released. The organization’s cybersecurity team immediately applies this latest update to all of its Windows 11 computers. What type of control have they carried out?
1. Preventive
2. Compensating
3. Deterrent
4. Corrective
Chapter 1
The correct answer is option D. Because the Windows 11 computers were vulnerable, the cybersecurity team needed to take corrective action by patching each computer to harden it and prevent attacks.
An organization suffered a ransomware attack, where one of the technical controls was compromised. What type of control should a company implement to prevent a reoccurrence?
1. Preventive
2. Compensating
3. Detective
4. Corrective
Chapter 1
The correct answer is option B. Compensating controls are alternative measures implemented when primary controls are not feasible or sufficient. In this case, the primary control needs to be replaced by a secondary control.
Which of the following physical controls would deter someone from entering a quarry? (Select TWO.)
A. Bollards
B. Guards
C. Barrier
D. Signs
E. Lights
Chapter 1
The correct answers are option B and option C. Using a barrier and guards at the entrance to the quarry could prevent unauthorized personnel from entering the quarry. Once the guard has checked the identification of the personnel, they can raise the barrier to allow entry. The bollards are not useful, as they would prevent everyone from entering the quarry, including people who worked there.
Following a third-party compliance audit, a company has been recommended that additional instructions need to be included in the current compliance policies. What type of control BEST describes the recommended action?
1. Operational
2. Directive
3. Deterrent
4. Corrective
Chapter 1
The correct answer is option B as directive controls provide specific instructions or guidelines for compliance with policies and procedures.
A cybersecurity administrator has decided to use homomorphic encryption to protect data so that they can read the data without needing to decrypt it. What type of control BEST describes the action carried out by the cybersecurity administrator?
1. Managerial
2. Technical
3. Operational
4. Physical
Chapter 1
The correct answer is option B. The cybersecurity administrator uses a technical control, which is a control that relies on technology to protect and secure data.
Within the spectrum of control categories, which one is tasked with establishing protocols and guidelines to enhance the effectiveness of organizational oversight?
1. Technical
2. Managerial
3. Operational
4. Physical
Chapter 1
The correct answer is option B. Top-level executives, including the CEO or president, may set the overall policy direction for the organization. They might also be involved in creating high-level policies that align with the company’s mission, vision, and strategic goals. These are known as managerial controls.
An IT administrator has been tasked by the CEO to investigate the latest attack methods being used by a bad actor. Which of the following would be the BEST resource to use?
1. MITRE ATT&CK
2. A honeyfile
3. A honeypot
4. A CVE list
Chapter 2
The correct answer is option C. A honeypot is a decoy system or network with lower security to entice an attacker so that the attack methods can be monitored and then mitigated. Option A is incorrect because, while the MITRE ATT&CK framework has a database of adversaries, tactics, and techniques, it might not have the most recent attack information. Option B is incorrect as a honeyfile is set up as bait so that the SOC team is alerted as soon as the attacker opens the file. Option D is incorrect as a CVE list is a list of common vulnerabilities.
What type of system is able to track users’ access if the authentication method uses 802.1x?
1. Federation Services
2. Kerberos
3. OAuth
4. RADIUS
Chapter 2
The correct answer is option D. RADIUS is a centralized authentication, authorization, and accounting server, providing a way to track and control access to a network. RADIUS clients could be VPN-, WAP-, or 802.1X-managed switches. When users have been authenticated, they
are added to a SQL database that logs when they enter and exit a network. This allows users to be tracked. Option A is incorrect because Federation Services is used for third-party authentication. Option B is incorrect because Kerberos is used for authentication in a Microsoft
environment. Option C is incorrect because OAuth is used for internetbased authentications.
Which of the following can be used to provide non-repudiation?
A. Asymmetric encryption
B. Symmetric encryption
C. A public key
D. A SAML token
Chapter 2
The correct answer is option A. Asymmetric encryption generates both private and public keys. The private key can be used to generate a digital signature that can provide non-repudiation. Non-repudiation is a term used in information security and cryptography to describe the concept of ensuring that an entity cannot deny the authenticity or origin of a message or transaction. Option B is incorrect; in symmetric encryption, everyone shares the same key, so it cannot provide nonrepudiation. Option C is incorrect as a public key is not kept secret and can be shared with multiple users so it cannot provide non-repudiation. Option D is incorrect because security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between parties, typically between an identity provider (IdP) and a service provider (SP). It is not designed to provide non-repudiation.
An international bank encountered an insider attack where they suffered the theft of $100,000. The security team has been tasked to find the culprit. Which of the following is the BEST source of information for the security team to use?
1. The system log
2. The application log
3. An audit trail
4. The DNS log
Chapter 2
The correct answer is option C. An audit trail provides a comprehensive record of user activities and system actions, which is essential for tracing insider attacks. Option A is incorrect, as the system log may contain system-related events but lacks the detailed user-specific information found in an audit trail. Option B is incorrect; the application log focuses on application-specific events and is not as comprehensive as an audit trail. Option D is incorrect, as the DNS log relates to domain name system activities, not to tracing insider attacks.
Which of the given security tools fulfills the following?
* Presents itself as a prized target
* Uses dummy data
* Helps track attackers
A. Honeypot
B. A honeyfile
C. A honeytoken
D. PAM
Chapter 2
The correct answer is option C. A honeytoken mimics valuable data to lure attackers, serving as a decoy to detect and track unauthorized access. Option A is incorrect because a honeypot attracts attackers and analyzes their attack methods but isn’t specifically focused on tracking with dummy data. Option B is incorrect because a honeyfile is the bait used to identify when an attacker opens a file. It does not fulfill the characteristics. Option D is incorrect because privileged access management is used to control administrative accounts and is not designed as a deceptive tracking tool.
In organizational jargon, what process describes scrutinizing the delta between existing resources and future aspirations, aiming to fortify strategic decision-making?
A. A SWOT analysis
B. The capability maturity model
C. Business process reengineering
D. Gap analysis
Chapter 2
The correct answer is option D. A gap analysis outlines the difference between current resources and potential future goals. Option A is incorrect, as a SWOT analysis is a different strategic planning tool that assesses strengths, weaknesses, opportunities, and threats, and it does not specifically focus on resource gaps. Option B is incorrect because the capability maturity model is a framework for process improvement and is not specifically designed to analyze resource gaps. Option C is incorrect because business process reengineering is a method for redesigning business processes and is not specifically tailored for
analyzing resource disparities.
Which of the following uses a private key to provide proof that an email has not been altered in transit and has come from the person who originally sent it?
A. A digital signature
B. Encryption
C. Hashing
D. Domain-based message authentication, reporting, and
conformance
Chapter 2
The correct answer is option A.
A digital signature uses a private key to sign the mail, ensuring its integrity and origin. This cryptographic technique provides authentication and non-repudiation.
Option B is incorrect because encryption secures the content but doesn’t provide proof of the sender’s identity or the integrity of the message.
Option C is incorrect because hashing verifies data integrity but doesn’t involve private keys and cannot verify the identity of the sender.
Option D is incorrect because domain-based message authentication, reporting, and conformance (DMARC) verifies which domain sent the email message but not the originator of the email.
Which intricate concept involves a dynamic orchestration of access controls, continuously tailoring user permissions based on evolving risk profiles and behavioral analytics?
A. A behavioral authentication framework
B. Dynamic credential ciphering
C. Adaptive identity management
D. A cyber resilience protocol
Chapter 2
The correct answer is option C. Adaptive identity management dynamically adjusts user permissions using risk profiles and behavioral analytics, enhancing cybersecurity. Option A is incorrect because a behavioral authentication framework may involve behavior analysis but lacks the broader scope of continuously adapting access controls. Option B is incorrect because dynamic credential ciphering relates to encryption, not the management of evolving access permissions. Option D is incorrect because a cyber resilience protocol deals with overall
system resilience, rather than the specific dynamic adaptation of identity and access controls.
Which type of sensors can detect changes in frequency?
A. Microwave sensors
B. Pressure sensors
C. Infrared sensors
D. Ultrasonic sensors
Chapter 2
The correct answer is option A. Microwave sensors can detect changes in frequency because they use microwave radiation to detect motion, making them suitable for motion detection applications.
Option B is incorrect because pressure sensors measure pressure changes, which is a reliable indicator of movement, not changes in frequency.
Option C is incorrect because infrared sensors detect infrared radiation, not changes in frequency.
Option D is incorrect because ultrasonic sensors use sound waves, not changes in frequency, for distance measurement and object detection.
Which of the following log files ensures that someone is responsible for another person?
A. An IDS log
B. A security log
C. An event log
D. A visitors log
Chapter 2
The correct answer is option D. When entering a company or a military base, the person who signs a visitor in at reception is responsible for that person during their stay.
Option A is incorrect because an Intrusion Detection System (IDS) log is designed specifically to detect and log unauthorized or suspicious activities on a network or system.
Option B is incorrect because a security log can record various security-related events but it might not necessarily attribute responsibility for one person’s actions to another.
Option C is incorrect because event logs capture a wide range of system events and activities, but they do not inherently ensure someone is responsible for another person.
What component of change management is essential for ensuring that security operations are not adversely affected by new implementations?
Select the BEST option.
A. Ownership
B. Test results
C. An approval process
D. A backout plan
Chapter 3
The correct answer is option C. The approval process is a critical aspect of change management that ensures proposed changes are scrutinized before implementation. This step involves assessing the impact of changes on security operations, resource allocation, and potential risks. Option A is incorrect because ownership is important for accountability, as it designates an individual responsible for overseeing and executing changes. It doesn’t evaluate the potential impact on security operations. Option B is incorrect as test results ensure that security changes work as intended and will not introduce new problems, however, they do not measure how they affect new implementations. Option D is incorrect because a backout plan is a rollback option if the changes go wrong.
Which of the following is the BEST solution for a cybersecurity team to implement to prevent employees from installing video games on a company’s systems?
A. Sandbox
B. An allow list
C. A block list
D. Least privilege
Chapter 3
The correct answer is option B. An application allow list, formerly known as a whitelist, is a list of only those applications that are permitted to be installed. Personal software and malware would never be on the allow list; therefore, they would not be able to be installed or run.
Option A is incorrect, as a sandbox is an isolated virtual machine or application used to test an application for the patching, testing, or investigation of potential malware.
Option C is incorrect, as a block list needs each application to be named; this would prove too difficult to implement. It is easier to create an allow list, and if the application is not on the allow list, t then it cannot be installed.
Option D is incorrect, as least privilege is an access control where a user only gets the minimum permissions to perform their job, and it is not to prevent application installation.
