Random Question 101 - 120 Flashcards
Question 101:
During a risk assessment, a security team discovers that their current vulnerability management program isn’t effectively addressing critical vulnerabilities. Which approach would most effectively enhance the vulnerability management process while aligning with security best practices?
Options:
A. Patch all vulnerabilities immediately regardless of impact.
B. Risk-based vulnerability prioritization with continuous monitoring.
C. Annual vulnerability scans of critical systems.
D. Implement automated patching without testing.
Correct Answer: B
Explanation:
Risk-based vulnerability prioritization with continuous monitoring ensures critical vulnerabilities are addressed based on their actual risk to the organization, while maintaining ongoing visibility into the security posture.
Question 102:
A global organization is implementing a new security framework while managing third-party risks. Security analysts have identified TWO critical areas that require immediate attention to maintain compliance and reduce risk exposure. Which combination of measures would most effectively address these concerns?
Options:
A. Implementation of continuous third-party monitoring systems.
B. Annual security awareness training.
C. Integration of GRC tools with vendor risk assessments.
D. Weekly vulnerability scanning.
E. Monthly password changes.
Correct Answer: A, C
Explanation: Continuous third-party monitoring provides real-time visibility into vendor risks, while GRC tool integration with vendor risk assessments ensures comprehensive compliance management and risk visibility across the organization’s vendor ecosystem.
Governance, risk, and compliance (GRC) tools help organizations manage risk, compliance, and internal audits. When choosing a GRC tool, you can consider things like:
- Functionality: What core functions you need
Integration: How well the tool
- integrates with your existing systems
- User-friendliness: How easy the tool is to use
- Pricing: How much the tool costs
Question 103:
During incident response to a sophisticated attack, the security team discovers evidence of data exfiltration but cannot determine the full scope of the compromise. Which incident response process would be most appropriate to implement immediately while maintaining business operations?
Options:
A. Full system shutdown and recovery from backups.
B. Targeted containment with enhanced monitoring and analysis.
C. Immediate eradication of all suspected systems.
D. Implementation of new security controls.
Correct Answer: B
Explanation: Targeted containment with enhanced monitoring and analysis allows for continuous investigation of the breach scope while preventing further damage, maintaining critical business operations, and gathering necessary evidence.
Question 104:
An organization’s security team is designing a comprehensive business continuity plan for their critical infrastructure. Which approach would best ensure both system availability and security during a disaster recovery scenario?
Options:
A. Multiple backup sites without security controls.
B. Single backup site with basic security measures.
C. Integrated DR plan with security controls and regular testing.
D. Offsite backups without recovery procedures.
Correct Answer: C
Explanation: An integrated DR plan with security controls and regular testing ensures both system availability and security during recovery, maintaining security posture while enabling efficient business restoration during disasters.
Question 105:
During a security audit, a team identifies multiple vulnerabilities across different systems. The organization needs to implement a compensating control due to technical limitations preventing the deployment of the primary control. Which TWO of the following best describe the characteristics of a compensating control? (Choose TWO)
Options:
A. Provides the same level of protection as the original control but through different means.
B. Temporarily replaces the primary control until budget allows for implementation.
C. Meets the intent and rigor of the original control requirements.
D. Costs less than the original control to implement and maintain.
E. Requires annual review and certification by external auditors.
Correct Answer: A, C
Explanation:
Compensating controls must provide similar protection level as original controls (A) and satisfy original control requirements (C) regardless of cost or audit requirements.
Question 106:
A security analyst is implementing Zero Trust principles in an organization’s network. Which of the following best represents the primary function of the Control Plane in Zero Trust architecture?
Options:
A. Manages actual data flow between network segments.
B. Handles policy decisions and access management.
C. Provides encryption for data in transit.
D. Monitors network traffic patterns.
Correct Answer: B
Explanation:
The Control Plane in Zero Trust architecture is responsible for policy decisions and managing access controls, while Data Plane handles actual data movement.
Question 107:
Your organization recently experienced a security breach. During the incident response process, which phase focuses on identifying what systems were affected and determining the current and potential business impact?
