Ramdom Questions 1 - 10 Flashcards
A business has received a small grant to transition its infrastructure to an external solution. Which of the following considerations should be prioritized first?
A. Security of cloud providers
B. Cost of implementation
C. Ability of engineers
D. Security of architecture
D. Security of architecture
The marketing department independently implemented project management software without notifying the relevant departments (IT). What term best describes this action?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption
A. Shadow IT
A user attempts to apply a critical patch, but the patch transfer fails. Which access control is most likely blocking the transfer?
A. Attribute-based
B. Time of day
C. Role-based
D. Least privilege
D. Least privilege
What tool can help detect if an employee has mistakenly sent an email with a file containing a customer’s personally identifiable information(PII)?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
D. DLP
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data, such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its reputation and assets.
A security analyst has been informed by the cyber operations team about a new method attackers are using to breach networks. SIEM alerts have not been configured yet. What should the analyst do to detect this activity?
A. Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
D. Threat hunting
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
C. Organized crime.
Organized crime groups are often well-funded, highly skilled, and capable of carrying out sophisticated cyberattacks, including those targeting critical infrastructure. Governments might collaborate with or hire these groups for cyber espionage, sabotage, or other malicious activities aimed at destabilizing or compromising another nation’s critical systems.
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
D. Salting
Salting involves adding random data to the input of a one-way hash function to ensure that the same input will produce different hash values, thus making it more difficult for attackers to use precomputed hash tables (rainbow tables) to reverse engineer the original input.
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
D. Phishing.
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or providing sensitive information, such as log- in credentials, personal data, or financial details. In this scenario, the employee received an email from a payment website that asked the employee to update contact information. The email contained a link that directed the employee to a fake website that mimicked the appearance of the real one. The employee entered the log-in information, but received a “page not found” error message. This indicates that the employee fell victim to a phishing attack, and the attacker may have captured the employee’s credentials for the payment website.
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Selected Answer: D
Permit 10.50.10.25/32 0.0.0.0/0 port 53: This rule allows outbound DNS requests from the device with the IP address 10.50.10.25.
Deny 0.0.0.0/0 0.0.0.0/0 port 53: This rule denies all other outbound DNS requests from any other devices on any IP address.
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Selected Answer: A. SSO (Single Sign-On)
Single Sign-On (SSO) enables users to authenticate once with their domain credentials and then access multiple applications without needing to re-enter their credentials each time. This aligns with the company’s preference to use domain credentials and reduces the burden of managing multiple sets of credentials for different applications.
Protected Extensible Authentication Protocol (PEAP) is a security protocol that protects wireless and wired networks. It’s used to authenticate clients, such as laptops and mobile devices, to a network server or access point.
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
B. Employees who open an email attachment receive messages demanding payment to access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.
Selected Answer: A
A. This scenario describes a Business Email Compromise (BEC) attack, which is a type of phishing attack that relies on social engineering. In a BEC attack, attackers impersonate a trusted individual (often an executive) and use their name or email address to request sensitive information, payments, or, as in this case, gift cards. These attacks often rely on urgency and authority to trick employees into acting without verifying the request.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. –> Credential Harvesting