When ensuring the accuracy of system representations, what practice is reflective of the actual network infrastructure?
A. Regression testing
B. Updating diagrams
C. Data masking
D. Version control
Chapter 3
The correct answer is option B, updating diagrams. This means keeping visual representations such as network diagrams accurate to help network professionals understand and manage security effectively. Option A is incorrect because regression testing involves testing toensure that code changes haven’t negatively impacted existing functionality, but it does not relate to network infrastructure. Option C is incorrect because data masking involves disguising sensitive information, which is not directly related to network infrastructure. Option D is incorrect because version control tracks changes to documents and papers. It is not suitable for this task.
What component of change management outlines the specific steps to be taken if a change implementation encounters unexpected issues or failures?
A. A snapshot
B. A backout plan
C. A maintenance window
D. Test results
Chapter 3
The correct answer is option B. A backout plan is a critical aspect of change management that defines the rollback options if an implementation does not go as planned. It reverts the system to its previous state to minimize disruption and potential security risks if there are failures. Option A is incorrect because a snapshot is a backup of a virtual machine, and most change management is not done in a virtual environment. Option C is incorrect because a maintenance window is where a planned change to a system is done to ensure minimal disruption. Option D is incorrect because test results assess the functionality and suitability of changes before implementation. They do not address the process of reverting changes if there are failures.
When creating new software, what is the interconnection of services and system drivers known as? Select the most appropriate answer.
A. Errors in software code
B. Incompatibilities
C. Dependencies
D. Interoperability
Chapter 3
The correct answer is option C. Dependencies in software development refer to the interactions and relationships between different software components. These components rely on each other to function properly. If one component fails, then the entire application will fail. Option A is incorrect, as software defects refer to flaws or errors in software code, not to the relationships between software components. Option B is incorrect, as incompatibilities could refer to issues between different software or hardware elements, but they don’t capture the concept of dependencies. Option D is incorrect, as interoperability refers to the ability of different systems or software to work together and exchange information smoothly. It is related to dependencies, but it’s a broader concept that encompasses various aspects of compatibility and functionality between systems. It is not the best choice.
In IT operations, what is the primary reason for scheduling a maintenance window for system updates or changes?
A. To maximize resource utilization
B. To reduce the need for regular system backups
C. To bypass the need for change management procedures
D. To ensure updates are implemented without disrupting users
Chapter 3
The correct answer is option D. A designated time window allows IT teams to perform necessary tasks while minimizing the impact on system availability and user experience. Option A is incorrect because while optimizing resource utilization is important, it’s not the primary reason for scheduling a maintenance window. Option B is incorrect because maintenance windows don’t directly impact system backup procedures. Option C is incorrect because proper change management procedures are crucial for maintaining security and stability, so bypassing them isn’t advisable and, thus, is not the primary purpose of a maintenance window.
Which action involves closing and then reopening an application to address issues, refresh resources, or implement changes?
A. An application refresh
B. An application restart
C. An application reload
D. An application reset
Chapter 3
The correct answer is option B. Application restart involves closing and reopening an application to address issues, refresh resources, or implement changes. It’s a common approach to resolving glitches and ensuring an application functions optimally.
Option A is incorrect because while similar, a refresh might involve renewing certain elements without closing and reopening the entire application.
Option C is incorrect because reloading might refer to loading specific data or content but doesn’t capture the complete process of closing and reopening an application.
Option D is incorrect because a reset could encompass broader actions beyond closing and reopening and might even imply returning to default settings.
When creating new software, what is the main purpose of reviewing and analyzing test results before deploying changes to a production environment?
A. To validate user documentation
B. To analyze system dependencies
C. To confirm that a team adheres to coding standards
D. To identify and address potential issues or defects
Chapter 3
The correct answer is option D. Reviewing and analyzing test results before deployment is crucial to identify and address potential issues or defects in code. This practice helps ensure that changes are stable and secure and won’t adversely impact the production environment.
Option A is incorrect because test results primarily focus on the technical aspects of software, not on user documentation.
Option B is incorrect because while system dependencies can be an important part of software development, especially in a larger context, the primary aim of reviewing test results before deployment is finding and fixing issues or defects in code.
Option C is incorrect because a review of test results mainly aims to find and fix issues, not solely check coding standards compliance.
What vital process in change management assesses the potential consequences of alterations for various aspects, such as systems, processes, and resources?
A. Impact analysis
B. A backout plan
C. A standard operating procedure
D. A maintenance window
Chapter 3
The correct answer is option A. Impact analysis is a pivotal step in change management that evaluates the potential effects of proposed alterations on different components, such as systems, processes, and resources. This assessment aids in understanding the broader ramifications of changes, including any security implications. Option B is incorrect because a backout plan is a critical aspect of change management that defines the rollback options if an implementation does not go as planned. Option C is incorrect because a standard operating procedure is a set of instructions for routine operations. While crucial, it does not focus on assessing the potential impacts of changes. Option D is incorrect because a maintenance window is a scheduled timeframe for implementing changes. While essential for controlled modifications, it does not involve assessing the consequences of changes.
In a complex enterprise environment, what strategic considerations should be weighed before executing a service restart, ensuring optimal system availability while minimizing potential security vulnerabilities?
Select the BEST choice.
A. The temperature of the data center
B. The number of active user sessions
C. The chronological order of code deployment
D. The potential impact on interconnected services
Chapter 3
The correct answer is option D. When contemplating a service restart, particularly in intricate enterprise setups, understanding the potential impact on interconnected services is critical. Disruptions caused by a restart can cascade across a system, affecting other services. This assessment is vital to ensure both system availability and to prevent potential security vulnerabilities that could arise due to disruptions.
Option A is incorrect because the temperature of the data center is related to a service restart, as extreme temperatures can affect hardware performance. However, it’s not one of the primary strategic considerations when executing a service restart to ensure system availability and minimize security vulnerabilities.
Option B is incorrect because the number of active user sessions is not a primary strategic consideration for a service restart. A service restart typically revolves around understanding the potential impact on interconnected services to ensure system availability and security. The number of active user sessions is just one aspect of this consideration.
Option C is incorrect because the code deployment order is important for other reasons but isn’t the primary concern when planning a service restart.
What is the primary purpose of a private key in a Public Key Infrastructure (PKI)?
A. The encryption of sensitive data
B. Storing cryptographic keys
C. Encrypting messages for secure transmission
D. Decryption and digital signatures
Chapter 4
The correct answer is option D. The private key in PKI is used for both decryption and digital signatures. It’s used to decrypt data that has been encrypted, using the corresponding public key, and to digitally sign documents for authentication and data integrity.
Option A is incorrect because public keys, not private keys, are used to encrypt data.
Option B is incorrect because a trusted third party is the key escrow that stores cryptographic keys.
Option C is incorrect because encryption is usually done using the recipient’s public key, not the private key.
Which type of encryption employs a single key to encrypt substantial volumes of data, utilizing a block cipher technique?
A. Hashing
B. Asymmetric encryption
C. Symmetric encryption
D. A key exchange
Chapter 4
The correct answer is option C. Symmetric encryption has only one key to both encrypt and decrypt large amounts of data using block cipher techniques. This approach is effective for ensuring data confidentiality when encryption and decryption operations are performed using the same key. Option A is incorrect because hashing is used for data integrity and is a one-way function. Option B is incorrect because asymmetric encryption uses a pair of keys (private and public). Further, it uses a stream cipher, which is too slow and, thus, not suitable for encrypting large amounts of data. Option D is incorrect because a key exchange involves securely exchanging cryptographic keys, not the encryption of substantial data volumes.
What technique involves transforming sensitive data, such as credit card numbers, into unique tokens that retain no intrinsic value and are used for secure transactions?
A. Obfuscation
B. Salting
C. Tokenization
D. Steganography
Chapter 4
The correct answer is option C. Tokenization is the technique of transforming sensitive data into tokens that lack inherent value. These tokens are used in transactions, ensuring security by reducing the risk associated with storing and transmitting actual sensitive data.
Option A is incorrect because obfuscation obscures code complexity and is not used for transforming sensitive data.
Option B is incorrect because salting involves adding random values to credentials and is unrelated to tokenization.
Option D is incorrect because steganography hides data within files, and it’s unrelated to transforming data into tokens.
Which cryptographic method involves utilizing intricate mathematical operations to guarantee the irreversible transformation of data during encryption?
A. Transport/communication encryption
B. Asymmetric encryption
C. A key exchange
D. Algorithm encryption
Chapter 4
The correct answer is option D. The use of complex mathematical operations to ensure that encrypted data cannot be easily reverted to its original form is known as algorithm encryption. Option A is incorrect because transport/communication encryption primarily focuses on securing data during its transmission. Option B is incorrect because asymmetric encryption involves the use of two keys for encryption and decryption, not mathematical operations for irreversibility. Option C is incorrect because key exchange protocols such as Diffie–Hellman involve mathematical operations to securely exchange keys, and their primary purpose is to establish a shared secret key, rather than performing encryption or ensuring irreversibility.
What term is used to describe the catalogs that contain invalidated digital certificates and ensure the security of online communication?
1. Self-signed
2. Certificate signing request (CSR) generation
3. Certificate authorities
4. Certificate revocation lists (CRLs)/the Online Certificate Status Protocol (OCSP)
Chapter 4
The correct answer is option D. Certificate revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP) are catalogs that contain lists of invalidated digital certificates. These lists ensure the security of online communication by identifying certificates that are no longer
considered trustworthy. The OCSP is faster and more modern. Option A is incorrect because this refers to self-generated digital certificates lacking third-party validation. Option B is incorrect because this relates to the request for a new certificate, not certificate validation. Option C is incorrect because certificate authorities are entities that issue and verify digital certificates.
What do you need to securely store cryptographic keys and perform cryptographic operations within a hardware device, and which encryption level involves the conversion of entire disks into encrypted formats? (Choose TWO.)
A. A Trusted Platform Module (TPM) chip
B. A Hardware Security Module (HSM)
C. Encryption key management software
D. Password-based encryption
E. Full-Disk Encryption (FDE)
Chapter 4
The correct answers are option A and option E. A trusted platform module (TPM) chip is a dedicated hardware component designed to securely store cryptographic keys and perform various cryptographic operations. Full-disk encryption (FDE) refers to the process of encrypting an entire disk or storage device. This ensures that all data stored on the disk, including the operating system and files, is protected.
Option B is incorrect because hardware Security Modules (HSMs) are devices designed for secure key management, but they are not exclusively for hardware-based cryptographic operations or disk encryption.