Options:
A. Containment.
B. Analysis.
C. Detection.
D. Eradication.
Correct Answer: B
Explanation:
The Analysis phase involves investigating affected systems, determining the scope of compromise, and assessing the business impact of the security incident.
Question 108:
A company is implementing multiple security measures to protect their data center. Which TWO of the following combinations would provide the most effective physical security controls for preventing unauthorized access?
(Choose TWO)
Options:
A. Access control vestibule with pressure sensors.
B. Security cameras with motion detection.
C. Bollards with microwave sensors.
D. Fencing with infrared detection.
E. Security guards with ultrasonic sensors.
Correct Answer: A, D
Explanation:
Access control vestibule with pressure sensors provides layered entry control, while fencing with infrared detection creates a secure perimeter with intrusion detection capabilities, offering comprehensive physical security.
Question 109:
During a security incident, the organization discovers that an attacker gained access through a third-party vendor’s compromised credentials. Which of the following security concepts was most likely violated in terms of accountability?
Options:
A. Authentication.
B. Authorization.
C. Non-repudiation.
D. Accounting.
Correct Answer: C
Explanation:
Non-repudiation ensures actions cannot be denied by the person who performed them, which was compromised when the attacker used someone else’s credentials to gain access.
Question 100:
An organization is implementing deception technology to detect potential threats. Which of the following would be most effective in identifying an insider threat attempting to access sensitive financial data?
Options:
A. Deploying a honeynet across multiple network segments.
B. Implementing a honeypot with fake network services.
C. Creating honeytokens in financial databases.
D. Setting up multiple honeypots in the DMZ.
Correct Answer: C
Explanation:
Honeytokens in financial databases are most effective for detecting insider threats as they are fake credentials or records that would only be accessed by someone specifically searching for financial data.
Question 111:
A security team is developing their incident response strategy and needs to determine the priority for incident handling. Which TWO of the following factors should be considered the MOST critical when prioritizing security incidents? (Choose TWO)
Options:
A. Current and potential technical impact on systems.
B. Time required to implement containment measures.
C. Business functional impact and information sensitivity.
D. Cost of forensic investigation procedures.
E. Availability of backup personnel for response.
Correct Answer: A, C
Explanation: Incident prioritization should primarily focus on both technical impact on systems
(A) and business/information impact
(C), as these directly affect the organization’s operations and risk level.
Question 102:
During a risk assessment, an organization identifies that their primary security control cannot be implemented due to technical limitations. Which of the following best describes the relationship between compensating controls and the original control requirements?
Options:
A. Must be more cost-effective than original controls.
B. Must meet the original control intent and rigor.
C. Must be temporary until original controls can be implemented.
D. Must be approved by external auditors.
Correct Answer: B
Explanation: Compensating controls must satisfy the same security objectives and provide equivalent protection as the original control, maintaining the intended level of security.
Within user authentication, which elements usually classify as “something you are” and “something you have”?
A: Security questions and PIN
B: Username and password
C: Smart card and email address
D: Fingerprint and mobile
**Correct Answer: D: Fingerprint and mobile **
As Amanda tries to transition from on-premises infrastructure to a hybrid cloud setup, what aspects she must consider that weren’t relevant in a single on-premises data center?
A: RTOs
B: Power resilience
C: Data sovereignty
D: RPOs
Correct Answer: C: Data sovereignty
“Data sovereignty” in security refers to a country’s legal right to control and regulate how data generated within its borders is collected, stored, processed, and distributed, ensuring that sensitive information remains subject to the laws of that jurisdiction, particularly regarding privacy and security measures; essentially, it means a nation has the authority to govern how data belonging to its citizens is handled, even when stored or processed overseas.
What is the primary role of Security Information and Event Management (SIEM) tools in operational security?
A: Conducting vulnerability assessments
B: Encrypting network traffic
C: Monitoring and analyzing security events
D: Configuring access controls
**Correct Answer:
C: Monitoring and analyzing security events
**
What is considered a recommended approach for enhancing the security of a web application?
A: Implementing strong session management techniques
B: Storing user credentials in plain text
C: Allowing unrestricted file uploads
D: Disabling input
**Correct Answer:
A: Implementing strong session management techniques
**
Which group mentioned below is typically not a part of an organization’s cybersecurity incident response team?