Option C is incorrect because encryption key management software is used to manage keys but doesn’t directly perform cryptographic operations or disk encryption.
Option D is incorrect because password-based encryption relies on user-provided passwords and does not specifically relate to hardware-based cryptographic operations or disk encryption.
What does a key exchange involve in cryptography?
A. Encrypting large amounts of data using a single key
B. Securely transmitting cryptographic keys
C. Ensuring encryption irreversibility
D. Utilizing private and public keys for decryption
Chapter 4
The correct answer is option B. Key exchange in cryptography pertains to the secure transmission of cryptographic keys between communicating parties. This process ensures that the intended recipient obtains the necessary keys to decrypt and access encrypted data.
Option A is incorrect because encrypting large amounts of data using a single key is a characteristic of symmetric encryption. Option C is incorrect because ensuring encryption irreversibility is a general aspect of encryption but is not specific to a key exchange.
Option D is incorrect because utilizing private and public keys for decryption describes asymmetric encryption, not a key exchange.
What type of digital certificate is self-generated, lacks third-party validation, and is typically used for multiple internal servers to save costs?
1. A wildcard
2. Certificate authorities
3. Certificate signing request (CSR) generation
4. Self-signed
Chapter 4
The correct answer is option D. A self-signed digital certificate is generated without third-party validation and is typically used for internal purposes. It’s not validated by a trusted certificate authority, making it suitable only for limited internal use. Option A is incorrect because a wildcard certificate is a single certificate securing multiple servers, using the same domain name. It is normally used on the internet or public-facing servers. Option B is incorrect because certificate authorities have a root key that they use to sign all other certificates. Option C is incorrect because certificate signing request (CSR) generation is used to request a new certificate.
What technology serves as a decentralized digital ledger, ensuring secure and tamper-resistant record-keeping of transactions?
A. Encryption
B. Digital signatures
C. Blockchain
D. Proof of work
Chapter 4
The correct answer is option C. A blockchain stands as a decentralized digital record, securely documenting transactions across numerous computers, fostering transparency, unchangeability, and confidence without the need for a central governing entity.
Option A is incorrect because encryption is a technique for securing data, rather than a centralized ledger.
Option B is incorrect because digital signatures provide authentication and integrity. They have nothing to do with financial transactions.
Option D is incorrect because proof of work in a blockchain verifies the accuracy of a new transaction.
Which of the following techniques involves the strategic act of deliberately obscuring code to create an intricate puzzle, making the understanding of the code challenging?
A. Obfuscation
B. Tokenization
C. Steganography
D. Data masking
Chapter 4
The correct answer is option A. Obfuscation is the technique of intentionally making code more intricate and convoluted to hinder comprehension by outsiders, while still maintaining its functionality. This practice adds an extra layer of security, as it makes reverse engineering and unauthorized access challenging.
Option B is incorrect because tokenization refers to transforming sensitive data into valueless tokens and is unrelated to code obfuscation.
Option C is incorrect because steganography pertains to hiding data within data, rather than obscuring code.
Option D is incorrect because data masking disguises sensitive data without focusing on code.
Which threat actor category is most likely to steal a major multinational corporation’s confidential trade secrets for the benefit of a competing company?
A. A nation-state
B. Unskilled attacker
C. A hacktivist
D. Organized crime
Chapter 5
The correct answer is option D. Organized crime groups are motivated by financial gains and engage in cyber activities such as ransomware attacks, which involve stealing and leaking confidential trade secrets for monetary benefits. Option A is incorrect because nation-states have larger geopolitical objectives. Option B is incorrect because unskilled attackers lack the sophistication to carry out such targeted attacks. Option C is incorrect because hacktivists focus on ideological motives rather than corporate espionage.
A cyber attacker gains access to an organization’s sensitive customer information and threatens to expose it unless a substantial sum of money is paid. What category of cyber threat does this scenario represent? Select the BEST option.
A. Blackmail
B. Financial gain
C. Ransomware attack
D. Espionage
Chapter 5
The correct answer is option A. The scenario describes a situation where a cyber attacker extorts the victim by threatening to expose sensitive information unless a ransom is paid, which falls under the category of blackmail. Option B is incorrect because while there is a monetary aspect involved, the primary motivation is threat and extortion. Option C is incorrect because ransomware involves encrypting your data in situ and demanding a ransom for decryption. Option D is incorrect because espionage relates to gathering intelligence without the victim being notified.
Which of the following attributes of threat actors defines their operational capacity with respect to their reach and effectiveness?
A. Internal/external
B. Resources/funding
C. The level of sophistication/capability
D. Data exfiltration
Chapter 5
The correct answer is option B. The financial dimension of threat actors, reflected in their resources and funding, defines their operational capacity, classifying them into categories ranging from sophisticated state-backed entities to individuals with constrained resources.
Option A is incorrect because internal/external refers to the origin of the threats (within the organization or external sources), not their operational dimension.
Option C is incorrect because the level of sophistication/capability relates to the technical mastery of threat actors, not their operational capacity.
Option D is incorrect because data exfiltration is a motive for cybercriminals to gain financial rewards.
What is the primary distinction between a hacktivist and an insider threat? Select the BEST option.
A. Hacktivists primarily aim for financial gains, while insider threats are motivated by ideology
B. Insider threats operate on a global scale, while hacktivists target specific organizations
C. Hacktivists seek to deface websites, while insider threats engage in fraud
D. Hacktivists promote causes through cyber campaigns, while insider threats misuse access within an organization
Chapter 5
The correct answer is option D. Hacktivists promote causes through cyber campaigns, while insider threats misuse access within an organization. Option A is incorrect because hacktivists are the ones primarily driven by ideologies. Insider threats often misuse access for personal reasons. Option B is incorrect because the scope of both threat actors is not accurately represented by these descriptions. Option C is incorrect because the activities of hacktivists and insider threats can vary widely and aren’t necessarily limited to these actions.
What is the primary method cybercriminals use to steal sensitive data and sell it on the black market to generate monetary gains?
A. Service disruption
B. Internal/external factors
C. Data exfiltration
D. Espionage
Chapter 5
The correct answer is option C. Data exfiltration refers to cybercriminals stealing sensitive data. This data is often sold on the black market to generate monetary gains. Option A is incorrect, as service disruption is different from stealing sensitive data. Option B is incorrect, as internal/external factors do not relate to stealing and selling data. Option D is incorrect, as espionage typically involves nation-states or, in some cases, rival companies and does not typically refer to independent cyber-criminals.
An individual without a lot of experience in IT launches a cyberattack, using readily available tools to disrupt a local government website temporarily. Which threat actor category does this scenario best align with?
A. A nation-state
B. An unskilled attacker
C. A hacktivist
D. Shadow IT
Chapter 5
The correct answer is option B. An unskilled attacker with limited technical expertise would use basic tools and methods for cyber mischief or small-scale disruptions, such as temporarily disrupting a local government website.
Option A is incorrect because nation-states are capable of more sophisticated and targeted attacks than simple disruptions of local government websites.
Option C is incorrect because hacktivists typically have ideological motives, and their actions are often more impactful than temporary website disruptions.
Option D is incorrect because shadow IT refers to unauthorized technology usage by employees within an organization.
Employees in a company start using a cloud storage service without authorization, bypassing official IT protocols. What term best describes this situation?
A. Shadow IT
B. An unskilled attacker
C. A hacktivist
D. Organized crime
Chapter 5
The correct answer is option A. Shadow IT refers to employees adopting unauthorized technologies and applications while bypassing official IT protocols. This can pose security risks, as it circumvents the organization’s established security measures. Option B is incorrect because an unskilled attacker conducts external cyberattacks, which is different from employees adopting unauthorized technologies. Option C is incorrect because hacktivists engage in cyber campaigns with ideological motives. Option D is incorrect because organized crime refers to criminal groups targeting financial gains through cyber activities, not employees adopting unauthorized technologies.
Which threat actor category is likely to launch a cyber operation to disrupt the critical infrastructure of a rival as part of a geopolitical conflict? Select the BEST option.
A. An advanced persistent threat
B. Organized crime
C. A hacktivist
D. A nation-state
Chapter 5
The correct answer is option D. A nation-state is a sophisticated, wellfunded, and highly skilled adversary that attacks a rival nation as part of a geopolitical conflict. Option A is incorrect because an Advanced Persistent Threat (APT) is a sophisticated and targeted cyberattack carried out by well-funded and highly skilled adversaries. APTs have been operating for a long time but they are not necessarily geopolitical actors, so the nation-state is the BEST option. Option B is incorrect because organized crime’s motive is financial gain. Option C is incorrect because hacktivists engage in cyber campaigns with ideological motives.
Nation-states engage in cyber operations to disrupt critical infrastructure and gather intelligence for geopolitical purposes. What action does this activity primarily represent?
A. Service disruption
B. Data exfiltration
C. Ideological advocacy
D. Espionage
Chapter 5
The correct answer is option D. Espionage involves nation-states and entities infiltrating systems to gather intelligence covertly to fulfill their geopolitical objectives.
Option A is incorrect because service disruption involves taking systems down, not gathering information.
Option B is incorrect because data exfiltration involves stealing and selling sensitive data, while espionage involves intelligence gathering.
Option C is incorrect, as ideological advocacy can take many forms and is not necessarily malicious.
A former employee, who was terminated, hacks into a company’s database to delete critical customer records to disrupt business operations because of a lasting grievance around their termination. What category of motivation does this scenario exemplify?
A. Revenge
B. An insider threat
C. Ethical hacking
D. Data exfiltration
Chapter 5
The correct answer is option A. The scenario involves the former employee seeking revenge by maliciously hacking into the company’s database to cause damage and delete customer records.
Option B is incorrect because “insider threat” is a categorization of threat, rather than a motivation.
Option C is incorrect because ethical hacking typically involves authorized security testing to identify vulnerabilities, not unauthorized actions for revenge.
Option D is incorrect because data exfiltration involves stealing data, rather than deleting it.
You receive an email claiming to be from the IRS (Internal Revenue Service) informing you of a tax refund. The email contains a link to a website where you can claim the refund by providing your personal and
financial information. You provide this information, but an hour later your bank account has been emptied. What type of attack is this most likely to be?
A. Spear phishing
B. Phishing
C. Smishing
D. Vishing
Chapter 6
The correct answer is optionB . A phishing attack is where attackers impersonate a trusted entity (the IRS) to deceive recipients into divulging sensitive information. Option A is incorrect because a spear phishing attack is an email attack that targets a group of users. Option C is incorrect as it refers to an SMS phishing attack. Option D is incorrect as it describes an attack carried out over a phone call or by leaving a voicemail.
You are working for a government agency and have been tasked with sending data to a field operative. You decide to hide a secret message inside a pretty picture that you attach to a digitally signed email. What is the technique adopted by you called?
A. Steganography
B. Malware injection
C. Phishing
D. Data masking
Chapter 6
The correct answer is option A. Steganography is the process of hiding secret information within seemingly ordinary files such as images or audio. It aims to prevent the detection of data by embedding it within the file itself.
Option B is incorrect because malware injection involves inserting malicious code into software or systems, not hiding information within files. An example of malware injection could be the use of the following code: SELECT * FROM users WHERE username = ‘’ OR ‘1’=’1’AND password = ‘…’, which is a SQL injection attack.
Option C is incorrect because phishing is an attack involving deceptive emails or messages to trick the end user into parting with their financial details, not the practice of hiding information within files.
Option D is incorrect because data masking involves hiding partial data. For example, a Visa card number would be ** ** ** *636 if it was data masked.
A CEO’s phone was hacked while they were on holiday. Which of the following is the MOST LIKELY Bluetooth attack vector that could have been used to gain access?
A. Installing a firewall on a Bluetooth-enabled device
B. Connecting to a trusted Bluetooth speaker
C. Pairing with a public Bluetooth headset
D. Updating the device’s Bluetooth driver
Chapter 6
The correct answer is option C. Pairing with a public Bluetooth headset is a potential Bluetooth attack vector. Attackers can create malicious devices with enticing names and trick users into connecting to them, potentially exposing their data or devices to risks.
Option A is incorrect because installing a firewall would be a defense measure, not an attack vector.
Option B is incorrect because connecting to a trusted Bluetooth speaker doesn’t represent an attack vector, as it implies a legitimate connection.
Option D is incorrect because updating the device’s Bluetooth driver is a maintenance action, not an attack vector.
What distinguishes spear phishing from regular phishing?
A. Spear phishing uses phone calls, while regular phishing uses
email
B. Spear phishing targets high-profile individuals, while regular
phishing targets a broader audience
C. Spear phishing relies on fake websites, while regular phishing
uses malicious attachments
D. Spear phishing only targets large corporations, while regular
phishing targets individuals
Chapter 6
The correct answer is option B. Spear phishing is a targeted attack that focuses on high-profile individuals or specific groups, gathering personal information to craft convincing messages. Regular phishing, on the other hand, targets a broader audience without personalized details. Option A is incorrect because spear phishing doesn’t necessarily involve phone calls. Option C is incorrect because both spear phishing and regular phishing rely on email. Option D is incorrect because regular phishing is not limited to targeting individuals; it can also target businesses and organizations.
You come across a website offering free software downloads and download a program from it. Later, you realize that your computer is behaving strangely, and you suspect a malware infection. What kind of threat might you have encountered?
A. A Trojan disguised as the downloaded software
B. Adware
C. A phishing attack aimed at stealing your personal information
D. Ransomware that encrypts your files and demands payment
Chapter 6
The correct answer is option A. Trojans often masquerade as legitimate programs to trick users into downloading and installing them, leading to the compromise of their systems.
Option B is incorrect because adware usually doesn’t disguise itself as software downloads.
Option C is incorrect because phishing attacks involve deceptive attempts to steal personal information, usually through emails or fake websites, but are not directly related to downloaded software.
Option D is incorrect because ransomware encrypts your files and demands payment for decryption but is not directly related to downloading software from a website.
Recently, your company suffered data theft from company-owned mobile telephones. You are a cybersecurity administrator and have been tasked with protecting the data stored on company mobile phones. Which of the following can be used to protect data stored on mobile telephones? Select the BEST TWO.
A. VPN software
B. Strong passwords
C. Remote wipe
D. Screen locks
E. Cable locks
Chapter 6
The correct answers are option B and option D. Strong passwords make it harder to access the phone, and screen locks will lock the phone after a predetermined period, preventing the user from being left logged in.
Option A is incorrect because VPN software protects data that leaves the phone and not the data on the phone.
Option C is incorrect because a remote wipe is used to reset a lost or stolen phone back to factory settings.
Option E is incorrect because cable locks are used to secure hardware devices to prevent them from theft. They are used on small devices such as phones, tablets, and laptops, especially in the retail sector.
In the last month, there has been a rise in the number of watering hole attacks. Which of the following BEST describes the goals of a watering hole attack?
A. Installing ransomware on the target’s computer
B. Gaining unauthorized access to a specific user’s email account
C. Compromising a frequently visited website to infect its visitors with malware
D. Tricking users into sharing sensitive information through deceptive emails
Chapter 6
The correct answer is option C. The primary goal of a watering hole attack is to compromise a legitimate website that the target group frequently visits, using it as a platform to distribute malware to unsuspecting visitors.
Option A is incorrect because while malware, for example, ransomware, distribution can be the result, it’s not the primary goal of a watering hole attack.
Option B is incorrect because gaining unauthorized email account access is not the central objective of a watering hole attack. A watering hole attack is carried out via a website.
Option D is incorrect because this is closer to phishing, not a watering hole attack
Which of the following is a distinguishing feature of a business email compromise (BEC) attack?
A. It involves targeting individuals through text messages.
B. The attacker poses as a legitimate brand or organization
C. It relies on compromising frequently visited websites
D. It involves infecting the target’s computer with malware
Chapter 6
The correct answer is option B. In a BEC attack, the attacker impersonates a trusted entity, often an executive or a high-ranking figure within an organization, to deceive recipients into transferring funds or sensitive information. Option A is incorrect because BEC attacks primarily involve email communication, not text messages. Option C is incorrect because this describes a watering hole attack, not a BEC attack. Option D is incorrect because the goal of a BEC attack is
typically financial or data-related deception, not malware infection
A company executive was researching cloud computing. The executive typed www.microsooft.com into their web browser to get to the Microsoft home page but was redirected to a website with a slightly different home page than expected. What type of attack is this?
A. Brand impersonation
B. Typosquatting
C. Watering hole attack
D. Whaling
Chapter 6
The correct answer is option B. Typosquatting involves creating
websites with domain names that are like popular websites but contain slight misspellings, aiming to catch users who make typing errors. In this case, Microsoft was misspelled. Option A is incorrect because brand impersonation involves pretending to be a recognized brand but doesn’t necessarily involve domain name manipulation. Option C is incorrect because a watering hole attack targets legitimate websites, compromising them to distribute malware to visitors. Option D is incorrect because whaling is an email attack that targets the CEO or a high-level executive, but in this case, email was not used.
Which of the following scenarios best describes the concept of
disinformation?
A. Emily shares an article from a reputable news source about
climate change
B. Liam fact-checks information before including it in his
research paper
C. Alex creates a social media account to impersonate a celebrity
D. Maya engages in a constructive discussion with her colleagues
about office policies
Chapter 6
The correct answer is option C. Alex’s creation of a fake social media account with the intent to impersonate a celebrity constitutes disinformation. Alex is deliberately spreading false information by posing as someone else to manipulate others’ perceptions. Option A is incorrect because sharing an article from a reputable news source, even if it contains inaccurate information, does not align with the concept of disinformation. This is known as misinformation where you believe the information is true but in fact it is false. Option B is incorrect because Liam’s practice of fact-checking indicates responsible behavior and does not involve spreading false information for manipulation. Option D is incorrect because participating in a constructive discussion about office policies does not relate to the concept of disinformation, which
revolves around the intentional spread of false information to deceive or manipulate.
A user has reported to the security team that they left their laptop logged in and unattended. This laptop has a certificate that they use to access the payroll application. What should the security administrator do first?
A. Revoke the certificate for the payroll application
B. Get the user to make a statement
C. Add the certificate to the CRL
D. Report the user to their line manager
Chapter 7
The correct answer is option C. The certificate must be added to the Certificate Revocation List (CRL). This invalidates the certificate and prevents its use. As this is for a payroll application, it must be done immediately. Option A is incorrect as you cannot revoke a certificate for one application; the certificate can only be revoked from all further use. Option B is incorrect as it is not a main priority. The priority is to deal with the incident and then take a statement. Option D is incorrect as it is not a main priority. The main problem is to deal with the incident and then report it to the user’s line manager later.
After some routine checks of a company’s virtual network, three rogue virtual machines were found connected to the network. These machines were overutilizing resources. What should be done to prevent this from happening again? (Select TWO.)
A. Implement manual procedures for VM provisioning, utilization,
and decommissioning, focusing on careful oversight and
deliberate decision-making
B. Craft explicit guidelines for the provisioning, utilization, and
eventual decommissioning of Virtual Machines (VMs)
C. Employ automated solutions to instantiate virtual machines
(VMs) by leveraging predefined templates and established
configurations
D. Avoid using predefined templates and automated tools to adapt
swiftly to dynamic workload requirements
Chapter 7
The correct answers are option B and option C. The attack described is known as a Virtual Machine (VM) sprawl. It could lead to leaving the company wide open to other attacks. Creating a policy on resourceallocation followed by using an automated process will prevent VM sprawl. The policy will prevent unmanaged VMs from being deployed on the network. Automating the process of creating VMs will further reduce user error and prevent rogue machines from being added to the virtual network. Option A is incorrect as manual procedures to provision VMs might be prone to human errors and leave the virtual network vulnerable. Option D is incorrect as using predefined templates streamlines the process, ensures that there are no deviations from the policies, and reduces the risk of configuration errors.
The CEO of a company is going on a trip and taking their company mobile phone with them. They will be listening to music on this phone using earbuds. What security practice should you advise them to follow after each session of the mentioned phone usage? (Select the MOST secure option.)
A. Turn off the phone’s Bluetooth
B. Turn off the phone’s Wi-Fi
C. Clean the earbuds
D. Change the Bluetooth username and password
Chapter 7
The correct answer is option A. Earbuds use a Bluetooth connection, and this is very insecure as it is very easy for a malicious actor to pair to the host device. As a security measure, Bluetooth should be turned off when not in use.
Option B is incorrect as earbuds do not typically use a wireless connection because they use Bluetooth.
Option C is incorrect because cleaning the earbuds has no effect on the mobile phone settings.
Option D is incorrect because Bluetooth-enabled devices first pair with each other using a password or PIN. They do not use a traditional username and password for direct login.
A company is going to use a third-party service to develop a new human resources application that will hold sensitive information. Which of the following is the GREATEST risk that they will encounter?