A: Technical subject matter experts
B: Cybersecurity experts
C: Law enforcement
D: Management
**Correct Answer:
C: Law enforcement
**
What method is used to assess the value of assets?
A: The cost to replace the item
B: The depreciated cost of the item
C: The original cost of the item
D: Any of the above based on organizational preference
Correct Answer:
D: Any of the above based on organizational preference
How do we refer to spam messages sent via Internet messaging platforms?
A: TwoFaceTiming
B: IMSPAM
C: SMSPAM
D: SPIM
**Correct Answer: D: SPIM **
SPIM (Spam over Instant Messaging) is a type of cyber security threat that involves sending unwanted messages through instant messaging platforms. SPIM messages can include advertisements, promotions, or links to malicious websites.
SPIM are spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, Viber, Telegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware. Most apps have built-in filters that block messages from unknown sources.
Where are Industrial Control Systems (ICS) and SCADA systems most commonly implemented?
A: Consumer electronics
B: Gaming systems
C: Industrial and critical infrastructure environments
D: Personal computing
**Correct Answer: C: Industrial and critical infrastructure environments **
SCADA security is the protection of Supervisory Control and Data Acquisition (SCADA) networks from cyber threats. SCADA systems monitor and control critical infrastructure, such as water, power, and natural gas. SCADA security is important because attacks on these systems can disrupt access to essential services.
What kind of policy document has Bob’s organization established to outline the appropriate usage of its network, systems, and services?
A: An acceptable use policy.
B: Business continuity policy
C: An incident response policy.
D: This is a standard, not a policy
**Correct Answer: A: An acceptable use policy **
An “acceptable use policy” (AUP) in security is a set of rules and guidelines that define how an organization’s technology resources, like computers, networks, and email, can be used appropriately, outlining what is considered acceptable behavior and what is not, with the goal of protecting sensitive information and preventing security breaches; essentially, it acts as a code of conduct for digital interactions within an organization.
What is the primary objective of utilizing the ‘tracert’/’traceroute’ command in network operations?
A: To detect and display the network path to a destination
B: To establish secure connections with remote hosts
C: To identify network switches and routers
D: To reveal the IP address of the user’s device
**Correct Answer: A: To detect and display the network path to a destination **
What is the title of the Vice President of Sales concerning data management duties, particularly in requesting daily backups of sales data from the IT team?
A: Data protection officer
B: Data processor
C: Data owner
D: Data steward
**Correct Answer: C: Data Owner **
A “Data Owner” in security refers to the individual or group within an organization who is ultimately responsible for the security, quality, and governance of a specific set of data, including defining who can access it, ensuring its proper usage, and managing its lifecycle from creation to deletion; essentially, they hold the highest level of accountability for a particular data asset within their domain.
Data Stewards help define, implement, and enforce data management policies and procedures within their specific Data Domain. A Data Trustee may delegate to the Data Steward the authority to represent the Data Trustee in data-related policy discussions.
Bob is investigating host antivirus logs following a system breach and realizes that the antivirus software failed to catch the malware. Considering the options, which is the least acceptable reason for this failure?
A: Outdated antivirus signatures
B. Zero-day attack
C: Antivirus software failure
D: APT attack
**Correct Answer:
C: Antivirus software failure
**
Which activity should Amanda allow to proceed without restriction as she gets ready for a change window?
A: Scaling clustered systems up or down
B: Patching
C: Changing hostnames
D: Modifying database configurations
**Correct Answer:
A: Scaling clustered systems up or down
**
What tool should the engineer utilize to detect and prevent data tampering within the enterprise infrastructure?
A: FTP
B: File Integrity Monitoring (FIM)
C: Antivirus
D: IPS
**Correct Answer:
File Integrity Monitoring (FIM)
**
“File Integrity Monitoring,” which refers to a security process that continuously checks and verifies the integrity of critical system files, like operating system components, applications, and databases, to detect any unauthorized modifications or corruption, essentially identifying potential tampering or malicious activity by comparing them to a trusted baseline.
Which command is most suitable for Bob to capture network packets from the command line?
A: FTK
B: dd
C: tcpdump
D: wireshark
**Correct Answer:
C: tcpdump
**
TCPdump is a command-line tool developed for capturing and analyzing network traffic on any arbitrary user’s system. It performs as a beneficial tool for troubleshooting network issues and serves as a security tool.
Which supply chain participant is vulnerable to exploitation by attackers who target vulnerabilities in pre-installed software on a device?
A: Service provider
B: Hardware provider
C: Software provider
D: Cloud provider
**Correct Answer:
C: Software provider
**
Some prominent software providers in the security space include: Trend Micro, Check Point, Fortinet, Palo Alto Networks, CyberArk, Microsoft, Avira, and Netsurion; all offering various security solutions like next-generation firewalls, endpoint protection, cloud security, and threat intelligence platforms.
Bob is addressing authentication issues with his organization’s VPN, utilizing a RADIUS backend. To monitor the traffic, Bob needs to be aware of the ports associated with RADIUS. What are these ports?
A: TCP ports 1433 and 1521
B: UDP ports 1433 and 1521
C: TCP ports 1812 and 1813
D: UDP ports 1812 and 1813
**Correct Answer:
C: Antivirus software failure
**
RADIUS (Remote Authentication Dial-In User Service) typically uses UDP ports 1812 for authentication and 1813 for accounting, meaning these are the ports you need to open on a firewall to allow RADIUS traffic to flow between devices and the RADIUS server; older systems might use port 1645 for authentication and 1646 for accounting.
While assessing a cryptographic system, it’s determined that the algorithm is publicly known, but the key is held confidentially. Which security principle is being upheld?
A: XOR theorem
B: Shannon’s maxim
C: Caesar’s principle
D: Kerckhoffs’ principle
**Correct Answer:
D: Kerckhoffs’ principle
**
Kerckhoffs’ Principle states that the security of a cryptosystem must lie in the choice of its keys only; everything else (including the algorithm itself) should be considered public knowledge.
Which principle states that multiple alterations to a computer system should not occur simultaneously?
A: Change management
B: Due diligence
C: Due care
D: Acceptable use
**Correct Answer:
A: Change management
**
Change management security is a structured process that helps organizations manage changes to their security protocols, technologies, and processes. It helps to reduce the risk of vulnerabilities and disruptions.
Which strategy in risk management involves shifting the responsibility or consequences of a risk to another party, often achieved through insurance coverage or contractual agreements?
A: Accept
B: Avoid
C: Mitigate
D: Transfer
**Correct Answer:
D: Transfer
**
A securities account transfer or transfer of securities account is the process of transferring a securities account from one securities services company to another. For such a securities account transfer to take place, both the old and the new securities account must be active.
Which method is commonly recommended for preventing packet sniffing attacks?
A: Regularly updating software and firmware
B: Encrypting network communications
C: Using intrusion detection systems
D: Implementing strong access controls
**Correct Answer:
B: Encrypting network communications
**
Which forensic tool depends on properly configured system clocks for its optimal operation?
A: File metadata analysis
B: Disk hashing
C: Forensic disk acquisition
D: Timelining
**Correct Answer:
D: Timelining
**
A timeline in security is a chronological record of events that can help identify security incidents and breaches. Timelines can be used to analyze system logs, user activity, and other data sources.
An incident timeline is a complete real-time record of an incident. It often includes manual entries (chat), consolidated records of pages, alerts, and acknowledgments, and automatic system updates (for example, notification that someone has changed the severity level of an incident or marked it as resolved).
What type of control best illustrates the network firewall that Josh is reviewing and updating to accommodate changing organizational needs?
A: Detective
B: Deterrent
C: Preventative
D: Corrective
**Correct Answer:
C: Preventative
**
Preventative security measures are actions taken before a threat to reduce the likelihood of a successful attack. These measures can include policies, encryption, firewalls, and physical barriers.
– Encryption: Scrambles data into a code that can only be unlocked with a unique key. This protects sensitive data like passwords and credit card numbers.
– Firewalls: Protect devices from attacks.
– Intrusion detection/prevention systems (IDS/IPS): Analyze network traffic for patterns and anomalies that may indicate a potential attack.
– Access control: Restricts access to applications and data to only authorized users and services.
– Security cameras: Deter intruders from unlawful activities.