A. Outsourcing of some of the code development to their supply chain
B. Weak configurations
C. Default settings being used on the application
D. Integration with current applications
Chapter 7
The correct answer is option B. Weak configurations might include using default passwords, inadequate encryption settings, or overly permissive access controls. This could lead to dire consequences, including unauthorized access to sensitive data, loss of critical information, and potential legal or regulatory repercussions. Option A is incorrect because your contractor outsourcing application development is a risk, but it is not the greatest risk. Option C is incorrect because default settings can only be configured after the application has already been written. Option D is incorrect because, although integration is important, it is not the primary concern when it comes to developing applications. It addresses compatibility rather than security.
A company recently encountered security breaches resulting in the unauthorized acquisition of sensitive data. What proactive measure can the security team adopt to effectively minimize the potential for such data breaches in the future?
A. Use default settings
B. Implement host-based firewalls
C. Limit the use of admin accounts
D. Implement Data Loss Prevention (DLP)
Chapter 7
The correct answer is option D. Data Loss Prevention (DLP) ensures that personally identifiable information (PII) and other sensitive data remain confined within the bounds of your network, impeding any attempts at unauthorized data exfiltration.
Option A is incorrect because the default configuration settings fail to provide a safeguard against the unlawful acquisition of personally identifiable information (PII) and sensitive data.
Option B is incorrect because, while a host-based firewall enhances computer security, its effectiveness against company data theft is limited, given that most breaches occur from servers rather than workstations.
Option C is incorrect because, while implementing restricted admin accounts is a prudent measure, it might not entirely prevent the unauthorized acquisition of sensitive data.
In a security incident, a user’s password was compromised through a relentless and automated attack on their account. What proactive measure can organizations adopt to counteract this kind of threat and enhance authentication security?
A. Deployment of Multi-Factor Authentication (MFA)
B. Periodic password rotation for all user accounts
C. Implementation of robust intrusion detection systems
D. Captcha integration for stronger bot detection
Chapter 7
The correct answer is option A. Multi-Factor Authentication (MFA) adds an extra layer of security. Even if passwords are compromised through attacks such as brute-force attacks, MFA will ask for additional verification.
Option B is incorrect because periodic password rotation can be burdensome for users and may not effectively prevent compromised passwords.
Option C is incorrect because intrusion detection systems look out for suspicious activity but do not directly prevent password compromise.
Option D is incorrect because captcha integration helps prevent automated bot attacks but does not address compromised passwords directly.
A USB drive is discovered on the reception floor of an office. What distinct cybersecurity threat will it pose if plugged into a computer?
A. Unauthorized cloud storage access.
B. Potential device overheating
C. A malicious USB attack
D. Incompatibility with software.
Chapter 7
The correct answer is option C. An unattended USB drive can carry malware and initiate a malicious USB attack when connected to a computer, potentially compromising the system. Option A is incorrect because this could be the result of plugging the USB drive in, but it is only one of a number of outcomes and is not the specific threat. Option B is incorrect as overheating is not a cybersecurity attack. Option D is incorrect as it is not a cybersecurity attack
What are the unique risks associated with purchasing software from a market stall? (Select TWO.)
A. No proof of purchase
B. Uncertain origin and authenticity
C. Inadequate customization features
D. Poor physical packaging and manuals
Chapter 7
The correct answers are option A and option B. Purchasing software from a market stall may result in the absence of proof of purchase, making it difficult to seek assistance or refunds if issues arise. Furthermore, software from market stalls might lack clear origin and authenticity verification, posing security and legitimacy concerns. Option C is incorrect because inadequate customization features are not
typically associated with the risks of purchasing software from a market stall. Option D is incorrect because physical packaging and manuals are not unique to market stall purchases and do not address potential risks.
What is a “VM escape” in the context of virtualization and cybersecurity, and why is it significant in virtualized environments?
A. A method to enhance virtual machine (VM) performance by optimizing resource allocation
B. A process of securely transferring VMs between different host servers
C. A breach where an attacker gains unauthorized access to the host system from within a virtual machine
D. A technique to create virtual machine templates for rapid deployment of applications
Chapter 7
The correct answer is option C. A VM escape occurs when an attacker breaks out of a virtual machine and gains unauthorized access to the host system, posing significant security risks. Option A is incorrect because, while resource optimization is a virtualization concern, it does not relate to the concept of VM escape. Option B is incorrect because transferring VMs between hosts is part of virtualization management but is not directly tied to VM escape. Option D is incorrect because creating virtual machine templates is part of provisioning and does not describe the concept of VM escape.
When incorporating a third-party library to aid in code development, what potential security risk should developers be particularly cautious of, and why is awareness crucial in mitigating this risk?
A. Code complexity, leading to performance degradation
B. Incompatibility with existing software systems
C. Exposure to vulnerabilities within the library code
D. Dependency on external developers for maintenance
Chapter 7
The correct answer is option C. Third-party libraries might contain vulnerabilities, such as a backdoor, that can be exploited by attackers. We should always use trusted source code libraries.
Option A is incorrect because code complexity can impact performance, but it is not the primary security risk associated with using third-party libraries.
Option B is incorrect because incompatibility can cause issues, but it is not the security risk emphasized in the question.
Option D is incorrect because dependency on external developers relates to maintenance but doesn’t address the specific security risk discussed
On Monday morning at 9 am, the files of a company’s Chief Financial Officer (CFO) are deleted without any warning. The IT Support team restored the data, but on the following Monday morning at 9 am, the files were again deleted. Which of the following BEST describes this type of attack?
A. A logic bomb
B. A buffer overflow
C. A Trojan
D. A rootkit
Chapter 8
The correct answer is option A. A logic bomb is malicious code that is set to trigger an event (e.g., file deletion) at a specific time (e.g., Monday morning at 9 am). Option B is incorrect because a buffer overflow involves manipulating program memory, not scheduled file deletions. Option C is incorrect because a Trojan normally infiltrates systems with a download but doesn’t exhibit scheduled, recurring actions. Option D is incorrect because a rootkit conceals malicious activities but doesn’t trigger scheduled file deletions
You are the lead cybersecurity analyst at a large financial institution. Lately, your organization has been facing a series of security incidents. In one incident, sensitive customer data was stolen, leading to a data breach. In another, an employee’s computer was compromised, and suspicious activity was detected on the network. After a thorough investigation, you discover that, in both incidents, the attackers used malware that disguised itself as a legitimate program and allowed unauthorized access to the affected systems. What type of cyberattack best describes the scenario?
A. A DDoS attack
B. A logic bomb
C. Trojan
D. A phishing attack
Chapter 8
The correct answer is option C. Trojans are malicious programs that often disguise themselves as legitimate software and perform harmful actions when executed. They can provide unauthorized access to systems, steal data, or perform other malicious activities, as described in the scenario.
Option A is incorrect because DDoS attacks involve overwhelming a system with traffic to disrupt services, which is different from the scenario described.
Option B is incorrect because logic bombs are triggered by specific conditions or events to execute malicious actions within a program, but they do not disguise themselves as legitimate software.
Option D is incorrect because phishing attacks are email-based attacks, which are different from the scenario.
Your organization’s network security team has detected a series of incidents where user accounts were repeatedly locked out. These incidents have caused disruptions in employee productivity and raised concerns about potential security threats. What type of cyberattack is most likely responsible for the repeated account lockouts described in
the scenario?
A. A logic bomb
B. A brute-force attack
C. A Trojan
D. A DDoS attack
Chapter 8
The correct answer is option B. During a brute-force attack, accounts are often locked out because of multiple failed login attempts. This happens because account lockout has been set with a low value for attempts. Option A is incorrect because logic bombs are triggered by specific conditions or events to execute malicious actions within a program, but they are not related to repeated account lockouts. Option C is incorrect because Trojans are malicious programs that typically disguise themselves as legitimate software but do not directly cause repeated account lockouts. Option D is incorrect because distributed denial of service (DDoS) attacks aim to overwhelm a system with traffic to disrupt services, but they do not typically result in account lockouts.
You recently discovered that your online bank account was compromised and unauthorized transactions were made. After investigating, you found that someone had recorded your bank account password without your knowledge. What is the term for the type of malware that may have been used to record your password?
A. Hardware encryption
B. A web development language
C. A keylogger
D. An APT
Chapter 8
The correct answer is option C. Keyloggers are malicious software designed to record keystrokes on a computer, capturing user passwords and other confidential information. Option A is incorrect because hardware encryption refers to a method of securing data during transmission and is not related to password capturing. Option B is incorrect because it describes a programming language used for web development and is not related to password capturing. Option D is incorrect because an APT is a more complex and long-term cyber threat, involving a group of attackers with specific targets. It does not
specifically describe password capturing.
In a cybersecurity investigation, you discover that attackers gained unauthorized access to multiple user accounts on a popular social media platform. The attackers then used the stolen credentials to gain access to a company network. Which of the following attacks was carried out?
A. SQL injection
B. Phishing
C. Credential stuffing
D. Credential harvesting
Chapter 8
The correct answer is option C. Credential stuffing is where attackers use stolen credentials obtained from previous data breaches on a different platform, exploiting the fact that users often reuse passwords across multiple websites.
Option A is incorrect because SQL injection attacks involve manipulating SQL queries to access or modify a database, and it does not involve using stolen credentials. You might see 1=1 or a SELECT statement in the code for the attack.
Option B is incorrect because phishing attacks are email-based attacks, different from the given scenario.
Option D is incorrect because credential harvesting refers to an attacker collecting lists of credentials to resell on the dark web.
A popular online retail website recently experienced severe disruptions in its services, rendering the site inaccessible to users during peak shopping hours. After investigation, it was determined that the site was flooded with a massive volume of illegitimate traffic, overwhelming its servers. What type of cyberattack is most likely responsible for these disruptions?
A. A Man-in-the-Middle (MitM) attack
B. A ransomware attack
C. A DDoS attack
D. A DoS attack
Chapter 8
The correct answer is option C. DDoS attacks aim to disrupt services by flooding a target with excessive traffic, rendering it inaccessible to legitimate users. Option A is incorrect because an MitM attack involves
intercepting and possibly altering communication between two parties, but it does not typically result in service disruptions. Option B is incorrect because ransomware typically encrypts data or systems and demands a ransom for decryption, but it does not directly involve
overwhelming servers with traffic. Option D is incorrect because a Denial of Service (DoS) attack is where the traffic comes from a single IP address – in this case, the high volume of traffic indicates it came from a number of different IP addresses.