– Antivirus and antispyware software: Thwart attacks on devices.
What is the primary function of a digital signature in cryptography?
A: Authenticate users
B: Prevent unauthorized access
C: Verify the integrity and authenticity of a message
D: Encrypt data
**Correct Answer:
C: Verify the integrity and authenticity of a message
**
The primary function of a digital signature in cryptography is to verify the authenticity and integrity of a digital message or document, essentially proving that the message originated from a known sender and has not been tampered with during transmission, thus providing “non-repudiation” where the sender cannot deny sending the message; it acts like a virtual fingerprint uniquely tied to the signer.
If a security team discovers that a group of servers within a company’s internal server farm in a large data center was breached before the latest updates were applied and breach attempts were not logged on any other servers, which threat actor is MOST likely to be involved?
A: Script kiddie
B: Nation State
C: Competitor
D: Insider
Correct Answer: D: Insider
Insider threat risks Fraud, Theft of confidential information, Theft of intellectual property, and Sabotage of computer systems.
Insider threat prevention Implementing access controls, Using multifactor authentication, Establishing security policies, and Regularly reviewing and updating security policies.
An insider is any person who has/had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.
When an individual application undergoes an update or modification, what action should be taken to guarantee the changes are incorporated?
A: Downtime
B: Service restart
C: Restricted activities
D: Application restart
**Correct Answer: D: Application restart **
the process of completely shutting down and then relaunching an application, often required after applying security updates or making configuration changes to ensure the new security settings take effect properly, as many updates may need to modify files currently being used by the application, necessitating a restart to fully implement the changes.
When Bob modifies the rules on his organization’s firewall to accommodate a new mail server installation, which type of control is he employing?
A: Compensating
B: Technical
C: Operational
D: Managerial
**Correct Answer:
B: Technical
**
Technical security is the use of technology and processes to protect information systems, networks, and devices. The goal is to keep sensitive information confidential, intact, and available.
Technical security refers to the processes and technologies used to protect information systems, networks, and devices from threats, damage, and unauthorized access. Its purpose is to safeguard the confidentiality, integrity, and availability of sensitive information.
Among the choices provided, what is the primary motivation for an attack carried out by a criminal organization?
A: Grudge
B: Financial
C: Political
D: Thrill
**Correct Answer:
B: Financial
**
Steve wants to manage a Windows system’s graphic user interface remotely and is looking for a secure protocol to achieve this. Which protocol would best suit his requirements?
A: RDP
B: VPN
C: SSH
D: Telnet
**Correct Answer:
A: RDP
**
Bob is structuring network security controls for a pivotal system governing a manufacturing process and seeks the utmost level of network segmentation. Which control should he prioritize to accomplish this aim?
A: Air gap
B: Router segmentation
C: Firewall zone segmentation
D: VLAN segmentation
**Correct Answer:
A: Air gap
**
Air gap security is a cybersecurity method that separates a network or computer from other networks, especially the Internet. This physical separation prevents unauthorized access and cyber threats.
An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices.
What is the main objective of User Training within an organization’s IT ecosystem for managing personnel?
A: Building stakeholder confidence and addressing non-compliance
B: Ensuring a well-informed workforce through tailored training
C: Validating compliance with specific laws and regulations
D: Preventing unauthorized data sharing with Data Loss Prevention (DLP) policies
**Correct Answer:
B: Ensuring a well-informed workforce through tailored training
**
The primary objective of user training in security is to educate employees and end-users about cybersecurity best practices, enabling them to identify and respond appropriately to potential security threats, thereby minimizing the risk of data breaches and protecting an organization’s sensitive information by empowering them to make security-conscious decisions in their daily work activities.
Steve is working on a new application with significant cryptography requirements. Which technique should he prioritize to guarantee the correct implementation of cryptography?
A: Hire a vendor to develop a custom cryptographic module
B: Test the software before use
C: Write the cryptographic code directly in his application
D: Use a popular open-source cryptographic module
**Correct Answer:
D: Use a popular open-source cryptographic module
**
Bob is performing an asset valuation exercise to ensure insurance policies cover the restoration of operations post asset destruction. Which asset valuation technique should Bob prioritize for this purpose?
A: Replacement cost
B: Original purchase price
C: Subject matter expert estimated value
D: Depreciated value
**Correct Answer:
A: Replacement cost
**
The amount of money it would currently take to replace a security system or asset, like a camera, access control panel, or security guard service, with a new one of similar quality and functionality, without taking depreciation into account; essentially, the cost to purchase a brand new equivalent in the current market to replace a damaged or outdated security component.
What is the common result of a risk assessment process?
A: Conducting regular security training for employees
B: Development of a disaster recovery plan
C: Implementation of new cybersecurity policies
D: Identification and prioritization of risks
**Correct Answer:
D: Identification and prioritization of risks
**
A security risk assessment process involves systematically identifying, analyzing, and prioritizing potential threats and vulnerabilities to an organization’s assets, evaluating their likelihood of occurrence and potential impact, and then developing mitigation strategies to manage those risks effectively; typically including steps like asset identification, threat identification, vulnerability analysis, risk calculation, risk prioritization, and control implementation.
Who is responsible for generating the Certificate Signing Request (CSR) for Bob’s web server certificate, considering Geotrust is the root CA and his company has an intermediate CA?
A: Bob creates the CSR on the web server
B: Bob creates the CSR on the Geotrust website
C: Geotrust creates the CSR after receiving a request from Bob
D: The internal CA creates the CSR after receiving a request from Bob
** Answer: A: Bob creates the CSR on the web server **
“Certificate Signing Request,” which is a crucial step in obtaining a digital certificate for a website or server, essentially acts as a request sent to a Certificate Authority (CA) containing necessary information like the domain name, organization details, and the public key, allowing the CA to verify the identity and issue a trusted certificate for secure communication online.
What is the primary goal of encryption standards?
A: Specify access control mechanisms
B: Define onboarding processes
C: Detail password reset procedures
D: Outline acceptable encryption algorithms and key management practices
** Answer: D: Outline acceptable encryption algorithms and key management practices**
The primary goal of encryption standards in security is to protect the confidentiality of digital data by transforming it into an unreadable format that can only be accessed by authorized parties with the correct decryption key, effectively safeguarding sensitive information from unauthorized access even if it is intercepted or compromised.
Which security practice is recommended to prevent successful brute force attacks on a Windows system, according to Kathy’s concerns?
A: Rename the Administrator account
B: Expire the Administrator account password monthly
C: Disable the Administrator account
D: Encrypt the contents of the Administrator account
** Answer:
A: Rename the Administrator account
**
What is the name of the attack when an attacker modifies a segment of data used in a stream cipher to expose wirelessly encrypted data after breaching your wireless network?
A: Rogue WAP
B: Evil twin
C: WPS attack
D: IV attack
** Answer: D: IV attack**
An initialization vector (IV) attack is an attack on wireless networks. It modifies the IV of an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated by the IV used.
It refers to a type of cryptographic attack that exploits vulnerabilities in the “Initialization Vector” (IV) used during encryption, allowing attackers to potentially decrypt sensitive data by predicting or manipulating the IV, which is supposed to randomize the encryption process and prevent pattern recognition; this attack is particularly prevalent in wireless networks like Wi-Fi, especially when using outdated encryption protocols like WEP that have weak IV implementations.
In the face of a significant risk of ransomware attacks targeting network storage systems, which technical control would offer the most effective mitigation strategy?
A: Regularly back up data to encrypted offline storage.
B: Deploy security information and event management (SIEM) for centralized logging and analysis.
C: Implement multi-factor authentication for all network access.
D: Install antivirus software on all endpoints and servers.
** Answer:
A: Regularly back up data to encrypted offline storage.
**
What type of testing should a user undertake to assess whether a web application can handle unexpected or random inputs without crashing?
A: Fuzzing
B: Dynamic code analysis
C: Manual code review
D: Code signing
** Answer: A: Fuzzing **
Fuzzing, or fuzz testing, is a software testing technique that automatically detects bugs and vulnerabilities in software, operating systems, or networks. It’s a quality assurance technique that’s used to stress applications and cause unexpected behavior.