You are an IT administrator responsible for the security and maintenance of a web array for a large organization. You discover that an attacker can access files outside the web root directory by manipulating input parameters. This could potentially lead to unauthorized access to sensitive files on the server. What type of vulnerability is this scenario describing?
A. A Cross-Site Scripting (XSS) vulnerability
B. A directory traversal vulnerability
C. A SQL injection vulnerability
D. Cross-Site Request Forgery (CSRF)
Chapter 8
The correct answer is option B. A directory traversal vulnerability refers to an attacker manipulating input parameters to access files outside the web root directory. Normally, when investigating the attack, an
administrator will see ../../../ and so on. Each ../ indicates movement up a website directory. Option A is incorrect because XSS vulnerabilities involve injecting malicious scripts into web pages, not manipulating
input parameters to access files. It uses HTML tags such as
and. Option C is incorrect because SQL injection vulnerabilities involve manipulating SQL queries to access or modify a database, not
accessing files on the server. It will be indicated by the SELECT*
statement or the 1=1 parameter in the attack. Option D is incorrect
because CSRF vulnerabilities involve tricking a user into carrying out an unintended action on a web application, such as clicking on a link, but they do not relate to accessing files on the server.
What type of attack occurs when two different inputs produce the same hash output in systems that rely on unique hash values? Select the BEST answer.
A. A buffer overflow attack
B. A pass-the-hash attack
C. A resource exhaustion attack
D. A collision attack
Chapter 8
The correct answer is option D. A collision attack occurs when two different inputs produce the same hash output. This can lead to vulnerabilities in systems that rely on unique hash values for data integrity and security. Option A is incorrect because a buffer overflow is a different type of attack where a program writes more data to a buffer (memory storage area) than it can hold, often leading to unauthorized code execution. It’s not directly related to hash collisions. Option B is incorrect because a pass-the-hash attack involves an attacker using stolen password hashes to authenticate to a system, without needing to know the original passwords. While it involves hashes, it’s not about generating hash collisions. Option C is incorrect because a resource exhaustion attack aims to deplete a system’s resources to disrupt its operation and is unrelated to hash collisions.
In a network security audit, you discover that an attacker successfully intercepted an encrypted communication between a client and a server, downgrading the secure connection to an unencrypted one. As a result, the attacker could eavesdrop on sensitive data. Which of the following is the BEST description of this type of cyberattack?
A. A TLS/SSL downgrade attack
B. A buffer overflow attack
C. An SSL stripping attack
D. A CSRF attack
Chapter 8
The correct answer is option C. An SSL stripping attack is where an attacker successfully intercepts encrypted communication and downgrades it to an unencrypted one, allowing them to eavesdrop on sensitive data.
Option A is incorrect because a TLS/SSL downgrade attack specifically focuses on downgrading the security protocol, not intercepting encrypted communication directly. It is very close but not the best choice.
Option B is incorrect because buffer overflow attacks exploit software vulnerabilities to execute malicious code and do not involve intercepting encrypted communication.
Option D is incorrect because CSRF attacks trick users into carrying out unintended actions on a web application and do not involve intercepting encrypted communication.
In a security assessment, you noticed a pattern of login attempts where an attacker systematically tried common passwords across multiple user accounts, with long intervals between attempts to evade detection. What type of cyberattack is this scenario describing?
A. A brute-force attack
B. A credential stuffing attack
C. A password spraying attack
D. An XSS attack
Chapter 8
The correct answer is option C. Password spraying is where an attacker systematically tries common passwords across multiple user accounts with the goal of finding valid credentials.
Option A is incorrect because a brute-force attack is a method where an attacker continuously tries all possible combinations of passwords or keys to gain unauthorized access. They do not tend to take breaks.
Option B is incorrect because credential stuffing attacks involve using previously stolen credentials to gain unauthorized access, not systematically trying common passwords.
Option D is incorrect because XSS attacks involve injecting malicious scripts into web pages and are unrelated to password-based login attempts.
In a large enterprise network, the human resources department and the IT department each require isolation from the rest of the company’s network. Which of the following is the MOST appropriate security technique to achieve this isolation while still allowing these departments to communicate internally?
A. Creating a VLAN for each department
B. Physical segmentation
C. An ACL
D. A NAT
Chapter 9
The correct answer is option A. Two separate VLANs can be created, one for HR and another for the IT department within the same physical network switch. This will allow both departments to communicate
internally while remaining separate from the rest of the company’s network. Option B is incorrect because physical segmentation involves physically separating network devices, which may not be necessary in this scenario. The solution is using logical separation. Option C is incorrect because access control lists (ACLs) are used to control access to resources based on criteria such as IP addresses, but they cannot create isolation between departments. Option D is incorrect because a network address translation (NAT) is used for translating private IP addresses to public IP addresses and hiding the internal network from external attackers.
In an enterprise environment, a user wants to install a game on their workstation, which is against company policy. What is the most effective mitigation technique to prevent the user from installing the game?
A. Implementing strong firewall rules to block gaming websites.
B. Using intrusion detection systems to monitor the workstation
C. Creating an application allow list
D. Increasing user privileges to allow game installations
Chapter 9
The correct answer is option C. Creating an application allow list (formerly known as a whitelist) is an effective mitigation technique to prevent unauthorized software installations, including games, on workstations. It allows only approved applications from the allow list to run while blocking all others. Option A is incorrect because blocking gaming websites with firewall rules may restrict access to the websites but will not prevent local software installations.
Option B is incorrect because intrusion detection systems monitor for suspicious network
activity but do not directly prevent local software installations. Option D is incorrect because increasing user privileges would allow the user to
install software.
You are the cybersecurity administrator for a multinational corporation where one of your enterprise’s domain controllers has been infected with a virus. What is the first step you should take to mitigate the situation and prevent the further spread of the virus?
A. Shut down the domain controller immediately
B. Disconnect the domain controller from the network
C. Run a full antivirus scan on all computers in the network
D. Increase firewall rules for the domain controller
Chapter 9
The correct answer is option B. The first step in this situation to prevent the further spread of the virus is to disconnect the infected domain controller from the network. This isolates the compromised system and
prevents it from infecting other devices, and it also allows access to the contents of the random-access memory for forensic investigation. Option A is incorrect because shutting down the domain controller is an
option but you will lose the contents of the random-access memory that may be needed for forensic investigation. Further, once you restart the domain controller, the virus will reappear. Option C is incorrect because running a full antivirus scan is important but it should come after isolating the infected system. It is likely that your antivirus solution is not up to date; otherwise, it would have prevented the infection. Option D is incorrect because increasing firewall rules may help prevent future infections but the first step when dealing with an infected system is to isolate the system to prevent further spread.
A large financial institution is concerned about protecting customer data from potential breaches. They want a real-time solution that can actively inspect and block network threats. Which of the following network security devices or technologies should they consider?
A. A jump server for secure remote access
B. A load balancer to distribute website traffic
C. An inline Intrusion Prevention System (IPS)
D. Layer 7 firewall rules for web application security
Chapter 9
The correct answer is option C. An inline Intrusion Prevention System (IPS) would actively inspect and block network threats, helping to protect customer data in real time. Option A is incorrect because a jump server is used for secure remote access but doesn’t actively inspect and block network threats. Option B is incorrect because load balancers distribute traffic but don’t provide the same threat protection as an IPS.
Option D is incorrect because Layer 7 firewall rules focus on application security, not real-time threat detection.
You are the network administrator for an organization whose critical systems have been compromised by a zero-day vulnerability. The attack has already caused significant damage, and the security team needs to respond promptly. Which of the following patch management strategies should the organization prioritize to mitigate further damage and prevent future attacks?
A. Isolate the compromised systems from the network to prevent further spread of the attack until a patch has been developed
B. Apply the latest patches immediately to all systems, regardless of their criticality
C. Roll back all affected systems to their previous state before the attack occurred, restoring them to a known secure configuration
D. Implement additional network monitoring and intrusion detection systems to monitor for any further malicious activity
Chapter 9
The correct answer is option A. A zero-day virus has no patch; therefore, you need to conduct a detailed analysis of the compromised systems, identify the specific zero-day vulnerability, and work with vendors to develop a customized patch. This approach addresses the root cause of the attack (i.e., no patch) and can prevent further incidents by isolating the compromised system. Option B is incorrect because applying the latest patches immediately to all systems, regardless of their criticality, will not address the specific zero-day vulnerability, as there is no known patch for it. Option C is incorrect because rolling back systems to a previous state may remove the immediate threat but does not address the underlying vulnerability. This approach may leave
the organization exposed to future attacks targeting the same vulnerability. Option D is incorrect because implementing additional network monitoring and intrusion detection systems will not help detect a zero-day vulnerability. Immediate isolation takes precedence.
Following an audit by a third-party auditor, an enterprise decides to implement additional mitigation techniques to secure its digital infrastructure. What is the primary purpose of this approach? (Select the BEST solution.)
A. To provide real-time protection against physical cyber threats
B. To eliminate all potential vulnerabilities within the network
C. To maximize the organization’s network speed and
performance
D. To reduce the risk and impact of security incidents
Chapter 9
The correct answer is option D. The purpose of mitigation techniques is to reduce the risk and impact of security incidents. Mitigation techniques aim to minimize vulnerabilities and protect the organization from cyber threats.
Option A is incorrect because mitigation techniques primarily aim to reduce the risk and impact of security incidents, including both online and physical threats.
Option B is incorrect because mitigation techniques cannot eliminate all potential vulnerabilities entirely.
Option C is incorrect because mitigation techniques primarily focus on security, not on maximizing network speed and performance.
What are the two roles of a SOAR system in cybersecurity? (Select TWO.)
A. To provide real-time protection against cyber threats
B. To eliminate all potential vulnerabilities within a network
C. To automate and streamline incident response processes
D. To release IT staff to deal with more important tasks
Chapter 9
The correct answers are option C and option D. The role of a security orchestration, automation, and response (SOAR) system is to automate and streamline incident response processes in cybersecurity and release IT staff from mundane tasks, freeing them to carry out more important tasks. Option A is incorrect because a SOAR system’s primary purpose is searching log files to detect threats. It is more focused on automating and streamlining the incident response process. Option B is incorrect
because a SOAR system does not eliminate all potential vulnerabilities within a network. It is designed for incident response and process automation, not vulnerability management.
Which of the following statements best describes the role of mitigation techniques in the context of enterprise security?
A. Mitigation techniques are only relevant after a security breach
has occurred
B. Mitigation techniques are designed to identify and classify all
vulnerabilities in a network
C. Mitigation techniques aim to reduce the likelihood and impact
of security incidents
D. Mitigation techniques focus solely on data backup and
recovery strategies
Chapter 9
The correct answer is option C. Mitigation techniques aim to reduce the likelihood and impact of security incidents because they use measures to prevent security breaches and minimize their consequences. Option A is incorrect because mitigation techniques are proactive measures aimed at preventing breaches and minimizing their impact rather than reactive measures. Option B is incorrect because mitigation techniques do not focus on identifying and classifying all vulnerabilities in a network. Their primary goal is to reduce the likelihood and impact of security incidents, thereby addressing specific vulnerabilities but not categorizing them. Option D is incorrect because mitigation techniques do not focus on data backup and recovery strategies because this is the job of a backup administrator.
In an enterprise security setup, which technology is primarily
responsible for collecting, analyzing, and correlating logs from multiple sources, helping to detect and respond to security incidents in real time?
A. A vulnerability scanner
B. EDR
C. SIEM
D. SOAR
Chapter 9
The correct answer is option C. A SIEM system can correlate logs from multiple sources and analyze them to detect and respond to security incidents in real time. Option A is incorrect because a vulnerability scanner’s role is to scan and identify vulnerabilities in systems and networks, not analyze logs in real time. Option B is incorrect because EDRs focus on monitoring and responding to security incidents on individual endpoints. They do not collect and correlate logs from multiple sources across the enterprise. Option D is incorrect because SOAR systems can automate incident response workflows and are not the primary technology for correlating logs, which is the role of the SIEM system.
Which of the following cybersecurity solutions is primarily responsible for scanning the enterprise network for missing patches and software flaws? (Select the BEST TWO.)
A. A credentialed vulnerability scan
B. EDR
C. SIEM
D. SOAR
E. Nessus
Chapter 9
The correct answers are option A and option E. Both a credentialed vulnerability scanner and Nessus are cybersecurity solutions that can scan an enterprise network for vulnerabilities, including missing patches and software flaws. They assess the severity of these vulnerabilities and provide recommendations for mitigation. Option B is incorrect because EDR focuses on monitoring and responding to security incidents on individual endpoints and does not perform vulnerability scanning and
assessment. Option C is incorrect because SIEM systems are used for log collection and correlation, not for vulnerability scanning and assessment. Option D is incorrect because SOAR systems are used to automate incident response workflows and integrate security tools based on predefined playbooks. They do not conduct vulnerability scanning or assessment.
Following a malware attack on an AutoCAD machine, which of the
following cybersecurity solutions should a company utilize to detect similar threats early and prevent them from recurring in the future?
A. EDR
B. SIEM
C. SOAR
D. A credentialed vulnerability scanner
Chapter 10
The correct answer is option A. EDR solutions are specifically designed for the early detection of threats on individual endpoints, which makes them suitable for identifying and preventing similar malware infections in the future. Option B is incorrect because SIEM systems are excellent for collecting and correlating logs from various sources to identify security incidents, but they are not designed for prevention on individual endpoints. Option C is incorrect because SOAR systems can automate incident response workflows. They do not carry out early
threat detection on individual endpoints. Option D is incorrect because a credentialed vulnerability scanner looks for missing patches and software flaws and does not detect threats.
In a rapidly evolving technology company, a new software update is about to be implemented that could have a significant impact on the efficiency of customer support operations. What component of change management is essential to ensure that customer support operations are not adversely affected by this update?
A. Ownership
B. Test results
C. An approval process
D. A maintenance window
Chapter 10
The correct answer is option C. The approval process is a critical aspect of change management that ensures proposed changes are scrutinized before implementation. This step involves assessing the impact of changes on customer support operations, resource allocation, and potential risks. Option A is incorrect because although ownership is important for accountability, as it designates an individual responsible for overseeing and executing changes, it does not evaluate potential security impacts. Option B is incorrect because although test results are crucial to ensuring that changes work as intended, they don’t introduce any unforeseen complications or security flaws. Option D is incorrect
because a maintenance window refers to the period when changes to a system are implemented while causing minimal disruption
In the context of digital security, what designation is attributed to a record of explicitly authorized entities or actions that shape a meticulously controlled environment?
A. Cryptography
B. Threat actors
C. An allow list
D. Malware detection
Chapter 10
The correct answer is option C. An allow list (formerly known as a whitelist) is a security measure involving a list of explicitly permitted entities, actions, or elements. It’s employed to ensure a highly controlled environment where only approved entities or actions are permitted, thereby reducing the attack surface and enhancing security. Option A is incorrect because cryptography involves techniques for secure communication but does not provide explicit lists of permitted entities. Option B is incorrect because threat actors are individuals or groups that pose security risks. They do not provide a record of authorized entities. In fact, these actors should be added to the deny list themselves. Option
D is incorrect because malware detection focuses on identifying
malicious software, which would be on the deny list.
In the pursuit of maintaining precision in depicting network
configurations, which method aligns most closely with the genuine network infrastructure and allows for a reliable reflection of its current state and structure?
A. Regression testing
B. Updating diagrams
C. Data masking
D. Version control
Chapter 10
The correct answer is option B. Updating diagrams is a crucial practice that involves keeping visual representations of the network infrastructure current and accurate to ensure that they closely mirror the real network configuration, which is vital for effective network management and troubleshooting. Option A is incorrect because regression testing involves testing to ensure that code changes haven’t negatively impacted existing functionality; it does not relate to network infrastructure. Option C is incorrect, as data masking involves disguising sensitive information, which is not directly related to network infrastructure. Option D is incorrect, as version control tracks
changes to documents, papers, and software, not infrastructure.
Within the framework of change management, which critical element provides a detailed set of instructions to be executed in the event of unexpected issues or failures following change implementation, ensuring a systematic response and recovery process?
A. Ownership
B. A backout plan
C. A maintenance window
D. Test results
Chapter 10
The correct answer is option B. A backout plan serves as an essential component of change management that offers a comprehensive set of instructions to address unexpected issues or failures during change implementation, enabling a structured approach to recovery and ensuring minimal disruption to operations. Option A is incorrect, as ownership involves designating responsible individuals to oversee and execute changes. It does not take any steps to remedy change failures.
Option C is incorrect because a maintenance window refers to the period when changes to a system are implemented while causing minimal disruption. Option D is incorrect, as test results assess the functionality and suitability of changes before implementation. They do not address change failures.
You are the IT manager of a busy e-commerce website. During a routine server maintenance operation, the website’s functionality is temporarily halted to implement important security updates and optimize performance. What specific term describes this period when the website is not operational, causing inconvenience to users but ensuring the long-term security and efficiency of the platform?
A. A maintenance window
B. Overhead
C. Downtime
D. Latency
Chapter 10
The correct answer is option C. Downtime is the term used to describe this period when the website is temporarily unavailable due to scheduled maintenance, causing temporary inconvenience to users. Option A is incorrect, as a maintenance window is a scheduled event and causes minimal disruption. Option B is incorrect, as overhead refers to the additional resources or tasks required beyond essential functions, and it’s not directly related to a system’s operational status. Option D is incorrect, as latency refers to the delay between an action and a response. It is often related to network performance, rather than a system’s operational status
In the context of software development, what do the terms “software interactions” and “relationships” collectively describe that emphasizes the intricate connections between various software components and their crucial role in project planning and execution?
A. Software defects
B. Incompatibilities
C. Software dependencies
D. Error handling
Chapter 10
The correct answer is option C. Software dependencies collectively encompass the complex interactions and relationships between various software components. These dependencies are crucial in software development, as they define how different parts of the software rely on each other, affecting project planning, execution, and overall project success. Option A is incorrect, as software defects refer to flaws or errors in software code, not to the relationships between software components. Option B is incorrect, as incompatibilities could refer to issues between different software or hardware elements, but they do not capture the concept of dependencies. Option D is incorrect, as error handling involves managing errors and exceptions in software, but it’s not directly related to the interactions between software components.
You are the IT manager of a busy e-commerce website. The holiday shopping season is approaching, and you need to plan system updates to improve performance. What is the primary objective of scheduling a maintenance window for these updates?
A. To maximize resource utilization
B. To reduce the need for regular system backups
C. To ensure updates are implemented without disrupting users
D. To bypass the need for change management procedures
Chapter 10
The correct answer is option C. Scheduling a maintenance window is primarily done to ensure updates are implemented without disrupting users, especially during critical periods such as the holiday shopping season, when website availability is crucial. Option A is incorrect because while optimizing resource utilization is important, it’s not the primary reason for scheduling a maintenance window. Option B is incorrect, as maintenance windows don’t directly relate to system backup procedures. Option D is incorrect because this is not the primary purpose of a maintenance window. Proper change management procedures are crucial for maintaining security and stability, so bypassing them is not advisable.
You are using photo editing software when the program suddenly becomes unresponsive. What is the BEST specific action you can take to potentially resolve this issue and refresh the program’s resources?
A. An application refresh
B. An application restart
C. Application reloads
D. An application reset
Chapter 10
The correct answer is option B. An application restart involves closing and then reopening an application to address issues, refresh resources, or implement changes and can often resolve software-related problems without the need for more drastic measures, such as reinstalling the software or rebooting the entire system. Option A is incorrect because while similar to a restart, a refresh involves renewing certain elements without closing and reopening the entire application and would not solve its unresponsiveness. Option C is incorrect, as reloading might
refer to loading specific data or content, but it doesn’t capture the
complete process of closing and reopening an application. Option D is incorrect, as a reset could encompass broader actions beyond closing and reopening and could return the program to default settings, increasing the potential for lost work.
The cybersecurity team has highlighted the importance of updating network topology diagrams regularly. Why is this practice crucial for enhancing security measures in your organization’s IT infrastructure?
A. It enhances network speed
B. It reduces the need for cybersecurity tools
C. It ensures visual consistency
D. It aids in gaining an understanding of the current environment
Chapter 10
The correct answer is option D. Updating network topology diagrams is crucial for enhancing security measures because it facilitates a comprehensive understanding of the current IT environment, allowing for more effective security planning and management. Option A is incorrect, as updating diagrams doesn’t directly impact network speed; it’s more concerned about accuracy and understanding. Option B is incorrect, as while accurate diagrams can aid cybersecurity efforts, they don’t inherently reduce the need for dedicated cybersecurity tools.
Option C is incorrect, as while visual consistency is valuable, the
primary reason for updating diagrams is to reflect the accurate state of an environment.
You are a software development team lead preparing to deploy a critical update to your company’s e-commerce platform. Before employing the changes to the production environment, what is the primary goal of reviewing and analyzing test results?