In a Linux environment, Bob (user: rbob) belongs to the “leaders” group. He tries to open “secret_file.txt”, but the permissions for “others” are restricted. What level of access can Bob expect?
A: Bob can read and execute the file.
B: Bob can read, write, and execute the file.
C: Bob can only read the file.
D: Bob can read and write the file.
** Answer:
C: Bob can only read the file.
**
A program attempts to store more data in a designated memory space than it can hold, causing it to overwrite data in unintended locations. This situation is known as:
A: Integer overflow
B: Buffer overflow
C: Memory leak
D: DLL injection
** Answer: B: Buffer overflow **
A “buffer overflow” in security refers to a software coding error where a program attempts to write more data into a designated memory space (called a buffer) than it can hold, causing the excess data to spill over and overwrite adjacent memory locations, potentially allowing attackers to inject malicious code and gain control of the system; essentially, it’s a vulnerability that can be exploited by hackers to gain unauthorized access to a system by manipulating a program’s memory allocation.
Before an event occurs, what technology can Bob deploy to enable him to accurately monitor bandwidth usage and observe the destination of traffic during a compromise?
A: A firewall
B: Packetflow
C: NetFlow
D: A DLP
** Answer: NetFlow**
NetFlow is a network protocol that helps security teams monitor and analyze network traffic to detect and respond to security threats.
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.
Which of the following actions is Bob most likely to undertake to minimize the occurrence of false positive reports in his vulnerability scans?
A: Increase the size of the target network
B: Implement credentialed scanning
C: Disable safe checks
D: Decrease the scan sensitivity
** Answer:
B: Implement credentialed scanning
**
To implement credentialed scanning in security, you need to configure a vulnerability scanner to use valid user credentials to access target systems, allowing for a deeper analysis of vulnerabilities by examining system configurations and software details that are only accessible to authenticated users, providing a more accurate assessment compared to non-credentialed scans.
Why is it essential to conduct Universal Resource Locator (URL) scanning in web filtering?
A: To determine the reputation of a website
B: To block or allow access based on the specific web address
C: To enhance website loading speeds
D: To implement secure protocols
** Answer:
B: To block or allow access based on the specific web address
**
“URL scanning” in security refers to the process of analyzing a web address (Uniform Resource Locator) to identify potential threats like malware, phishing attempts, or harmful software, essentially checking if a link is safe to click on before accessing a website; it’s a key part of cybersecurity to protect users from malicious online content.
Which of the following is a mandatory requirement for the technician to implement when setting up a system to authenticate users solely based on their username and password when accessing computers within the office building, and rejecting any attempts to authenticate from locations outside the office building?
A: Dual factor authentication
B: Single-factor authentication
C: Biometric authentication
D: Transitive authentication
** Answer: D: Transitive authentication**
“Transitive authentication” in security refers to a system where a user authenticates themselves once, and that authentication is then “trusted” by subsequent systems they access, allowing them to gain access to multiple services without needing to re-authenticate each time, essentially meaning their identity is “transitively” accepted across different systems; a prime example of this is Single Sign-On (SSO) where a user logs in once to access multiple applications within a network.
When configuring access control for a cloud environment, you wish to assign permissions based on user attributes. Which access control scheme would be the most fitting option for this task?
A: Attribute-Based Access Control (ABAC)
B: Role-Based Access Control (RBAC)
C: Rule-Based Access Control (RBAC2)
D: Mandatory Access Control (MAC)
** Answer: A: Attribute-Based Access Control (ABAC) **
The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don’t have “approved” characteristics as defined by an organization’s security policies
An attacker has compromised data integrity in a security breach by leveraging the chance of two separate inputs generating the same hash value in a cryptographic function. What type of attack is being described here?
A: Rainbow Table Attack
B: Birthday Attack
C: Phishing Attack
D: Brute-Force Attack
** Answer: B: Birthday Attack **
A “birthday attack” in security is a cryptographic attack that exploits the mathematical concept of the “birthday paradox” to find collisions in hash functions, essentially finding two different inputs that produce the same output hash, allowing attackers to potentially forge digital signatures or crack passwords by manipulating data to appear legitimate to a system.
Simon is organizing the rollout of a new VPN outlined in the high-level diagram displayed here. What classification of VPN is Simon intending to deploy?