A. To validate user documentation
B. To ensure data backup procedures
C. To confirm that the team adheres to coding standards
D. To identify and address potential issues or defect
Chapter 11
The correct answer is option D. Reviewing and analyzing test results in software development is primarily done to identify and address potential issues or defects before deploying changes to the production environment, ensuring a smoother and more reliable transition. Option A is incorrect, as test results are primarily focused on the technical aspects of the software, not on user documentation. Option B is incorrect, as while data backup is important, it’s not the main purpose of reviewing test results. Option C is incorrect, as while coding standards are important, the main purpose of reviewing test results is to identify and address issues in code.
You are the network administrator for a multinational corporation with a large, complex network environment in which security considerations are paramount. The IT manager has asked you to explain to the board of directors why you have recommended that they include a stateful firewall in next year’s budget to enhance your cybersecurity posture. Which of the following is the BEST description of why the organization
should purchase a stateful firewall?
A. To filter packets based solely on IP addresses and port numbers
B. To analyze network traffic patterns and detect anomalies in real time
C. To improve network performance by caching frequently
accessed data
D. To create a secure tunnel for remote access between two
network segments
Chapter 11
The correct answer is option B. Stateful firewalls excel in analyzing traffic patterns and identifying unusual behavior, thereby providing enhanced security. Option A is incorrect because stateful firewalls offer more advanced capabilities beyond simple IP and port filtering. This answer describes a basic packet-filtering firewall. Option C is incorrect because caching is a function typically associated with proxy servers, not stateful firewalls. Option D is incorrect because a stateful firewall does not create a secure session between two network segments
A multinational corporation is planning to implement a new network security strategy to protect its sensitive data. They have several remote offices worldwide, and their employees frequently travel and work remotely. The company is concerned about potential security threats and data breaches and wants to enhance security while still ensuring seamless connectivity. Which of the following network security measures would be most suitable for their needs?
A. Implementing a site-to-site VPN to secure communication
between office locations
B. Enforcing 802.1X authentication for wireless and wired
network access
C. Using DNS Round Robin for load balancing across their web
servers
D. Deploying a Web Application Firewall (WAF) to protect
against online threats
Chapter 11
The correct answer is option A. Implementing a site-to-site VPN would secure communication between office locations, ensuring data confidentiality and integrity while accommodating the organization’s global reach and remote workforce. Option B is incorrect because while 802.1X authentication is essential for network access control, it doesn’t address the specific concerns of remote office connectivity. Option C is incorrect because using DNS Round Robin is a simple method for load balancing traffic across web servers and does not relate to secure connections. Option D is incorrect as a Web Application Firewall (WAF) is essential for protecting web servers and their web applications
but not for securing data in transit between offices.
A cybersecurity firm needs a solution to the secure management and monitoring of its clients’ sensitive systems that will minimize the exposure of client networks to potential threats. What network security approach should they adopt? Select the BEST option:
A. Implementing a reverse proxy server for client connections
B. Deploying a jump server within the location of the sensitive
data
C. Using IPsec transport mode for data encryption
D. Enforcing 802.1X authentication for client access
Chapter 11
The correct answer is option B. Deploying a jump server will allow the cybersecurity firm to directly access the location that it needs to manage and monitor. Option A is incorrect as a reverse proxy server is used for authenticating and decrypting incoming requests. It will never be used to access sensitive data. Option C is incorrect because IPsec transport mode focuses on creating a secure tunnel for internal data encryption between two servers. Option D is incorrect as 802.1X authentication is typically used for internal network access via a managed switch and RADIUS server.
A multinational corporation wants to enhance security and privacy for its employees’ internet usage. They also aim to optimize bandwidth utilization. Where should they place proxy servers to achieve these goals?
A. Inside the Local Area Network (LAN) near employee
workstations
B. In front of the web server hosting the company’s public website
C. At the edge of the screened subnet between the internet and
internal network
D. Between the firewall and external network routers
Chapter 11
The correct answer is option C. Placing proxy servers at the edge of the demilitarized zone (DMZ) can enhance security and privacy and optimize bandwidth utilization for employee internet usage. Option A is incorrect because placing proxy servers inside the Local Area Network (LAN) may not provide the right level of security for outbound internet traffic. Some users may access resources from the screened subnet where no filtering can take place if the proxy server is in the LAN.
Option B is incorrect because placing proxy servers in front of the web server is more focused on protecting the web server rather than monitoring or optimizing employee internet usage. It’s typically part of a WAN setup and wouldn’t be effective for internal traffic management.
Option D is incorrect because placing proxy servers between the
firewall and external routers may not optimize bandwidth utilization effectively.
A medium-sized manufacturing company wants to restrict access to its sensitive production network. They need a solution to filter incoming and outgoing traffic based on specific rules. What network device or technology is the BEST choice for this?
A. A Unified Threat Management (UTM) firewall
B. IPsec transport mode for data encryption
C. Access Control Lists (ACLs) for traffic filtering
D. A load balancer for distributing network traffic
Chapter 11
The correct answer is option C. Routers and firewalls are the only network devices that use an ACL, and both sit at the edge of your network. Enforcing Access Control Lists (ACLs) allows the company to filter traffic based on specific rules and can restrict access to its network.
Option A is incorrect as while a UTM firewall is important, it
focuses on broader security functions, such as malware inspection, content filtering, and URL filtering, rather than restricting access to an overall network.
Option B is incorrect because IPsec transport mode is
primarily for data encryption, not traffic filtering.
Option D is incorrect because load balancers distribute traffic but don’t provide the same level of traffic filtering as ACLs.
A healthcare organization handles sensitive patient records and, as such, must comply with strict data privacy regulations. They want to establish a comprehensive network security solution to prevent exfiltration of this data. Which of the following options BEST fits their requirements?
A. Using a reverse proxy server for web application security
B. Enforcing 802.1X authentication for network access
C. Deploying a UTM firewall
D. Implementing IPsec transport mode for secure data
transmission
Chapter 11
The correct answer is option C. Deploying a Unified Threat
Management (UTM) firewall offers comprehensive network security, including threat detection and data loss protection, which are vital for preventing patient records from leaving a network.
Option A is incorrect because a reverse proxy server focuses on incoming authentication and the decryption of incoming traffic. It cannot control outgoing traffic.
Option B is incorrect. 802.1X enhances network security by
authenticating devices and users, controlling access, and enforcing security policies, all of which make it a critical component of overall network security but do not grant it the ability to prevent data from leaving a network.
Option D is incorrect because IPsec transport mode primarily focuses on data encryption within a network. It does not monitor sensitive information.
A rapidly growing start-up has recently expanded its online services to offer customers a wide range of new features. However, the Chief Technology Officer (CTO) is concerned about the increasing attack surface. What measures should they take to minimize potential vulnerabilities? Select the BEST option:
A. Implementing a WAF for real-time threat protection
B. Regularly conducting security audits to identify and address
vulnerabilities
C. Enforcing 802.1X authentication for employees accessing the
internal network
D. Using DNS Round Robin for load balancing across multiple
servers
Chapter 11
The correct answer is option B. Regularly conducting security audits helps identify and address vulnerabilities across the attack surface.
Option A is incorrect as a Web Application Firewall (WAF) focuses on application layer security by protecting web servers and web
applications but doesn’t directly reduce the attack surface.
Option C is incorrect as 802.1X authentication is for network access control, ensuring that only authenticated users and devices can access a network. It is primarily focused on controlling internal network access rather than securing a customer-facing network.
Option D is incorrect as DNS Round Robin is useful for load balancing but doesn’t address the attack surface concerns.
What are the key differentiators between Layer 4 and Layer 7 firewalls?
A. Layer 7 firewalls operate at the network layer, providing better performance
B. perform deep packet inspection for advanced
threat detection
C. Layer 7 firewalls can inspect and block traffic based on
application-specific content
D. Layer 4 firewalls provide more granular access control for user
authentication
Chapter 11
The correct answer is option C. Layer 7 firewalls can inspect and block traffic based on application-specific content to provide a deeper level of security than their Layer 4 counterparts.
Option A is incorrect because Layer 7 firewalls operate at the application layer, not the network layer, and performance can vary depending on the specific firewall.
Option B is incorrect because Layer 4 firewalls focus on network-level controls, not deep packet inspection.
Option D is incorrect because Layer 4 firewalls provide access control but not to the granularity of applicationspecific content filtering
A large enterprise hosts critical web applications internally and wants to ensure their security. They’re considering the use of a reverse proxy server. In what way can this enhance the security of their web applications?
A. By encrypting internal network communications
B. By optimizing load balancing for web traffic
C. By providing a secure gateway for external users
D. By enforcing strong password policies for web application
user
Chapter 11
The correct answer is option C. A reverse proxy server can provide a secure gateway for external users, protecting web applications from direct exposure to the internet.
Option A is incorrect because encrypting internal network communications is not the primary role of a reverse proxy and would not increase the security of web applications.
Option B is incorrect because load balancing optimization is a feature but would not directly increase security.
Option D is incorrect because enforcing strong password policies is a user management task, not a function of a reverse proxy.
You are tasked with protecting sensitive information that includes personally identifiable data subject to strict privacy laws. Which data type should you focus on safeguarding?
A. Regulated
B. Trade secrets
C. Intellectual property
D. The results of an internal audit
Chapter 12
The correct answer is option A. Regulated data refers to information governed by specific laws and regulations, such as data protection and privacy laws. Personally identifiable data (PII) is regulated.
Option B is incorrect because trade secrets relate to proprietary business information and not personal data.
Option C is incorrect, as intellectual property includes patents, copyrights, and trademarks, not personal data.
Option D is incorrect, as the data would be corporate confidential and not personal data
A multinational corporation stores sensitive customer data. To comply with data privacy regulations, it implements a method to restrict access to this data to the sales team, based on which hotel they are in while they are on national and international sales trips. Which security method are they using?
A. Geographic restrictions
B. Encryption
C. Masking
D. Hashing
Chapter 12
The correct answer is option A. Geographic restrictions are used to limit data access based on the physical location of users. Salespeople visit different countries and stay in different hotels while on sales trips. This helps them comply with data privacy regulations by ensuring that only authorized users in specific geographic regions can access sensitive customer data.
Option B is incorrect, as encryption transforms plaintext data into ciphertext but doesn’t restrict access based on location.
Option C is incorrect, as masking conceals sensitive data but doesn’t specifically control access based on geography.
Option D is incorrect, as hashing is a one-way function that provides data integrity and is used for storing passwords