A: Remote access VPN
B: TLS VPN
C: IPsec VPN
D: Site-to-site VPN
** Answer: D: Site-to-site VPN **
A “site-to-site VPN” in security refers to a virtual private network that creates a secure, encrypted connection between two or more geographically separate networks, like different offices of a company, allowing them to exchange data privately over the public internet, essentially acting like a private tunnel between the networks; it’s primarily used to enable secure communication and data sharing between different locations of an organization while protecting sensitive information from unauthorized access.
Bob seeks to validate an encrypted and digitally signed message transmitted using asymmetric encryption. What specific item does he need from the sender for message authentication?
A: Bob’s public key
B: Bob’s private key
C: The sender’s private key
D: The sender’s public key
** Answer: D: The sender’s public key **
Eva is tasked with developing her organization’s change management policy. What aspects need to be covered in this policy?
A: Descriptions of how a change request should be created, formatted, reviewed, and approved
B: An outline of the regulatory requirements for changes
C: High-level descriptions of how the organization will review, approve, and implement proposed changes
D: A detailed process for review and approval of changes
** Answer:
C: High-level descriptions of how the organization will review, approve, and implement proposed changes
**
Susan is worried about the logs produced by various devices on her network having inaccurate timestamps due to the different internal clocks of each device. Which protocol can help her best address this issue?
A: Network Time Protocol (NTP)
B: Transport Layer Security (TLS)
C: Secure Shell (SSH)
D: Online Certificate Status Protocol (OSCP)
** Answer: A: Network Time Protocol (NTP) **
NTP is vulnerable to Man-in-the-Middle (MITM) attacks. This is where a malicious actor sits between you and the NTP server, listens in on the conversation, forges messages, and lies to you about time.
What kind of log data offers supplementary context and details about other data, facilitating the comprehension and interpretation of that data?
A: Firewall logs
B: Endpoint logs
C: Metadata
D: Application logs
** Answer: C: Metadata **
Metadata in security is information about data that can be used to detect threats, improve security, and analyze data. It can also be used for tracking and classification.
For filesystems, metadata is data that provides information about a file’s contents. Sources: NIST SP 800-86 under Metadata. The information associated with a key describes its specific characteristics, constraints, acceptable uses, ownership, etc. Sometimes called the key’s attributes.
What is the main objective of root cause analysis in incident response?
A: To identify and understand the underlying cause of an incident
B: To conduct a tabletop exercise
C: To ignore the underlying cause of an incident
D: To recover affected systems without understanding the cause
** Answer:
A: To identify and understand the underlying cause of an incident
**
After browsing the internet, Bob found all his files corrupted upon waking up. A message on his wallpaper demanded money to be sent to a foreign country for file decryption. What is Bob experiencing?
A: A keylogger
B: Spyware
C: A logic bomb
D: Ransomware
** Answer:
D: Ransomware
**
Ransomware is a type of malware that prevents users from accessing their devices or data until they pay a ransom. Ransomware can encrypt files, lock devices, or steal data.
In a recent penetration exercise, the intruder dressed as a security guard identical to the firm’s and instructed individuals to vacate the data center due to a security risk. Which social engineering principle is most prominently demonstrated by this approach?
A: Consensus
B: Authority
C: Scarcity
D: Intimidation
** Answer:
B: Authority
**
Security authority refers to the legal and operational power of security personnel to protect people and property. Security authority can come from a variety of sources, including laws, regulations, and the entity being protected.
When considering large corporations with a complex network environment, including servers, routers, switches, and workstations, what is the recommended method to prevent the proliferation of worms?
A: Segmenting the network with firewalls
B: Using SSL certificates
C: Disabling or restricting DHCP
D: Installing WAF
** Answer:
A: Segmenting the network with firewalls
**
Which of the following options serves as the prime example of technical security control?
A: Firewall rules
B: Asset inventory
C: Employee credit checks
D: Fire detection system
** Answer:
A: Firewall rules
**
Technical controls are the hardware and software components that protect a system against cyberattacks. Firewalls, intrusion detection systems (IDS), encryption, and identification and authentication mechanisms are examples of technical controls (Harris and Maymi 2016).
